Tag Archives: it industry

Introducing – the new us.

I’ve heard it said that “Life needs shaking up more often than not, so it doesn’t turn sour.”

Well, no chance we could ever let things go sour here at KL — not in the industry we’re in, which is constantly and rapidly changing. Still, sometimes it is useful to stop, take a look at yourself as if through someone else’s eyes, think about what’s around the corner, and make a few changes to the look and feel of the company accordingly. And so it is with this lyrical introduction that I want to formally announce our rebranding and explain why we’ve done it.

We were born in the 90s. Back when we founded the company in 1997, we had just one simple goal: to make the best antivirus in the world. There was no talk of positioning, image, or brand philosophy. But that was then; this is now. It’s been 22 years, and everything’s changed.

We now employ more than 4,000 people and protect hundreds of millions of individuals and businesses around the world. The very concept of antivirus, our original cornerstone, has become obsolete. The world has become so dependent on cyber-everything that no sphere of modern life has been left untouched by it. And we’re ready to protect all of it, from home users on the internet to large corporations, governments, industry, and infrastructure. One thing has remained the same, however, since the beginning: we produce the very best security solutions on the market.

With so much having changed, it was high time we thought about how we looked to folks on the outside — to see if that, too, might need some shaking up. After all, our logo was designed back in 1997, when the company was just taking its first steps. In that logo we used the Greek alphabet with lots of fine detail, but 22 years on, much of that has lost its relevance.

So, after lots of work behind the scenes, today we’re formally updating our logo! The new logo employs geometric, mathematically precise letter forms representing the values that define us: for example, the highest standards of engineering. Another noticeable innovation is that we’ve removed the word Lab. That change has been on the cards for years; we’re often referred to simply as My Surname around the world anyway — and always have been, for the sake of convenience, simplicity, brevity, or plain lack of need for the Lab. Well now we’re just Kaspersky officially too: shorter, simpler, clearer, more utilitarian, easier, more memorable (I could go on at length here).

But if you dig a little deeper, you’ll see we’re not just changing our logo. The whole company’s changing.

In recent years, our approach to business, to our products, and to ourselves — not to mention, our vision of the future — has changed. All these years we’ve been saving the world, fighting cyber-sin in its many incarnations, but, as I mentioned above, we’ve been changing too as we grew (I should have been a poet). Now, we feel know it’s within our power not only to save the world, but also to build a more protected, safer world from the ground up. I firmly believe that the concept of cybersecurity will soon become obsolete, and cyber-immunity will take its place.

Information systems should be designed and built secure; they should not require add-ons in the form of (never quite fully secure) security solutions. That is the future we’re working on: a real, tangible future in which life will be simpler, more convenient, and more interesting — not some flowery, imagined future straight out of science fiction. And this world is taking shape little by little, day by day. I’m sure that in this safer world we’re helping create, technologies will no longer be a source of constant threat, but instead provide tons of new possibilities, opportunities, and discoveries.

So there you have it, the new … K!?! (What? No more KL, as I like to abbreviate us to? Oh well, progress always requires some sacrifice!)

Hey startups, want to become a global company?

About five years ago we launched an interesting project – our own Business Incubator . Why? Because there are a lot of great ideas out in the wild that need nurturing to grow and develop into something great. And we have the resources to help them do this! So we’ve been scouting for cool innovative ideas and giving startups ‘wings’ to fly.

One of the most successful examples of projects from our Business Incubator is Polys, launched in 2017. It’s an online platform for electronic voting based on blockchain. I’ve already mentioned it in this blog. But briefly: it’s safe, anonymous, unhackable, and what I think is more important – very easy to use and suitable for any kind of voting. I personally believe that the future of voting is indeed online and blockchain. Polys has already been officially used by Russian political parties, student bodies, and regional government organizations. And I’m sure that these are just the first steps of this KL nestling.

