The scientist

The last two years have been the golden age of cyber crime, Kaspersky say

Eugene Kaspersky is shuffling through several pieces of paper at his hotel suite in Valencia. The founder of the $1bn anti-virus software giant Kaspersky Lab clearly has a lot on his mind.

“North Pole? That sounds good. Central Africa, definitely. Victoria Falls, yep, for sure. Probably Alaska, and then Venezuela, maybe the Amazon jungle after that,” he says, before scribbling down a few more exotic locations.

These aren’t the places Kaspersky is planning to take his business to, but places he intends to take in as part of a mega holiday once he quits the business for good.

“Sooner or later, when my work is done here, I will leave the company, I will retire. I will get out. Who knows, maybe in ten years,” he says.

At this rate, his work could be done sooner than he plans. Today Kaspersky Lab is raking in revenues approaching $600m a year, and 300 million people around the world use its antivirus software. With 2,300 employees dotted around 29 countries, it has raced up to become the world’s third biggest antivirus company with a market share of 7.4 percent — not bad for an organisation that only got going in 1997. And the task ahead is to overtake market leader Symantec within three years — a tall order given that Symantec’s market share is around 35 percent, but then aiming big is what Kaspersky does best.

“I have enough money, I have a lot of money, I really don’t need any more or care about money. All I am after is success, and success is being the number one company, not the number three company. That is what I am about, that is all that I am interested in doing every day,” he says.

To get to the top, Kaspersky himself is leading the fight against global cyber crime. The bigger the problem, the bigger the challenge – and as a result, the bigger the revenues for his empire. The hacking of banks, the disruption of Sony PlayStation recently and countless attempts to hack into security networks has focused the world’s attention on cyber criminals. Kaspersky meanwhile, is determined to make himself their biggest bugbear.

“People have to realise that cyber criminals are an integrated part of the digital world. They are getting more professional and organised, and are now so well organised they are connected to traditional street crimes. Cyber criminals control street criminals because they have more money. The last few years have been the golden age of cyber crime,” he says, adding: “These guys behave like proper businesses. They even have their own web pages and press releases. These days the buying and selling of stolen data is such big business, they even have customers and partners conferences. I call it C2C, criminal to criminal.”

Most experts now agree that around 20 million malicious programmes are in existence globally, with 10 million computers under the control of cyber criminals. Four years ago, 40,000 computers were attacked in Estonia, bringing the entire country to an IT shutdown.

“When you see those figures, and you see there are actually only 3 million people in Estonia, it would only take an attack on five million computers to bring the US to a halt. Imagine the consequences of that?”

But given his public fight to bring down cyber criminals, isn’t he now their number one target? “The irony is they don’t see us as enemies because they need antivirus protection as well. You can never beat it but you can find the right balance and control. It is too expensive to actually stop cyber crime. My job, my vision and my dream is to control it,” he says.

This is the dream he has been having for some time now. One of his hobbies during high school was to solve problems published in mathematical journals. He spent his last two years of high school taking physics and mathematics courses in a specialised programme for gifted students organised by and affiliated with Moscow State University.

In 1987, he graduated from the Institute of Cryptography, Telecommunications and Computer Science, where he studied mathematics, cryptography and computer technology, majoring in mathematical engineering.

After graduating, Kaspersky worked at a multi-disciplinary research institute. It was there that he first began studying computer viruses after detecting the Cascade virus on his computer in October 1989.

“I just saw it and knew what it was because I had read some journals about this. If I hadn’t spotted that virus on that day, at that time, then I don’t know whether Kaspersky Lab would ever have been created. I would have probably done something else,” he says.

Instead, he analysed the virus and developed a disinfection utility for it — the first such utility he developed. He started collecting malicious programs and disinfection modules for them. This exotic collection later formed the foundation of the famous antivirus database in Kaspersky Antivirus.  (Today, this database includes more than 4 million records and is one of the most complete antivirus databases in the world.)

In 1991, he joined the KAMI Information Technologies Centre, where he and a group of colleagues developed the AVP antivirus project, which became the prototype for Kaspersky Antivirus. International recognition of the project arrived in 1994, when the virtually unknown AVP won a contest conducted by Hamburg University’s test lab, demonstrating a higher virus detection rate than the most popular antivirus programmes at the time.

