-0.7 C
Casper
Thursday, November 21, 2024

From Hacker to Defender: Sergey Belov’s Cybersecurity Playbook

Must read

Khushbu Raval
Khushbu Raval
Khushbu is a Senior Correspondent and a content strategist with a special foray into DataTech and MarTech. She has been a keen researcher in the tech domain and is responsible for strategizing the social media scripts to optimize the collateral creation process.

Sergey Belov of Acronis on tackling cybersecurity threats like ransomware and supply chain attacks and balancing innovation with robust security measures.

In our latest interview, we sit down with Sergey Belov, the Director of Information Security at Acronis, to dive deep into the evolving world of cybersecurity. Belov shares his journey from offensive security—where he honed his skills in penetration testing and bug bounty hunting—to his current role, where he focuses on fortifying defenses. 

With a keen eye on pressing threats like ransomware and supply chain attacks, Belov offers insights into how Acronis stays ahead of the curve. Discover how the company adapts its strategies to combat modern threats and ensures robust protection in an increasingly complex digital landscape. 

Join us as Sergey Belov unveils the key elements of Acronis’s approach to security, compliance, and future trends in the industry.

Excerpts from the interview;

What led you to become the Director of Information Security at Acronis, and how have your key experiences and skills shaped your cybersecurity approach?

In information security, we often divide the technical aspects into two primary areas: offensive and defensive. My career began on the offensive side—learning how attackers could exploit vulnerabilities and understanding the full extent of the potential damage. I dedicated much time to penetration testing and bug bounty hunting. However, at a certain point, I grew tired of always being the “hero” in offensive security, coming in and breaking everything. I started wondering about the other side: how do you protect systems? That’s when I transitioned to the defensive side. I first led an application security team, and now I serve as a director of information security.

What are the top cybersecurity threats today, and how is Acronis adapting?

Ransomware Attacks

Ransomware has become more sophisticated, targeting both large and small organizations. Attackers encrypt critical data and demand payment for its release. The rise of “double extortion” tactics, where attackers also threaten to leak sensitive data, has made this threat particularly severe.

At Acronis, we use our products to protect ourselves from these attacks.

Supply Chain Attacks

Cybercriminals increasingly target third-party vendors and suppliers to gain access to larger organizations. The SolarWinds attack is a notable example: Attackers compromised a widely used software update, leading to breaches across multiple industries.

We enforce strict development rules to ensure the security of our software. If developers want to use a third-party library mirrored in our local repository, they must first obtain explicit approval. Additionally, we collect and manage the Software Bill of Materials (SBOM) for all our products, giving us full visibility into the components we use. To further mitigate risks, we implement rigorous hardening measures, such as conducting our build processes in an isolated environment disconnected from the internet. This approach significantly reduces the potential for attacks related to third-party components.

It’s important to note that every vendor we work with undergoes a thorough security evaluation. Depending on the criticality of the partnership, we may conduct a penetration test using our team. Alternatively, we might request the vendor’s latest penetration test report or require them to conduct a new assessment if we determine that the previous one was insufficient. This rigorous process ensures that our vendors meet our stringent security standards and helps protect our organization from potential vulnerabilities introduced through third-party relationships.

Also Read: Markus Bauer’s Blueprint for Cyber Defense at Acronis

Phishing and Social Engineering

Despite awareness, phishing remains a top threat, with attackers using increasingly convincing tactics to trick employees into disclosing sensitive information or downloading malicious software. Spear phishing, where attacks are highly targeted, is particularly dangerous. 

It’s important to highlight that today, we have widely accessible technology for credential phishing-proof authentication called WebAuthN (passkeys). At Acronis, we’ve developed an in-house solution that requires all employees to use this form of authentication. Typically, it involves using a Touch ID, Face ID, or a PIN code before accessing internal resources.

Phishing and Social Engineering

Insider Threats

Whether malicious or accidental, insider threats continue to pose significant risks. Employees or contractors with access to sensitive data can cause substantial harm if they mishandle or intentionally misuse information.

Monitoring, restricting access rights, and limiting the duration of access are crucial steps in mitigating these threats. We reduce the risk of unauthorized actions by closely monitoring user activity and ensuring that employees only have the access they need for a limited time. Additionally, we’ve implemented a Zero Trust architecture, which assumes no user or device is automatically trusted, regardless of location within or outside the network. This approach ensures that every access request is thoroughly verified, helping to prevent potential security breaches and safeguarding our systems from internal and external threats.

