Kaspersky boss debunks security myths

Russian antivirus guru Eugene Kaspersky has hit out at some of the myths that cloud what he sees as the real issues facing the IT security industry.

Speaking in Moscow, the head of Kaspersky Lab said companies' own agendas and some well-worn stereotypes about cybercrime stand in the way of reasoned discussion. He also criticized those who put too much faith in statistics which, taken out of context, are often dangerously misleading.

For example, figures for the past year released recently by Computer Economics show the effect of cybercrime has diminished.

But Kaspersky said: "These stats are not complete. This is often just damage to IT infrastructure, not the actual costs."

If the overall economic impact has gone down, it's not because the threat has diminished but because the hackers have become smarter and no longer seek to cause damage in the pursuit of more serious gains--such as data or identity theft and corporate espionage, Kaspersky said.

"Hackers now want systems which work," he said. "They want to use these systems, and there are instances now when corporate networks are badly impacted but they still work and there is no damage."

To say that kind of attack therefore has no economic value is highly dangerous, said Kaspersky, given the unquantifiable impact that data loss could have on a business.

Another issue close to his heart, which Kaspersky said needs to be addressed, is the idea that cybercrime is predominantly a Russian issue. "There has been this stereotype thanks to the American press," said Kaspersky, who believes such notions have held back the fight against malicious software and hackers.

Kaspersky said the data he sees suggests there is more malicious code coming out of China and Latin America than Russia and that he finds it disappointing to see Russia the subject of so many negative headlines.

He added: "Of course, in some countries there are areas of specialization. In America for example, we see a lot of adware. That is almost entirely an American problem. Backdoors seem to be coming out of China a great deal, and from Russia we see a lot of Trojans and proxy servers. But this is a global problem."

Kaspersky said other areas of the security industry that have seen a great deal of hype--such as the threat of mobile phone viruses--may represent a more credible threat this year as more people upgrade to smart phones. Kaspersky believes hackers will become increasingly interested as such phones proliferate.

"When they get cheap enough, smart phones will become a problem," he said. "It will happen sooner or later."

Will Sturgeon of Silicon.com reported from London.

[fscavo]

Feedback from Computer Economics

Unfortunately, Kaspersky misrepresents our analysis. Yes, we did indicate that total 2005 economic impact from malware dropped from the 2004 numbers, but we also said that the changing nature of attacks--which Kaspersky highlights--might be causing damages to be underreported.

At http://www.computereconomics.com/article.cfm?id=1090 we wrote...

Furthermore, as the nature of malware attacks changes to covert attacks for financial gain, organizations that are specifically targeted are becoming less willing to disclose such incidents. This may be leading to an under-reporting of the category of "loss of business revenue."

Our position, actually, is very close to what Kaspersky outlines in this article.

Frank Scavo
President
Computer Economics

[Mister C]

Like any good virus!

The ultimate goal is to become symbiotic with the host not to destroy it.