Growing up, spy thrillers were among my favorite movies. There was Sean Connery as the sophisticated James Bond, in classics like Goldfinger and later, Roger Moore in The Spy Who Loved Me. Then, fast-forward 30 years to a new breed of spy with the unassuming Jason Bourne of the Bourne Trilogy. Although unique in their styles, all the characters exemplified grace under pressure and an uncanny intuition of knowing when they were being watched and how to slip detection. So imagine how my interest was piqued when I was invited to St. Petersburg, Russia for the Kaspersky Labs Global Partner Conference.
With foreign “meddling” dominating the news, the thought of visiting any place known for hackers and cyber-criminals was exciting and an excellent opportunity to test my skills and knowledge in data and network security.
Pre-Event: Exploring My Inner ‘Agent’
In preparation for my trip, I came across a Reuters article entitled, Exclusive: U.S. counterspy warns World Cup travelers' devices could be hacked. It warned U.S. citizens traveling to Russia to avoid carrying electronic devices or risk being hacked by private and government-sponsored hackers. The article cited an FBI agent stating that even the most ‘insignificant’ people are targeted. Immediately, my innermost Walter Mitty emerged, as I harkened back to the original Mission: Impossible television series, and that anonymous—yet distinctly recognizable—voice on the tape: “Your mission Alex, should you choose to accept it…”
This trip was going to be an interesting experience.
Traveling ‘Light’ to Mitigate Risk
As the trip drew near, I considered what I could and couldn’t travel without. Rule number one: Don’t go anywhere without my laptop and phone, especially to a technology conference. So I quietly considered what Jason Bourne would do. Then, the answer came to me: “burners!” ‘Burner’ devices are minimalist electronics that can be erased or destroyed when finished using. So I obtained a loaner laptop and loaded it up with minimal files and email, encrypted the hard drive and disabled all external ports; including Wi-Fi and Bluetooth. Upon returning from the trip, I reversed the process re-enabling all the ports and resetting the laptop to its initial settings. Not worrying about being infected with malware while there was a relief.
My next concern was my phone. I needed data and voice connectivity while away, but I was concerned that turning on my Bluetooth and Wi-Fi would make me an easy target for malware. I decided to use my older iPhone, which had a bad charging port. I planned to upgrade but was waiting until I got back. This trip was going to be the phone’s last, so it officially became my other ‘burner’ device. I backed up iTunes, removed all apps except the necessary ones, disabled Bluetooth and Wi-Fi, and removed most of my contacts. I also installed a VPN client for safe Wi-Fi access for email and installed WhatsApp to communicate with my family back home. While there I kept my Wi-Fi off 95 percent of the time, knowing that the Russian government monitors all cellular traffic.
All appeared to work well while there. I was able to communicate with family, check my email and conduct my business duties unimpeded, all from the safety of my laptop and phone.
Post Event: What’s Next for Kaspersky?
The conference was great and Kaspersky did an excellent job hosting. Over two days, we learned about their various security solutions. For the small- and medium-sized business (SMB) market, Kaspersky continues to innovate with their Small Office Security solution, expanding cloud management capabilities, as well as mobile device management. For mid-size customers, we learned about Kaspersky’s Endpoint Security Cloud, which allows companies to manage extensive networks of endpoint security agents from a cloud console. The solution also works well for Managed Service Providers (MSPs) who manage endpoints for multiple clients. Threat Management and Defense is Kaspersky’s offering for enterprise customers. It can collect digital forensics during an attack, analyze them and assist in incident response actions. While there, I learned about Kaspersky’s industrial cybersecurity solutions, which focus on protecting SCADA-controlled devices that power factories, water treatment plants, nuclear power plants and hosts of other industrial facilities. I believe that Kaspersky is on the leading edge of securing industrial systems.
Because of geopolitical concerns, the U.S. Government has banned the use of Kaspersky software in the DoD (Department of Defense). As a result, Kaspersky continues to struggle in the North American market. In hopes of changes in the sanctions and easing tensions between the east and west, Kaspersky has announced the launch of Transparency Centers in Switzerland, with centers later planned for Asia-Pacific and North America. The Switzerland Transparency Center will allow trusted partners to review their source code, before it is compiled onsite. This center will also be the destination for data collected by Kaspersky endpoint software in regions such as North America, so the data can be sandboxed and processed for threats, and no longer sent to Moscow. I believe they understand the concerns of their customers and are attempting to address them.As I found out, always wondering if someone is watching you or trying to hack your devices is very tiresome. However, in preparing for this trip, I gained some valuable insight about data privacy, encryption and device security, so it was completely worth it. Given all of the news of Russia in the media, I understand the concern over using a Russian cybersecurity company. However, Kaspersky has been among the industry’s top-rated security companies for over 20 years; it would be unfortunate to forego access to their technology and threat intelligence feeds used by governments all around the world. In the meantime, Tech Data will continue to grow its partnership with Kaspersky Labs, so should you need assistance with quoting, architecture or other sales topics, please reach out to the Tech Data Kaspersky team at firstname.lastname@example.org – our team will be glad to assist you. For other security-related questions, contact the Tech Data Security Services team at email@example.com.