Advertisement
08 February, 2016

The man on a mission to 'save the world' from cyber attacks

Individuals, companies and governments are all at risk from ever more advanced cyber threats.

Individuals, companies and governments are all at risk from ever more advanced cyber threats - Kaspersky Lab's chief executive Eugene Kaspersky tells Dean Carroll in interview
First of all, let's talk about privacy. Is it an outdated concept in today's digital society; something that we all just have to give up in order to get the full benefits of new technology?

"In short, there is no privacy - it is limited even with encryption and a paranoid approach to life. The reality in the cyber age is that most of our data is digital on computers, smartphones, notebooks and on cloud services. So there is a high risk that this data will be disclosed or leaked. The more services we have and the more technology we use, the less and less privacy. we have. More data is collected and more is released.

"This loss of privacy is like a new taxation. It is possible to be 100 per cent private in the modern age but you can't use a mobile phone, credit card or car. You can't travel and you would have to live somewhere like Siberia or the desert to do it. That's the reality."

You have warned previously about the huge impact of cyber-attacks on critical infrastructure in the future - what's the worse case scenario we might experience further down the line?

"There have already been incidents that were close to cyber-terrorism or cyber-war. The attack on Saudi Aramco being an example. For two weeks, the company was paralysed. We are very vulnerable.

"We depend on technology, you cannot now get back to the time when the humans were solely responsible for managing everything. Computers make fewer mistakes than Homo sapiens. Most catastrophes in history were down to human mistakes. Computers are faster than us humans and they consume less power. They don't sleep, they have no vacations and no holidays - and they are less expensive.

Advertisement

"Computers made the world faster and better but at the same time they are vulnerable. We fixed many of the old problems through computers but now we have a new set of problems. The worst-case scenario is if the bad guys attack these vulnerabilities or there are mistakes leading to serious problems with our critical infrastructure."

Do you think there are any major threats to the big events planned for the Middle East in the years ahead - for example, Expo 2020 in Dubai and the Qatar football world cup in 2022? 

"There are both global threats and regional threats. Globally, it is really about energy in the form of power plants and grids. If there is no power, then nothing else works in whatever country you are in - it's a problem for any nation. Then of course, you have major critical areas that could be attacked such as financial services and transportation.

"In this region, there is a dependence on the oil and gas sector. You also produce aluminium here through local systems and there are desalination plants to provide fresh water. Attacks on these systems would be very painful for the economy and damaging for national security."

In relation to the Middle East, social media platforms like Twitter and the whistleblowing organisation WikiLeaks were in effect the trigger for the Arab Spring. Given that the region is now in deeper conflict than before, is a globally digitised society really a good thing for humanity?

"I believe the digital society is a good thing but it must be designed and supervised in a better way. I'm afraid it must be regulated. There are many internet freedom activists out there but total freedom is anarchy. It doesn't work because there are so many negative scenarios relating to cyber-crime, terrorism and social media being used to manipulate people, and even recruit terrorists. I think nations will be forced to introduce new regulations on social media, for example, in the future.

"I don't know if we need some sort of global treaty on the internet. I'm not even sure I'm right because it is such a complicated issue. Perhaps your private area where you communicate with your friends and check the news etc. should be free, a place where you can do anything you want without any identification as long as it's legal. But then there are critical areas like financial services, transportation and government services where you must identify yourself with some kind of digital ID. Don't ask me for the details. All I know is that 100 per cent freedom is dangerous."

Edward Snowden - hero or traitor?

"He is both. Perhaps I am too conservative but if you sign a contract with a company and you then violate it by disclosing confidential or top-secret information, you are a traitor. It doesn't matter if it's for the public good. However, he is a hero for the internet freedom activists who want no government controls at all. That much is true. But at the same time, thanks to Mr Snowden maybe, now all the criminals and terrorists know that they must encrypt the connection - as we saw from the recent attacks in Paris."

So Julian Assange and groups like Anonymous - you see them as traitors too?

"It's not as black and white as that. There are many colours in between. I don't want to say they are completely wrong and that I completely disagree with them. Perhaps they did something positive too. I don't respect leaks but some of this behaviour, in relation to Julian Assange, has been a form of journalism.

"With things like PRISM where people's data is being monitored, it's very hard to say whether it's good or bad. Watching the people without them knowing appears to be a bad thing but at the same time how many terrorist attacks and how many crimes were stopped based on this information? The data is very useful for governments looking to find the bad guys."

Your fortune is estimated to be $1bn and yet you've said previously your plan is not to earn money but to 'save the world'. With that in mind, what do you plan to do with it both during your lifetime and after you are gone?

"We are, indeed, reinvesting money in the company to develop security systems to save the world; that is the main aim for me in life. We have to protect the critical infrastructure in terms of the industrial systems, transportation and telecommunications. We are partnering with companies and governments, as they are starting to understand the seriousness of the threats more and more. There are three major shareholders in the company and we don't actually accumulate cash. We don't have expensive property. My watch cost me 50 bucks."

