(upbeat music) - [Narrator] Every day is
a technological miracle. You can drive, bank,
travel, connect with friends and family, even run your
home from wherever you are. But all that convenience has a dark side. - Every different
connection creates another opportunity for a hacker to get in. - We're seeing billions
and billions of dollars of loss from cyber crime. There are those who have been
hacked and know it and those who have been hacked
and don't know it yet. - You will get hacked and
you have to understand how to react to it. - [Narrator] In the
next hour, you'll learn how cyber criminals operate. - There are hackers out there that work in highly organized groups. - And these bad guys are
brilliant, they're smart. They come up with innovative new ideas. - [Narrator] How teaming up
with artificial intelligence helps the good guys stay one step ahead. - I want you to now think
like threat hunters. - [Narrator] And what
you can do to protect your priceless data. - The bad guys have to
get it right just once. We have to get it right all the time. (dramatic music) - [Narrator] The internet
was born in the late 1960's as ARPANET, a small network
of government computers, sharing information from
opposite sides of the country. By the early 1980's, people
all over America were dialing into the internet from their
schools, homes and workplaces and it was just a few short
years before it was hacked. In 1988, college student,
Robert Morris admitted that he created an electronic
worm with the intent to penetrate research computers
in a nationwide network. The first hackers were
interested in exposing flaws in the early world of the internet. - It was called the Morris
Worm, after the college student who actually developed it. In his attempts to try to
gauge the size of the internet, develops one of the most replicated worms that we've seen on the internet. As he was developing it,
he made a coding error and in that coding error, it
allowed the worm to replicate itself, causing computers
globally to be unusable. - [Narrator] By accident,
Robert Morris' worm brought down 10% of computers connected
to the internet and cost 98 million dollars to clean up. - So it was one of the
largest widespread worms that the internet, up to
that date, had ever seen. - [Narrator] But hackers'
ability to penetrate systems at banks and the government
quickly caught the interest of criminals who saw a new frontier. - It really was when the
internet started becoming a place for businesses, a
place to buy things, a place to maybe visit your bank,
that crime became a thing. - [Narrator] while robbing a
bank meant exposing yourself to physical danger and risking your life, stealing money online carried
almost no risk whatsoever. - In the early 2000's, the
scale of things were such that it could be almost ignored,
meaning banks were able to kind of eat the costs, if some,
their customers lost money. - [Narrator] With the added
bonus that instead of robbing one branch of the bank, you
could rob the entire bank at once, cyber crime escalated quickly. - I started working on identity
theft and credit card fraud cases in 2002 and at the
time it seemed a significant case when we had 12 victims
of identity theft or 25 credit cards that were
stolen with $70,000 of loss. Now credit cards are
stolen by the millions and we're seeing billions
and billions of dollars of loss from cyber crime. - [Narrator] Every year, the
hall grows, in 2014, cyber crime cost the global
economy 450 billion dollars. That number skyrocketed
to three trillion dollars just one year later. - It used to be the banks
are the target, why? Because that's where the
money's at but now there are so many types of targets out there. - Being connected makes
us very vulnerable. Every different connection
you have in the network, be it a logical, social
or physical connection creates another opportunity
for a hacker to get in. - As we've made our lives
more digital, we've opened up our lives, our digital
information, medical records, these things are all
connected to the internet and there are attackers out
there that work in highly organized groups that are
well funded that are working together so that they can
steal that information, sell it and make money, this is the
essence of modern cyber crime. - [Narrator] The 2017 breach
of a major credit reporting agency compromised the data
of over 143 million Americans. Criminals stole social security numbers, birth dates and more. And today's cyber
criminals have moved beyond simply stealing money or data. - We've seen a significant
increase in ransomware attacks where essentially hackers are
taking the data on a computer and locking up that data by
encrypting it and requiring the user to pay a ransom. - [Narrator] In the summer of
2017, The Wannacry ransomware held computers hostage
in businesses, large and small in 150 countries. - So here we have a computer with Wannacry on it, and this is the
file that was downloaded. So now if I click on it and
you're getting a warning on your desktop, that
files are being encrypted. So now we have actually the
Wannacry interface that's saying payment is due within the next three days and they're actually asking
here for $300 worth of Bitcoin and you'll have to pay them
in a certain period of time. Otherwise the price will
go up and in seven days, the data will be completely destroyed. At this point, all the files
on this computer are encrypted and I can't touch them
unless I pay them the money. - [Narrator] $300 is a lot
of money for a consumer but it's a tiny sum compared
to the ransoms demanded of large companies for
