The world we live in is hyper-connected and cybersecurity is no longer an exclusive environment for IT departments, it is now a priority for business management. According to PandaLabs, more than 200,000 new malware samples were created daily in the second quarter of this year. There are numerous entry ways for cyber criminals to access corporate environments, from company phones to the use of social media in the office. Taking this information into account, the consulting agency KPMG interviewed Fernando Garcia Checa, the CEO of Panda Security.
Avast, the largest antivirus manufacturer in the world, just announced the purchase of AVG, their biggest competitor, for 1.3 million dollars. How will this affect Panda Security?
It does not affect us too much because the operation has been carried out by two manufacturers and the rest of them have remained in the same situation, more or less. These two manufacturers were the first to launch free antivirus solutions and achieved a huge customer base, generating income by ensuring that a percentage of these customers would purchase Premium products. They changed the antivirus consumer sector, where 60% is free. That is to say, individuals want protection but are not willing to pay for it.
What market is Panda Security focusing on?
Panda was one of the first companies in the world to enter the cybersecurity industry, which was emerging at the time. It was 1990 and it wasn’t popular like it is now. During that time, we were the fifth company in this sector, worldwide. Initially, the business was divided into equal parts consumer and corporate, the two biggest segments in the cybersecurity environment. Now, our company is 70% Corporate and 30% Consumer. Clearly, profitability is higher in business than consumer; the majority of consumer products are free.
Currently, Panda is present in more than 80 countries but most of our business is concentrated in the EU, followed by the US and Latin America.
How will the United Kingdom’s decision to leave the EU affect the Company?
We will be affected mostly by the kind of change. Now that the UK will no longer be a part of the EU, the depreciation of the pound will hurt our sales in that region.
In terms of our organization, the UK subsidiary is owned by Panda so we will see how trade policies evolve and then we will assess the legal impact they may have on managing our subsidiary. However, we anticipate the changes and will address alternatives for the possible legal framework resulting from this.
It is evident that cybersecurity is becoming increasingly more worrisome for businesses and home users. Is this the best moment for businesses who specialize in this area?
Our business and personal lives have become digital over the past 30-35 years. Now, the information and processes in companies are digitalized. We base all of our work in conjunction with computer programs. In addition, there is another series of elements that have contributed to the growing use of this software: the ability to communicate between devices, mobile devices, the cloud and, the more recent and increasing phenomenon, the Internet of Things and Artificial Intelligence.
This cluster of trends contributing to the exponential growth of software, and the way in which it grows, need more protection. It is very difficult to 100% guarantee that it will save someone from a cyberattack but we should be prepared with the best possible defense.
Technology is advancing at a rapid pace and what is an innovation today could be obsolete tomorrow. Who benefits from this constant evolution, cybersecurity businesses or criminals?
It is more complicated to defend ourselves when technology is advancing so rapidly. In relation to security, the main problem is that software is growing exponentially, while malware programs multiply at the same time. Despite what one might think, the malware industry is very organized and their main goal is to benefit economically.
Additionally, some trends have made this even more complicated: before we worked on isolated computers and the only way one could access them was by stealing access keys or using pen drives. Now, taking into account that they are connected to the network, you have an open door for cyberattacks.
The most drastic change are the protection techniques that the cybersecurity industry uses—black lists (that detect malware) and white (that identify goodware), which no longer work because the production of programs have multiplied and these lists have become obsolete.
In this continuation of the technological evolution, the cybercriminal is always ahead and with these protection models, businesses can only fix the damage made by the attackers. But the cybersecurity industry is also evolving. For the first time, we can get ahead of their movements and predict anomalous behaviors before they even happen. This is a new security model and Panda is one of its main drivers.
“For the first time, we can get ahead of their movements and predict anomalous behaviors before they even happen”
How are the new threats appearing?
Over the past year, Panda’s laboratory has discovered an average of 250,000 malware samples per day. This gives us an idea of the volume at which they are producing. Before this avalanche, we understood that 18% of malware was not detected in the first 24 hours. In the first three days, 9% is left undetected. After three months, 2% is still undetected. This means that in one year there are more than 2 million malware samples that have not been identified or blocked.