How is business for Kaspersky Lab?

"It is going well. We are growing and taking more of the market share as well as introducing new products and services. The nature of our business is to protect people from bad guys, from cyber
attacks. Unfortunately, the number of attacks is growing and they are becoming ever more complicated.

"There are many new players and some of them are becoming even more professional. They are targeting new types of victims. In the past, it was just banks and small companies. Now it is bank systems and whole enterprises. These mercenaries are professional enough to attack even the most well-protected networks."

Why is Kaspersky Lab better than the competitor anti-virus firms, if that is indeed the case?

"We were focused on the technology and developing the world's best anti-virus from the very beginning in the early 1990s, when there were only three of us. At that time, I didn't even have the money for a car. Also, Russian software engineers are the best.

"In addition, the company is private so we don't need to make investors happy - meaning there is a flexible and innovative culture here. We don't have any plans for an IPO so we can do anything we want. It means I collect professionals and design a comfortable environment for them to work in by establishing a creative atmosphere where they feel motivated. In some countries, we have free lunches at our offices as well as a gym, table tennis and things like that."

Who is creating all of this malware, where and why?

"There are different types of actors. Most attacks are generated by mid-level criminals who are not highly experienced. It is very hard to prove the nations that are responsible here but the most spoken languages in this type of low-level cyber-crime are Chinese, Spanish, Portuguese, Russian and English.

"But at the same time, we are seeing more and more professional gangs. Most of them are Russian-speaking. The Russian technical education is probably still the best and Russian software engineers are definitely still the best because there is a big focus on research and development. The other side of the coin is that the Russian cyber criminals are still the best as well.

"Then you have the more traditional criminal gangs, which are also coming to cyberspace now. The traditional gangs are starting to employ hackers, who carry out attacks on request, to help them. They attack industrial systems like transportation. For example, the Latin American drug cartels that move cocaine to Europe hacked the automatic computer system to unload shipping containers at the port of Antwerp - in a case reported by Europol. This is an example of traditional crime coming to cyberspace.

"It can happen with everything from coal mines and hotels to petrol stations and ports because all run on computer systems. With the 'Internet of Things' where all of these computers are connected you are looking at planes, smart homes, self-driving cars and so on. I expect the next devices to be hacked will be the smart television, the smart home and the smart car. They will be hijacked for ransom. The hackers will lock a smart TV, for example, and then ask for money to unlock it. It's a logical progression as traditional crime merges with cyber crime and a new technological mafia develops to blackmail the world."

Why is software generally so vulnerable to cyber attacks?

"If you invest too much in security, your product is more expensive and it's late to the market. Everyone is in a rush to develop faster and faster, cheaper and cheaper. People only think about security later on in the process or after an attack. Because of that, many systems are vulnerable."

Do all the global powers now have cyber-war divisions, in your opinion?

"I'm afraid they do, yes. It's scary because cyber weapons can really destroy the world. The cyber weapons can replicate and infect hundreds of thousands of systems across the globe. Then there is a risk that bad guys will copy-paste
the technology.

"Traditional weapons like nuclear are different in terms of being deterrents that can be demonstrated before use. With a cyber weapon, you can use it only once and then it is very hard to control it. The anti-nuclear treaty can control what is going on within the weaponised nations. With cyber, this is impossible.

"It's very different. I just hope the states never use cyber weapons because it could backfire badly and result in terrible unpredictable damage caused by terrorists or criminal gangs."

What involvement, if any, do you and your company have with the Russian government and security services?

"We are working with governments in many nations - in Europe, in Asia, in the Middle East, in Russia. We are very good friends with the cyber police and the agencies responsible for cyber security. But we stay away from the intelligence services and the espionage agencies; we keep our distance from them and from the politicians. We are a security company so we must stay independent and neutral. It is not possible to be linked to any political party, for instance. It would be a conflict of interest."

How will your company diversify in the future, if at all?

"Yes, we are looking to diversify but it will be in relation to cyber security. We are now looking for new technologies and new ideas, investing in projects and working with start-ups. We are developing a venture capitalist arm and that is coming soon but it will stay close to cyber security. But security is a wide umbrella ranging from the consumer to the power plant, from the security audit to forensic services."

Finally, what type of CEO are you and how would you describe your management style? The tech sector does seem to be dominated by company leaders who model themselves on Steve Jobs - in other words, talented but intolerant personalities.

"Steve Jobs was a great innovator. My style is different. I am sceptical about the Apple way. My management style is no micromanagement at all. I look for the right people and once they prove themselves I let them do anything they want. They don't need to call me for the daily business management decisions.

"And it's a friendly environment, we respect each other. I do my best to ensure the management team and the employees are close to each other, we are friends. I think it's closer to the Richard Branson approach, rather than Steve Jobs. Bill Gates is also another hero of mine because he made a whole ecosystem and a company that is very friendly and open towards its business partners. The Apple system is, in contrast, very closed."

© Gulf Business 2016