Your bread and butter is thinking about
security, but particularly you're looking at vulnerabilities when it comes
to outsources of your workflow. The supply chain into your company.
You've just been putting out some key reports warning.
What are the key findings at the moment? Yeah.
Thanks, Caroline. I think it really ties into the story
that you're talking about here. Right.
In terms of technology being disruptive and that can be used for good.
It can also be used for bad. And so I think our report really tells a
story that we live every day, which is that banks, financial institutions,
organizations, schools, cities throughout the world, they're all being
targeted in particular by ransomware actors.
And what we show is that these cyber criminals are becoming even more
effective at doing their job. They do a great job of understanding
what's in an environment in which data that they can steal.
And stealing is a very important concept here, because what we're not seeing is
just a traditional ransomware attack where an organization's data is
encrypted. But we're seeing much like nation state
actors have done for years. We're seeing data being stolen and
actual treated from environments and used for extortion.
And attackers are doing that on a daily basis.
They're not just frightening. We're actually seeing four times every
four hours. We're seeing more organization data
being posted and with regularity and the stakes both becoming evidently more
high. Yeah, and there's a point that I wanted
to make on track. BPT Wendy, which is that it impacts
attract APTN say that the premium to G.P.S.
plus while you could see the search title as of other uses, you could not
actually get into the conversation. So.
So I want to be clear, you couldn't actually kind of access data relevant to
other uses, but it was basically deemed as a bug in the open source software.
My question to you in the context of cybersecurity is are they?
Is this kind of issue an afterthought as people try to rush these products out?
They don't think about kind of the base security of the software that they're
writing. You know, so I think that software
vulnerabilities across the board are challenging for every organization to
deal with. And they're only going to become more of
a problem just due to this scale that A.I.
brings to the table. Right.
So we're going to continue to see these type of vulnerabilities.
You know, I think one thing that's exciting is that, you know, last week
was released, a national cyber security strategy.
And in that, we talk about in particular, the need to protect and
expand the definition of critical infrastructure.
So and the role that technology vendors and providers play in that.
Right. So we see that with these supply chain
attacks becomes a major issue. But we're also seeing a lot more ramp up
in information sharing that is becoming incredibly positive.
I'm reading over the results, so your findings in this research and Caroline,
what's so interesting to me is the types of businesses found most vulnerable are
those businesses we entrust with our data on a daily basis.
And I suppose also when we're thinking of keeping our own company protected, I
didn't buy you done countless training exercises about going fishing, but
smashing is a new one. Well, now that you've been talking a lot
about one of the ways in which companies can protect themselves.
Yeah. So, you know, we've talked so much about
A.I., right. All the technology investments.
But I think, Carolyn, what you're getting at are the human side of that.
I think one of the most compelling findings for us is that we've seen these
attacks increase to now 20 percent of attacks that we deal with include a
harassment element. And I would imagine that if we talk
again in two months, we're gonna see that number probably double.
What I mean by that is attackers are specifically going after ISE security.
So executives, their families reaching out to them personally.
Their staff's finding any way that they can to socially engineer data out of
them. And that's going to become a continued,
incredibly compelling. And they're also getting super savvy
about understanding how businesses work. Right.
So understanding that if I target not only your organization maybe has a great
security barrier and perimeter, but you have business process outsiders in
outsourcers that also have access to your most sensitive data.
And there are employees in those environments that I can target equally
effectively that I have access to your environment.
So we're going to continue to see that type of activity directed towards
employees across the board. And so how will companies protecting and
assessing the vulnerabilities of their right supply chain?
Yeah, you know, I think one of the biggest keys is the mindset shift and we
are seeing so many organizations do that and actually win.
So I think there's really a positive outlook here and our report tells that
story, too, which is that so many organizations are effectively defending
against these attacks because they identify them early.
They practice their response. They understand that these attacks are
going to come. It's simply part of hosting a business
on the Internet today. And they've got great relationships
across the board, not only with experts, but also one format who can really
rapidly provide them answers, often in the form of descriptors that can, you
know, render these attacks ineffective. It is fascinating.
And when you're reading these sorts of data reports is basically what the
people the attackers are trying to set out to do.
Right. And that's why our audience in
particular should CAC because they're going off to finance.
Yes, they're going off to data and telecommunications.
And the last one, which we have to discuss, Wendy, is cryptocurrency.
Why are they targeting these specific areas?
Is it just for financial gain? Well, any avenue they have that makes it
easier to move money is certainly going to be a target, right?
So the more that we can work related to sharing information between public and
private partnerships and stopping the ability of moving movement of
cryptocurrency, for example, of disrupting attacker infrastructure, the
more that we can do that, the more effective we are going to be against
these attacks. And I think we are in a better place
now. And in terms of that information sharing
and being able to do it in a way that starts disrupting attack or
infrastructure and really starting to stop some of these attacks.