In 1997, he and his colleagues decided to establish an independent company, becoming the founders of Kaspersky Lab.

“It was very difficult to make money, I was working like crazy, and it wasn’t my company at first. I got a little money through some sales and I was publishing articles in magazines for money. I was also working as offshore security consultant, developing some databases. But I understood the virus problem was a big problem, I had a vision about it. Unfortunately not many other people did,” he says.

So what made him so sure to pursue his dream? “I just knew this was the right thing to do. When I decided to leave the  army in 1991 and start this antivirus project we were still part of the former Soviet Union. In those days, being in the army was seen as a great thing to do because you have at least something. If you become independent it’s a very big risk. My family didn’t want me to do that. There were some big decisions I had to make along the way,  and it’s not possible to explain them, but usually I am right.”

His family are more than happy with the outcome today, with the company the third biggest player behind Symantec and McAfee in the consumer security market, and fourth in corporate security. In 2010 Kaspersky Lab recorded $538m in revenues, with a hefty profit margin in the region of 20 percent.  The biggest chunk of sales — $218m — came from Europe. But the US has also joined the bandwagon. From revenues of just $2m in 2005, nearly $100m is coming from the Americas today. All of this makes Kaspersky Lab the biggest privately owned IT security company in the world, and the largest software company in Russia.

The next focus though is very much on the Middle East. The company is targeting huge growth in the region. Kaspersky says: “I can tell you last year Middle East was one of the top two fastest growing regions, this year it has slowed down because of political situation. We have many projects that were postponed. But I think a lot of growth will come from the Middle East, the information security market is still developing there. When it comes to market share, we are already the top company in the UAE and KSA, and we are second in Egypt.”

He adds: “We are looking for corporate clients and when you look at many countries there like Kuwait for example, you see that even though they have made some big steps, the entire IT industry still has a long way to go. And obviously that means so does IT security. So our plan to increase our whole market share involves a very big push on the Middle East. We are chasing hard there, and one thing about this industry we know for sure is that people are not loyal to brands. If they think the technology is better somewhere else, they will go there. And we can prove our technology is better.”

So what does the future hold for the company? Kaspersky says that going for an IPO “will probably happen” at some stage, though probably not for at least another five years. He came very close to going public in 1997, but pulled out at the last moment. Recently General Atlantic bought out one of the company’s founders, paying $200m for a 20 percent share — effectively valuing the company at $1bn. Most experts suggest the real value is now closer to $1.5bn, given its huge brand recognition. Kaspersky is not short of offers to sell the company. Surely he must sometimes get tempted?

“If someone gave me $2bn I still wouldn’t sell. I told you, I don’t need money I have a lot of money.”

Really? Never ever?

“Okay, there is a chance I would sell but only if it wasn’t money, if it was something else I want. If someone told me to sell up, and they can stop cyber crime for good, immediately, yeah, maybe I would sell.”

Six IT mistakes that professionals make

1 – Incorrectly configured network shares (35 percent). Allowing external access to business resources can help increase productivity, but it also can create major security holes. Make sure that systems are correctly secured, permissions are assigned appropriately.

2 – Failure to install security patches (25 percent). Business environments often delay deploying patches to ensure that they won’t break existing applications and systems. While a little caution is advisable, you should still make updating as high a priority as possible.

3 – Running multiple security software package on a single system (15 percent). Security software is not a “more is better” prospect; if you install multiple AV products, you’ll more often than not end up with performance issues, crashes, and a system that’s less secure than if you just pick a single product.

4 – Not having a complete security strategy (15 percent). The inverse of the previous problem: this time, not having a complete security policy is the issue. No security policy can be bulletproof, but if you don’t cover the basics (antivirus, regular patching of OS and apps, encryption, and clearly articulated policies), you’re asking for trouble.

5 – Unexpected freeware software creating issues (5 percent). Unexpected programmes can create issues — either because they are malware masquerading as useful software, or because they create unexpected vulnerabilities.

6 – Firmware vulnerability (5 percent). Possibly the hardest issue to deal with, but fortunately relatively rare.

Leave a Reply

Your email address will not be published.