We’ve another up-and-coming Incubator project on board – Verisium. This is an IoT platform for customer engagement and product authentication. Especially needed in the fashion industry, it helps fight the counterfeiting of luxury products, and gives brands the ability to track product lifecycles and gain marketing insights into how products ‘live’ and perform. Verisium has already launched a number of joint projects with Russian designer brands – involving clothes with NFC chips on blockchain.

source

However, though it’s doing really well, the Incubator wasn’t enough for us. So we decided to scale-up the way we work with startups and innovative companies, while focusing on something we know rather well… cybersecurity!

At the end of May (so, in a matter of days) we’re launching a new program that will run globally – the Kaspersky Open Innovations Program. We’re doing it to build an ecosystem that allows for transparent conversation and fruitful collaboration between businesses and innovative cybersecurity companies around the globe.

To start-off, we’re launching a global startup challenge. We’ll be looking for startups that already have products, or MVPs, or even prototypes; we’ll be looking for those who already have something to sell, or already have had some sales and now need more. Since we’ll be neither investing in these companies, nor acquiring them, we’ll keep the focus on finding solutions that can truly benefit from being embedded with our technologies or integrated with them to maximize protection capabilities.

Another goal will be to take the results of our collaboration with startups – and their many new innovative products, solutions, services, etc. – to companies of different sizes around the world.

So, if we’re not investing and not acquiring, what are we actually offering? As a global company, we’ll help startups scale up globally by supporting their further product and business development. But probably most importantly, we’ll be providing an opportunity for startups to build a partnership with us and a chance to sit at the same table with the big guys and global companies.

Join now and take your business worldwide!

source

Flickr photostream

Instagram photostream

Auto-future – today.

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

Enter your email address to subscribe to this blog

New transparency – in Madrid!

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.

 

The anatomy of modern fake news: Latvian version.

“… it is established that the information in the published article – the subject matter of these proceedings – is unsubstantiated. Therefore, the court recognizes the lawsuit to be reasonable, and hereby rules to oblige the respondent to apologize in written form to the plaintiff, and publish, at his own expense, … the full text of the apology.”

That’s an extract from the recent Riga court decision on our lawsuit against the Latvian politician Krišjānis Feldmans, which lawsuit sought the protection of our business reputation. And I do hope it will make others think twice about blindly copy-pasting the lies of a handful of U.S. media based on politically-motivated anonymous official-agency sources in the interests of the current geopolitical agenda. But I’m getting ahead of myself. Let me go back to the beginning of this tale…

Source

Read on…

Cyber-news from the dark side: Japanese legal hacking; iKeychain hack; 2FA -> $0; an Iranian cyber-whodunit; and a USB-eating leopard seal.

Privyet boys and girls!

Herewith, the next in my periodic/occasional cyber-news cyber-shocker-bulletins: a few stories of the cyber-interesting, the cyber-this-news-just-in, and the cyber-absurd…

State-sanctioned hacking!

The Japanese government is believed to be planning to hack 200 million IoT devices of its citizens. And that’s not science fiction folks; it looks like it’s for real. Indeed, it’s how the Japanese are preparing for the Olympics to be held in Tokyo in 2020 – and it’s all legal of course, since it’s the government who’s behind it. So their citizens’ gadgets will be hacked using the cybercriminals favorite method: using default passwords and password dictionaries. If a device is found to have a weak password, bureaucrats will enter the device into a list of unsecure gadgets, which list will then be handed over to internet service providers, which will be expected to inform subscribers and have them make their devices secure by changing the password. It’s all being done as a resilience test in the run-up to the Olympics, to work out if IoT devices in the country are sufficiently protected, and to try and prevent their use in attacks on the Olympics’ infrastructure. The methods to be used for this ‘test’ can easily be disputed, but the fact that the authorities are doing something concrete so well in advance is certainly a good thing. For let’s not forget that the Olympics have been targeted before – and not all that far away from Japan.

iOops!

An 18-year-old hacker, Linus Henze, has published a video highlighting a startling weakness in MacOS – specifically its Keychain program, which stores and secures a user’s many passwords. The teenager used a zero-day to develop his own app that can scan the full contents of the keychain.