Zero-Day Vulnerabilities

These are previously unknown vulnerabilities in software or hardware that attackers exploit before a patch is available. Organizations struggle to defend against such threats due to the lack of prior knowledge.

Combating zero-day vulnerabilities is a significant challenge in cybersecurity. The industry recognizes that strategies like hardening, sandboxing, and continuous monitoring effectively mitigate the risks associated with these types of attacks. Additionally, many researchers participating in bug bounty programs develop their zero-day exploits. Occasionally, these researchers discover and share new attack techniques, allowing us to implement protective measures before these vulnerabilities become widely known. This proactive approach helps us avoid emerging threats and reinforces our defenses against potential zero-day attacks.

Also Read: Sudhakar Ramakrishna on Innovation, Adaptation, and Future Vision

How does Acronis protect data and ensure compliance amidst growing data breaches and regulations?

Today’s robust security strategy revolves around three key pillars: zero trust, sandboxing, and continuous monitoring. Even in the event of a sophisticated attempt to attack, the primary objective is to detect anomalies quickly and initiate a thorough investigation. This makes monitoring every asset within the infrastructure crucial, ensuring no blind spots are left unchecked.

However, with the sheer volume of data generated by these assets, the challenge lies in filtering through vast amounts of information to identify correlated events that signal a potential incident. Advanced monitoring tools and analytics are essential to sifting through this data, connecting the dots, and providing real-time insights. By implementing a zero-trust model, we ensure that every access request is verified before being granted, while sandboxing allows us to isolate and safely analyze suspicious activity. Together, these strategies provide a layered defense system, allowing for early detection, containment, and mitigation of threats before they can cause widespread damage.

Compliance with regulations is becoming increasingly complex as governments and unions, like the European Union, impose stricter requirements on how companies store and process customer data. One key challenge is the growing demand to keep customer data within specific geographical borders, with any cross-border data transfers requiring explicit approval or notification, including for subprocessors. This can create a significant administrative burden, especially for companies operating in multiple regions.

Additionally, suppose your company is already compliant with well-known certifications. In that case, you will likely need to meet the standards of other certifications since many regulatory frameworks share overlapping requirements. 

At Acronis, we’ve established a dedicated Governance, Risk, and Compliance (GRC) unit. This team monitors regulatory changes worldwide and ensures that Acronis complies with all necessary certifications and legal obligations. By tracking updates proactively, we can adapt to new compliance requirements and maintain trust with our customers and partners.

How does Acronis handle cloud security in today’s cloud-centric world, and what measures have you implemented to protect these environments?

At Acronis, we intentionally maintain a level of separation between our data centers and the broader cloud-centric ecosystem. This means we rely on our hardware, servers, and networking devices in all our data centers, including the smaller ones we call CyberDCs. We operate these systems within highly isolated IT environments, continuously hardened using various security measures. One such measure is restricting access to these environments via hardware security keys like YubiKeys, ensuring that only authorized personnel can gain access.

We have developed our private cloud infrastructure by partnering with trusted companies worldwide. These partners provide the physical space at their sites, allowing us to deploy and manage our servers while retaining complete control over the hardware and network operations. This approach increases our security and resilience and ensures we maintain full infrastructure oversight, providing an added layer of trust and protection for our client’s data. 

Of course, we still rely on certain cloud-based solutions for day-to-day operations, such as Microsoft 365, Teams, and Outlook. These tools are essential for communication, collaboration, and organizational productivity. However, we keep these cloud services separate from our data center operations and research and development (R&D) activities.

By isolating critical infrastructure and R&D processes from these external cloud services, we maintain a higher level of control over our core systems. This separation ensures that the operational integrity of our data centers remains uncompromised and minimizes the risk of exposure to potential vulnerabilities in third-party cloud environments. This deliberate strategy helps us efficiently leverage cloud solutions while safeguarding our most sensitive and mission-critical operations.

We rely on an extensive suite of private-cloud tools, including build farms, source code repositories, Jira, Confluence, and other key platforms integral to our development and operational workflows. As mentioned, these tools are hosted within our infrastructure and safeguarded by our proprietary zero-trust security solution. This approach ensures that access to these resources is tightly controlled and continuously verified, following the “never trust, always verify” principle.

