“Lack of time, lack of budget and lack of accountability” – Why cybersecurity isn’t being implemented how it should be

From business information to personal details, more and more of our data is moving online, leaving too much exposed.  It’s no secret that in pretty much every industry, hacking is on the rise, and as web security grows, so does the knowledge of hackers. Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has a vast knowledge of all things cybersecurity and is always up-to-date with what is going on in the cybersecurity world. So much so, that in 2016 he became a member of the Forbes technology council. In part one of a two-part interview, Kolonchecko kindly offered some of his expertise to us as we spoke to him about the rise of hacking, the dark web and his opinion on why so many firms don’t implement the security they should.

When asked why he thinks there has been such growth in online hacking, his response reflected his vast knowledge of online security in that it was on-point, in-depth and informative. Kolonchenko explained that currently, due to the array of different vendors, each one of which claims to be the ‘silver bullet’ of firms, cybersecurity is complicated.  “Today, everything is connected somehow to the internet or to systems that are connected to the internet. I’m talking about the Internet of Things connecting devices with mobile and technology itself. Technology becomes very complicated, and it is difficult to keep everything under control with the proliferation of cloud and outsourcing and offshoring”.

The expert goes onto add that another reason for so many leaks is down to individuals not storing data properly, leaking data, lack of protection and even selling information.

But firms need to take responsibility for their own security too, he warns. “I would also mention a growing phenomenon is called vender fatigue, where companies believe any cybersecurity company promises. Which creates a very complicated, very sophisticated challenges for cyber sake.” Continuing to add that although it may be costly to hire a cybersecurity expert in the company, it is worth it for protection.

Incorrect security application

As well as clearly being a fortress of knowledge, Kolochenko has a kind and welcoming demeanor, willing to answer any question in a considered and profound way.  When asked why so many people don’t implement enough security measures, the CEO said this was down to three points; “A lack of time, lack of budget and lack of accountability”.

He also suggested that due to the lack of appropriate fines surrounding things like GDPR, people will ignore the appropriate measures they should take in the knowledge that they will probably not face punishment.  “We all know the value of using fear and uncertainty doubt tactics to impress their clients saying that as they will have to pay millions for single minor incidents. That’s not true. GDPR contemplates impressive fines, but they are all extreme cases. The true sanctions over GDPR for minor breaches where there is no gross negligence, that is involved, that the penalties will be relatively small”

He adds that the blame is always unfairly passed on: “Someone else will be accountable, but that’s wrong because, at the end of the day, everyone has contributed by not allocating the budget, by not providing legal consulting services, by not emphasizing that this is the responsibility of digital team and not the legal to ensure digital compliance with GDPR and so on. So, people are completely confused people are lost and eventually they’re seeking to shift responsibility and accountability to someone else.”

The dark web and security

Today, web security goes much deeper than just hacking. The dark web now means that hacking has taken an even shadier level of illegality. In discussing password reset attacks, Kolonchenko says: “The problem is that frequently users tend to use a similar, or even identical boards for many systems, even if they’re professional systems. Let’s say, email has some strict password policies, you can try to brute force or reuse passwords to join the account. Usually, you cannot enforce your own policy a search bar, for example. I’m not saying that [the site] has weak password policy just may not be as good as your internal password policy for example, and your employees may use one pot for all external accounts, including professional accounts, this one where you impose a free spot for foreign policy like email or VPN.”

On this point, the CEO continues: “At the end of the day, cyber gangs will not bother to conduct complicated, time-consuming and expansive attacks against your infrastructure, they will probably start by purchasing get subscriptions, there are many different services that exist in the darkness if you refer to the subscription to all stolen databases of passwords that have ever been exposed.”

It’s a people problem

Highlighting an even more worrying issue, the security expert says: “We are arriving at 2020 with a very green view of the cybersecurity landscape, because it’s not even about hacking anymore, it’s about human negligence intertwined with the digitalization of our business es and our private lives. Also, what we have over a capital when employees of large organizations will blackmail them with external factors, saying that you have to give up your financial statements or some internal intellectual property, or whatever, otherwise we’ll tell your employer that you’ve been creating accounts. ”

Look out for part two of the interview where Kolonchenko discusses cybersecurity in apps and virtual patching as a solution for online security.