EMBATTLED Kaspersky Lab is looking to increase its presence in the growing Asia-Pacific (APAC) region amid increasing protectionism in Europe and the US.
Kaspersky Lab Vice President for Public Affairs and Head of CEO office Anton Shingarev told BusinessWorld last week at the company’s annual cybersecurity weekend in Siem Reap, Cambodia that they continue to bear the brunt of geopolitical tensions.
The company said with the rising trend of balkanization — or the fragmentation of regions opting for independence — and protectionism, countries are more at risk of being victims to cyberattacks which continue to become more and more sophisticated.
Balkanization, which was seen as a way for governments to protect their critical infrastructure from cyber threats, has made it harder for cybersecurity firms to operate as their integrity is being questioned, Kaspersky said.
“[C]ybercriminals don’t care about politics. They don’t care about conventions, they don’t care about law. All they care is money. For example, Russia now has conflict with Ukraine. Governments do not talk to each other,” Mr. Shingarev said. “Cybercriminals cooperate. They share information, their roadmaps. [They have] no problem with cooperation… Cybercriminals are the only beneficiaries [here].”
The Russian-based cyber security firm last year announced its Global Transparency Initiative program in a bid to regain the trust lost after allegations their source codes have back doors and their data can be accessed unlawfully.
Through the GTI, Kaspersky wants to bare its source codes through the means of a third-party audit and setting up a reward system to those who can find a bug in their codes.
This also includes setting up three Transparency Centers, wherein the company’s source codes as well as software updates can be viewed by its stakeholders.
With the first center set in Switzerland, the two others are being planned to be located in North America and the Asia-Pacific.
However, Mr. Shingarev has doubts on the initiative’s success as tensions between Russia and the US remain high.
“But North America, it’s not just US. It’s also Canada. Maybe we’ll do it in Canada. We’ll see if there’s zero response and zero support, why should we do it?” he said.
“I would rather do it in the Philippines. Because [the] Philippine government is more open…for conversations. We have conversations which is good and they’re much more interested in cooperation than the US government,” he added.
This responsiveness increases chances that Kaspersky’s Asia-Pacific Transparency Hub may find its home in Southeast Asia.
“We will consider all the options but it’s a little too early to say if it’s going to be in the Philippines, or in Malaysia, or in Singapore but definitely it will be somewhere in that region,” Mr. Shingarev said.
Kaspersky Lab’s Managing Director for Asia-Pacific Stephan Neumeier said during the event that the region is fortunately going against the current trend of balkanization and protectionism now happening in Europe.
This is especially the case in the Southeast Asian region, as the members of the Association of Southeast Asian Nations continue to grapple with improving ties with each other.
“This definitely creates more jobs, more security between countries because the trade will increase and the trade between countries will be easier. It’s going to the right direction,” Mr. Neumeier said.
Mr. Shingarev said all that lacks in the Asia-Pacific region is better legislation to arm countries against cyber threats. However, he warned that governments should not hurry in passing their own cybersecurity laws despite the rapid development in technology.
“If the laws change very fast, it will not work. It should be well-weighted and discussed… The countries that introduced and adopted cybersecurity laws two, three, four years ago, they’re already old and they have to [renew it] so it’s harder than to do it from the scratch like in the Philippines, for example,” he added.
“You’re already drafting the law which is good because you can draft your own law based on the cybersecurity law of Singapore[’s] cybersecurity law, Chinese cybersecurity law, general data protection regulation in Europe…so you can take these laws and combine something and add something specific and introduce pretty a pretty robust legislation.”
Another point legislators should consider is that cybercrime is different from other offenses “because it’s purely international,” Mr. Shingarev noted.
“Purely no-border crime and this is the problem because legislators, the governments — they more or less understand what to do with the local laws but it doesn’t work with the cybersecurity law. The criminal may be in Malaysia, attacking the Philippines… So it’s not just a problem of local laws. It’s the problem of lack of international conventions,” he added. — Anna Gabriela A. Mogato