By keeping these essential tools within our environment, we maintain complete control over their security, reducing exposure to external threats. This setup also allows us to implement strict access policies, encryption protocols, and monitoring mechanisms that align with our stringent security standards. As a result, we can confidently manage our development processes and internal operations while minimizing potential risks, ensuring that sensitive data and intellectual property remain secure. This comprehensive security strategy is a key component of how we protect the integrity of our products and services throughout the entire development lifecycle. 

Also Read: How Data Drives Eco-Friendly Practices in Travel and Hospitality

How does Acronis handle incident response and recovery to ensure swift, effective responses to security breaches?

Protection against modern cyberattacks requires a comprehensive approach that includes technical measures, well-defined processes, and organizational strategies. Some of these elements were discussed in the previous section, but it’s also crucial to emphasize the importance of having a disaster recovery plan (DRP). This plan outlines the steps to take if a critical part of your environment goes down, ensuring the swift restoration of operations.

Equally important is the regular testing of this plan. With frequent tests, even the best-designed DRP might succeed when needed most. We regularly conduct Business Continuity Plan (BCP) exercises across our global offices to ensure its effectiveness. These drills help us evaluate our infrastructure’s connectivity and dependencies, allowing us to refine our disaster recovery strategies and ensure a smooth recovery process during a disruption.

Equally important is the regular testing

How crucial is collaboration with other security professionals, and what initiatives does Acronis participate in?

Collaboration with other security professionals and organizations is critical in staying ahead of threats. Cyber threats constantly evolve, and no single organization can address them all. Professionals can share threat intelligence, best practices, and innovative solutions to improve overall security posture by working together. Collaboration also enables quicker response times to emerging threats and more comprehensive defenses.

Acronis, as a leader in cyber protection, is involved in several initiatives that promote collaboration:

  1. Acronis Cyber Protection Operation Centres (CPOCs): These centers monitor and analyze cyber threats globally in real time. Acronis shares insights from these centers with partners and clients to inform them of emerging threats.
  2. Partnership with cybersecurity vendors: Acronis integrates various solutions to enhance businesses’ protection capabilities.
  3. Acronis Cyber Foundation: Through this foundation, Acronis educates professionals on cybersecurity, fostering collaboration and knowledge-sharing within the industry.
  4. Bug bounty and vulnerability disclosure programs: Acronis supports collaborative efforts to find and address vulnerabilities, engaging with researchers and ethical hackers.

These initiatives reflect Acronis’s commitment to building a strong, collaborative security community.

What key trends and challenges in information security are Acronis preparing for?

Looking ahead, several significant trends and challenges are shaping the field of information security, and companies like Acronis are taking strategic steps to prepare:

  1. Artificial Intelligence (AI) and Machine Learning (ML) in Cyber Attacks
  • Attackers increasingly use AI to create more sophisticated and automated attacks, such as AI-driven malware and deepfake-based phishing attacks.
  • Acronis incorporates AI and ML into its cyber protection solutions to proactively detect and counter such threats. Their AI-based threat detection and mitigation systems evolve in real time to adapt to new attack methods.
  1. Quantum Computing
  • As quantum computing advances, it threatens to break traditional encryption methods, making current cryptographic protocols vulnerable.
  • Acronis is researching quantum-resistant encryption and planning to integrate cutting-edge cryptographic methods to future-proof their solutions against quantum threats.
  1. Cloud Security and Multi-Cloud Environments
  • As businesses increasingly rely on multi-cloud environments, security risks grow due to cloud services’ complex and distributed nature.
  • Acronis provides unified protection across hybrid and multi-cloud infrastructures, ensuring data integrity, privacy, and compliance with integrated cloud-based security and backup solutions.
  1. Zero Trust and Evolving Trust Models
  • The shift from perimeter-based security to Zero-Trust models continues to be essential, but blind trust in external AI and cloud services is challenging this.
  • Acronis advocates for “Cyber Protection,” which integrates data protection with advanced cybersecurity. Acronis’ platform promotes a Zero Trust architecture by securing the entire digital workflow, from data centers to endpoints, with verification and multi-layered defenses.

More articles

Latest posts