The ecosystem consisting of businesses, governments and end-users is under attack. Every connected person is a target. Every business is under cyber attack and every nation, and the global economy as a whole, is at risk.
So says Eugene Kaspersky, CEO and co-founder of Internet security giant Kaspersky Lab, speaking at the New Horizons media tour, in Moscow, last week.
“Fifteen to 20 years back, there was no Internet, just computers. Within this short space of time, the world has changed, not just through the use of the Internet, but through technologies such as Web 2.0 as well. Paper is being replaced by digital, and as more devices are connected, the risks grow exponentially. All business, the very economy, depends on the Internet; it is a tool no business or individual can do without.”
He says cyber criminals are using these opportunities, created by an ever-connected world, and only now are governments and enterprises starting to understand the threats the Internet brings along with it. “Governments still think within national borders. To fix the problem, we have to think internationally. Threats don't just come from cyber hooligans, but professionals who are financially motivated.
On the brink
“I'm afraid that cyber terrorism that could affect critical infrastructure is possible. I'm afraid we will start seeing incidents of cyber terrorism in the not too distant future. The fact that we are totally dependent on the Internet, and that the Internet is not secure, is a real worry. Cyber terrorists could build a botnet that could bring down the entire Internet structure. This is technically possible.”
He cites the Kido or Conficker worm that is estimated to have infected 10 million machines worldwide. “A botnet of this size has the potential not only to cause a lot of trouble, but to bring down the Internet infrastructure itself.”
Kaspersky says it is unfortunate that Internet security is not a priority. “Users are sceptical about IT security and na"ive about cyber crime. They don't really understand the danger; they don't really see the whole picture. They want more freedom from the Internet without understanding the risks.”
He explains that businesses are focused on making money, working on profits, satisfying customers and see Internet threats as a cost of business. “Many enterprises have a budget to cover cyber crime losses; they see it as a sort of risk management, and do not give security the attention it deserves.”
In terms of governments, he says they have other problems, such as the financial crisis, and IT security is low on the priority list. “They are not prepared to think more seriously about these issues. Compounding the problem, operating systems (OS) are flexible and insecure by design. Secure OS have too many limitations, meaning that every application must be trusted. Every application must have a digital signature, a crypto certificate. This certificate needs a certification centre, which would involve queues and procedures.”
According to him, this is just not possible, and would result in far fewer applications and services, limiting the numbers that are developed. “It is because of this that customers will continue to buy insecure, but flexible operating systems such as Microsoft.”
Kaspersky says computers are everywhere and growing all the time. “Cellphones, cars, planes - they are all computers. All running on OS like Microsoft. Imagine the potential consequences of cyber terrorism; it's a real threat.”
The only way to clean the digital world is to develop technologies and educate people to behave in a more secure way. “Users and businesses aren't ready; the IT security industry will save this world. Products, services and technologies for every actual node and device must be developed. Education of children, students, IT professionals, businesses and governments must take place. Finally, a global cyber police force, and global cooperation between law enforcement agencies and governments is needed.”