The man who runs the global internet security firm under fire from US authorities over claims of cyber-espionage says governments across the world must urgently launch a co-ordinated effort to crack down on state-sponsored hackers.
Eugene Kaspersky, chairman and chief executive of internet security company Kaspersky Lab, said the US, Britain, Russia and China needed to put aside geopolitical tensions to confront a problem costing $600 billion a year.
Other reports have claimed the cost of cybercrime globally is expected to exceed $6 trillion annually in coming years.
“I believe that the major nations in the cyber space can talk and must talk to each other … What is going on in cyber right now is unacceptable. Everyone hacks everyone,’’ he said in an interview with The Australian during a recent visit to Australia.
“What is going on is very bad. There are no rules in this game. I think, I hope, that the major nations will talk to each other.
“You can’t stop espionage. But there must be very strong preparation between leading nations and the rest of the world against cybercrime, professional cybercrime and cyberterrorism.’’
His comments come as Kaspersky Lab, one of the world’s largest and most respected cybersecurity firms, has been under fire from US officials who claim its antivirus software has been targeted by Russian state-sponsored hackers to attack critical infrastructure in the US.
They have highlighted Kaspersky Lab executives’ previous ties to Russian intelligence and military agencies, and several US authorities have reportedly stopped using the company’s security software.
Mr Kaspersky has vehemently denied the allegations, claiming it would be “suicide’’ for Kaspersky Lab to help any country by planting vulnerabilities in security software used by US government agencies. He has offered to hand over his company’s code to US authorities to help clear it of the claims.
He said the power of governments to control state-sponsored cyber hackers had been highlighted in the truce struck between former US president Barack Obama and Chinese President Xi Jinping during 2015 and 2016.
“It seems like the Chinese government has some influence on their state-sponsored groups … After the meeting between President Obama and President Xi, the number of attacks went down,’’ Mr Kaspersky said.
“(But) at the same time, security experts said the number of Chinese-speaking security attacks on Russia increased.’’
In Australia, the corporate regulator has stepped up its scrutiny of directors who fail to manage the risk of cyber attacks.
The Australian Securities & Investments Commission’s four-year plan, released last year, identified cyber resilience as a key priority, signalling increased regulatory scrutiny. The regulator’s cyber-risk taskforce (financial markets) is collaborating with industry, regulators and the government on the issue.
In March, the MinterEllison Perspectives on Cyber Risk Report 2017 found while awareness of the importance of cybersecurity had increased, almost half the Australian executives and directors surveyed said their board was still only briefed once a year about the risks, while 13 per cent had no briefings at all.
Only half the responses from chief information officers said their organisations had increased expenditure on cybersecurity in the past 12 months.
Asked how much firms should spend on cybersecurity measures, Mr Kaspersky said the issue was more than just a financial one. “I am afraid we need to redesign many systems. We need to change the concept of cybersecurity. To replace cybersecurity with cyber-immunity. It will cost not only money but also time and resources. It is not only financial investment, it is the human investment. It is the education systems that must be built.
“We need … Australia, other countries need, the engineers to build the infrastructure. It is a big sector of the economy.’’
During his visit, Mr Kaspersky met with the Australian Information Security Association, the peak body for information and cybersecurity professionals.
He said he was impressed with the level of knowledge within the group’s membership about the threat posed by cybercrime.
During his keynote address at the CeBIT business technology conference in Sydney, Mr Kaspersky said national critical infrastructure such as power, telecoms and transportation would be the new battleground in the war against cybercrime.
Asked what was the biggest issue that kept him awake in the cybersecurity space, he replied: “Possible sabotage attacks on critical infrastructure to ruin the world. “When they come from the internet it is very hard to attribute, it is very hard to prove who is behind it. It is very easy to point the finger at the wrong source, be the victim of the collateral damage.
“What wakes me up at night — it is terrorist attacks that kill people, ruin economies.
“It is very hard to say how far we are from this scenario. The big question in my mind is why traditional terrorists don’t employ hackers. Technically it is simple. They are professional criminals.
“It is a good question why it still has not happened.’’