Curiously, intriguingly, Mr. Henze isn’t planning on sharing his research and his app with the tech giant, since Apple still doesn’t run a bug-bounty program. So that leaves the company with two options: negotiate with the expert (which would be an unprecedented move for Apple), or consider trying to remedy the issue themselves – which they may or may not be able to do, of course.

Meanwhile, you, dear readers, need not fear for the safety of your passwords! Since there do exist (who’d know?!) fully secure, cross-platform password managers out there. And researchers – there do exist software companies that run bug-bounty programs ).

Even two-factor authentication can be hacked now.

Bank accounts being emptied by cyber-thiefs is on the up. One example recently involved accounts held at the UK’s Metro Bank. And the method used for the robberies involved intercepting text messages sent to account-holders’ phones for two-factor authentication. Now, 2FA is a good thing: it’s an extra layer of security and all that, so why not? It’s just that SMSs are by far not the most secure way to transfer data. For example, vulnerabilities can be exploited in the SS7 protocol, which is used by telecoms operators the world over to coordinate how they route texts and calls. If cyber-baddies manage to access the mobile network of an operator, they’re able to re-route messages and calls without the user being any the wiser. First they’d need to know your login and password for online banking, but that isn’t beyond the abilities of modern-day cyber-villains with their crafty keyboard spies, phishing tactics, or banking Trojans.

Once inside the online bank, the criminals send a request for a money transfer and intercept the message with the one-time code from the bank. The code is entered, and the bank transfers the funds, since both the password and the code were correctly entered. And the criminals are laughing all the way to the bank, as it were ).

So what can you do to stop such a scenario happening to you? Here are a couple of tips:

  • Never tell anyone your login or passwords – even to a bank employee, but you’ll probably know that one: banks helpfully remind us whenever they can.
  • Protect your devices from malware with a reliable antivirus app. There is one I happen to know of… but no – you choose the one you want ).

Cyber-spying on foreign diplomats in Iran – but whodunit?

Our researchers just recently discovered multiple attempts at infection of foreign diplomatic missions in Iran with some rather primitive cyber-espionage malware. The backdoor is presumed to be associated with the hacking group know as Chafer, which happens to ‘speak’ Farsi, and which is thought to have been responsible for cyber-surveillance on individuals in the Middle East in the past. This time, they cybercriminals used an improved version of the Remexi backdoor, designed to remotely control (as administrator) a victim’s computer.

Remexi software was first detected in 2015 when it was used for illegal surveillance of individuals and organizations across the whole region. The Windows-targeting surveillance-ware can exfiltrate keystrokes, screenshots, and browser-related data like cookies and history.

Much ‘home made’ malware is used in the region – often in combination with public domain utilities. But who’s behind these particular attacks? Finding out is made all the more difficult by the very fact that the malware is homespun; it literally could be anybody: Iranians, or non-Iranians pulling a false-flag operation. Alas, false flags are on the up and up and look set to remain so.

“Well, actually… a seal ate my USB stick, sir.”

In New Zealand, one day out walking a vet observed a clearly unwell leopard seal on a beach. As any concerned vet would, he proceeded to… scoop up a lump of the poorly seal’s poop and took it off for analysis. He was expecting to find therein some ghastly little parasites or viruses or what have you, but instead found… a USB stick. After much disinfection (I hope), the vet stuck the thumb drive into his computer (don’t try any of this at home kids, but this was a special case). And guess what? Thereon were stored lots of photos of the beautiful New Zealand scenery! Now the vet and Co. are seeking the owners of the USB – using this here video. Recognize it, anybody?

Folks can think for themselves.

Besides a market for its goods or services, a business also needs resources. There are financial resources: money; human resources: employees; intellectual resources: business ideas, and the ability to bring them to life. For some businesses, sometimes even for whole industries, another resource is needed: trust.