major ransomware attacks. - So when attacking companies,
they were no longer able to do business, the national
health services in the UK were basically crippled, they
had to turn patients away. (sirens blaring) So you're talking about
potentially lives on the line. We are expecting technology
to do more and more things for us, because of that,
greater vulnerability is being built into our everyday lives. - [Narrator] We live in a
world that grows more connected every day, it's called
the internet of things and it's not just your smartphone. Today, everything from
your car to your door locks to your refrigerator can go online. - Every connection to the
internet is an opportunity for a hacker to get in. - [Narrator] Think about
all the ways your life connects to the internet. In the year 2015, there were
about 15 billion connected devices worldwide, that's
two devices for every person on the planet. - Just as our technology
is getting more complex, the bad guys are not
behind in the sense that they're watching, they're
observing and they're innovating. - [Narrator] The number of
devices is projected to grow from 15 to 80 billion
in the next 10 years. - Anything can be targeted, unfortunately, a lot of the products that
we're seeing today go out to market first because they
wanna be first guys to offer it with the best features and
security is still somewhere down the list in terms of things
that should be considered. - Cars that are internet
enabled being hacked so that they would stop on the highway. (horn honking) Webcams that are being turned
on for spying purposes. Baby monitors, where the
cyber criminals could speak to the children in their rooms. There was an incident of an
attack on an internet enabled toilet in Japan, where the
toilet was then doing surprising things because it had been hacked. - [Narrator] Hackers can
even turn your devices into weapons without you knowing it. Once that happens, your device becomes what's known as a zombie. - There were a number of
internet enabled devices in the United States that were
operating under the default password that were taken
over and become what's called zombie computers, which were
used to inject significant flow of clutter, of traffic
to block other networks. - They called the computers
the zombies, those that are unwittingly their
devices are now becoming weaponized in a way to pull down websites. Think of, what is it, Black Friday? Large crowd of a thousand
people, everybody's rushing in the door at the same
time, it's gonna prevent some people from getting in the store. You're flooding the website
itself, the traffic, so that website can't operate. Think about the massive number of devices that are now connected
to the internet globally. - The possibilities are
endless in terms of the type of cyber crime that we
could all be exposed to. - [Narrator] The question
is where do cyber criminals get the tools of their
nefarious trade and how is a hidden online marketplace fueling the explosive rise in cyber crime? - There's a saying of, there
are those who have been hacked and know it, and those
who have been hacked and don't know it yet. - [Narrator] 556 million people
already fall victim to cyber crime each year, by 2020,
there will be 50 times more information stored online, 50 times more opportunities for cyber criminals. - We should be aware that we're
constantly being targeted. - And these bad guys are
brilliant, they're smart. They come up with innovative new ideas. - The technologies are
advancing so quickly and the opportunities for
criminals to victimize individuals and companies and governments are so vast that it's very hard for law
enforcement to stay a pace with the cyber criminals. - [Narrator] Financial
crimes and identity theft are just the tip of the
iceberg of a much more sinister criminal presence on the web. - When we think of the internet,
we think about it in three layers, the clear web, the
deep web and the dark web. The clear web is anything
that you can find on search engines, deep web
is anything behind username and passwords, the dark web
is a separate area where you have to have specialized
software to actually gain access into it and start viewing the websites that are there. Go to the darkest corners
of your mind and you'll find that in the darkest
corners of the dark web. - [Narrator] Drugs, guns,
passwords, credit card numbers, even humans, all for sale
to anyone with crypto cash. - Everything on the dark
web is sold in Bitcoins because that secures the
transaction, so the dark web allows the buyer to remain anonymous. The fact that the website
is on the dark web means that the seller is
anonymized and then Bitcoins and other cryptocurrencies allow the transactions to be anonymized. Whatever you're really
looking for, you can find it. This is a drug market, for
example, and you can see that they are selling
different types of drugs. You can see the prices
here are all in Bitcoins translated to US dollars. All you have to do is define
the quantity, click buy and you can start buying these things. Here's another website, this
one sells counterfeit money. So you can buy fake money for basically half the price of the real value. So these guys will create
passports, ID cards, driver's license, you can
see the prices in Bitcoins are much higher here and
we're really just scratching the tip of the iceberg
because it gets a lot deeper and nastier the more you
go down this rabbit hole. - [Narrator] The dark web
is a place where cyber criminals can gather with impunity. - You should ask yourself,
how will I, as a bad guy, get this service from this
