Richard Malovič about cybersecurity in A1’s Podcast #ConnectLife
Recently, our CEO Richard Malovič was a guest of A1’s #ConnectLife podcast entitled: Cybersecurity: All about Threats and How to Protect Yourself
The second guest of the podcast was the Chief Customer Officer of A1 Telekom Austria AG Natascha Kantauer-Gansch.
You can listen to the interview held in German on the following platforms:
The transcript of the original podcast is to be found here. We have translated the transcript of the interview with Richard to English for your convenience:
Natascha Kantauer-Gansch (A1): It is very important that we are very, very careful with unexpected messages and do not click on suspicious links, even if we are stressed or in a hurry. It is very important to always ask: “Am I actually in contact with the company?” In other words, it's really important to take a closer look at companies we receive messages from. How might this actually affect you as a user?
Richard Malovic (Whalebone): We protect at the network level. And most importantly, we focus on the user experience. That means we do everything we can to protect the customer without forcing them to install or configure anything.
Martina Hammer: In the middle of the night at the train station, it is not as dangerous as during the day on the Internet. Hackers and cyberattacks are increasingly causing problems for companies, government agencies, entire cities, and, of course, ordinary users. Almost 36,000 cases of cybercrime were registered last year, according to the Ministry of the Interior's Cybercrime Report. By comparison, there were 4,000 cases in 2010. The Internet is used for spying, fraud, and extortion. Many companies in Austria are arming themselves against these dangers. But what can private users and users like you and me do? How can we protect ourselves from cyberattacks? That's what I'll be discussing with my guests today: Richard Malovic is the CEO and co-founder of Whalebone – a cyber security provider and a member of the A1 Startup Campus. And also with me today is A1’s CCO Natascha Kantauer-Gansch. I'm Martina Hammer. You're listening to #ConnectLife – the A1 podcast. Here we go!
Hi Richard, it's great that you made it. Welcome to #ConnectLife.
Richard Malovic: Hi!
Martina Hammer: Richard, we're going to get right into it. I think pretty much everyone who owns a smartphone received a fake text message or a fake e-mail from a parcel delivery service before Christmas last year. So what's behind this scam? And what happens in the worst case if I click on the link?
Richard Malovic: Yes, everyone has probably received such a message in the last few months. I actually got one this morning. What is happening then? The attackers are taking advantage of the curiosity and haste of all of us. And then go on with the attack. Again and again, you're curious about what kind of package you've received. What does it say? What have I forgotten? What did my husband order? In most cases, you go straight to the website of the package service. Then again, this is probably a fake website, which is where it all starts. Some malicious software might be downloaded to your device, you might enter your personal data, which will then be stolen. Not only your name, surname, but also your address, phone number, credit card, and of course, money.
Martina Hammer: So, by accepting or agreeing to this, I am installing malicious software. What can I do now if I have clicked on the link? If I have installed this fake app or software on my phone?
Richard Malovic: So, first: you don't even have to be aware of it. Maybe you didn't even realize you were doing anything wrong. You simply changed the delivery time. A confirmation SMS then came and so you thought everything was fine, but your data was already gone. But back to your question: if I already know that I actually installed something malicious, then I have to quickly go into the flight mode, turn off the WLAN, and quietly copy my data somewhere else. That is if I don't want to lose them. Focus on data backup alone or get help from someone more experienced. But what is important, do all of this offline.
Martina Hammer: How do I get rid of this Trojan now? Can I? Do I have to dispose of my smartphone? Can I stop using it or can I use it again?
Richard Malovic: So, in any case, I do not have to get rid of it. The important thing is that it stays offline for a certain time and then actually goes into factory settings. That is, first data backup and then factory settings – and then you can use it again in most cases.
Martina Hammer: How can my mobile phone provider help me, do I have to inform them as well?
Richard Malovic: So, I think every provider will be happy if you inform them, because of course the information about the attack will be collected, and then you can help the network provider improve their services. But for yourself… I think it’s enough if you reinstall your phone.
Martina Hammer: How do these cybercriminals proceed with these attacks on private users? Who decides, that an SMS will be sent to a particular number? Why? Why do I of all people become the victim?
