The cyber threat landscape has become a lot more sophisticated in this age of digital revolution. While interconnectivity and rapid data exchange have revolutionised business processes and models, according to Yeo Siang Tiong, Kaspersky Lab’s General Manager for the Southeast Asian region, the growing value we place in our data means that the ROI, or “return of investment” is much higher for hackers and as such, we are now seeing a spike of cybercrime related activities in recent years.
In Yeo’s experience being in the ICT business for over 20 years, despite the rising tide of cyber threats and breaches, he pointed out a couple of common mistakes that people still make. “One of course is the common feeling that it’s “someone else’s problem, not mine”. So the awareness in the organisation is lacking sometimes. They feel that this is the IT person’s job, not their job.”
Secondly, he said that many companies feel that their data may not be of much value to cybercriminals, which in their view makes them a lesser target compared to someone else. As a result, they feel that it is not their responsibility to beef up their defences. However, that is definitely a risky stance to have in the current threat landscape because as we have seen time and again, be it individual users, big or small businesses and even governments, everyone and anyone can be a target of cybercrime.
We met up with Yeo at the CSM-ACE 2018 event, where Kaspersky had a presence in show of support for the public-private-partnership driven annual industry gathering organised by CyberSecurity Malaysia. He commented, “CyberSecurity Malaysia remains one of the most prominent and active groups in ASEAN. So with the HQ of our Southeast Asia office located in Malaysia, it’s important for us to support an active group like CSM. For us, it’s about raising awareness on the issue of cybersecurity to the greater community. But of course, we hope to bring together with it awareness of our brand. It’s actually quite heart-warming to see many participants in this whole week-long event.”
Speaking about Kaspersky’s rapid growth in recent years, Yeo attributes it to rapid growth of the whole industry itself. In addition, he said the brand has a reputation for quality in terms of its products and people, which has helped to set it apart from the competition. He added, “Just look at the profile of the company alone. It’s a deeply technical company. One-third of the employees are into R&D and engineering and that is something that you don’t see in a lot of in other software or IT companies. That’s the kind of emphasis that we have.”
“We have not only the product development team, we also have a malware detection team that will look at all the malware that have surfaced across the world and we research into it. We even have a global research and analytics teams that just do the deeper end research. We look at APT (advanced, persistent threats) and we work with Interpol and governments to look into the different types of attack patterns.”
Yeo also mentioned that over the years Kaspersky has made it its mission and responsibility to identify and expose any type of harmful malware and attack patterns, be it criminal or state-sponsored, and publish its findings transparently regardless of the country of origin. For example, Yeo said Kaspersky was on hand to identify Stuxnet, one of the first APTs (and perhaps state sponsored cyber-attack) in the world, when an Iranian power plant was attacked back at the turn of the decade.
He believes that, among other reasons, has put the company in the crosshairs of certain nations, especially in the Western world. The US and Netherlands, for example, have banned the use of Kaspersky Lab software. But according to Yeo, such sanctions can work both ways and may actually work in the company’s favour. In this part of the world at least, it hasn’t badly affected the Kaspersky’s reputation or business.
He explained, “To us, malware is bad, period. There are no reasons that can justify it. [We have been unbiasedly exposing state actors] and we will continue to do. It’s in the DNA of the company. If we have thwarted any plans of any state actors which may have led to some actions, then we are ready to face it.”
“But in this part of the world, I think the good thing for us is the cybersecurity experts recognize it, they understand what has happened, so they know all these are baseless accusations. We have challenged this several times in the court of law, no evidence has ever been shown to us and it remains so until today. I would say this fight against cybersecurity will continue regardless of where you are. We’ll continue to champion that regardless of which country is coming against us.”
Perhaps in an effort to counter all the negative accusations, quell any lingering suspicions and prove to the world that it has nothing to hide, Kaspersky has recently “upped the ante”, as Yeo put it, by setting up a Global Transparency Centre in Zurich, Switzerland. There, customers and partners will be able to scrutinise Kaspersky’s software down to the source code. “Every time there’s any changes in the software code, we digitally sign it, and we have auditors to audit the entire process. So that level of transparency ensures that not only is our code safe, even the incremental upgrades to the codes are safe,” asserted Yeo.
Soon, the company will be moving more of its core processes from Russia to Switzerland. The transparency centre is part of Kaspersky’s Global Transparency Initiative, the first of its kind, in an effort to lead by example and drive greater transparency in the cybersecurity space. Yeo explained, “From our perspective, in the cybersecurity world, there’s still a certain lack of transparency. You can see companies or vendors who do not disclose much about their practice in the company, what their methodology is and all that.”
“So this whole initiative will then give a good level of transparency to our customers and partners, and guarantee that our software is independent, our software is free from any kind of tampering and is actually working as it’s purported to be. And that level of transparency we believe will drive a difference in the industry. We’re taking the first step and we hope this initiative will set a trend for others to follow.”