other bad guy and that's why criminals created markets where
you don't have to just trust this guy who says who he is, you can see actual ratings and products. - [Narrator] Just like you would
look up ratings and reviews before choosing a restaurant or making a big purchase online, cyber criminals shop for
sophisticated hacks and scams on the underground
markets of the dark web. - And here you can actually
search for whatever you want. So for example, I searched for ransomware. I can see the actual vendor
and the offer and the price and then you'll get full
information about the offering. So this seller, for example,
has 556 five star reviews in the last month alone, these
were left a couple of days ago, what can I say, my
new number one fraud guy. So now you know that you buy
from this guy, you can buy with confidence because he delivers. This is how you create trust
in an untrusted environment. They created a market which
is safe for them to deal with. These markets exist and they're thriving. Couple of them have been
taken down by law enforcement which is great, but
there are dozens others. Life has become easier
for the criminals today. We have to keep it in
mind that our information is out there, so whether if
it's your personal computer that's going to be targeted
by some sort of virus or a company that you work
with, or somewhere that you bought a something, we
have to assume this type of information will be available
to attackers at some point. So here's an example of a
website where information from a breach is exposed
and you can see here, emails and passwords, in this case,
we have an individual here, David Adams, and we have his password. Once we start searching
for the name and searching for that email, we can
start finding out his social media presence, we can
find him on different social networks, see what he likes
to do, what are his hobbies. In this case this guy obviously
likes working out, surfing and his dog, we can also see
his professional profile, see what companies he
worked for, what he does, maybe he's higher up in the
chain, so he would be a good target for us to try and go after. We can craft a phishing email,
if he'll click on a link on it, it'll look like it's
coming from some sort of vet service but actually what
happened in the background is he'll get infected with malware. Now it's up to us what we
wanna do, do we wanna lock down his computer and ask him for ransom? Do we want to just remain
under the radar and collect username and passwords that
are used, maybe gain access to some backend systems
that he uses at work? Now, what I'm doing here is
what an unfunded, unmotivated attacker can do in five minutes. Now, what happens when you
have funded, motivated attacker how much information can
they gather about you? It really is up to the attacker to decide how you want to approach it. - [Narrator] For cyber
criminals selling hacking tools on the dark web, business is booming. - You also have people who sell
and offer different services in the criminal underground
that help you perform cyber crime, so you don't have
to be a genius to do these. You can just go online
and purchase services. - One of the things that has
made cyber criminals successful is that partnership with each
other, use of information. Hey, my attack that I did on
so and so worked really well. You want it, it'll cost you a little bit but you can have it. - You have military grade
weapons on the dark web and now it can be used by anybody. I personally can't buy an atomic
bomb or hire Seal Team Six. But I have the equivalent online. - [Narrator] As the dark web
has changed the way hacks are freely bought and sold,
the typical cyber criminal has evolved from a lone computer savant to something much more frightening. - The stereotype of hackers
is it's somebody sitting in a basement in a dark room, typing away on a keyboard in a hoodie. - That isn't what we're
dealing with at all. They are highly organized,
they work kind of nine to five, just like the rest of us do,
they take the weekends off and how do we know this? Because they launch most of
their attacks on a Friday evening before they head
home for the long weekend and then they come back
in on Monday morning to see how those attacks went. - I mean, hacking is a
business, it's an industry. By some estimates, it's
trillions of dollars a year and rising, these hackers are
out there to make a profit. They actually have expenditures,
they sometimes they have payroll, they have benefits
to their employees. - The organizations
themselves are sophisticated. They're a bureaucratic
organization itself where people are compartmentalized,
so if one person is compromised, he or
she does not even know the other players in the organization. - Attribution is really
difficult because the dark web allows you to remain anonymous
and there are other tools that allow you to hide who you are. Somebody who is sitting
somewhere in the middle East can be targeting somebody in South America and make it look like
it's coming from Europe. - It may look like an intrusion
came from a certain computer in a certain state, but it may
be that that computer itself was the victim of a hack and
there was one hop, two hops or multiple hops between
the cyber criminal and the ultimate target of the crime. - [Narrator] Worldwide, cyber
crime costs are expected to reach six trillion dollars by 2021. - Keep in mind that the
attackers are very agile. They're very fast and we
have to be just as fast, if not faster in order
to stop these things. - [Narrator] What chance
do we have against an enemy who is faster, better armed
