Exclusive interview: Eugene Kaspersky 

Vaccine denialists aside, most of us have experienced the benefits of building our immunity to viruses. It may not be 100% effective, but generally will protect us from the worst impact.

Cybersecurity is a little different. Nothing less than 100% immunity will save businesses from disaster if they are breached by a virus or hacker. The industry has embraced the concept of Zero Trust, which assumes that every connection and endpoint is a potential threat. But while it ensures blanket protection, as with vaccines, it does not confer total immunity.

This understanding persuaded cybersecurity firm Kaspersky, which originated in Russia and is now ranked number three in the world in consumer IT security software and 4th in Endpoint Security, to embrace a philosophy of immunity rather than mere protection.

Eugene Kaspersky, the company’s founder and CEO, told us: “While Zero Trust’s implementation is a lengthy process , cyber Immunity is more of a practical tool in reaching an IT system’s so-called inherent protection; the ability to withstand cyberattacks without requiring any additional security tools. Most attacks on a cyber Immune system are ineffective and unable to impact its critical functions.”

Cyber Immunity will be a key element of secure smart IT systems of the future, he says, especially “where IT systems are subject to higher cybersecurity, reliability, and predictability requirements, such as manufacturing, the energy sector, transportation infrastructure, and smart city systems”.

The elements of a cyber Immune system that make it so robust are in effect the opposite of traditional operating systems, which work with security tools added on to them. In some cases, like electronic control units in cars, it is impossible to install those tools.

KasperskyOS, the company’s own operating system, is based on the division of objects into many isolated modules. All interactions between them are controlled at the level of the microkernel, the minimum amount of software that can function as an OS.

“Thus, even if a cybercriminal gains access to any of the components, they won’t be able to perform malicious actions to in any way affect the operation of the system.”

The imperative for immunity has never been greater, given the range of geopolitical events, including the Russian invasion of Ukraine, increasing the scale of cyberattacks internationally.

“We’re currently living through very challenging and uncertain times,” says Kaspersky. “Over the past 12 months the world has experienced an overall increase in cybercriminal activity, and hacktivists are looking to perpetrate cyberattacks across various industry sectors and regions of the world.

“The public sector is a target for the most sophisticated cyberattacks, including targeted attacks and advanced persistent threats (APTs), not only by cybercrime groups, but also by the various intelligence agencies around the world. With the help of APTs, hackers can obtain classified data and money, or disrupt critical infrastructure both locally and nationally, which can lead to extremely serious consequences.”

Among other, Kaspersky is using artificial intelligence (AI) and machine learning (ML) to shore up immunity, especially ML-based algorithms used in detection. But ML as a bolt-on can be dangerous.

“Questions should be asked about how much the solution depends on third party data and architecture. Many cyberattacks are based on third party input like threat intelligence feeds, public datasets, or outsourced ML models. Ultimately, AI and ML should not be considered a silver bullet to deliver comprehensive protection. Instead, they should be seen as part of a multi-layered security approach where complementary protection technologies and human expertise work together.”

Automated tools like ChatGPT are, at this stage, not the threat that media hype suggests, he says.

“Users have nothing to fear. If code written by a bot is actually used, it will be detected and neutralised by security solutions as quickly and efficiently as all previous malware written by real people. For now, AI platforms like ChatGPT bots can only compete with novice virus writers.”

The above article first appeared in Arthur Goldstuck’s weekly column in Business Times in the Sunday Times. The following is the full text of his interview with Eugene Kaspersky:

Q: What makes the company’s Cyber Immunity philosophy different from Zero Trust and similar strategies?

A: As more data is being stored and accessed electronically than ever before, the attack surface is constantly expanding and can no longer be defined within a logical borderline. And this is where the Zero Trust concept steps in. To put it simply, Zero Trust assumes that every connection and endpoint is a potential threat. This concept has proved itself to be a powerful framework capable of addressing challenges associated with the protection of modern IT security infrastructure against evolving attack vectors – even when both users and data are spread across the whole world.

While Zero Trust’s implementation is a lengthy process (a philosophy, almost), Cyber Immunity is more of a practical tool in reaching an IT system’s so-called “inherent” protection; i.e., the ability to withstand cyberattacks without requiring any additional security tools. Most attacks on a Cyber Immune system are ineffective and unable to impact its critical functions.

For example, our experts have devised a cyber immune approach to creating IT solutions, and developed our own KasperskyOS operating system for building cyber immune products. These products are in demand in industries where IT systems are subject to higher cybersecurity, reliability, and predictability requirements, such as manufacturing, the energy sector, transportation infrastructure, and smart city systems. Cyber Immunity will be a key element of secure smart IT systems of the future.

Q: What are the elements of a Cyber Immune system that make it so robust?

A: Traditional operating systems work with security tools added on to them, such as antiviruses, but even those don’t guarantee 100% protection. Moreover, in some cases (for example, electronic control units in cars), it is impossible to install those security tools.

