What are the big trends you are seeing at the moment?
Mobile systems are very big at the moment – particularly Android. The reality is that mobile phones and tablets are getting more powerful in terms of CPU and memory. The last problem was that they were not good enough for online games, but not any more. The only technical problem left is the battery performance, and I think that will be solved very soon.
Consumers will switch from computers to smartphones and tablets within the next two, three, five years and the IT environment at home and in the office will be very different. At home it will be mostly mobile devices, and most will not need Microsoft. They need games, web, TV and a few others and mobile systems are enough for that. I think there will be one device that is wireless connected to screens, keyboards and so on.
It will all be connected and Android will be what connects it all together. Apple is too closed, that’s why it lost the PC game to IBM. It’s too difficult to develop for it. That’s why I think if Microsoft, Nokia, BlackBerry and Apple don’t change their strategy in five years Android will be the next Microsoft Windows.
So what happens to Microsoft when this change happens?
Enterprises will stay with Microsoft. There are too many applications and services that rely on it. It’ll be too expensive to change it all around.
What does this mean for the security industry?
Cyber criminals will be forced to migrate to the mobile world as well but will still target Windows in the enterprise. Cyber crime will be split in to two categories: enterprise crime will be mostly Windows-based and home will be Android-based.
For the vendors… we had antivirus during MS-DOS times and during Windows time we had antivirus for Windows. When Internet worms appeared we started to develop Internet security – gateways, firewalls and so on. It’s just the next step in the evolution of IT systems and the software industry.
Are you seeing much in the way of attacks aimed at Android or other mobile platforms?
It’s growing but it’s not visible yet compared to Windows. Cyber criminals are humans; they are lazy. It takes time to migrate, but technically it is possible. There have been a few examples. There was a bank that used double protection for online banking, they had mobile phone confirmation via SMS as well as username/password combination. This malware recognised that the mobile user was a user of this bank and sent them a fake message asking them to download software and then type their number in.
Security doesn’t stop cyber crime, it just raises the barrier for the criminals to jump over. Better security stops stupid, non-professional people. Professionals will bypass it if they want.
Example: Stuxnet. But that malware was a multi-million dollar or pound project. I’m a software engineer and if you ask me about the budget for such a project I would say millions. It’s a team of very professional engineers working for a couple of years with access to sensitive data because some of the vulnerabilities would be impossible to find without Microsoft source code, which has of course been leaked before, so I’m certainly not blaming them.
Do you think it’s the sort of project that would have needed government backing?
I think this is one of the first examples of a successful cyber weapon and it shows how weak we are from a security point of view. The critical infrastructure is not well protected and can be the victim of a sophisticated attack. My message is that we have to inspect national and global security infrastructure, we have to inspect power plants, airports and so on to find the weak points and introduce military standards of security for the critical elements of national and global infrastructure. It’s time for that.
Why have we seen so much consolidation in the security industry, with the likes of IBM, HP and Intel buying companies?
It’s booming at the moment. They understand that it’s not possible to fix security issues, but it’s possible to reduce the risk. There will be a very high demand for it in the future, that’s why the big companies are looking for diversification of their business towards security. I can understand it, but I feel protected, because to be a successful security company you need to concentrate on security.
It’s not possible to have at the same time a car wash and a hot dog stand and physical security. Security is important and you have to focus on that. It needs trust. You’ll never buy a security product from a company you don’t trust.
It’s one of the reasons why we’re not so successful at government level in the UK and US, because we’re not so much trusted because we’re a Russian business [although Kaspersky does point out they have a few customers at government level in the US]. But we’re working on that, that’s why we have an American company represented on our board and why they have, if they want, access to our source code.
Do you think you’d have to be bought by an American company in order to gain that level of trust?
I don’t want to sell my favourite toy. We’ll find another way. We’re happy being independent because I can manage my way.
What about an IPO? You’ve been linked with that for a while now.
Technically we’re ready for it and have been for maybe five years or so. But now is not the best time and there are a few questions to answer, such as where do we do it? London? Hong Kong? The global economy is slowing heading from the US and Europe to the East. We don’t really need it at the moment and don’t want to have investors that we have to satisfy. It will happen sooner or later though. It’s just a question of time.
Coming from Russia has it been difficult to build a reputation in other countries?
In the early days it was very difficult to enter European markets with a new brand. People would say, ‘Kaspersky Labs? What’s that? Moscow-based IT security company? Are you serious?’ Some countries are very conservative, the UK included, which makes it difficult. In Korea, for example, they rarely buy non-Korean products. We only sell through partners, which creates a community like a social network where everyone talks to each other.
We’re investing heavily in the brand at the moment, including sponsorship of Melbourne Football Club in Australia and an official supplier deal with Formula 1 Scuderia Ferrari and the AF Corse Le Mans Series Championship team. We’re always looking for more sponsorship opportunities in the UK and I’m always open to any crazy ideas. I enjoyed watching the London Marathon recently…