Let’s say you decide to buy… a vacuum cleaner. Is trust required of the manufacturer? Not really. You simply buy what seems like the right vacuum cleaner for you, based on a few things like its technical characteristics, how it looks, its quality, and its price. Trust doesn’t really come into it.

However, in some industries, for example finance or medicine, trust plays a crucial role. If someone doesn’t trust a certain financial advisor or pharmaceutical brand, he/she is hardly going to become their client/buy their products – and perhaps never will. Until, that is, the financial advisor/pharma company somehow proves that they are actually worthy of trust.

Well, our business – cybersecurity – not only requires trust, it depends on it. Without it, there can be no cybersecurity. And some folks – for now, let’s just call them… detractors – they know this perfectly well and try to destroy people’s trust in cybersecurity in all manner of ways; and for all manner of reasons.

You’d think there might be something wrong with our products if there are folks trying to undermine trust in them. However, as to the quality of our products, I am perfectly untroubled – the results of independent tests show why. It’s something else that’s changed in recent years: geopolitical turbulence. And we’ve been caught right in the middle of it.

A propaganda machine rose up and directed its dark arts in our direction. A growing number of people have read or heard of unsubstantiated allegations against us, originating in part from media reports that cite (unverifiable) anonymous sources. Whether such stories are influenced by the political agenda or a commercial need to drive sales is unclear, but false accusations shouldn’t be acceptable (just as any other unfairness shouldn’t be.) So we challenge and disprove every claim made against us, one by one. And I choose this verb carefully there: disprove (quick reminder: they have never proved anything; but of course they haven’t: none exists as no wrongdoing was ever done in the first place.)

Anyway, after almost a year since the last wave of allegations, I decided to conduct a sort-of audit of my own. To try and see how the world views us now, and to get an idea as to whether people exposed to such stories have been influenced by them. And to what extent our presentation of the facts has allowed them to make up their own minds on the matter.

And guess what, we found that if people take into account only the facts… well – I have good news: the allegations don’t wash! Ok, I can hear you: ‘show us the evidence!’

Really simple, but enormously useful: on Gartner Peer Insights, the opinions of corporate customers are collected, with Gartner’s team vetting the process to make sure there’s no vendor bias, no hidden agendas, no trolling. Basically, you get transparency and authenticity straight from end-users that matter.

Last year, thanks to the feedback from corporate customers, we were named the Plantinum winner for the 2017 Gartner Peer Insights Customer Choice for Endpoint Protection Platforms! This year’s results aren’t all in yet, but you can see for yourself the number of customers that wanted to tell Gartner about their experience of us and give their overall ratings, and leave positive reviews. Crucially, you can see it’s not a ‘review factory’ at work: they’re confirmed companies of different sizes, profiles, geography and caliber.

And talking of geography – turns out that in different regions of the world attitudes to trust can differ.

Take, for example, Germany. There, the question of trust in companies is taken very seriously. Therefore, the magazine WirtschaftsWoche regularly publishes its ongoing research into levels of trust in companies after polling more than 300,000 people. In the ‘software’ category (note – not antivirus or cybersecurity), we are in fourth place, and the overall level of trust in KL is high – higher than for most direct competitors, regardless of their country of origin.

Then we see what happens when governments use facts to decide whether to trust a company or not. Example: last week the Belgian Centre for Cyber Security researched the facts regarding KL and found they didn’t support the allegations against us. After which the prime minister of Belgium announced that there is no objective technical data – not even any independent research – that indicates our products could pose a threat. To that I would personally add that, theoretically, they could pose a threat, but no more than any other cybersecurity product from any other company from any other country. Because theoretically any product could have vulnerabilities. But taking into consideration our technology transparency efforts, I’d say that our products pose less of a threat than any other products.

Read on: we conducted our own research into the question of trust…

Digital demons – in art and in everyday life.

