Malware Numbers Prove Cybercrime on the Rise

The lastest numbers support growing awareness that cybercrime is on the rise. We have just learned that the US economy has officially fell into recession in late 2007. This means that recession is already 4 quarters old. It is well known that cybercrime tends to rise during recessionary times as more people turn to a less than honest means to make a living.

A recent online study supports the growth of malware and cybercrime. Microsoft Windows users face an unprecedented number of virus and othe malware threats from a widening variety of sources. New virus and spyware programs are appearing at an alarming rate. In September 2008, Kaspersky Lab reported that the number of virus, adware, Trojan, and other malicious programs tripled during the first six months of 2008 versus the previous six months. In all, the lab’s statistics indicate that some 440,311 new malware programs appeared from January through June, compared to just 136,953 for the preceding six months.

Malware programs continue to mutate; many take advantage of social networking sites, which make it easier to distribute infections via simple e-mail messages supposedly sent by trusted friends. From dangerous rootkits to continually evolving viruses and spyware, Windows users require an anti-malware application that provides effective protection without robbing a system of its computing capacity. Of course, no single program or application is capable of completely protecting a Windows user from all threats, but some applications are better than others.

Private and public entities will need to begin pooling resources to stave off this growing threat. Nearly 10% of all retail purchases are made online. This represents billions of dollars worth of e-Commerce which may be threatened if people begin to distrust online shoppoing and buying.

Cybercrime on the Rise

Computer crime is any criminal activity involving the use of information technology such as a desktop, laptop or server computer. Cybercrime is committed on these networks when they are used for unauthorized access or illegal interception, data or systems interference, misuse of computing and related devices, forgery and phishing (ID theft), electronic fraud and abusive behavior.

A recent PCMag.com article predicts that “cybercrime is likely to wreak as much havoc as the credit crisis in the coming years…” According to Kilian Strauss, a computer security expert from the Organization for Security and Cooperation in Europe (OSCE), cybercrime will cause over $100 billion in financial damage annually on a worldwide basis. In August of this year, the US Department of Justice brought charges against several men (mostly foreign nationals) operating an international stolen credit and debit card distribution ring operating globally from the United States, Ukraine, Balarus, Estonia, China, the Philippines and Thailand. The cybercrime ring successfully generated over $20 million of ill gained revenue.

The current effort to stop cybercrime has been largely uncoordinated. Home and business computer users lack the most basic information about cybercrime threats, let alone time sensitive or emerging and evolving threats. A coalition of public and private stakeholders, including consumer advocates, businesses, governmental agencies (law enforcement and legislative bodies) must be formed to better educate and protect the public against this growing threat to the world economy. Organizations such as the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) http://www.impact-alliance.org are beginning to fill the void.

Only a coordinated effort that includes cybercrime awareness and prevention training, aggressive legislative action and enforcement and the deployment of the latest security technologies will begin to turn back the rapid growth of cybercrime. Security software such as ESET NOD32 and ESET Smart Security is a big part of the solution, but more is needed.

Cybercrime Looms Large on the Horizon

It appears clear that the global economy has slipped into recession. Weak financial and housing markets have begun to translate into delayed IT projects and orders for new equipment, software and related services. This represents the first wave of a slowing business climate and this trend is likely to worsen. Several projects will be canceled and companies will begin to slow pay their bills as a way to conserve cash or worse yet make payroll. We can expect layoffs across all industries which will create opportunity for companies who are still in growth mode.

I believe that these forces are supporting the "Perfect Storm" for Cybercrime. Big clouds are forming on he horizon. An article in today's USA Today reaffirms my belief (USA TODAY) http://www.usatoday.com/money/industries/technology/2008-11-11-thieves-cyber-corporate-data_N.htm

Successful proof of concept that cybercrime is technically and financnially viable using currently available technology is on the rise. This flames of this trend will be fanned by a lack of governmental organization and coorindation and declining econonmic conditions all point toward the onslaught and rapidly increasing cybercriminal activity over the next 5 years.

Software as Service or Cloud Based Solutions?

