Expert Interview Series: Morten Kjaersgaard of Heimdal Security on Attacking Cyber Security Threats

Cyber security

Morten Kjaersgaard is an experienced leader in the security industry, currently guiding the Heimdal Security team and spearheading a new approach to information security, based on proactive protection.

We recently asked Morten for his insight on cyber security for people training to work in IT security. Here’s what he shared:

Can you tell us about the mission behind Heimdal Security? How do you hope to impact the world of cyber security?

The Heimdal Security team is driven by a challenging, yet rewarding mission: to make all our lives safer by teaching and practicing proactive security.

As we live and thrive in a world where technology is instrumental for most of the things we do, we aim to help people understand how to leverage security to their benefit and provide them with the tools to protect what they love the most.

We believe that helping people understand and apply key cyber security principles should not be done through fear, but through a constructive approach based on practical education.

Our vision is to build the best proactive security tools that home users and companies of all sizes can use to defended themselves against malicious actors and their activities. We hold ourselves to high standards and expect our clients and partners to do the same.

Our belief is that, by embracing cyber security and protecting what we hold dear, we can all contribute to making the web (and our entire world) a safer place for all.

How has the way Heimdal approaches cyber security evolved since your company was founded?

Our approach has stayed the same since we started. We focus intensely on proactive cyber security and have built both technical tools and informational tools to help companies and home users safeguard their assets.

What is key for us is to make security as simple and effective for any user as possible. We have learnt a great deal along the way and we use these insights to achieve this particular goal.

By constantly listening to everyone we interact with, we gather data that drives the advancement of both our products and our work in general.

How have the way cyber criminals target and attack organizations evolved? What do brands need to know about staying ahead of these threats?

In the past years, attack methods and the malicious software itself have evolved a great deal, especially as ransomware grew into the most widespread cyber threat in the world. Nowadays, malware is capable of digging deeper into a victim’s system and staying hidden for longer periods of time, which is why prevention becomes fundamental.

An example from the top of my mind is described in detail in one of the recent security alerts we published on our blog. In it, we describe how IT criminals compromise the widely-used TeamViewer application and turn it into a spy tool that enables them to harvest and exfiltrate confidential data from the infected computer.

But no matter how much malicious software evolves, most cyber threats still require human input to be triggered. This is the case of phishing attacks, malware distributed through spam emails or private messages on legitimate social networks, etc.

Each time a new platform grew in popularity, cybercriminals quickly found a way to leverage it for their nefarious objectives. From scams to ransomware-laden websites, from fake emails (i.e. CEO fraud) to advanced social engineering tactics (i.e. supply chain attacks) – they have always found a way to use psychological vulnerabilities against their targets.

Brands, no matter how big or small, need to invest in educating themselves and their employees about the basics of cyber security. This is basic cyber hygiene and it will greatly help them make the right decisions for their protection, both at work and beyond.

Next, brands should focus on preventing cyber attacks, as it is much cheaper and much more effective than mitigating the consequences of a compromise. Cybercrime victims would probably unanimously back this up. And there is a lot they can do in this action area!

What are the most common threats facing organizations today? What about the most dangerous threats?

Ransomware will continue to be the most menacing of all cyber threats in 2017, just as it was in 2016. This is because it combines malicious data encryption with psychological manipulation to extort victims for higher and higher sums of money. Nothing is off limits for the attackers, not even schools, churches or hospitals.

Financial malware continues to be an important threat as well, as it’s always been, with IT criminals planning and executing targeted attacks against financial institutions or valuable individuals. However, don’t think that people with less money in their accounts are not targets. Everyone is a target, as far as they’re concerned.

Another cyber threat to look out for is mobile malware, which is spreading like wildfire, as most smartphone users believe that their devices are 100 percent secure by default.

And last, but not least, malware targeted at IoT devices (i.e. Mirai malware) will become a growing problem. As more unprotected devices are recruited in botnets, we can expect that the similar attacks to the one against Dyn will happen in the future as well.

What are the biggest challenges facing organizations today in protecting their data?

Complexity is one of the key challenges for any company when it comes to cyber security. That is why it’s imperative that organizations choose the right technology partners that can guide them and help them find the best solutions for their security needs.