and doesn't play by the rules? It turns out there is one
tool that could revolutionize cyber security and even the odds. - Security is always a battle
between attacker and defender. The attacker wants to
break in, the defender wants to stop him. Now, what we find is that on the internet, attackers generally have the upper hand. The attacker will come up
with the new attack first and the defender will react. It's rarely, the other way around. That is an arms race fueled by technology. - [Narrator] Arms races used
to be the exclusive domain of nation states and governments but the internet is changing that. - Unlike the typical military
missile which is not so easy to purchase on the open market,
cyber weapons are different. It goes to whoever has enough money to actually purchase them. Historically, there's always
been this line between the private sector and the government and there was no need to
actually have these two different groups of people
and entities work together. Because of the nature of the threats, that's no longer the case. The government is gonna be
unable to defend this country unless the critical
infrastructure owned and operated by private companies actually
work with the government and ensure that their
systems are protected. - We usually expect that
government will protect us and keep us safe from
criminals but there are a few challenges that make their
job particularly difficult. One, the global reach of cyber criminals. Two, the speed at which
a crime can be committed and three, the tremendous scope of a cyber crime in a
very short period of time. When we talk about cyber
crime and the technologies, much of the defenses lie in the
hands of the private sector. - [Narrator] The evolving
threat means companies are now on the front lines of
the war on cyber crime. - It's really kind of this warfare mindset that we have to take where
it's a battle we're always going to be fighting and you
have to keep the enemy at bay, it's not just we do
something and it's complete. - [Narrator] Just as in physical warfare, getting the upper hand in a
cyber war is all about speed. - There's a concept in real
time adversarial situations and it's called an OODA loop. OODA stands for observe,
orient, decide and act. This theory was invented
by an air force captain and he's conceptualizing
pilots in fighter aircraft attacking each other, what
he realized is that the pilot is going through this loop
continuously in his head, observe, orient, decide, act. If you can do your OODA loop
faster than your opponent, you have an enormous advantage. This notion of an OODA loop,
you can use it in strategic military planning and in
cybersecurity and when you're being attacked, you as the
defender are going through this OODA loop and it's
all about figuring out what's going on quickly
and responding accurately. - The problem is there's just
too much information out there for any one human to
really grasp themselves. There's just too many alerts,
there's too many logins, too many systems creating information that this just becomes an avalanche. - And the challenge we
have is weeding through all of those security
incidents to find the one that really matters. Where is the attacker in all these things that are happening every day? You could see that Sally has
attempted to log in to her account 10 times unsuccessfully
and then at the last time remembered her password, I see
her mobile phone has suddenly moved from Boston to Shenzhen, China over the course of four hours. Well, that's a little
odd because first of all you can't even fly that fast. Maybe I see that you normally
access 40 records a day and today you access 4,000. Maybe you're working on a special project. But if I see the movement of your phone, the unusual access
attempts on your account and the odd access to data,
those three things together are almost a guarantee,
that either you, your device or your account has been compromised. - [Narrator] For human
analysts, handling hundreds of thousands of incidents per
day, spotting the real threat in three security blips is an
impossible task without help and so experts are turning
to a new tool in the fight against cyber crime,
artificial intelligence. Broadly speaking, artificial
intelligence is the ability of a computer or a machine to
think and learn independently. At high tech facilities like
the X-Force command center in Atlanta, humans are working
with artificial intelligence systems like Watson to
fight cyber crime head-on. - Our analysts, through the
use of artificial intelligence such as Watson for
cyber security, are able to get the pieces of the
puzzles laid out for them and it's still up to the
analyst really to look at those pieces and see
where they fit, how they fit, whether they're a part of the same puzzle. - We get hundreds and
hundreds of events per second. So we need to work quickly and decide, is this something that we should focus on? Is this a real trip or
is it a false positive? If I try to do the research
myself, I would have to go through all of these different
events and the details of these events can be
very cryptic and not easy to understand, what Watson
does is brings the information that is relevant about these
events, understands what happened and also is able to
see what is happening globally and you see all those
events come in very rapidly. There is an augmented intelligence
engine that goes through those events, correlates
them and detects suspicious activity and when suspicious
activity is recognized, then it's route to this
screen in a way of an alert. - [Woman] Analysis initiated. - And in this alert, I see
