Dubai
Internet privacy will emerge as the top security concern for businesses and internet users in the coming days — thanks to the National Security Agency (NSA) whistle-blower Edward Snowden. The revelations by the former US intelligence agency employee about the breach of user privacy by the US government grabbed the headlines last year.
Proliferation of smart devices coupled with the growth in cloud computing and digital security has also become increasingly important.
With Android still the number one target for malware, research suggests that apps infected with malware on Google Play store nearly quadrupled between 2011 and 2013. Most malicious mobile apps principally aim to steal money, and subsequently personal data.
“It is easy for malware developers to focus on one operating system than focusing on 10 different operating systems. The market is converged around Android,” McAfee president Michael DeCesare said in an exclusive interview with Gulf News.
Here are excerpts.
Financial cyber-threats are now widespread and the number of attacks is growing fast and they are becoming increasingly sophisticated. What are the trends you see in cyber security?
There are two answers for this. The first is there is an enormous increase in malware volume. Most of the major security companies share the details of known malware. If we see that a customer has malware, we publish for others to see. There is a spike in malware volume in mobile phones, specifically around Android. It is easy for malware developers to focus on one operating system than focusing on ten. The market converges around Android.
The other thing is the technical sophistication. We are routinely seeing a million kinds of code and have version controls. It looks like it can be state funded … it is a wild guess. It is hard to believe that the sophisticated attacks could come from a low-level crime organisation.
Since you are monitoring the threat landscape, can’t you predict where it is coming from?
A couple of years ago, attribution was a very important piece. Now it is not. Even when you see an attack, it can come from seven or more different countries. Then, if one of the countries shuts down we will see the same attack pop-up in three or more different counties. It is much more geographically dispersed than it was a few years ago. The adversaries are getting very good at covering their tracks. Even if we know that it came from a certain server and the country, we know that the technical adversaries are trying to make it look like it came from that country. It is very difficult.
In this region, many government sites and social media sites have been hacked. Why government sites? Is it politically driven and who are the bad guys behind it?
Generally, there are three groups out there — hacktivists, organised crime and state oriented. Our digital footprint is wide these days and it is pretty easy for hacktivists like Anonymous to make a point. Organised crime mushrooms because cyber security is a profitable business. The third, state oriented stuff, we usually see are around IP theft or military capabilities to take down power systems or transportation systems.
Do you think the recent Snowden leaks about privacy and the worry about data breaches like the one at Target are posing many challenges for users going online?
When you look at Snowden, in my view people have the right to know if their private information is used. Snowden is a troubling thing that happened to the US for sure, I think it opens up what is happening worldwide and poses a question: How far can the governments go on using citizens’ data?
I think, honestly, it will make online a better place. For example, I have no problem with anybody looking at my email account. I have nothing to hide. If that access can help any government to keep its citizens safe and in a more balanced way, I opt for that.
The second thing you raised is the targeted attack. That is a very concerning piece and everybody puts credit card details online and does business online. The security industry needs to get from being a headwind to a tailwind.
Despite these efforts, security solutions providers are not able to bring the crime down. Why?
It is an interesting paradigm. Apart from the security industry, the online industry is growing and that trend will continue. There are more places for cybercriminals to go after. The first thing is that cloud providers need to design security from the beginning. For example, nobody will like an airbag in a car to be installed by a dealer. People expect the car manufacturer to install the airbag the day they build it to design safety into the car from the factory. The same thing applies also for the cloud sector. As all the applications come online, people expect the environment to be safe and that is what happened to Target.
Target did not take the necessary precautions and someone was able to get into the system and steal the information. There is hope and we are seeing more applications move online and I will tell you that all our efforts go into working with those cloud providers on how to design security from the very beginning.
As a security solutions provider, what are the challenges and opportunities that lie ahead for you?
From the industry perspective, we have to get ahead of the bad guys. The security industry needs to get far more aggressive than this. I really do believe that we can get the security industry to a place where it is an enabling factor by designing the security from the core. I also think that the security providers need to collaborate more.
We have this philosophy at McAfee around security connected. It is a concept that if users can have a firewall, email gateway, web gateway, mobile security and all the other technologies should talk to each other.
They should collaborate and share findings, and that is how the product works. If users happen to hit a bad website on a certain device we stop it instantaneously and the cloud will notify all the devices and all the McAfee users. That is the promise that lies ahead for us as well as for the industry.
Is there collaboration among security companies?
Right now we collaborate on known malware. I think users can see us collaborate on sharing our data. Basic levels of security will be shared more and the value-added services on top of that will differentiate the providers.
Do governments collaborate with the security providers?
For security to become successful, governments need to collaborate with the companies and companies need to collaborate with the customers. But it does not work all the time. Liability is an issue. For example, the Botnets. If telcos were free to share with McAfee and McAfee to share with the government, we can stop that immediately. But the telco providers do not provide the details due to liability issues. So the governments need to get together and incentivise the corporations to be free to share information.
I think we will really see that. So far we have been lucky. We have seen attacks for financial gains and intellectual property gains but we are yet to see big incidents that are taking down the critical infrastructure. There are lots of efforts worldwide from governments and security companies underway to keep their assets protected. With that said, there is still a long way to go but I am very optimistic.
Don’t you think that consolidation is needed among the security companies?
The industry needs consolidation. I think it is the highest priorities for companies to stay in front. It is the fast growing industry but it is still very fragmented. In most tiers of IT, after a period of time we see consolidation happening and restrict it to one or two big players. It is not that we want to be bigger, it is what customers want.
According to reports, teenagers are most likely to adopt risk-taking behaviour and overshare online.
What precautions should parents take?
I have young kids and I try to keep it pretty safe. I teach kids not to overshare. Even recruitment companies are looking at users’ Facebook history and looking for character flaws. It is the responsibility of the parents to tell their kids that everything they do online will be there when they look for a job, when they want to do this or that.
What was the decision to rebrand McAfee Antivirus to Intel Security?
The aim is to take Intel’s market share on the CPU market and try to bring that together closer to security. The market is going to see a part of McAfee product that is shipped with the Intel CPU and that technical value proposition is very strong.
Many of the targeted attacks in many cases gets underneath the operating system and the security products lose their visibility. We can bring that visibility together but still remain a McAfee brand.