ank employees received an email from their HR team offering them personal fuel vouchers, the only condition to use them being to click on a link and register. Two-thirds of them did this from their work computers without pausing to think that this could pose a threat. And that's exactly what it was - a phishing email sent by the bank's IT department, which aimed to test whether the staff could distinguish attempts for system breaches. This is an actual situation, showing cyber threats are real and close to any organization, whether it is a small company or a large financial institution employing thousands of people. Last year alone, the damages from cybercrimes reached 6 trillion US dollars worldwide, with the trend being to exceed 10 trillion US dollars by 2025.
Every private or public organization needs protection, especially at a time of growing threats and increasingly skilled cyber-criminals. KPMG IT Service are confident that they have the answers their clients are looking for in the field of cyber security, thanks to both their highly trained team and world-grade know-how. The central role in the company's strategy, which reached a leadership position on the market of consulting and engineering services in the IT field in recent years, employing more than 400 specialists, is the zero risk tolerance, as well as the implementation of new technologies.
Post-COVID reality
"We used to have the so-called Perimeter Network Security, meaning that we built something like a fortress - we checked who entered it, and once we did it, we had nothing to worry about. However, it became a thing of the past upon the onset of COVID-19, when drastic changes occurred - everybody started working from their home, using personal devices, system access shifted to working from anywhere possible. Companies were not prepared and had to change their behavior. As a result, we developed the Zero-Trust strategy, which isn’t something new – it has been discussed for about 10-15 years, but the idea behind it now does not involve the creation of such security parameters and building walls, it now requires us not to take for granted that if the information flow comes over a secure connection, this would mean that it is protected. Everything should be checked, the risks associated with it have to be assessed and based on that information, a solution shall be developed that covers those risks."
Специален проект за
Идея и реализация
rior to the pandemic, most cyberattacks focused on high-risk industries such as healthcare, finance and information technology. However, after the onset of COVID-19 almost all companies switched to remote work mode, they turned to e-commerce and moved their daily operations online. In the past, security was not a priority, especially for smaller businesses. Therefore, many of them were not prepared to combat modern online challenges, making them easy targets.
"The threats to organizations are the same, it's just that the reality after the pandemic - remote work and communication from personal devices - does not allow using traditional protection methods and businesses need to adapt to the new working methods," explained George Novtekov, Cybersecurity Manager at KPMG IT Services. He believes that the rapid changes have also forced a change in the way of thinking, and KPMG ITS’ efforts are focused on the so-called "Zero-Trust strategy", which puts user identity, access and data management at its center. This is not some technological solution, it is an entirely new model and approach, which, according to the company, requires focusing on three main principles: "Take nothing for granted, verify everything and limit access." Or as Novtekov summarized with a quote from a former dictator: "Trust, but verify".
Фотография и видео
Минко Минeв
Тодор Атанасов
AI and Big Data are not just vague terms
P
ccording to Novtekov, technology allows the Zero-Trust approach to be so effective. "Cybersecurity benefits from a very good synergy with technologies such as AI and Big Data. The ability to analyze a huge amount of data has allowed us not to be reactive, but to intercept everything while it happens," he explained. He and his team can analyze complex user behavior and immediately take action, monitor a huge amount of network data, see various cross-sections and corresponding system behavior. Such technologies could not be implemented 10-15 years ago and have changed with the introduction of the cloud technologies, with the companies' access to unlimited computing power and data storage resources, as well as software development itself. "Thus we can respond to threats in real time," said Novtekov.
The KPMG IT Service team itself must constantly keep up with the new, ever-changing technologies. "We turned into a technology company to meet the new requirements. In order to build such a security system, based on Zero Trust, we had to internally acquire the skills to work with new technologies," added George Novtekov. Since security is a continuous process, our specialists constantly undergo various training and expand their knowledge. KPMG IT Service organizes academies every year and covers the costs for courses and certification exams for its employees.
The Cloud Technologies Director of the company - Ivan Neshev, explained that KPMG is a company possessing dozens of years of experience in consulting business clients. "We have zero risk tolerance - we work with customer data that we need to protect," he added. If anything were to happen to KPMG ITS as a company, the reputational damage would be enormous. All of that requires us to have multiple processes and rules to observe, as well as technical equipment - both in terms of technology and the culture of people in general across the corporation. Since security depends on each and every one of us, not only on the IT department, this translates into a very good symbiosis between business and IT competencies. This allows us to develop a great product to offer our customers - something we call Business Meets Tech - our company can provide both functional transformations to customers and technologies to support the requirements of such transformations", said Neshev.
A
Има толкова голямо търсене на специалисти, че е много важно да бъдем добър отбор. С това ще дойдат и възможностите за подбор на интересни проекти, по които да работим
Васил Василев
софтуерен архитект
eorge Novtekov maintains that businesses lag "realistically by 10-20 years" compared to digital identity. What is the major problem? They still work mainly with a username and password. "With Zero-Trust, we must use the so-called Flexible Authentication, we can introduce various authentication methods - systems such as two-factor authentication, biometric data recognition, etc.," the manager commented.