What are the "real" differences between software as service and cloud based security solutions? Which will predominate going forward? Larry Ellison recently commented that cloud computing will be a failed idea, yet most AV and malware security companies such as Symantec, Trend Micro and McAfee are moving in this direction.

Marketing & Sales Roundtable: Tough Times Sales Strategies

I will be representing ESET on a panel of experts at the AeA Marketing & Sales Roundtable meeting on November 13th. The panel of technology sales executives will discuss how they are combating the effects of tough economic times with innovative direct and indirect sales strategies, campaigns and programs. Investing time in designing and implementing targeted, high-payoff sales approaches is key to both protecting sales and gaining market share at the competitors' expense.discuss ways to keep sales performance within expectations during uncertain economic times. Industry leaders from Websense, Indyme Solutions and The Sales Alliance will also participate on the panel which will be hosted at UCSD.

Champions Rise to the Occassion

We have arrived this year to ESET’s North American Partner’s Conference at a time of global financial and political uncertainty. Likely, some of us are wondering what impact these factors will have on our businesses in the coming months. Historically, a slowing economy has dictated decreased IT spending. In the past, when IT budgets shrink, security budgets usually have taken an even larger percentage hit than IT overall.

Despite our historical experience, I’d like to present several current trends which indicate that spending on IT security may remain constant or even increase during the downturn. Factors driving this change include the growing global threat of cybercrime, greater global awareness about the importance of IT security and the growing regulatory environment. ESET is particularly well positioned in this environment due to the strength of its proactive technology, our strong VAR network and our growing global brand awareness, marketing and customer support.

One likely impact of worsening economic times will be a rise in cybercrime. Several studies show that that during the last three global economic downturns (early 1980s, 1990s, and 2000s) theft and robbery crimes were at their highest rates.(1) Among these statistics were crimes committed against businesses such as data and IP theft on a worldwide basis. These crimes are increasingly perpetrated with the use of computers making intrusion and data protection and data loss prevention top IT priorities. There is a growing awareness by IT professionals and business leaders that cyber threats (including a 10 fold increase in malware objects in 2008) are rapidly expanding in both scale and scope.

Many IT Managers and C-level executives see security and especially malware protection as an insurance policy which protects critical personal and corporate information against the risk of loss or corruption. Companies, like individuals, have been highly resistant to cancelling insurance coverage of any sort during economic downturns. They tend instead to “tighten the belt” by delaying new projects or forgoing luxury purchases. An additional factor to consider is the proliferation of compliance/regulations (SOX, PCI, HIPAA, etc.). These regulations compel organizations to focus significant time, energy and budget on IT security.

Given current trends and taking ESET’s strong product and global presence into account, it is likely that ESET Partners will experience a less severe impact than other players in the market. In a worst case scenario, companies will pull back into “maintenance mode” and some new projects may be delayed. Still we may expect that renewal rates from existing customers will remain steady. Customers are unlikely to forgo protection of their data assets given the current threat and regulatory environment as described. ESET’s commitment to product quality, new feature enhancements coupled with strong customer support will keep us ahead of the market.

1.Montez, Brown, “How to Recession Proof Cyber-Espionage”, September 3, 2008, http://www.webupon.com/writers/Montez%20Brown.68641

Uncertain Times Means Opportunity for ESET

While many continue to debate whether the global economy is in recession now or will be soon, most key economic indicators point to tougher times ahead. Historically, a slowing economy has dictated decreased IT spending. When IT budgets shrink, security budgets usually take an even larger percentage hit than IT overall. In many cases security gets lost or put on hold.

Despite our historical experience, several current trends indicate that spending on IT security may remain constant or even increase during the downturn. Factors driving this change include the growing global threat of cybercrime, greater global awareness about the importance of IT security and the growing regulatory environment. ESET is particularly well positioned in this environment due to the strength of its proactive technology, our strong partner network and our growing global brand awareness, marketing and customer support.

One likely impact of worsening economic times will be a rise in cybercrime. Several studies show that that during the last three global economic downturns (early 1980s, 1990s, and 2000s) theft and robbery crimes were at their highest rates1. This included crimes committed against businesses such as data and IP theft. Since such crimes are increasingly perpetrated with the use of computers, intrusion prevention and data protection are more critical than ever to security managers. This has been especially true in many rapidly developing economies including Eastern Europe, Asia Pacific and Latin American.

