Czech-based Avast looks to number one position in global security

It’s probably a surprise to most outsiders that the Czech Republic is a world leader in terms of computer and mobile phone security but that’s undoubtedly the case as Avast wraps up its takeover of rival company AVG.

Avast Threat Labs, photo: archive of AvastAvast Threat Labs, photo: archive of Avast The acquisition, which should be wound up by the end of this year, has already created the biggest global provider of consumer or household security with 261 million computer users and the second biggest provider of mobile phone security systems with 183 million users.

Avast’s products, the brand names Avast and AVG are still being used in parallel, are present in more than 50 countries and the combined company is looking to make its presence felt in some of the markets where its footprint has been weaker, such as Japan and Russia. In the latter, home grown Kaspersky security is still a force to be reckoned with.

And with the merger apparently going smoothly, unlike many mergers, and ahead of target, Avast’s chief executive Vince Steckler was in buoyant mood at the company’s new Prague headquarters. Some of that stemmed from a boost in 2016 revenues. Combined, Avast and AVG totalled earnings of 714 million US dollars in 2016 and is looking forward to 2017 earnings of 764 million dollars this year.

But the company also reckons that it consolidated its technological credentials in the global security market as well. In the recent WannaCry worldwide ransomware attack earlier this month, Avast already had an application up and running to counter the threat of computers and networks being taken hostage by the new malware which was for the first time combined with a computer worm, which allowed it to spread like wildfire. That lead and advantage on other security companies was actually a heritage of technology homework done by AVG and taken over by the combined company. The main question was whether users had downloaded the tab that would give them protection and in some cases the answer was that they hadn’t.

ʺWe should be pretty much done with all of the integration by the end of this year.ʺ

And the WannaCry attack, while making headlines worldwide, was the tip of the iceberg. It affected one or two million computers worldwide but the number of global security attacks daily comes to around 100 million.

And the number of attacks of all types on computers and smart phones is growing every year, with ransomware high among the ever growing threats. There were 150 new strains of ransomware detected in 2016, that’s a rise of 105% on the previous year.

At the same time though many everyday domestic devices in an increasingly Internet connected world are still very susceptible to ransomware and other attacks. One of the biggest weak points in protection are Internet routers with a survey by Avast carried out in the Czech Republic estimating that almost two-third of those have weak defences due to poor passwords or other technical weaknesses. Around a fifth of devices, such as smart televisions, are also reckoned to be very vulnerable to attack with just over 14 percent of webcams having shaky defences are well, according to the company’s Czech survey. So, a few months or years down the line the scenario could be not of computers being taken over by ransomware but of television sets, smart toasters or coffee makers. Laughable though this may seem, this is not the realm of science fiction but of present day reality.

Following Avast’s results press conference, CEO Vince Steckler took some time out to answer some questions about how the Prague-based company is evolving. The first question related to the progress of the ongoing merger with AVG:

Vince Steckler, photo: archive of AvastVince Steckler, photo: archive of Avast "Well, the merger has gone very well. For the mergers I have been in this has been by far the smoothest. We integrated all the consumer product within around 100 days after the acquisition. We have completely integrated the management teams, pretty much all of the functional teams. And we should be pretty much done with all of the integration by the end of this year, which will be on plan.ʺ

And apparently you found what could be described as nuggets in AVG which have come to the fore in the last week or so with regard to their technological base and know-how?

ʺYes, absolutely. AVG and Avast were both very good companies and they were both companies that had very much an engineering focus. When we put the products together, we pulled together the best functions of both. What happened last Friday with the ransomware attack is that we actually caught it as a Day-Zero attack. We did not have a signature for it. We caught it on its behaviour and we caught it on a module that actually caught it on an AVG product which monitors the behaviour of applications running on a computer to determine whether they are legitimate or not."

And where does the merger position you in the security software market overall? You are still not number one on revenue but you are probably number one in other areas…

"Yes, we are not number one in revenue but we are number one in what matters most and that is how many people around the world that we are protecting. We are protecting around 40 percent of all consumer PC users outside of China. That is probably four or five times larger than anyone else.ʺ

ʺWe are protecting around 40 percent of all consumer PC users outside of China. That is probably four or five times larger than anyone else."

How do you see the market progressing because, as you said, there is a lot of vulnerability out there and a lot of devices being interconnected. This latest ransomware attack showed the vulnerability of computers but there are many other devices that are also vulnerable?

ʺYes there are. This last attack on Friday was the type of attack that we have not seen in the last 10 to 15 years in that it exploited a vulnerability in Windows such that it did not need any user interaction for it to cause harm. That’s been rare for the last 10 to 15 years but it could become a bit more common in the future. And then we have this huge explosion of devices for the Internet of Things; coffee machines, cameras, tvs; all of these devices connected to the Internet, every one of those devices has vulnerabilities and offers new ways of breaking into your home, breaking into your information, or taking data or things hostage for money."

It sounds like a joke but if ransomware can take over your computer, then it can take over your tv, coffee maker, almost everything in the future maybe?

"Yes, it may harken back to the days of the script kiddies, viruses of around 20 years ago such as I Love You, On a Corner Cobra; things that really did not cause much damage but created a lot of attention and probably were done for people’s ego. So you can envisage attacks on people’s tvs, taking over tvs, even if it’s not being done for money but being done for ego, getting their attack in newspapers around the world and just that sensationalist angle of taking over millions of tvs.ʺ

Employees watch electronic boards to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea, photo: CTKEmployees watch electronic boards to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea, photo: CTK And how do you see the market developing in the area of smart phones. There is a lot of vulnerability there and you are working with the mobile phone companies in the US and will probably start doing the same in the rest of the world, but how does that develop as a market for you?

ʺWell, mobile is a tough space right now in that there is a lot of need for security when you look at all the threats out there and what is happening but there is not as much perceived need for security from users or from mobile phone manufacturers so you have got a bit of a mismatch there. We really see that security in mobile will be migrating into the cloud or into the carrier infrastructure. It is too troublesome for users to put security products on their phone and keep it running because do you want to be across IOS and Android or do you want to be device independent ? So if you can move that security up into the cloud or move it onto the carriers it will be much more advantageous to the users."

But how can you make money on that? You are helping the mobile phone companies but in what way can you make that some source of revenue?

"Well, in the US we do that as a package which the carriers sell on a monthly basis. You know, add this security or add this family safety or these utilities or tracking function for, fay, two dollars, three dollars a month and then you share those revenues with the mobile carrier.ʺ

ʺWell, mobile is a tough space right now in that there is a lot of need for security when you look at all the threats out there."

The last question, you are not number one for revenues at the moment, that’s Norton, and they have a slightly different business model, but how long do you think it will take before you are number one for revenues?

ʺWell, if we continue the performance we have had over the last eight or nine years, and Norton continues their performance, it should be four, five, or six years ."

The good news for Prague, and Brno, is that the Avast commitment to the Czech Republic is still undiluted. Most of its workforce, around 1,000 out of a total 1,600, are still based in the Czech Republic.