that there is critical service involved so immediately, I
know that this is important. I also see this particular
alert has been seen across multiple industries
and multiple customers. Now, I know I seen it before, it's bad and it's propagating. - [Woman] Analysis complete. - [Narrator] Within seconds,
artificial intelligence brings Carlos vital information
to evaluate the threat. - These colors are communicating to me the severity of the previous alerts. Since this is red, it gives me a hint that this was a critical issue. It gives me some indication how credible that particular alert is. Now I'm gonna deep dive into the alert. The company's called Bane & Ox. John Beckett is the user that
was thought to be involved with this alert, his
computer is very important. It belongs to the
corporate network and all of that information gets correlated here. - [Narrator] Carlos asks the
computer to connect the dots. - Watson advisor found some
files that were suspicions, some URLs, some IP
addresses and what makes Watson Advisor powerful,
it was able to tell me that they're not just IP addresses,
they're not just files. They are related to a campaign. - [Narrator] Within minutes
of receiving the alert, Carlos, with the help of
artificial intelligence, has uncovered a massive criminal plot. - This is a campaign that is
affecting multiple companies. So there is a group that is
using some particular type of malware to attack,
the campaign is Shamoon. - [Narrator] The computer
refines its search results in a simple graph, Carlos
can quickly trace the threat and see how deeply the Shamoon malware has infiltrated the system. - Watson has reached this
particular knowledge graph and I can see that, okay, John Beckett went to some IP addresses
and websites that seem to be malicious, downloaded this file. This file has a particular signature. That signature now
tells me this is related to the Shamoon malware, very
relevant and very toxic. And now he's gonna spend a
couple of hours doing research on something like this that
Watson can bring in just a couple of minutes and that increases our efficiency so much. - With artificial
intelligence, we have access to information that we
exchange with each other and that enhances our ability
to get ahead of the threats and in other cases, when
bad things do happen, work together, to make
sure that we are able to address it faster. - [Narrator] Artificial
intelligence systems like Watson process data at super human speeds. In the time it takes Carlos
to enter his search terms, Watson can read hundreds
of thousands of articles and share what it's learned. - Watson allows the security
analyst to ask the Watson machine to actually
elaborate on a security alert that they're trying to investigate
to see what Watson knows about it, so very, very
quickly, all of that data will be available at the
fingertips of the analyst. It's important to know
that Watson doesn't replace the human, Watson is an assistant. This is an era of man and
machine working together. - [Narrator] But before man
and machine can defeat cyber criminals, AI must learn
to think like a human. Can AI's learning keep pace
with the emerging threats or will it be left behind? Cybersecurity specialists around
the world are waging a new kind of war, one in which the old ways of securing data are obsolete. - The attackers are evolving their tools. The malware that they deploy,
the attacks that they use are constantly changing, in fact, they might be morphing every single second. - I can't tell you how many
times I walk into a customer and they're showing me this
great, you know, virtual moat they've built, it's 40 feet
wide, it's 80 feet deep. We even spent extra money
killing the alligators. Well, that's great until
somebody shows up with a canoe. - [Narrator] In this era of
rapidly evolving threats, there are actually two
enemies, cyber criminals and information overload. - If you understand the role
of the cybersecurity analyst, they look at thousands,
hundreds of thousands of security alerts, they sift
through them looking for false positives and really looking
for the alert that needs to be acted upon, these
cybersecurity analysts are looking for every possible assistance
to get to the incident that is concerning, the
incident that needs a response. - [Narrator] For human analysts,
keeping up with the barrage of alerts was impossible
until the dawn of cognitive computing, also known as
artificial intelligence. - What cognitive computing
does is compliment the areas where humans are really bad
at and what humans are bad at are really processing
information, especially large amounts of information. - [Narrator] The human brain is remarkable but it didn't evolve to
process massive amounts of digital information in an instant. - Watson Advisor, which we
have at IBM can go through upwards of 700,000 blogs
and articles about the cyber security industry, extract
that into structured data and process it and make a
recommendation to an analyst on what they should look at. - [Narrator] But before AI
can join the fight against hackers, it has to learn
the language of cyber crime. A shadowy dialect filled
with slang, inside jokes and confusing jargon. - If you consider the jargon
used in the cybersecurity domain, you'll hear the term
honeypot and it doesn't mean a jar of honey, as we might know it. So you've got to teach
Watson what that term means in the cybersecurity context. - [Narrator] Training artificial
intelligence is a complex process that requires lots of human intervention to get right. - So you can think of
Watson just like a child. When you're teaching a child
