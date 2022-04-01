Saving the world is not an easy task. But Kaspersky has this mission in its genealogy/history, way back in 1989, when a virus called Cascade invaded the computer of the young Russian from Novorossisk, Eugene. Educated in cryptography, he analyzed the threat and created a tool to remove it. Push the clock forward and today Kaspersky’s virus database is a barrier to attacks from more than 500 million malicious programs, whether for the private customer or the enterprise. Russians. Yes. Russian software engineers are the best, says Eugene Kaspersky, who today has his holding company registered in the United Kingdom and has a research and analysis team made up of Romanians, Russians, Germans, Lebanese, English, Swedes, Argentines, Australians, Tunisians and, of course, Brazilians.

With the Russia versus Ukraine war going on, a company with that foot in the first country could be suffering some setback, not in the cyber world, but in the real world, with sanctions, blocking the circulation of money and even commercial prejudice. “Customers and partners have come to ask us about the conflict and sanctions. We are a global company, with data processing infrastructure located in Switzerland, since 2017. So we remained stable”, said Claudio Martinelli, Kaspersky’s executive director for Latin America. With the commercial decentralization in several countries, they managed to guarantee the continuity of the services. Of course, some deals were postponed in the more than 200 operations around the world.

But it is the founder’s strong voice that makes Kaspersky stand out from the storms. “Yes, we want to save the world. We are a private company, we don’t need to make our investors happy. We do what we want,” Eugene said in an interview with Gulf Business. Germany, through the Federal Office for Information Security (BSI), issued a warning about Kaspersky products, citing potential risks. “These are unsubstantiated speculations. In the company’s 25 years, our use or abuse for malicious purposes has never been proven and we have worked with BSI and the German cybersecurity industry for years. It was a politically motivated decision,” Eugene said. Despite working with governments, primarily in aiding attacks on energy and fuel infrastructure, Kaspersky says it keeps its distance from intelligence and espionage services, as well as politicians. She wants to remain independent and neutral. Martinelli states that “in this aspect, for example, we keep a track of the cyberattacks that are affecting Ukraine on our page Webinar on Cyberattacks in Ukraine”. The company created a timeline of all the attacks so far in the country, identifying hackers and advising how to fight them. According to Kaspersky, these are low-complexity attacks, but some go beyond that level. The current status is that Europe is at medium to high risk of attacks. Yes, if Russia has the best software engineers, it also has the best cybercriminals.

Companies are increasingly embracing digitalization. Software is being created more and more quickly and cheaply, with the need for scalability and portability of passwords and home office access. The cost of putting virtual security on that same scale comes at a price, but it can be worth it. Computers make the world faster and better, but at the same time make it vulnerable, because they don’t sleep, don’t take vacations and are cheaper to maintain than humans, in Eugene’s wise words.

This year we saw cases of hacking in Americanas and Mercado Livre. are the invaders a step ahead?

Both attacks were carried out by the group LAPSUS$, which also attacked the Ministry of Health and the press in Portugal, in addition to Microsoft and Okta. They compromise cloud services, widely used by many companies and governments, by capturing passwords through processes such as SIM swapping, social engineering over the phone or recruiting insiders. They rely on misconfigurations in internal authentication processes that use tokens and push notifications sent to employees. I wouldn’t say the attackers are a step ahead, as the techniques used are known. Companies or employees have not adopted necessary security policies.

Consulting and infrastructure companies sell scanning as a package, including an effective security method. will it be?

Companies that sell services in the cloud guarantee the security of the infrastructure used by customers, but the configuration of access and control of data is the responsibility of the customers. The LGPD itself (General Data Protection Law) clearly defines it. Digitization is a means of reducing IT spending and ensuring business scalability, but security is needed, as one of the principles of cloud processing is remote accessibility. The greater the accessibility, the greater the access for criminals.