While cybercrime has never been more prolific or pervasive, one of the grand old men of cyber security, Eugene Kaspersky tells us how it is far from the end of the story while his expert security team says we all need to change our way of thinging if we are to tackle cyber security.
Eugene Kaspersky certainly cuts an imposing figure sitting around a table, surrounded by his global cyber security team. If he had chosen a different path and was involved in the criminal underworld, he would be Don Kaspersky, with his generals around him handing on his every word.
Luckily for us, but unluckily for the criminal underworld, he has chosen to follow a righteous path and for the past 25 years has been fighting at the coal face of cybercrime.
As well as developing products to help people protect their digital life, Kaspersky is also working with international policing organisations and governments including Interpol and UN to help fight cyber criminals, or as Kaspersky simply himself puts it: "Saving the World."
IBTimes UK spoke to Kaspersky and his team of global security experts at the Info Security conference in London recently.
"It is like living in a detective story. We don't need to read these books because we live there," Kaspersky said when asked if this was a good time to be in the cyber security industry. He believes that it is more complicated now that at any other time in history, but it is going to get even more complicated.
Hooligans, vandals, kids
Kaspersky has been in the business a long time and when speaking about the hackers who were around when he began his business at the end of the 1980s, he describes them as "hooligans, vandals, kids."
It was a decade ago that he began to see the rise of cybercrime, where hackers began to attack the system for financial benefit.
Now he says that cybercrime has moved on to such an extent he believes that most governments are engaged in developing some form of spyware. "I am pretty sure that governments develop espionage," he said.
The situation now is much more complicated, but it is not the end of the story. "In ten years' time we will remember [the] present time as 'OK, that was easy.'"
Cybercrime is a multi-billion pound industry and some of the malware and viruses being created by these criminal gangs is among some of the most sophisticated software being developed anywhere in the world. This means that that these gangs are willing to pay serious money to software engineers who can create these programs.
Kaspersky is proud of his "collection" of cyber security experts who are located in dozens of countires around the globe, but we asked him if he felt some of the industry's top minds may be swayed to the dark side by the lure of large piles of cash. In response, Kas[persky says that there are three categories of people.
The first are people who find a wallet on the street and immediately hand it into the police, the second are people who find a wallet on the street and put it in their pockets, while the final category is people who see a wallet in other people's pocket and decide to steal it. He believes the final category are the people who will work for the criminal underworld, saying "it is a question of education, their family, maybe even the stars." He thinks money may corrupt people who belong to the second category, but he like to "collect from the first category."
Kaspersky also says that cyber criminals are very different from traditional criminals because at the first sign of a police raid, they will break down and begin cooperating immediately with the authorities. He points to the case of Hector Monsegur, aka Sabu, one of the most prominent members of Anonymous, who it was revealed had been informing on his Andonymous colleagues to the FBI for the six months.
David Jacoby, Senior Security Researcher with Kaspersky, last year carried out a year-long survey about cyber security and how companies are dealing with. He found that companies on a whole were trying to protect against everything at once rather than protecting themselves against specific threats.
He pointed out that every ten years or so there is a major security breach and that no matter what happens, something similar will happen in ten years' time. "I won't say that we are learning nothing from our previous experiences, but something is going on and I think we are focusing on the wrong things today. People are focusing too much on future threats."
He points to the last years attack on Sony's network which utilised a simple SQL Injection technique to steal the usernames, passwords, addresses and bank accounts.
Cyber security is like house work
When asked if they felt the security industry was winning against the cyber criminals, David Emm, Senior Regional Researcher UK for Kaspersky, compared their efforts to house work: "It's like house work. You do it this week, and you know you have to do it again next week, but you can't not do it, even though you know you'll have to do it again next week."
Jacoby believes the "state of mind" of the customer is vital to changing the way cyber security works. He believes that people wilfully circumvent the anti-virus software installed on their computer just so they can download a certain program.
One of the reasons why this is an on-going issue, is that there is no deterrent in place for someone who breaks the rules. In a enterprise environment, it is the IT manager who is blamed if something goes wrong, even though the end user was the one who installed the rogue program.
When speaking about the trend of consumerisation or bring-your-own-device (BYOD) where employees are being allowed to bring their own smartphones and tablets to use at work, Jacoby believes this does not represent as much of a threat as some believe, simply because people will protect their personal devices more.
"The phone or tablet they got from their company, they see that as a very personal [device], the PC or laptop, not so much. I will make sure that I always have this [phone or laptop] on me. I will make sure that no one can tamper with it," Jacoby said.
"I think we're coming into an era where the mindset of security is very important, not just technology, because we can solve and we have solved a lot of things with technology."
Emms likens the situation to the introduction of the seatbelt. He said that it took nearly a generation for the wearing of a seatbelt to become the norm and he suspects a similar length of time will be needed before we see people taking the correct attitude towards cyber-security.
In a bid to solve this issue and get people thinking in the right way about security, Kaspersky sends its experts around the world to speak to companies, universities, primary and secondary schools as well as governments.
While Kaspersky has been battling cyber crime for the past 25 years, he has lost none of his passion for the job and will continue trying to save the world one PC at a time.