World needs to move beyond cyber security to cyber immunity: Kaspersky Labs CEO

Bali (Indonesia), Aug 28 (IANS) As the world moves into the "cyber age" with the number of internet-connected devices zooming amid expanding use of artificial intelligence (AI), the mounting scale and expertise of cyber crime makes the concept of cyber security outmoded and it is necessary to move to "cyber immunity", said Kaspersky Labs CEO Eugene Kaspersky.

"Which age we're living right now? Some people say that we are living in an age of plastic... there was the Stone Age, the Iron Age and now the Plastic Age... and we are fast moving to the Cyber Age. We are still not there, but we'll be there soon. But unfortunately, there are problems.

"The first problem is that there are many highly-professional criminal gangs which are able to hack very well-protected enterprises... very well-protected businesses, governments. And second, unfortunately, we see that they are slowly shifting to industrial systems.

"They are moving to the direction of infrastructure, including critical infrastructure. And of course, we cannot get to the Cyber Age if it's not safe," he said at the Kaspersky Cybersecurity Weekend 2023, titled 'Deus Ex Machina: Setting Secure Directives for Smart Machines', held in Indonesia's Bali recently.

We cannot move there if there are hackers' attacks which can destroy the systems, he stressed.

Showcasing the scope of the problems, he said that Kaspersky Labs collect over 400,000 new unique malware every day, adding that he had been in Indonesia for a week and in this time, they had collected over 3 billion malware.

"And this malware speaks Russian, broken English, Spanish and Portuguese and many, many, many other languages. So it is massive cyber crime. The good news is that they are mostly of junior or mid-level complexity, so they are like a student malware. So technically, we can easily handle them. But the numbers are huge...  so how do we do it," he asked.

The Kaspersky CEO said that to handle this problem, they had a lot of engineers working on it and are able to automatically collect new data and process it.

He said they collect 15 million new suspicious files everyday.

"...We don't know its malware or not malware. This is just suspicious data. And we have machine learning systems, layer of machine learning systems. So you can call it AI," he said.

Kaspersky noted that they do not only have software engineers, but mathematicians too, including 30 PhDs, in their R&D team to create new algorithms to recognise which data is malicious, and which is not.

"But the problem is that these junior or mid-level criminals... they are also learning, they are getting smarter, they exchange information, and they join highly-professional criminal gangs," Kaspersky said, noting that the first highly-professional malware attack happened in 2014 and targeted banking systems.

"Operating from inside the banks, they even directed ATMs to release cash," he said that this had professional hackers and street criminals unite to end up making away with $1 billion.

So its not mid-level or junior criminals that hack your mobile phone, but very very professional gangs, he said, noting that there are gangs which work on several projects while there are cases where several gangs work on one project.

“It is impossible to guarantee 100 per cent protection in the current IT landscape, where everything is vulnerable to hacking,” he said, stressing the need to adopt cyber immunity, which is implementing protection that makes attacking a company more costly than the potential benefits.

“In an age where technology can be used by good guys and bad guys alike, traditional cyber security is no longer enough. We need to revolutionise our defences to ensure we create a more secure digital world,” he added.

The way ahead is to make attacks financially unprofitable for potential criminals, Kaspersky said.

“Kaspersky Cyber Immunity is an approach we recently trademarked in both the United States and the European Union. It embodies a secure-by-design system that makes it possible to create solutions that are virtually impossible to compromise and that minimise the number of potential vulnerabilities.

"In an age where technology can be used by good guys and bad guys alike, traditional cybersecurity is no longer enough. We need to revolutionise our defenses to ensure we create a more secure digital world," he said.

The cyber immunity approach segregates the IT system and controls the interactions between the different parts, making most attacks ineffective and allowing the system to continue performing critical functions amid an aggressive hacking attack.

Kaspersky also stressed that international cooperation is needed to enhance cyber immunity and create a secure digital world.

Cybercriminals transcend national or geographic boundaries, making it essential for countries to have cybercrime laws in place, he said, adding it is vital for countries to have the legal authority to assist other countries in investigations, even if they have not suffered any damage themselves.

“By establishing international guidelines for combating cyber crime, the process of digital investigations involving multiple countries can be streamlined, eliminating regions where cyber criminals can escape the reach of national laws," he said.