TRP: At the other end of the scale, do you think there's still the perception among small businesses that proper antivirus solutions aren't necessary?
DE: I think there's a potential danger that they check a box, so they know they need antivirus and they pick up a free solution like something they might be using at home.
That might be fine for a home solution, but for a business it isn't because at some point you're going to need tech support, and that's probably not included with the product. You're also going to want to be looking at restricting the applications that people can access, and a whitelisting component isn't likely included in that.
You've ticked the box and you look compliant, but maybe it's not enough, and actually that happens in bigger organisations too. Regulatory compliance doesn't necessarily equal security.
Another factor impacting SMBs that I worry about is, look at some of the big name breaches - the Sony Playstation Network or Google or RSA or Coca Cola - people think, "we're not them, we manufacture widgets, why would they want to get into our organisation?"
But, actually, there's not much news in reporting on a cyber attack on XYZ company that does widgets and has maybe 30 employees. There is in flagging up a Coca-Cola breach. If you're in business, you've got intellectual property, otherwise you wouldn't be in business, and that's valuable.
TRP: Looking at the mobile landscape, iOS has been known as the most 'secure platform' up until now, with Android lagging behind. Could that be set to change in 2014?
DE: Cyber criminals are a bit like electricity - they go through the path of the least resistance.
That's not to say that there's anything wrong with their security, per se, but their market posture - if you like - lends itself to malware in the sense that it's easy for third-party developers to develop apps. It's easy for me and you to use a device that can download apps from a variety of places.
That flexibility is great and it's one reason as to why Android is popular, but it does also apply to people who want to misuse the platform. It's as easy and flexible for them.
And I think in particularly people stepping outside of the single marketplace adds a lot of danger. It's not impossible for criminals to inveigle malware into the app store, but it's harder.
If all you do is install stuff from Google Play, it's not impossible, but it does reduce it. And so it's really a question of people developing a strategy for what is going to reduce their risk, and how do you stay to the well-trodden path. If you deviate, you're introducing a risk factor.
TRP: The Flappy Birds debacle was a recent example of malware-infected apps flooding the marketplace...
DE: Exactly. And stuff does get reconfigured and repackaged. We have about 200,000 unique code samples for mobile right now, but actually in terms of installation packs, that's about 10 million, so stuff does get repurposed, re-wrapped and redelivered.
TRP: As there are so many samples, do you have automatic methods of detecting which ones are the most worth your analysis time?
DE: With 300,000 a day, we couldn't have enough researchers to deal with that on a manual basis, so 95% of that is automated.
And actually, having been in this sphere for a long time, we've been able to develop processes and technologies to do that. So there's stuff that 10 years ago might have required a hands-on analysis can now be in a black box, and we feed in code, and out of the other end comes a "protector" for it.
All you're doing really is sanity checking to make sure there's no false alarms. So that does mean that we can kind of cope with that on a mass-productive basis. A lot of the numbers are actually variants of existing families, which does make that easier. If you recognise its path, you can see it's another Zeus banking trojan, for example, that helps.
Being able to classify and categorise stuff is really important - we can do a lot of that automated. And that then frees up guys to look at the more complex type stuff that requires more in-depth intelligence gathering and more analysis work.
TRP: Consumers recently got hit by phishing scandals involving Beyoncé tickets and the upcoming World Cup. What can they, and business employees, do to stay safe?
DE: Technology is part of staying safe, obviously, because that's got to block fishing attacks and spam, etc. But if you look at the two biggest ways into any business, home or state computer, there are two things that get exploited.
One of those is vulnerabilities in applications. Patching your systems is a huge thing that can really reduce risk - not just to Windows - but to Java, Adobe Acrobat Reader and the other apps that you use.
The second is people. It's being able to develop - whatever size company you are - an online common sense equivalent to crossing the road safely, or getting your kids not to take sweets from strangers.
What that equates to in terms of computer hygiene, if you will, is resisting that temptation to click on an email attachment if it's come from someone you don't know (or clicking on a link).
Also, if I'm out and about, and I'm using an untested Wi-Fi hotspot, don't do anything confidential. By all means surf the web, but if it's a question of doing your banking, maybe wait until you're on a secure network to do it.
It's also simple things like not using the same password for multiple accounts. And use a password manager, some of it through free software, which can help you create long pass codes and secure them in a vault.