a language you don't directly start off with Shakespeare
and vocabulary, you just start off with a limited set of information. Similarly, you start off with
a limited set of information for Watson and this is what gives context for Watson to learn further. We give it examples and
by associative learning, it automatically learns. - [Narrator] Researchers comb
the web for cybersecurity materials to feed the
AI, then they set to work teaching it what the words mean. - We're teaching Watson
to read this blog post and make sense of it so
that it can be of use for other analysts later at some point. We definitely guide Watson
in order for it to be able to firstly recognize the
language that we speak in, then it has to process
that language because Watson is just a machine and after
it processes the language, it has to understand or make connections and that is truly it's
cognitive capability. Those connections are
really important because there is just a plethora
of information out there in the internet, which
not everyone has access to and not everyone can
process and assimilate in a quick span of time. - [Narrator] Giving the artificial
intelligence this context is key to its cognitive capability. Next, Preeti teaches it how
words relate to each other. - We are using ransomware,
which is a common security term. We are indicating to Watson
to understand that, okay whenever I see this word called ransomware it means I have to associate with malware. - Training like this helps
artificial intelligence bring structure to the
otherwise shapeless information of the internet, instead of
returning all the information the internet has about
a particular threat, AI can bring an analyst only the
information he or she needs. - As in, when it processes
these millions of documents, at one point, we stopped the
handholding and let Watson try and learn on its own, make
educated guesses and come up with these kinds of vocabulary
for unseen documents. So this is how it learns and it applies. - [Narrator] And cognitive
capabilities go even further. - It's not just a one way communication. As analysts look to create
rules that help them detect new threats and protect
against them, the artificial intelligence is learning, it's
looking at how is the analyst applying the data, what is it that they're finding and doing? So as this partnership
between technology and human continues, we look at getting
smarter, more efficient and being able to really protect faster. The humans are teaching
computers to be better. - [Narrator] But even with the
most sophisticated defenses, cyber criminals sometimes get lucky. The best defense is to
prepare for the worst. Coming up, what happens when
real people go head to head against well armed cyber criminals? - This is complete chaos right now. - [Narrator] Will they use
this cyber security range to defend against hackers
or crash and burn? - Run it past me before we get it go and then we're gonna get it out. - [Narrator] Cybersecurity
breaches, they're a fact of life these days. A major credit Bureau faces
harsh scrutiny for waiting months to notify Americans their personal information was stolen. - Many, if not, most of the
major large scale breaches we've seen over the last year or two, the response to the breach
is causing more damage than the breach did itself. - [Narrator] IBM has built
a cyber range modeled on military training
ranges to help companies practice for the inevitable. - This type of simulation
environment is all about building the proactive skills that
you need to respond in crisis and be able to do that with confidence. - This is something where
we're able to bring and promote cybersecurity as a whole
versus just looking as a security incident. - Today, we're gonna go through
an actual live simulation. - Think about it kind of like
a flight simulator where you get a chance to take charge,
sit in the pilot seat, make mistakes, and it's
okay to crash that plane. We'd rather have you fail in here than outside in the real world, right? - No matter who walks into
this range environment, this is about practicing and it is built in as muscle memory. - So let's see how you do today. We're gonna introduce you to
our company that we've set up for you, which is Bane & Ox. - If I suddenly have a
cardiac episode, do you wanna be pulling out a manual
learning CPR for the first time? No, you wanna have practiced
it and rehearsed it. So you know what to do, you
know what steps to take. It's the exact same thing
when responding to a cyber security incident, the only
difference is rather than me having a heart attack, it's the company. You're all new Bane & Ox employees. You know, you've got your employee badges. Now today, Bane & Ox is gonna be a large financial institution. A couple of things about Bane & Ox. You'll notice that Bane
& Ox has a stock price. It has social media
feeds that we're tracking and all of kind of the
aspects that you'd expect of a real company, we're gonna
learn a little bit about-- (phone ringing) Oh, we got a phone call, will you just hit the white button and answer that? - You see this every
time, the phone rings, people lean back in their chairs. (phone ringing) - This is Quanta Communications. - [Mike] Hey, this is Mike,
over at the Bane & Ox trading desk, we're having some
problems with our computers. It's asking for Bitcoin and we
can't do any money transfers. We need some help. - When you put someone
into a crisis situation, you need to act, you
need to respond, in fact, one of the worst things
you can do is nothing. That can be the most deadly thing you do. - Oh, that's bad.
