Kaspersky Lab Chairman and CEO Eugene Kaspersky was in Boston last week to celebrate his company’s 10th anniversary in the US.
While there, he spoke to The Boston Globe about how he sees the land of the free as a huge opportunity for the business he co-founded with ex-wife Natalia Kasperskaya in 1997.
The former cryptography student sees business value in the rapid move to the Internet of Things as more and more devices add web connectivity to their feature sets.
While the proliferation of networked televisions, refrigerators, and smartphones offer new sales to manufacturers and arguably interesting new features to consumers, they also open up a whole new world of potential cyber ruination and privacy invasion for anyone unfortunate to be caught out by a poorly protected product.
During the interview with The Globe, Kaspersky echoed thoughts we often see expressed around the IT security community – that there is a growing awareness of security issues but individuals, corporations and countries are running scared, unable to fathom how to address their concerns.
The key problems, he said, were that countries had not developed effective strategies for dealing with the threats they faced and, where intelligence was available, they were reticent about sharing it with their neighbours.
In the business world, Kaspersky pointed to legislation as an additional potential stumbling block. While there are very good reasons why industries such as healthcare have tight privacy legislation in place the very same, he said, presents a challenge when it came to updating systems’ security.
The other concern in the corporate world, according to Kaspersky, is the lack of information security professionals being hired by the majority of companies.
Such an observation is hardly news of course. The industry has been highlighting the need for more expert security personnel for years but remedying the situation will not be easy. Even the largest of corporates are struggling to recruit, train and retain applicants of the required standard due to a global shortage of available talent – a situation that appears to be worsening rather than improving every year.
So what is the answer?
Conceding the fact that stopping cyber criminals was impossible, Kaspersky’s rather simplistic view, considering the recruitment challenges, is for firms to “make the hack more expensive than the possible damage”.
To achieve this, he said that security should be increased to make attacks harder to execute, more time-consuming and, ultimately, more expensive for the perpetrators to run.
While the largest firms can attract the best talent and medium sized businesses likely have the option of retaining the Russian Equation group-finding malware firm, the solution for smaller firms and individuals is harder to spot.
The days of being able to safely assume that malware, phishing attacks and targeted attacks were something that only the big boys had to worry about are long gone.
Even the smallest firms are breached and the costs can potentially be catastrophic, coming in the form of lost hours, clean-up costs, remediation and, in some jurisdictions, legislative penalties for data loss.
Kaspersky’s so-called Internet of Threats will not change things for the better. On the contrary, adding more internet-connected devices to the workplace will only increase the challenges and risks faced on a daily basis, especially in those organisations already struggling with their bring your own device (BYOD) policies and the further issues caused by employee adoption of ‘shadow IT’.
Home users won’t fare much better either – considering how we’ve already seen a refrigerated spam bot and all-seeing, all-hearing TVs – how long do you think it will be before your fitness tracker dictates your insurance policy costs and that shiny new watch shares less with you than with the company that designed it?
There certainly is opportunity in the Internet of Threats but the question is… who really stands to benefit?