Interview with Graham Cluley
What got you interested in computer security?
When I was studying computing at college there were rumours about things called “viruses”. No-one seemed sure if they really existed or not, or were an urban myth. In fact, even Peter Norton once declared that they were as real as the alligators in the New York sewers… a few years before an anti-virus was launched bearing his name!
Around 1990 I joined an internet mailing list where I could see experts discussing the latest malware, and although I had never encountered a virus myself I found the topic fascinating. Little did I know that within a couple of years I would be hired to write one of the very first anti-virus products for Windows.
What do you think is the biggest threat to computer security right now?
The biggest threat remains the same as it has always been, and probably always will be. Human beings. We’re all prone to making silly mistakes, clicking on the wrong link, or being duped by a carefully constructed scam. If only we could roll out a patch to the human brain as easily as we can install security patches on our computers.
How has internet crime changed since its early days?
The biggest change is in the scale of the problem. When I started in the security industry 25+ years ago there were 200 new viruses every month. Today there are 400,000 every 24 hours – that’s more than two every second. Criminal gangs have embraced the internet, and are capable of stealing hundreds of millions of dollars from companies that don’t have adequate defences in place.
Meanwhile, state-sponsored cybercrime is a reality – with intelligence agencies using the internet to spy on their citizens and enemies, gathering information and launching attacks. What we’re witnessing is a conveyor belt of cybercrime, and unless firms and individuals get smarter it’s only going to get worse.
How are your keynote presentations unique?
I like people to have fun during my presentations, as that’s the best way to learn. It’s all too easy to scare the willies out of people when it comes to hackers and the dark side of the internet, but there are also some illuminating and hilarious stories of how cybercriminals have screwed up, and been caught. I like to think that I’m serious about what I’m doing, but not necessarily how I go about it. If my talks help one person secure their business or home computer better then I feel like I’ve done a good day’s work.