As regular readers of this here blog of mine will already know, I’m rather into modern art. But when art somehow merges with the anything IT-related, I’m the world’s biggest fan. Well, such a merging is taking place right now in Moscow in its Museum of Modern Art with the exhibition Daemons in the Machine, so supporting it was a no brainer. Artists, consulted by scientists, aimed their creativity at the modern-day topics of artificial intelligence (which, IMHO, is hardly any intelligence at all – just smart algorithms), blockchain, neural networks and robotics. The result is a curious mix of futurology, ethics and – of course – art.

I haven’t been myself as I’m only just back from my latest trip, but I hope to find time for a visit before my next one.

And now, we move from high-art digital demons to everyday, run-of-the-mill – but very worrying – digital demons…

Read on…

IT antimonopolism: analysis, amazement, (+) frame of mind.

Some readers of the technical part of my blog, wearied by this year’s summer heat, may have missed a notable landmark event that occurred in July. It was this: the European Commission (EC) found Google guilty of abusing its dominant position in relation to an aspect of the mobile OS market, and fined the company a whopping 4.34 billion euro (which is around 40% if the company’s net profit for last year!).

Why? Because, according to the EC, “Since 2011, Google has imposed illegal restrictions on Android device manufacturers [including forcing Android device manufacturers to pre-install Google’s search and browser apps] and mobile network operators to cement its dominant position in general internet search.”

It all seems perfectly logical, apparent, and not unprecedented (the EC’s fined Google heavily in the past). Also perfectly logical – and expected – is that Google has appealed the decision on the fine. Inevitably the case will last many years, leading to a spurious final result, which may never become known due to an out-of-court settlement. And the reason (for the lengthy court case) won’t be so much a matter of how big the fine is, but how difficult it will be to prove abuse of dominance.

Ok, let’s have a closer look at what’s going on here…

Source

Read on…

KL-2017: the proof of the pudding is in the preliminary financial results.

Hi folks!

Going against tradition just this once, this year we’ve decided not to wait for our official financial audit results, and instead publish preliminary sales results for last year straight away.

The most important business figure of the year is of course revenue. So, for all 12 months of 2017, our products, technologies and services were sold for US$698 million (in accordance with the International Financial Reporting Standards) – a 8% rise compared to the previous year.

Not a bad result at all, if I don’t mind saying so; a result that shows how the company is doing well and growing. What’s more, we have some real promising technologies and solutions that make sure we’ll keep on growing and developing into the future.

But here’s what is, to me, the most interesting thing to come out of the preliminary results: for the first time in the history of the company sales bookings of corporate solutions overtook those of our boxed products for home users – this riding on the back of a 30% increase in the corporate segment.

Another very pleasing fact: the good rate of growth of the business has come largely not from sales of our traditional endpoint products, but from emerging, future-oriented solutions like Anti Targeted Attack solutions, Industrial Cybersecurity, Fraud Prevention, and Hybrid Cloud Security. All together these grew 61%. Besides, forecast growth in sales of our cybersecurity services comes in at 41%.

Geographically, sales bookings in most of the regions overshot their annual targets. For example, in Russia and the CIS sales were up 34% on 2016. In META (Middle East, Turkey, Africa) sales skyrocketed up 31%; in Latin America – 18%; and in APAC – 11%. Japan demonstrated moderate growth (4%), while Europe was slightly below expectations (-2%).

The only region that didn’t do well was, as expected, North America, which saw a fall in sales of 8%. Hardly surprising this one, given that it was this region that was the epicenter of last year’s geopolitical storm, which featured both a disinformation campaign against us and an unconstitutional decision of the DHS. Nevertheless, despite the political pressure, we continue to operate in the market and are planning on developing the business further there.

It only remains for me to give huge thanks to all users, partners, and cybersecurity experts, and to anyone else (including most journalists and bloggers that covered us) for their support, and also a big up to all the KLers around the globe for their continued excellent work in these difficult times. Customer loyalty, impressive growth of the business, and high team morale are all clear indicators of our global success. Well done everybody!

More detailed info on the preliminary financial results can be found here.