Richard Malovic: Yes, of course, there are several reasons why you, of all people, are the victim. Naturally, it can be a coincidence. In other cases, you are actually a product of someone who has already prepared a contact database and sold it to several customers. The database can also contain information that you have a certain weakness in your phone or in your computer. The attackers can buy specific databases online. For example, lists of customers, phone numbers, or email addresses that have a certain weakness. And then, of course, the attacks can be quite targeted.
Martina Hammer: Let’s get back to the attackers once again. Where are they? Who are they? Can they be traced at all?
Richard Malovic: Well, they are everywhere. Unfortunately. It would be difficult now to say that they come from a particular country or region. But of course, almost every attack is somehow at least theoretically traceable. But the capacity of the police or other authorities is limited. The problem is that you actually have the resources only for the biggest animals. It's its own economy. At this point, you can actually order various attacks "as a service," so ransomware as a service, spam as a service, and so on. They even have Free Trials and stuff. It’s really become a classic industry.
Martina Hammer: Well, let’s now talk about how I can protect myself in advance against such cyber attacks. You are a man of the trade, CEO and founder of a cyber security company Whalebone. What exactly do you do?
Richard Malovic: We protect at the network level. And most importantly, we focus on usability. That means we do everything we can to make sure that the customer is protected without having to install or configure anything because that makes adoption much higher. More people then use security and are protected as well. Actually, about ten times more than if they have to install something. Long story short, we protect at the network level without anything being installed.
Martina Hammer: So, you protect at the network level. That is, the users are protected just by being connected.
Richard Malovic: Exactly. So actually, if you want to think about the attacks and the threats: everything needs connectivity and everything runs through connectivity. We work with the network operator and make sure that all the suspicious requests are checked within and stopped if necessary. And then we build a product out of that. In Austria, there’s A1 Net Protect. We can preventively stop most attacks before they can reach the device.
Martina Hammer: Are all my devices that are connected to the Internet then protected by Whalebone?
Richard Malovic: That's right, all devices. And that's especially important when you imagine your home now and think, okay, what all is already connected? And in the future, of course, your car will also be completely connected, completely online. Connected usually means vulnerable. We want it to mean protected.
Martina Hammer: How did you actually get into the field of cybersecurity? What fascinates you about it?
Richard Malovic: I'm fascinated by the impact we can make. Thanks to the cooperation with the network operators, we can actually protect millions – and in the long term, we actually want to protect a billion customers. And that's the most interesting thing for me. And why me and cybersecurity? Thanks to my friendship with the co-founder of Whalebone, Robert Šefr, who is a cybersecurity expert. He just came and said: “You have experience with international sales and business building, come on, let's do it together.”
Martina Hammer: The list of cybercrime offenses is relatively long. Spyware, phishing – I think these are common terms. There are also botnets and ransomware. What occurs most frequently among private users?
Richard Malovic: Surprisingly, most attacks start with a URL or with a domain that is clicked on. So, simply put, in technical terms, most attacks start with phishing. And then it goes from there.
Martina Hammer: So it’s usually a link in a text message or an e-mail, right?
Richard Malovic: Exactly. But such links can actually exist everywhere – on a website, in an advertisement, and so on. I click and then multiple things can occur. For example, some software might be downloaded. This software might contain malicious code that is actually ransomware or another type of attack.
Martina Hammer: You are also represented at the A1 Startup Campus with Whalebone. How long have you been there? And what advantages have you gained there?
Richard Malovic: It's been almost five years, and we're very happy that we took this step because A1 has been instrumental in helping us make our product scalable. Historically, we have been working with smaller operators, and working with A1 and developing together has helped us really build a world-class telco product.
Martina Hammer: A1 Net Protect. You developed this cyber protection together with A1. Perhaps you could briefly explain again how exactly this product works?
Richard Malovic: Yes, sure. A1 Net Protect protects at the network operator level. It is mostly preventive there, although partly also reactive, and does not have to be installed. So A1 only needs a YES from the customer. Of course, the service can be activated online, by phone, or in the store. It costs 1,9 EUR per month.
Martina Hammer: And I don't need any special software at home or anything on my phone?
Richard Malovic: Exactly, it's that simple.
Martina Hammer: Okay. I say thank you very much, Richard, for this interview and all the interesting details and information.
Richard Malovic: Thank you very much! Have a nice weekend!
Martina Hammer: Thank you, all the best.