Cyber Immunity is an IT system’s inherent ability to face cyberthreats without any additional security tools. Most types of cyberattacks on a Cyber Immune system are ineffective and don’t affect its critical functions. Cyber Immunity is especially beneficial for industrial and critical infrastructure sectors where IT systems are subject to higher cybersecurity, reliability, and predictability requirements, e.g., energy, transportation infrastructure, manufacturing, smart city systems…

Cyber Immunity is the heart of KasperskyOS, our own Cyber Immune operating system, which was created from scratch and is secure by design. Its architecture is based on the division of objects into many isolated modules. All interactions between them are controlled at the level of the microkernel and the internal security system: they allow only what was indicated at the stage of system development. Thus, even if a cybercriminal gains access to any of the components, they (the components) won’t be able to perform malicious actions to in any way affect the operation of the system.

Q: Have geopolitical events increased the scale of cyberattacks internationally?

A: We’re currently living through very challenging and uncertain times, indeed. Over the past 12 months the world has experienced an overall increase in cybercriminal activity, and hacktivists are looking to perpetrate cyberattacks across various industry sectors and regions of the world.

Nevertheless, our research experts haven’t identified any particular coordination efforts among cybercriminal groups during the past year. We’ve also been unable to identify any particular trends in the targeting involved.

Q: You mention four sectors (*energy, transport infrastructure, manufacturing, smart city systems). How does it apply to national governments, and protecting them from nation-state attacks?

A: When it comes to national governments, public digital systems contain a huge amount of sensitive data. Their security is a priority and an extremely challenging task.

The public sector is a target for the most sophisticated cyberattacks, including targeted attacks and advanced persistent threats (APTs) not only by cybercrime groups but also by the various intelligence agencies around the world. With the help of APTs, hackers can obtain classified data and money, or disrupt critical infrastructure both locally and nationally, which can lead to extremely serious consequences.

Also, Internet of Things (IoT) technology helps improve the efficiency and reliability of public digital infrastructure. Networks of smart devices that independently process and exchange information accelerate the work of public administrations, minimise the human risk factor, and allow IT staff to focus on other tasks. In order to enjoy the full benefits of complex multi-level IoT systems, quality protection needs to be assured. And this is where Cyber Immunity comes in.

Q: What impact do you expect AI to have on both your defences and on the tools available to bad actors?

A: AI and machine learning (ML) are a big part of information security. At Kaspersky, we began using ML-based algorithms long time ago. These algorithms are used in many stages of our detection pipeline.

In assessing the security of an ML solution, questions should be asked about how much the solution depends on third party data and architecture. Many cyberattacks are based on third party input like threat intelligence feeds, public datasets, or outsourced ML models. Ultimately, AI and ML should not be considered a silver bullet to deliver comprehensive protection. Instead, they should be seen as part of a multi-layered security approach where complementary protection technologies and human expertise work together.

Q: How does the emergence of automated tools like ChatGPT pose an additional threat?

A: If we simplify the principles of ChatGPT – its language model is trained on a vast number of texts from the Internet. The platform “remembers” which words, sentences, and paragraphs are often adjacent to each other and what the relationships are between them.

In underground hacker forums, “junior” cybercriminals report how they tried to write new Trojans using ChatGPT. Indeed, the bot can write code, and if a cybercriminal clearly describes the needs, then they can get a simple infostealer without programming skills.

However, users have nothing to fear. If code written by a bot is actually used, it will be detected and neutralised by security solutions as quickly and efficiently as all previous malware written by real people. For now, AI platforms like ChatGPT bots can only compete with novice virus writers.

Q: Can you look to future and tell us what impact quantum computing will have both on defenders and attackers?

A: Quantum computers process information in a fundamentally different way to their predecessors. That means that software for them has to be developed from scratch. It’s not a case of simply installing Windows on a quantum computer. You’d need a fundamentally new quantum operating system and quantum applications.

The theoretical ability of a quantum computer to perform ultra-fast factorisation of giant integers and thus match keys for a number of asymmetric crypto-algorithms – including RSA encryption – has long been known. Still, experts have agreed that a quantum computer large enough to crack RSA would probably be built no sooner than in around a few dozen decades.

So, for now, quantum computers are still more of a plaything for scientists than they are consumer devices or hacker tools. That doesn’t mean that they won’t become more practical (and dangerous) down the line. With that in mind, data security experts are already drawing up battle plans.

Q: In that context, is there any other likely technology to emerge that will change the landscape?

A: Cybercrime is becoming big business in its own right. And as with any business, cybercriminals tend to optimise their work efforts by scaling their operations and outsourcing certain activities – just as a legitimate business would do.

This year will see malware-as-a-service (MaaS) tools increase in popularity. The complexity of attacks will increase, meaning automated systems won’t be sufficient to ensure complete security. Сloud technology will become a popular attack vector too.

Cybersecurity incidents were plentiful in 2022 (throughout 2022, every day we collected around 400K new unique malicious files), and as cyberthreats become more sophisticated and cybercriminals get more professional, we need to shift to a cybersecurity approach that can minimise damage. This is what Cyber Immunity is about – developing an ecosystem with “innate” protection, where all connected elements are protected and all the systems in it are secure by design.

* Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter on @art2gee