- Yeah, you're telling me. We can't make any money transfers. What can you do to help me? - I don't know, let's see. - In graduate school and
business schools all across the country, we have
taught people to be slow and deliberate in their decision
making, to make decisions with data, build a consensus,
these are about the worst things you can possibly do
when you're being breached. You need to make decisions
quickly and decisively. - Hi, hold on one second, hi, this is Josh over at IT, how you doing? - Hi, I'm doing pretty
good, man, except all of our computers have been hit with ransomware. We're probably losing millions
of dollars every minute. - All right, we're gonna
work on it from this end. Just keep 'em off and I will
let you know immediately as soon as we get this resolved, okay? (phone ringing) - Legal department.
- Yes, my name is Spencer Chambers with Tax and Finance, who am I speaking with? - Hi, yes, this is Kathy
from legal, can I help you? - First thing I'm gonna
need you to do is take that computer off the network,
can you do that for me? - Hello, this is Enku in HR. - [Matt] This is Matt
from HR here in New York. - At this point, there's
no information for me to tell you.
- Okay, folks, there's an awful lot going on right now. - I think I've been hearing a little bit something here down the hall. - This is complete chaos right now. Except there's one group that leans in and we were trying to
figure out why is this? And also we noticed
that when they respond, they do an incredibly good job. Which one of you is gonna
take charge of this situation? - I'll do it. - You're in charge, figure
out what's going on. - Put him on hold real quick,
what's his issue right now? - He's--
- Gimme the bullets. - Saying that security
license expiring today and we need to pay otherwise-- - That's most likely a scam,
tell him we'll call him back. - I've got Matt in HR on
hold and he's got all these employees calling about different issues with their computers. - [Caleb] So we started
asking them like, what's your background, where did you go to school, what did you study, what's your job? And we noticed two things started popping up over and over again. - Get a phone number, we'll call them back as soon as we're done. - The first one's not a complete surprise. Military experience. Anyone with military experience here responds incredibly well. - What do you have?
- Yeah, so I've got the stock is trading, there's
a lot of stock being sold. The stock price is being impacted. - Draw something up
with her, run it past me before we get it go and
then we're gonna get it out. - The second one was people
with emergency medicine experience because if you think
about it those are two roles where you have to make
decisions in a hurry with limited information and
you have to do that comfortably and be willing to fall
back on those decisions. - Disconnect him, that's
it, he's all done. - [Caleb] All right,
so what was that like? - Chaotic.
- Chaotic. - A little bit chaotic? Part of the reason why
we do that is to get you used to working in crisis. One of the things we notice
in these types of environments is identifying who's in charge, getting that leadership model in place. So Josiah, I'm curious,
what is your background? - I served eight years at Fort St. Houston at 232nd medical battalion. - Well done.