One additional factor to consider is the proliferation of compliance/regulations (SOX, PCI, HIPAA, etc.) which are being mirrored by many countries around the world. These regulations compel organizations to focus significant time, energy and budget on IT security. Also, many public and larger companies have stringent reporting requirements; a trend which is likely to continue.

Given current trends and taking ESET’s strong product and global presence into account, it is likely that we will experience a less severe impact than other players in the market. In a worst case scenario, companies will pull back into “maintenance mode” and some new projects may be delayed. Still we may expect that renewal rates from existing customers will remain steady. Customers are unlikely to forgo protection of their data assets given the current threat and regulatory environment as described. ESET’s commitment to product quality, new feature enhancements coupled with strong customer support will keep us competitive in the current market.

The opinions and information presented here are my personal views and not those of ESET.

1.Montez, Brown, “How to Recession Proof Cyber-Espionage”, September 3, 2008. On the web at http://www.webupon.com/writers/Montez%20Brown.68641

The Medici Effect by Frans Johansson @ Inc 500 Awards, Washington DC

One of the most powerful presentations at the Inc 500 awards (ESET here for the 2nd time) this year was given by Swedish born Frans Johansson. Johansson' book, The Medici Effect talks about how intersections of dissimilar objects, ideas, items and cultures lead to groundbreaking innovation. Examples include the combination of the computer + candy which yielded Apple's "Yum" marketing campaign in the late 90s, which highlighted Apple's stylish new line of candy colored monitors. Another interesting example is the Birquini which is a combination of the Birqui and the bikini. Johannson suggests that the "idea stage" is just the beginning. Randomness and the reaction to new ideas is largely unpredictable, so one has remain very open to the evolutionary change of new inventions. Johansson's idea was actually demonstrated by Elon Musk, another Inc 500 speaker who was one of the founders of PayPal. Musk's original idea was to create a much broader web based, financial platform and the transaction component (which became PayPal) was only a small part of the original idea. However, as more people saw the idea, a way to facilitate online transactions, PayPal took on a life of its own. Musk is an amazing guy in his own right. His current projects include Tesla Motors, a company which is building a high performance electric car and Space X, which develops rockets and spacecraft for mission to Earth orbit and behond.

Jim Collins - Good to Great @ Inc 500 Awards in Washington D.C.

I had the chance to hear Jim Collins (Built to Last and Good to Great) lecture here at the Inc. 500 awards (ESET wins 2 years in a row!) in Washington DC. Collins is a pioneer in the area of what makes the best companies, the best. He is an engaging speaker and emphasized many key points and lessons from his research about what makes companies great. Collins talks about getting the "right" team "on the bus" and the wrong people "off the bus". He also discussed Level 5 leaders, the Hedgehog concept, the culture of discipline, technology accelerators and the flywheel and the doom loop. Many of Collins' ideas seem intititive yet several of the concepts fly in the face of the conventional wisdom of business.

Speaking Engagement at San Diego Software Industry Council

I have just accepted a speaking engagement to discuss network and software security at the San Diego Software Industry Council meeting on October 7, 2008 at the offices of Wilson, Sonsini Goodrich & Rosati in San Diego, California. If you’re planning, implementing or managing network security policy and systems, this would be a good event to attend. I'll discuss how to ensure your network is set up for success against the threats of today and tomorrow. There are numerous companies that suffered from network attacks over the last several years including TJ Maxx, Google, Acxion (one of the largest credit reporting companies in the world) and most recently, Republican Vice Presidential candidate Sarah Palin. Ironically, even two of ESET's competitors, Symantec and Trend Micro have had their own web sites hacked. Hear first-hand how the right technology tested in the right environment can make all the difference in the world.

Notes from the Trenches Begins

I have finally decided to begin to blog. My focus for now will be to share my experiences as the leader the of fast growing technology company. Beyond just the business stuff, I want to share my thoughts about balancing all aspects of my personal and professional life. I hope that this will be useful to others as they also seek to fully develop themselves. So here goes....