Expert pleads with companies to realize they are potential attack victims, no matter their size.
TechRepublic’s Karen Roby talked with Marcus Valor, director of strategic threat at Darktrace, about predictions for the future of cybersecurity in 2021. The following is an edited transcript of their conversation.
Karen Roby: I have to say Marcus, before we start, it actually sounds like a really cool title with the name Darktrace. All of that just sounds really cool.
SEE: Identity theft protection policy (TechRepublic Premium)
Marcus Fowler: I left the CIA, and our founders came from MI5, MI6, and Cambridge University of Mathematicians. So, it has that mystique and that origin story along with it. It is a great name because we are looking for those things that come out of the dark, right? Those things that you aren’t predicting, or you can’t see coming, and being able to trace, at least what’s happening within your environment, and make sure it’s stopped.
Karen Roby: You just mentioned the word “predict” and that’s what we’re going to do. Talk here about some predictions for 2021 as we round out, fortunately, this year 2020. Let’s start with 5G. Of course, we’re moving now from that hype phase to reality, and we’re starting to see 5G inching its way in a little bit more. One of the issues being a new wave of distributed denial of service (DDoS) attacks, ushering that in. Talk a little bit about that and your concerns.
Marcus Fowler: I think we all recognize that with 5G, one thing we’re going to see is speed, right? And with speed comes opportunity. We’re talking about what’s happening on the phones, but on Internet of Things (IoT) devices, and all the things that we’re increasingly becoming dependent on. I think even more so just in the last eight months. And that machine-to-machine communication, right? As you speed that up, and you speed up that attacker machine-to-machine communication, you really can start to up-level the ability to conduct these denial of service attacks. While they may be not have been necessarily as in fashion, we’re seeing that the ransomware trends, and some of those more, you will probably see a resurgence or DDoS attacks is there, but you crank into, and leverage the increased speed, and the increased dependency on IoT devices in a way that we maybe haven’t seen them as monetized in the past, connectivity, ransom against connectivity, rather than ransomware files.
We know that that monetization of the attack is what cybercriminals want, more than anything. That makes them criminals. And the more creative they can get. As we’ve seen them involve trade tradecraft-wise within ransomware, this could be just another extension of a way to get that great return on investment that we see them benefiting from.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Karen Roby: And when you talk about that, unfortunately, that return of investment, we’re not just talking about a huge enterprise. I mean, we’ve interviewed companies, smaller companies, that have paid out huge amounts, millions of dollars to gain back control of their systems. Is there a certain targeted area you see, or is it everyone’s free game?
Marcus Fowler: That’s a great question. Really, what we have seen, and what I hope companies are recognizing is that the comment of we’re too small, we’re not in that critical industry, our market cap … the attackers are scaling in a way that it isn’t amount of are you worth it, it’s whether you’re vulnerable to it, right? They will take low-hanging fruit, as well as go after the biggie. Whether you’re that bottom feeder, who maybe wants the easy, low-dollar win, or these apex predator, ransomware attacks that are doing more enhanced targeting, more enhanced tradecraft to ask for the big ransom, there isn’t an industry that’s off the table.
We’ve seen growing in manufacturing, we’ve seen growing in higher ed, we’ve obviously seen healthcare spike, supply chains are growing, they’re more diverse, they’re more vulnerable. There’s more opportunity and vulnerability out there. So, I certainly would say, please, if you’re a company or CEO listening, don’t assume your company isn’t on a target deck, or it doesn’t become a target of opportunity for these attackers.
Karen Roby: In 5G for all of the great things it’s going to bring to our lives, hopefully faster speeds and all of that, but it’s enabling the criminals to do their work quicker, faster, and better.
Marcus Fowler: Yep. That’s exactly right. I mean, any time you have an evolution or an expansion of technology, the attackers are in their lockstep learning about its vulnerabilities, its unique positioning, right? We see this with software as a service. Where we have so much more dependency on different applications, we know attackers are also now, “Hey, is that a diversity of how the security team understands that space? Is there a loss of visibility there? How are we, and can we take advantage?” And they’re going to be creative, right? Let’s not take anything away from it. They are making their living and doing this. They’re good at it, and they are getting ever more creative in their approaches with each change in technology.
Karen Roby: Let’s switch topics here from 5G to artificial intelligence (AI). What are you thinking here in terms of AI? We’ve talked specifically about how it will power internal security investigations. Expand on that for us.
Marcus Fowler: I love that we have these two predictions next to each other, because one is the space is getting better for the attacker, and the technology around 5G, and this one is about leveraging technology to enhance the security practitioner and the security team. And this for me is really great, and Darktrace as a company, we are an AI company applying that to cybersecurity. So looking at how, not only it can provide enhanced visibility and understanding, but how are we helping the human team, right? How are we providing autonomous triage, autonomous investigation so that the AI is really enabling. We often hear about skills gaps or skill shortages, but really it’s a cycle shortage. You want to do more efficient use of your human team, right? And yes, there are skill shortages, but the real, I think, strain on the security team is how can we be doing more than what we have?
SEE: Top 5 programming languages for security admins to learn (free PDF) (TechRepublic)
And that AI technology is so perfectly positioned for that. So, as we look at AI for detection, I think security investigation, being able to do some of the commodity, heavy lifting of that early investigation to allow security teams to start from a point of action, rather than initial investigation. And for me, it resonates so perfectly. I spent 15 years at the CIA. I did a decade of counter-terrorism work, and my greatest stress every day was, “Am I using those critical human resources, those real experts, on the most credible and imminent threat?” And that was so hard because we had so many threats going on, that it was really hard to say yes, with confidence, that they are looking at the thing that is of the greatest concern.
And so as I’ve watched Darktrace really deploy this, and use this in a way, really resonating across security teams of how much… kind of supercharging that investigation by starting from a point of action, rather than having to muddle through false positives, or dealing with alert fatigue, or trails that go cold, having something to really start and make the most efficient use of those critical human teams.
Karen Roby: As we round out this year, let me just ask you to try to turn it onto a positive twist here. As you look to 2021, is there any particular technology, or ideas, programs, things you see on the rise that you’re excited about?
Marcus Fowler: I guess rather than just being excited about the technology, I am excited about the appreciation and the realization of that cyber dependency, and that cyber vulnerability and an increase in dialogue from companies and resource commitment to protect them, their critical infrastructure, their employees in that dynamic workforce. As I talk to industry leaders, CISOs and CIOs, hearing more from them about how much part of the conversation they are. That, to me, is a real bright light, because that means people are, and companies are really thinking through, and thinking about what is my risk? What is the security that I feel comfortable and I really want to have in place? And they’re starting to have very honest conversations with themselves.
I don’t want to pin my hopes on a technology. I do believe in humans, I do believe in our ability to find our way forward, and be optimistic, and really seeing these healthy conversations happen earlier rather than later, right? You don’t want to have this conversation of what can I do now that I’ve been had by an attacker, but really how can I make sure that we aren’t the ones that get attacked, or not the ones that don’t get attacked, but we don’t have anything but attacks that are unsuccessful, because I block it at the earliest moment through that application of technology. That, to me, is something that I’m taking, and then the conversations I have, really seeing a lot of great dialogue around.