While years ago businesses mainly used a few applications, led by Outlook, nowadays a company has at least several systems, from ERP to accounting. In most cases, a medium-sized company has about 200 different systems. Groups the size of KPMG have over 10 000 different systems, and with Zero-Trust, users must have a digital identity for each of them. Here comes the big problem with digital identity provisioning - with Zero-Trust it needs to be comprehensive – it needs to cover the entire user provisioning. "Each element of the system must be automated and traceable at any moment, so we would know who has access and why they have such access. Unfortunately, 95% of the clients we work with have partially similar systems integrated with them", commented George Novtekov.
There are already multiple products on the market, mainly cloud-based, but there are also those intended for local installation in a data center, which can cover the entire identity management process. However, few companies have such systems, and even fewer have implemented them correctly. "Here comes the other major problem: they have not implemented them until now - they have built their IT infrastructure, model and processes that have been functioning for many years and suddenly they have to make changes to a working environment, which is very difficult," added Ivan Neshev.
That is why the KPMG IT Service team emphasizes that one of the elements of Zero-Trust is the need for the security system itself to be part of an organization's modernization strategy from the very beginning. "Usually, businesses with good IT practices and good IT departments implement security during the development and life cycle of every single product they implement. They never do it post factum", said George Novtekov.
G
Businesses are not Prepared
The Zero-Trust approach puts user identity, access and data management at the heart of cybersecurity. This strategy enables secure access to information and resources in an organization through continuous monitoring and constant analysis. No one inside or outside the corporate network is granted access automatically — each user must prove their identity. Even if they have a valid username and password, access to the system is denied if the device is not validated or the required trust level is not reached. With Zero-Trust, companies must be proactive by receiving timely analysis and automated responses to potential attacks. The key requirement here is for the organization to consistently collect, check and analyze traffic across the entire ecosystem, with maximum real-time visibility of both the data users are accessing and the potential for malicious activity.
What is Zero-Trust?
It includes protecting the networks of companies and organizations from hackers, attacks and any breaches. It includes monitoring, analyzing patterns, recognizing threats and effectively dealing with them. Each private network has a perimeter around it, i.e. the secure boundary between networks, such as a company's private intranet and the public Internet.
Cyber terms
- Part of cyber security dedicated to securing cloud computing systems. It includes safeguarding the privacy and security of data in online-based infrastructure, applications and platforms.
This is a term generally used for a person who tries to gain unauthorized access to a network or computer system.
Digital identity is information used by computer systems to identify a person, organization, application or device. Digital identities enable the automation of services provided by computers.
With Zero-Trust, companies must be proactive by constantly receiving analytics and automated responses to potential attacks. The key requirement here is for the organization to consistently collect, check and analyze traffic across the entire ecosystem, ensuring maximum real-time visibility of both the data users are accessing and the potential for malicious activity.
Perimeter cyber security
Cloud Security
Hacker
Digital identity
Ivan Neshev
Cloud Technologies Director
Since security depends on each and every one of us, not only on the IT department, this translates into a very good symbiosis between business and IT competencies. This allows us to develop a great product to offer our customers - something we call Business Meets Tech
How did cyber threats to organizations change in the past few years?
The threats to organizations are the same, but the post-pandemic reality does not allow traditional protection methods to be used and businesses have to adapt to the new work methods. Upon the emergence of new technologies, for example Facebook as a new social network years ago, it became clear that people need to learn to protect their personal data. New technologies have a number of advantages, but also bring a number of security risks. Accordingly, countries, in this case the EU, stepped in and introduced a new regulatory framework to protect personal data. None of the new technologies comes with built-in security, and reality shows that at the beginning there are multiple, various threats that it brings with its integration into society.
Is cloud protection easier compared to the traditional one?
Cloud services are gaining momentum not because they are cheaper or more secure, but because a very large number of companies are unable to adequately manage their IT environments. This is precisely the reason for the misconception that if something is in the cloud, it is more secure. It's not, but the cloud is the better option because it offers tools that are available and ready to use, without having to purchase them and go through a long implementation process. For example, every single cloud has good event collection systems and this allows us to make very complex cross-sections of these data sets, to insert Big Data, to use AI. This means that the cloud provides huge opportunities to take advantage of the best product on the market, but it is up to you as a company that buys this server to use them. The cloud does not impose them. This is the reason for the misconception that if you go to the cloud, you're automatically protected. You're not protected, it's just that the time it takes to get a level of security in the cloud is much shorter and requires much lower upfront investment.
Is cyber security possible without the need for human intervention?
No, at least not in the foreseeable future. Probably it will be some day, when artificial intelligence begins to catch up with human capabilities. Truthfully speaking, AI has greatly changed the way systems are currently administered. Earlier, a cybersecurity department was huge in terms of human resources because it didn't have the technology and systems to analyze the huge amount of data, and it didn't have the artificial intelligence to recognize different patterns. Back then, this was all done by hand, each alert had to be analyzed by an employee, and the teams themselves were large but lacked deep knowledge. Currently, the business is being adjusted to fewer people who are extremely skilled, i.e. the way the team is structured is changing. However, the need for human intervention will always be there.
George Novtekov
Manager of the Cybersecurity team at KPMG IT Service
George Novtekov
Manager of the Cybersecurity team
B
SPECIAL PROJECT FOR
PHOTOGRAPHY AND VIDEO
MINKO MINKOV
TODOR ATANASOV
IDEA AND EXECUTION
SPECIAL PROJECT FOR
IDEA AND EXECUTION
PHOTOGRAPHY AND VIDEO
MINKO MINKOV
TODOR ATANASOV