Malwarebytes CEO Marcin Kleczynski answers readers' questions

Kleczynski responds to the questions you want answered.

We here at IDG Connect have spoken to all kinds of tech luminaries over the years: CEOs, CTOs, CIOs, CMOs, plus experts in the realms of security, AI, Quantum, Blockchain, IoT, and more.

Now we are letting you, the reader, get involved. What questions are we not asking? What issues are we missing? We’re giving you the chance to ask whatever you want to tech’s head honchos.

First up is Malwarebytes CEO Marcin Kleczynski.

Polish-born Kleczynski founded Santa Clara-based Malwarebytes at age 18 while studying computer science at the University of Illinois. In the near-decade since, the company has risen to become one of the largest antivirus companies in the world. As well as being a trained pilot, he has previously spoken with IDG Connect about the prospect of DDoS-based ransomware, WannaCry and the Shadow Brokers group, and the best advice he’s received during his career.

My question is around Sovereign country security. In today's world, should the state be involved in ensuring known attacks are blocked before they leave their country? Do you see State-run DLP programs being a future market? Should we see that? - Shawn B.

Kleczynski: “There is no short answer to this question. State-controlled cyber security is inevitable. If you go back in time to the American Old West, you saw attempts by local law enforcement to reduce crime in their towns. However, often the amount of crime overloaded the amount of law enforcement; then, organizations like the Pinkertons acted as a security force or detective agency, to fill the gaps where law enforcement lacked the resources in.

“Today, we have state-run cybersecurity organizations. But, there is only so much they can do with the resources they have. This leaves the job of securing the country to private companies like antivirus vendors. 

“The tricky part, as with all infosec matters, is when cybercrime becomes a big enough problem for local police forces to start heavily investing in cyber security investigators. How soon until rules are put into place for all traffic to be sniffed before leaving the country’s borders? This is not only an issue for bandwidth and speed but also a big one for privacy. While private vendors have no control over what you do with your traffic today, a government body may well be able to pass laws to intercept traffic legally, with the intent of keeping citizens safe. In addition to this, while known attack methods could potentially be prevented using traffic sniffing, the unknown attacks are going to still be possible and more than likely, far more dangerous than the stuff we see every day.

“Lastly, certain technology allows hackers to disguise their location using VPNs, and even perform massive attacks with the simple press of a button. More than likely, we are going to see an increase in cooperation between private vendors and governments as cybercrime becomes an even greater problem, prompting laws to be passed that enforce regulations on data storage, use and privacy as outlined in the upcoming GDPR. Once that is done and it’s more difficult for attackers to breach organizations, we may see a very different threat landscape that may or may not require government cybercrime organizations for every country.”


You don’t show any connections with China, when most other anti-virus companies have them. Do you have a joint venture or teaming arrangement with any Chinese company? - Dennis P.

Kleczynski: “We don’t have any Chinese distributors currently. This is largely because, instead of trying to ‘do it all’ at once, we’ve been laser focused on specific growth regions. However, each year we look to expand geographically and China is certainly on our list to target and partner with.”


What’s your perspective around the current Kaspersky situation in the US? - Sharon S.

Kleczynski: “In matters of Homeland Security, the government has no choice but to be cautious, and rightly so. That said, I think it’s important to remain balanced. Clearly Homeland Security wouldn’t have taken the trouble to remove Kaspersky’s software if it wasn’t seriously concerned. However, the issue of whether or not the allegations against Kaspersky are true or false is for Kaspersky to handle with their customers and for the U.S. government to sort out. In the meantime, we hope that no more cybersecurity solutions are cut-off from customers who need sophisticated solutions to protect themselves.”


Have you been following the latest information dumps by the Shadow Brokers, and is there anything in them that you think is particularly advanced/noteworthy? - Anon.

Kleczynski: “The most interesting and dangerous things to come out of the Shadowbrokers dump was the SMB exploit used in the WannaCry, NotPetya and numerous other attacks this year. However, their offerings after the fact have not been as interesting or noteworthy as the SMB exploit. Whenever one of these dumps is released, we make sure that any tools found inside which could potentially harm our users, are analyzed, detected and sometimes even written about on our blog.”


