Eugene Kaspersky on shifting security, spying and geopolitics

Eugene Kaspersky

The security industry draws some interesting characters well highlighted by every speaker at Kaspersky's Security Analyst Summit happily downing the shot of whiskey handed to them after their presentation.

Founder Eugene Kaspersky is no different he's no John McAfee, but drama and controversy still surrounds the Russian CEO. He's been accused of ties to the KGB (which he's strenuously denied), his son was kidnapped for ransom after he was declared one of Russia's richest men, and reports claim emails show he threatened to "rub out" rival firm AVG using fake samples.

In person, Kaspersky is perfectly affable, happily answering our questions whether individuals really need antivirus, if Bring Your Own Device (BYOD) was a bad move for corporate security, where the company stands on government snooping, and what the tension between Russia and the UK means for his business.

Has security moved away from individuals, and more towards institutions such as from banking customers to the banks themselves?

It's been moving that way for many years now. The criminals were attacking the individuals only ten years ago, and then they were shifting to small businesses and big businesses, and now to the enterprise and financial services. They've become much more professional What does it mean for individuals? When your bank is attacked, who pays? [We suggested they do.] Who pays for your bank it's your country, your company.

Years ago I was asked: so if your computer is infected and they don't steal the data, they just use your computer to send spam. Who pays for that? Do you not pay for it? You pay for it, because you pay for the internet connection. When they need to improve infrastructure [because it's overloaded by spam], who pays for that? Every attack, we all pay for.

Is BYOD a bad idea for companies, given individuals and consumer level equipment might be less well protected?

It's much more complicated. In the past, it was much more simple: you had your home computer, and you had your office computer, your home security and your business security. Now forget about home security the devices are everywhere and in many cases are connected to business.Nothing's going to stop it because it [BYOD] is an accelerator for business. If your company doesn't use these technologies, there's disadvantages to your employees and you lose [out to your] competition. There's no way to change it, no way to avoid it. We have to make these devices safer and more secure for the business environment so we have more and more work to do.

Governments are keen to insert backdoors into tech services and software. Where does Kaspersky stand on this?

There are different layers to this question, and different things the police do. The secret service and the police, they want to know what's going on, and they mean it for good: they want to see their terrorists and criminals. That's good. But at the same time, they want a huge amount of data from a huge amount of people. That's bad. They need data but how much. That's the question.

The second layer is when the cyber police or international police are spying on suspects. That's good. That's their job. The cyber tools they use, there's nothing wrong there. But we will unfortunately protect even suspects from the tools [police and authorities] use, because we don't know who is using the tool.

The criminals, the bad guys, the bad actors, they can use the cyber tools, the legal tools. We are like an X-ray. We detect the different malware no matter who is using it the terrorists, the criminal, or the policeman. But we don't know who is using it, so our policy is 100% clear: if we see a piece of malware, it will detect it.

The third layer is when the states spy on the states you don't need to send James Bond out anymore, you just click, click, click. We see a lot of it.