It seems that nothing can stop the onslaught of cybercrime, which continues to grow and expand into new markets month after month and year after year.
As cybercrime becomes more formalised, the cyber-security industry has to constantly innovate to stay on top of their game.
Kathy Gibson spoke to Eugene Kaspersky, founder and CEO of Kaspersky and one of the best-known players in the cybersecurity market, about the state of the market and his vision of an unhackable future
Could you briefly outline the current state of the global cybersecurity space?
Cybercrime is still on the rise – every day we collect more than 350 000 unique malicious signatures that we have never seen before.
Technically speaking, it is not a big problem to collect and analyse this data, and we have the antidotes to protect customers.
But there are hundreds of thousands of criminal hackers, with engineers behind them. The problem is that many of the junior cybercriminals are learning their market and then joining the professional hacking groups that can hack the biggest organisations.
That didn’t happen 10 years ago. You used to see junior hackers and state-sponsored hackers but about five years ago, groups like Karbanak came on to the scene. This was the first highly professional cybergang, but now there are dozens of them.
And they are mercenaries
This is the next problem: because they are professional hackers, they can hack just about anything and they are employed to attack everything – not just organisations but infrastructure as well.
Today we are seeing random attacks on infrastructure, but I think the next step will be targeted attacks. These will be unpredictable and will cause massive damage.
What impact has the Covid-19 pandemic had?
It has accelerated the opportunities for the bad guys.
They are used to working from home, so they didn’t have to adapt to a move from the office – there has been no disruption for them.
And they have had more opportunities. With people staying at home, they are spending more time online.
And many enterprises have lacked the resources or the abilities to protect their people at home, so hackers have used the opportunity to check enterprise networks through employees’ home computers.
To protect employees you need reliable security solutions: a VPN connection to the office network, and at least two factor authentication. And you need to let the IT staff also manage employees’ home computers.
We are a cyber security company so we know how to do this. But not many companies do.
So the pandemic has also presented a new opportunity for the cyber security market as the demand for cybersecurity as a service takes off.
Security management is no longer about just the end points on the office network, but a distributed networking that includes home computers and smartphones.
So attacks are still on the rise and during the bad times they have been even more active.
Some interesting pictures have emerged.
In April we saw a 20% to 25% increase in global attacks. But in South Africa, in April there was a 10-times increase in web attacks.
I don’t know why this was, but the cybercriminals were so active that the network attack notifications were beeping 10-times more than before.
Then, in May, there was a reduction in attacks. I don’t know: maybe they celebrated Workers Day. Or they had do many victims in April, and made so much cash, they took time off to spend it.
In June, July and August, it went to 20% to 25% increases – so still very active, but not as high as in April.
When we talk about risk and the threats out there, we measure and protect against attacks and breaches, but what can be done about the more subtle risks like fake news, behavioural manipulation or algorithmic marketing?
Our area of expertise is malicious machine code, although spam is also easy to recognise; and there are ways to recognise wrong data.
But when it comes to the information wars, there are no technical ways to solve it.
I think the only way we have to address this problem is international co-operation, and agreements to assist each other to locate who is behind the attacks.
This is the same as in the pre-Internet times, when the information wars were via radio and other media.
Now it is much easier, you click and you are there. It costs zero, and it is very effective.
But I don’t see any technical ways of how to fix the problem. And don’t say artificial intelligence (AI) is the solution, because that isn’t true. Maybe AI could be a solution in 100 years or 200 years from now.
In a related area, what are the global trends in terms of things like cyberespionage and cyber warfare? We talk about cyberspace being the battleground of the future, but is it already playing out?
Cyber-espionage and cyber warfare are different things.
I still don’t believe there is cyber war between states. It is a boomerang, and it is very easy for any attack to come back in your face – the other side can simply employ hackers to counter your hackers.
I don’t believe any states are prepared to really use cyber weapons, to start a cyber war, because they would be hit back by the victim.
Yes, there may be attacks by people not under government control, that is possible. But not real war: it is not possible and would be suicide.
