As the inventors of antivirus and specialists for Internet security, G Data is a pioneer in virus protection, and the oldest security software company in the world. We spoke to Principal Malware Researcher, Marion Marschalek, about the risk and opportunities of the networked world.
What does a typical day in the life of a malware researcher look like?
That is indeed a difficult question, as I can’t actually remember when I last had a “typical” day. My work involves many different tasks, which can’t really be integrated into a normal routine. Malware researchers like to focus on single challenging malware samples. However, we also have to automate analytical processes and, for example, analyze larger amounts of software in a short period of time. Every once in a while we have to talk to customers personally or work on-site at a client’s. Sometimes we write our own tools, give workshops or talks or even interviews. I can’t imagine a more varied job.
What dangers do you see as the real and virtual worlds blend more and more together?
I don’t actually think that the two worlds are melding together, but rather that they were one from the very beginning of the digital age. We always developed technology in order to enrich our world, not as something parallel to our perception. The risk is in the loss of individual control; we can hardly understand everything our telephones can do, let alone data security on bigger company networks or even global surveillance.
What should we be doing to protect ourselves from these dangers?
Digital systems support companies as well as private individuals in almost all processes. Depsite this, the level of understanding of modern technology and general handling of information has rapidly sunk. I often notice when talking with companies that they have a great command of their core business and support it with IT. They are very good at using the IT, but don’t really know how to operate it. As data and its security significantly influence our lives and business processes today, it is essential that companies and indiviuals build up more know-how in these fields.
Would you travel in an autonomous car?
I think that if you’ve ever taken a taxi ride through Istanbul, then the potential risk of self-driving cars is relative. Many activities which require a high level of routine can, in my opinion, be automated to some extent. Recently I saw a presentation on Augmented Reality. It was about supporting “reality” with real-time digital information. Warehouse workers had special glasses which blended in information on stock levels when the worker looked at a particular shelf. Of course that can also involve risks, like with driverless autonomous cars, however I do believe that people still make more mistakes than machines do. What we should be thinking about in this context is less that technology fails, but rather about focussed attacks. We are quite a long way from being able to say that the computer systems in cars or factories are safe against cyber attacks, and that is something we need to work on.
Do you have three tips for companies on how they can protect themselves better?
It is crucial to find talented and well-trained staff – and to trust them – in IT security, as in all industries. Security usually requires a very deep understanding of technology components as well as actual internal procedures. Profound knowledge of the company’s network and the devices and applications used is just as essential. As a last point, I would add keeping track of and recording network components is quite important in order to reconstruct critical events when incidents occur.