- Thank you. - What does a firefighter do all day? They don't put out fires,
they practice and rehearse. So when they are presented
with that situation, they know how to respond and
that type of muscle memory is what we have to build
into our responders. - [Narrator] Sophisticated
damaging attacks like the one in this simulation are on the rise. Will there be enough
cybersecurity warriors to repel the attacks or is a shortage
in qualified personnel putting us all at risk? And coming up, what can you do to protect your personal data? (dramatic music) According to the FBI, there
were over 4,000 ransomware attacks on US businesses
every single day in 2016. That's a 300% increase
over the year before and the number of cyber attacks
will only continue to grow. - We're gonna continue to
see more sophisticated cyber attacks, the nature of
how we use technology and what we demand from it
will continue to make it more complex, leaving more
vulnerabilities and unfortunately, the bad guys will not
stop innovating either. - You know, just like we're
evolving artificial intelligence to defend against cyber
crime, so too, cyber criminals will use artificial intelligence. - [Narrator] As criminals
become more sophisticated, the demand for cybersecurity
professionals will surge. There'll be two million open
unfilled cybersecurity jobs globally by 2020, so seats
in rooms like this behind me, we're gonna have difficulty filling. We're not gonna solve this
problem if we don't expand the aperture of who we're
trying to bring in and recruit. It's about bringing new
people in the workforce. People that maybe wanna
work in these seats as more of a trade and a skill. - These are skillsets you
have to learn by doing, right? It's not something you can go
to school for and then just get out and start applying
it, it's more of a trade and that apprenticeship type
mindset and some of them may not require a college degree at all. - Many of the people that I
work with never went to school for cyber security, one of
our best analysts was actually a mechanic, he had a
passion of fixing things, figuring out how they work
and that's what we need. - Maybe this is someone that
doesn't have a traditional four year degree, maybe they've
spent time in the military. Maybe they've spent time
working in an operation floor like this and have learned
that craft through doing. So this isn't a blue collar
versus white collar type of thing, this is a new collar thing. - [Narrator] Whether you choose
to join the ranks fighting cyber criminals or not, there
are a few simple, powerful steps you can take to
secure your own data. - Everybody has a role to
play in cyber security. - So some things that can
be done, ought to be done by everybody, is that you need to update all of your software,
meaning there are automatic patches that are sent out. - If your computer is alerting
you that you're out of date, get it up to date 'cause
what that typically means is there's a vulnerability
that attacker could take advantage of and they can
gain access to your system. - You also wanna to
change passwords regularly and use somewhat complicated
passwords that are not easy to guess, not your
children's names, not your birth date, not your anniversary date. Your bank account
password for online access should not be the same as
your social media password. Because if one is compromised,
you don't want the other to then be also likely to be compromised because your password has been revealed. - And then importantly,
that is not even enough. You have to make sure
your antivirus software is working properly. - Keep your security software
and run security software up to date, this is good
advice, just making sure that you have good hygiene on your system, whether it be your mobile phone, whether it be your computer at home. - Basic hygiene is gonna prevent 90% of the threats coming your way. - [Narrator] But for the 10%
of threats you can't prevent with basic cyber hygiene,
you must use active measures to protect your data, it begins by not clicking on suspect links. - We sometimes forget
that not all information that is being sent to
us, being provided to us is legitimate, so we click on things. It's a natural human tendency to do that. Those links can embed
malware into your system. They can go undetected unless
you've got the right tools, unless you yourself are diligent. - The weakest link is always the human and not the technology. It's always the person
who makes the mistake. The rule of thumb is if there
is a doubt, there's no doubt. If it looks slightly
suspicious or you think there's something slightly wrong
with an email that you got or a link or a file that you received, it's not worth the click. - [Narrator] It's also important
to monitor your devices and financial accounts for irregularities. - You need to watch your networks. Personally, you need to
watch your bank accounts. You need to watch your credit reports. You need to be aware of
any changes in activity in your system, if your
computer is slowing down, you need to check it out. If it is the screen is going
black and acting weird, you need to have it checked out. - [Narrator] Passwords can be strengthened with two factor authentication. - Two factor authentication,
where to get onto one account, you might get a text, for
example, on your phone to enter a code, people don't do it
because it takes an extra step but it is, for example, one
easy way to add another layer of security to help protect yourself against being compromised. Sometimes people think that cyber security is very complicated but it's a basic issue of locking your front
door, closing your windows. - [Narrator] Practicing
good cyber hygiene with tips like these helps the
professionals in their fight too. - As a defender, as someone
who's helping our clients protect their own clients that's
just a very powerful thing. In a way, I'm helping protect my family, helping secure the world's
data which is a very important thing to me, so there's this
mission and sense of purpose that I'm making the world a better place. - I get to work with a lot of bright minds and we are constantly fighting
a lot of bright minds. - Right now, humans are smarter
and will be for a long time but computers are faster and
the more we can leverage that speed with some smarts,
the more a computer will be able to compete successfully and it computer human team
together will be unbeatable.
