Michal Salat joined Avast in 2010 as a Malware Analyst and is now Avast’s Threat Intelligence Director, leading a team of more than 10 Threat Labs experts. His team’s main focus is identification and analysis of new malware strains and threats targeting Avast users.
Prior to working at Avast, Michal Salat worked as a programmer and network administrator. He holds a Master degree in System Programming from the Czech Technical University in Prague, CZ and has also studied Computer Science on Texas Tech University in Lubbock, U.S.
Here are the excerpts of the interview.
How do you view the accelerated pace of digital transformation drives organizations are embarking on amid the COVID-19 crisis?
Many businesses were pursuing or already completed their digital transformation programs well prior to COVID-19, however the pandemic has literally catapulted organizations of all sizes into the future practically overnight, causing a little bit of revolution in a process that was perceived as evolutionary. What was a long-time trend has become an urgent priority. Technology is of course a crucial tool to change the world of work as we all try to adjust to protecting ourselves, and companies that can are rushing to prepare for extended periods of work from home.
That being said, the digital transformations should be comprehensive, focused on value creation, and not predominantly focused on technology for the sake of it or unnecessarily constrained by existing processes and offerings. Organizations should reconceive themselves to combine human potential with machine learning and in implementing new ways of working they need to focus both on the employee side and the technology side.
This broad, rapid and forced adoption of remote working brings many potential security issues and companies need to take now and review the settings and tools they have adopted to make sure everything is set up properly and close security gaps.
Do you think it's time to think differently and work on a new tech infrastructure that will help organizations recover after COVID-19 especially from a security point of view?
We have been advising companies to adopt security measures like deploying business-grade security solutions on their employees’ devices, and control them via the company’s IT department. We also suggested businesses should provide employees with adequate and security-compliant equipment for video conferencing, file sharing, and enterprise-grade team collaboration platforms, such as GSuite or Office 365. We also recommended businesses to provide employees with VPN connections they can use to protect their communications, and to access internal services and tools without making them available directly from the Internet thus reducing potential attack surface. Companies were pretty much forced to take on such measures as they rapidly had to send their employees to the home office, and we hope that they will maintain them following the crisis.
What's the future of remote working? How do you see the role of technologies in making flexible and remote work easier for both employers and employees?
Take Twitter as an example - they now offer their employees to permanently work from home. I believe that the crisis has shown many companies that work from the home office can run smoothly, and can even be beneficial. For example, in the fight for talent many companies in Europe or the U.S. struggle to find people locally to join their development teams. Allowing people to work permanently from home and adapting processes to make it effective opens previously unavailable job markets. Strong and secure technology is the basis for all of this of course, and collaboration tools like Zoom, Microsoft Teams, or Slack can facilitate team work across different regions. Embedding them all in a secure environment of course will be key.
How do you see the security implications of the post-COVID world because data will no longer be confined to corporate offices? What kind of security issues are organizations facing?
The forced digital transformation brings some substantial challenges for IT and security managers. According to our recent research in the UK security support was found to be an issue for remote workers. With only 26 percent of workers having access to designated IT support provided by their employer, the research points to the majority of employees being left to navigate security's rocky terrain on their own with little or none guidance how to use videoconferencing or keep their devices secure.
While countries around the world have tentatively begun easing lockdown restrictions, ensuring workers can securely work remotely will remain crucial. Even when the lockdown starts coming to an end, there's a high chance that increased remote working becomes the new normal for a long time.
Companies whose employees are working remotely should prepare for the worst as they must assume everyone is connecting in an Internet cesspool and they are accessing important corporate assets. This means that they need the appropriate protection, security, and tools to get their jobs done.
And of course there are also the cyber threats because the cyber criminals don’t seem to shy away from attacking just because there is a global crisis going on. Among the many targeted institutions, hospitals are especially sensitive right now, as we have seen recently, when Brno University Hospital in the Czech Republic was hit by a ransomware attack, and we helped to analyze the threat. As home office work can make businesses more vulnerable, the similar situation applies across different industries and organizations, too. Some businesses had to close their facilities for some time, namely shops, restaurants, some production companies, and educational institutions. These already have financial issues and additional harm done by threats like ransomware would be even more painful. Educational institutions are also now relying more than ever on their IT to provide students with learning materials or even to facilitate video conferencing, to give lessons, so attacking them can affect even more people.
This is also the time all business leaders, CHROs, CIO/CTOs should work together. What's your take on how they should collaborate and work together to make sure they take the right decisions?
A holistic approach to leadership is extremely important. Business leaders have always had to balance the immediate short-term needs of the business with the long-term strategies and vision. This is especially true as companies recover from the COVID-19 pandemic. Leadership teams need to cooperate to formulate return-to-normal plans and adjust workforce processes for the operations recovery in short to medium-term periods while also discerning what longer term impacts the pandemic will have overall.
We have been advising companies to adopt security measures like deploying business-grade security solutions on their employees' devices, and control them via the company's IT department