What is the current state of so-called driveby cryptocurrency mining? There are more and more reports but is it really something that the average web user should be worried about? - Anthony C.

Kleczynski: “It’s often hard to know the scale of attacks that are receiving a lot of attention. To give you a sense of the scale of drive-by mining, we’re blocking the original Coinhive API and related proxies about 8 million times per day – that’s 248 million blocks in one month alone. The idea is that you are accessing content for free so in exchange, your computer – and its CPU in particular – will be used for mining purposes.

“It might not sound too insidious, but mining has a big impact on productivity and, to a certain degree, a computer’s overall lifespan. A PC not designed for mining but left on overnight could also overheat, leading to more hardware or safety issues. However, unlike driveby downloads, there isn’t malware at the end of the chain. Still, it’s unclear if they are mining for the website owner or for criminal gangs that have found a new monetization tool for the hacked sites they control. Because of this, it’s definitely worth keeping in mind.”


Are there any trends in the cybersecurity landscape that you're concerned aren't getting the attention they should? - Anon.

Kleczynski:For me there are two key areas that businesses have yet to proactively address. Firstly, the future of cybercrime is inextricably linked to the Internet of Things. It’s impossible to build a more connected world and not create more threat vectors as a result. What people aren’t taking seriously enough is that in this connected world, medical devices will become part of the human form. We will be connected to the ‘grid’ by our pacemaker, for example, and that connection makes us vulnerable.

“Secondly, the threat of IP being stolen from right under a CEO’s nose is not something that businesses are doing enough about – because the first time they know that their billion-dollar R&D efforts have been compromised is when a competitor comes to market before they do. As all they have lost is design and engineering blueprints which goes undetected. Companies need more insights and have to invest to protect themselves.”


If you were to start a security company from zero today, on what security vertical would it be? (antimalware, firewall, waf, compliance, awareness, etc.). - Santiago

Kleczynski: “The last few years have shown us that cybercrime shows no signs of slowing down. There are numerous approaches that could be taken (and have been taken by numerous organizations) to defend themselves. This includes a focus on anomalous behavior, targeting infection vectors (exploits and malicious spam) and, of course, education. Most malware that is distributed today comes through malicious spam. Over the last couple of years, malicious spam (or malspam) has evolved to include new and unique technical obfuscation techniques. However, at its core, it’s all about tricking the user into falling for a scam, ruse or lie.

“Any security company that starts today should not only focus on one vertical, but as many as possible, because bad guys don’t stick to one tried and true play every time, they evolve their attacks as quickly as we evolve our defenses. The trick is getting ahead of them.”


What advice would you give to someone wanting to found a security company today? - Dan S.

Kleczynski:When you start a business, no one gives you a magic wand and a book of entrepreneur secrets – there are a lot of learning curves along the way. Don’t beat yourself up about the mistakes you make, but be sure to learn lessons from them. Also, if people like your idea and you start to generate some buzz don’t get caught up in the hype. What keeps you in business is your customers so invest around them and don’t spend beyond your means, it's foolhardy and only leads to trouble.”


Why doesn’t the program, especially the beta version, have an option to automatically open a support ticket in case of a problem? - Russel

Kleczynski: “Support doesn’t handle beta support requests. Beta support requests are handled on the forum where the beta is posted by our Development and QA team. Once a product is released, Customer Support gets involved.”


What new products/features can we expect from MB over the next year? I want a voice + VR UI. - Anon.

Kleczynski: “Thanks for your feedback on wanting voice and VR UI. In terms of upcoming product releases this year, we don’t disclose our roadmap externally – however, we do have a lot of exciting plans lined up, so watch this space.”



Also read:
DDoS-based ransom tipped to be future of cybercrime
Security experts on WannaCry and the Shadow Brokers
C-suite career advice: Marcin Kleczynski, Malwarebytes