Protecting a large number of online platforms, physical infrastructure and devices is a difficult task, but getting everyone who works internally on board to follow security policies is even more challenging. The technological and human component go hand in hand in any cyber security strategy and must be treated as equally important.

What are the most common mistakes or oversights you see brands making?

We’ve seen a few things in our experience that could be improved in companies so that they can increase their cyber security level.

For example, not treating patching as a key IT security activity is a big oversight that can have a sizeable negative impact on security levels.

Not prioritizing proactive security and relying exclusively on reactive security tools is another.

And I’d like to close this top three with bringing up employee education again. To help them know when it’s OK to click on an email attachment and when it’s not can save any company a lot of trouble and just as much money.

This list could go on, but covering these three areas can greatly impact the strength of any company’s protection.

What are best practices for addressing security concerns? What are essential strategies organizations have to put in place in order to protect themselves?

The world of cybercrime moves fast and that compels companies to keep up, whether they’re ready or not.

Best practices include:

  • Constantly monitoring your environment and devices to see which are more vulnerable to cyber threats (and, naturally, remediating that in due time);
  • Analyzing insights provided by cyber security products and acting on the key insights they provide;
  • Having a robust patching policy and ensuring that all software used in the company is up to date at all times;
  • Having a clear and actionable cyber security policy and applying it;
  • Building cyber security awareness within the company and training employees to follow cyber hygiene rules;
  • Regularly backing up company data to avoid data loss in case of any type of cyber attack;
  • Using multiple security layers to minimize potential impact;
  • Having a response plan that can be readily applied in case of a data breach or other type of cyber attack;
  • Maintaining compliance with regulations and laws, which, in recent years, have become more specific in regulating cyber security matters.

These are just some of the few practices that companies should take into account. The bigger the organization, the more complex this list will become.

However, companies should not be intimidated by this checklist. Everything is attainable with the right human resources, the right tools and the right objectives in mind.

What trends or innovations in digital security are you following today? Why do they interest you?

I am currently interested in the way that perimeter security creators are looking to palliate the increased complexity in attacks surrounding ransomware and data-stealing malware. It is especially interesting to see how they work with and around current limitations to provide the flexible and proactive security solutions that companies require nowadays.

Ransomware is a fast-moving threat and others like it might emerge soon. As a consequence, perimeter security becomes an ever more challenging task for security specialists. I want to see how this affects the entire industry, and how it changes the current way of doing things. This is because we clearly need a better protection model, industry-wide, to counteract not only current threats but also to prepare us for future ones.

Interested in becoming a computer programmer? Contact us

Everything You Need to Know about the MCSA Server 2012 Certification

Microsoft certification training
Microsoft certifications are considered valuable to employers looking for competent IT professionals.

Are you MCSA Server 2012 certified? The Microsoft Certified Solutions Associate Server 2012 certification serves as proof that you are capable of designing and implementing servers and infrastructures with the Windows operating system and Windows System Server software.

Businesses often use Windows Servers to run their networks and communicate within their businesses, so demand for IT professionals who can determine businesses’ needs and meet those needs with Windows software solutions will likely remain high well into the future.

The MCSA Server 2012 certification is an entry-level certification that does not require prior experience. Students are expected to understand networking basics and have basic knowledge of the Windows operating system before preparing to take the exams.

What to Expect from the MCSA Server 2012 Exams

There are three exams that must be passed to earn MCSA Server 2012 certification. Candidates are considered Microsoft Certified Professionals after passing the first exam on installing and configuring Windows Server 2012. The next two exams are focused on administering Windows Server 2012 and configuring Server 2012 advanced services, providing the needed expertise for leadership positions with Windows servers.

Students who continue after becoming MCSA Server 2012 certified may go on to earn Microsoft Certified Solutions Expert certification, which is more advanced and qualifies an IT professional for higher level positions.

Although Server 2012 has been in existence since 2012, it has gone through multiple updates and is much more fully developed than the original software.

Why Get Certified?