There could be unknown powers that are employing hackers and building cyber arsenals – that is possible.
In terms of espionage, this isn’t the same as cyber weapons and there are many sources of cyber espionage.
Right now we observe about 200 highly professional hacking groups and most of them – as much as 90% of them – we are sure are engaged in espionage.
The behaviour of these espionage groups indicates that they could be states or employed by states, but attribution is very tricky in cyber space.
I don’t want to mention countries, but the most active attacks we see are from groups that speak native English and operate from an Atlantic time zone – and I don’t think it’s the Bahamas; groups that speak native Russian with a Eastern European time zone; and groups that speak simplified Chinese.
We know they speak these languages because sometimes you can see text streams and recognise the patterns of language. Sometimes you even see human names in the code. Based on these clues we can see the language they speak and we can see the time zones they operate in.
Apart from these three main groups, we see many other languages: Spanish from Spain and Latin America; French; Arabic; German; Korean; and broken English.
Just about everyone is on this bandwagon, because many nations have realised that cyber tools are very effective attain information.
I guess we are one of the best companies to stop this. For us, it is just malicious code that we analyse and add protection to prevent.
How have all these trends been exacerbated by the unique events of 2020?
I can’t speak for the whole world, but in the cybersecurity market, I guess we have been much less damaged than other industries.
There is a big demand on cyber security. It has almost become the fifth element: what people really need isoxygen, water, food, entertainment and security. So it is on the must-have list.
During the lockdowns, offices and supermarkets were empty but security was still there, and the same is true for cybersecurity.
I suspect there are going to be two vectors: some customers won’t be able to pay for security, so we will lose them as customers. But others will increase their spending.
The first half of the year was positive for us. There isn’t double-digit growth but there is growth.
We are seeing a number of countries recovering now, so I am optimistic.
In Russia, the first vaccines will be available by the end of the year, so the pandemic may be over soon.
How much time will it take the economy to recover? Probably about as long as the pandemic.
This is not the first time our civilization is facing this kind of situation. I think we will get back to usual at some state and the world will be back to the same. Expect for one thing: the world has learned to work online.
But people also need face to face contact and when we get back to normal I think we will also get back to physical meetings, conferences and exhibitions.
As companies start planning for 2021, what can they look forward to?
We haven’t changed our plans, and are looking forward to new solutions.
The new challenge is industrial security and industrial immunity, which has been accelerate by Covid times.
We are seeing more demand from the industrial sector looking for more than just automated production. They want to have engineers with remote access to the systems to manage them remotely.
Then the industrial sector needs more data to feed machine learning, predict technical issues and predict quality of production, so they need to collect data and send it to the data centre, which wasn’t an issue before.
So there is more demand for industrial security.
It is not possible secure the Internet of Things (IoT) effectively since these devices are designed to be updated.
So we have developed an immutable platform to guarantee that these devices are unhackable.
The industry needs to have devices that are flexible, that can be updated and have functionality uploaded. But at the same time they want to make it secure. It needs to flexible and unhackable at the same time.
The platform is designed for devices with limited functionality, that don’t need to be upgrade or changed. You cannot inject malicious code into these devices.
Kaspersky’s immunity platform offers flexibility as well as immunity for these devices.
This is one of our main focuses right now. As a company we are in the consumer security and office security markets; now we are in industrial security and moving to immunity for IoT.
This is not a product, but a tool. We are working with partner companies to develop the tools on this platform, like network equipment, security cameras, industrial gateways and more.
Our goal is to provide immunity solutions for every cyber device including computers and smartphones.
The cyber world is changing. In the past it was computers, then smartphones, now there are cyber systems on the Internet.
Our company mission is to save the cyber world and build the new cyber future. This embraces not just cyber security but physical systems as well.
The population of IoT devices is bigger than the population of homo sapiens – and that was five years ago.
The immunity platform is not ready for multi-functional systems yet, but it is ready for IoT and industrial systems that perform simple functions.