How would you define cybercrime?
Cybercrime is a selective industry, organized with competent people that have perfectly defined roles: those who manufacture malware programs, those who organize attacks, the sales specialists who sell what was stolen from the attack, and the ones that illegally launder the money.
Contrary to what you may think, the main objective of this industry is to make money from these attacks. In the case of Cryptolocker, a program that holds computer files hostage until you pay the ransom, is a program that has aimed at lots of businesses and makes approximately 15 million dollars monthly.
What is the extent of the possible damage that can occur from a cyberattack?
In cybercrime, the probability of suffering an attack is very high. We are pretty certain that everyone in the world has been a victim of a cyberattack or will be eventually. Cybercrime is everywhere: an attack can be launched from many places at the same time and attack three million devices simultaneously. This doesn’t happen in everyday crime.
Now, we have reached a place where cyberattacks have an effect on our personal information and our heritage. Mostly, the attacks are aimed at data or money theft but we must also be prepared and make sure they don’t hack our cars, home alarms or even some of our healthcare devices. For example, if they successfully hack your car’s brakes or manipulate your pacemaker, your life could easily fall into the hands of the criminal launching the attack.
“The majority of cyberattacks originate from within the business itself”
How is Panda creating solutions for these possible attacks?
We are forerunners when it comes to introducing new technological platforms that resolve problems. We use principles and techniques that are unrelated to traditional white and black lists, as seen with our Adaptive Defense solution. When a program is downloaded on a device, it analyzes it in real-time and allows us to automatically classify it as malware or goodware with a 99.94% success rate, and then to log it we use the cloud and data & analytics techniques (D&A). Our long history has given us a competitive advantage because it is necessary to accumulate a lot of information and knowledge in order to analyze and log that systems are improving and learning new behavior patterns. These reasons affirm that we are not only providing the product used, but also, we are providing a service with added benefits.
Where do the attacks originate?
There are two cybercrime truths that people are usually unaware of. First off, on many occasions the attack originates from within the organization. The attack starts with employees, ex-employees, providers… what we mean to say is that attacks originate with people from the same side who have access to information and programs. A paradigmatic example of this type of attack: a virus was introduced to the uranium enrichment center in Iran and the system was not functioning properly for four years although the center continued to report information that it was functioning fine.
Some typical characteristics of an outside attack are related to economic motivation, industrial espionage, questions and strategies. (Cybercriminals use this information later for extortion and blackmail—it can be used for requesting ransom payments or it can be sold to the highest bidder.)
Would you say that businesses are completely aware of these risks?
I believe that we are advancing. Before, CEOs saw cybersecurity as a cost and now they are beginning to see that the probability of an attack is very high. Taking risks translates to economic loss, both direct and indirect. Now, economic impact is calculated and sensibility is growing.
“In order for cybersecurity to be a priority for a company there has to be an awareness that it’s part of the normal work process for any employee”
Are businesses making new decisions related to cybersecurity?
The cybersecurity culture is lacking. For cybersecurity to be a priority, businesses must make it part of the normal work process for every employees, and cybersecurity should be included in business costs.
Another problem: to what extent are top executives aware of this? First we need to break the IT barrier, who know how to make management understand the importance of cybersecurity.
To what extent is the public sector more aware of this matter than the private sector?
I believe that the public sector is already aware of this, but they don’t exactly know if they are a step ahead or a step behind the private sector. We must distinguish between three levels of administration. At the top we have intelligence organizations who have had a clear understanding of cybersecurity for a long time. Critical infrastructures, in the middle, still have a long way to go. They are the target for all attacks because, if they are hit in the right spot, it will create huge chaos. The last level is related to sensitive and valuable administrative information, like medical history or information from the finance department. I think that the growing trend is that the administration area is becoming more sensitive, driven in part by international privacy regulations and security policies.