Company leaders value Microsoft certifications and consider them necessary preparation for implementing Microsoft software within the company infrastructure. A recent survey showed that 75 percent of managers considered certification important to team performance. Additionally, 66 percent thought that certification led to better service and support for end users and customers.

Microsoft certification training
Companies often need administrators for their Microsoft servers.

Furthermore, the higher the number of Microsoft certified team members there were, the better the team performed as a whole. This was true even when team members became certified after joining the team.

Microsoft estimated that certification increased your chances of getting hired 5 times compared to not being certified. Another upside to Microsoft certification is that it is easy to verify, unlike some more arcane certifications. The certification is also valid worldwide, so you can use it anywhere in the world you find yourself employed.

Those who earn the MCSA Server 2012 certification are qualified to serve as network administrators, network engineers, systems engineers, computer/network support specialists, and windows migration specialists. Certified individuals will typically earn higher salaries than non-certified individuals with the same level of experience, making the cost of the certification exam and preparation courses well worth it.

Microsoft reported that “in high growth industries, entry level employees who hold a MCSA certification . . . can earn up to $16,000 more, annually, than their peers.” That’s certainly no small figure.

Are you interested in becoming MCSA certified? Contact us about all our certification programs and other courses to further your career as an IT professional.

12 Cybercrime Stats that Highlight the Need for Cybersecurity Professionals

IT certifications
Security breaches continue to threaten companies and individuals.

Cyber security professionals are in high demand, and it’s easy to see why. It seems like we hear about a new data breach almost every week, and companies are looking for ways to keep their confidential and proprietary data secure.

Here are some statistics about the current state of cybercrime that illustrate just how much cybersecurity professionals are needed.

1. The global cost of cybercrime was $3 trillion in 2015 and is expected to double by 2021, according to a report by Cybersecurity Ventures. These costs include destroyed data; stolen money, data, and intellectual property; lost productivity; investigational costs; disruption to normal business activities; restoring the systems and data that were destroyed or stolen; and harm to a business’ reputation.

2. More than 29 million records have been exposed in 858 reported breaches, including in the financial, government, healthcare, and education fields. Source: Cybersecurity Ventures

3. 111 billion lines of software code are being produced each year, and each of them has the potential to contain a vulnerability that cybercriminals can exploit. Source: Cybersecurity Ventures

4. Global spending on cybersecurity defense services is expected to total $1 trillion over the next 5 years, although even that probably won’t be enough to be effective because many companies are not spending as much as they should on preventative services. Source: Cybersecurity Ventures

5. According to the Ponemon Institute, the average cost of a security breach among the 383 organizations queried was $4 million. For U.S. organizations that cost jumped to $7 million.

IT certifications
Hackers are getting better and better at stealing and destroying organizations’ data.

6. Cost per breach was highest in the financial and healthcare sectors because there are a higher number of regulations and compliance requirements. Source: Ponemon Institute

7. Small businesses are suffering from cybercrime in large amounts – according to one report, 50 percent of small businesses said they were cyber-attacked at least once in the last 12 months. Source: Keeper Security 2016 State of SMB Cybersecurity Report

8. Just 38 percent of organizations surveyed said they were ready to defend against cybercrime in 2015. Source: ISACA 2015 Global Cybersecurity Status Report

9. When phishing is used by hackers to gain entry to a network. 30 percent of phishing emails are opened, while 12 percent of those who open the email click the infected link causing a possible breach. Source: Security Intelligence

10. Businesses and governments are rushing to implement security awareness training for employees to prevent them from falling for phishing and other attacks. Source: Ponemon Institute

11. The opportunities to hack people have grown to a million or more with the advent of wirelessly connected and digitally monitored implantable medical devices, including defibrillators, pacemakers, insulin pumps, ear tubes, and deep brain neurostimulators. Source: Cybersecurity Ventures

12. The cybersecurity workforce shortage was one million in 2016 and is expected to grow to 1.5 million by 2019 – less than three years from now. Source: Cybersecurity Ventures

PC AGE offers courses on cybersecurity including preparation for security-related and ethical hacking IT certifications that can lead to jobs and careers in cybersecurity. Contact us for information about how to become a cybersecurity professional and help ease this critical shortage.