1 00:00:04,050 --> 00:00:06,870 Sean Aylmer: Welcome to the Fear and Greed daily interview. I'm Sean Aylmer. 2 00:00:07,080 --> 00:00:09,420 Sean Aylmer: We've talked a lot about cyber security in the last 3 00:00:09,420 --> 00:00:12,629 Sean Aylmer: couple of years, with cyber attacks unfortunately becoming a fact 4 00:00:12,630 --> 00:00:15,540 Sean Aylmer: of life. In fiscal 2021, a new data breach was 5 00:00:15,540 --> 00:00:19,770 Sean Aylmer: reported to the Australian Cyber Security Center every eight minutes. 6 00:00:20,070 --> 00:00:22,890 Sean Aylmer: Last month, the rules changed around the reporting of breaches 7 00:00:22,890 --> 00:00:26,910 Sean Aylmer: with critical infrastructure organizations required to report attacks to the 8 00:00:26,910 --> 00:00:30,120 Sean Aylmer: Australian Cyber Security Center in less than 12 hours. The 9 00:00:30,120 --> 00:00:33,930 Sean Aylmer: new reporting rules show just how seriously Australia is taking 10 00:00:33,930 --> 00:00:37,110 Sean Aylmer: cyber risk. I wanted to find out what these changes 11 00:00:37,170 --> 00:00:39,870 Sean Aylmer: mean for Australian businesses and what we know about the 12 00:00:39,870 --> 00:00:43,110 Sean Aylmer: groups and nations behind their attacks. Adam Meyers is the 13 00:00:43,110 --> 00:00:46,920 Sean Aylmer: senior vice president of intelligence at CrowdStrike and joins me 14 00:00:46,920 --> 00:00:49,380 Sean Aylmer: from Washington. Adam, welcome to Fear and Greed. 15 00:00:49,650 --> 00:00:50,400 Adam Myers: Thanks for having me. 16 00:00:51,120 --> 00:00:53,940 Sean Aylmer: You've got a cracking job, heading up intelligence at CrowdStrike. 17 00:00:55,140 --> 00:00:58,920 Sean Aylmer: Let's start with the latest from the digital frontline. Where's 18 00:00:58,920 --> 00:01:00,720 Sean Aylmer: it coming from? Where are these attacks coming from? 19 00:01:01,080 --> 00:01:03,870 Adam Myers: Well, we track criminal groups from all over the world, 20 00:01:03,930 --> 00:01:07,320 Adam Myers: probably about 60, so different criminal groups that we track. 21 00:01:07,800 --> 00:01:11,250 Adam Myers: That said there's lots of different types of criminal hustles 22 00:01:11,250 --> 00:01:16,950 Adam Myers: out there. You have ransomware, which tends to be predominantly 23 00:01:16,950 --> 00:01:20,910 Adam Myers: operating out of Eastern Europe, let's say in the vicinity 24 00:01:20,910 --> 00:01:24,870 Adam Myers: of Russia. There's a lot of ecosystem around that. I 25 00:01:24,870 --> 00:01:28,440 Adam Myers: think a lot of people don't really understand that, that 26 00:01:28,440 --> 00:01:35,819 Adam Myers: there's entire components of eCrime that operate to support other 27 00:01:35,819 --> 00:01:39,540 Adam Myers: operations within eCrime. As an example, a lot of people 28 00:01:39,540 --> 00:01:42,900 Adam Myers: know about Emotet. We track Emotet as mummy, spider. Emotet, 29 00:01:45,750 --> 00:01:50,310 Adam Myers: in addition to doing their own scams is really focused 30 00:01:50,310 --> 00:01:53,880 Adam Myers: on distribution. What that means is that they run spam 31 00:01:53,970 --> 00:01:59,100 Adam Myers: operations and pay- per- install. Other ransomware actors, and there's plenty 32 00:01:59,100 --> 00:02:02,220 Adam Myers: of them out there will go to the Emotet crew, 33 00:02:02,220 --> 00:02:05,520 Adam Myers: the Emotet gang via various underground forums and things of 34 00:02:05,520 --> 00:02:10,320 Adam Myers: that nature. They'll effectively contract them and do... It's almost 35 00:02:10,320 --> 00:02:13,290 Adam Myers: like a search engine optimization in a way where they'll say " 36 00:02:13,290 --> 00:02:18,150 Adam Myers: Okay, we want to distribute this package, this payload to 37 00:02:18,600 --> 00:02:22,440 Adam Myers: as many victims as we can in Australia." Then the 38 00:02:22,470 --> 00:02:25,889 Adam Myers: Emotet gang will spin up their spam botnet. They'll target 39 00:02:26,340 --> 00:02:31,860 Adam Myers: email addresses and organizations in Australia, and then they'll charge 40 00:02:31,919 --> 00:02:34,860 Adam Myers: whoever it is, X number of dollars or whatever it 41 00:02:34,860 --> 00:02:40,200 Adam Myers: might be, per install to drop their initial payload, their package. 42 00:02:40,710 --> 00:02:42,000 Sean Aylmer: It's a real eco system. 43 00:02:42,419 --> 00:02:47,940 Adam Myers: Yeah, absolutely. There's people that focus on just the negotiation 44 00:02:48,150 --> 00:02:52,500 Adam Myers: of the ransom. There are people that focus on helping 45 00:02:52,500 --> 00:02:57,450 Adam Myers: launder the money and helping to cash out things. There's 46 00:02:57,450 --> 00:03:00,930 Adam Myers: a whole ecosystem. In fact, we track it. If you 47 00:03:00,930 --> 00:03:02,970 Adam Myers: look at our website, we have something called the adversary 48 00:03:02,970 --> 00:03:07,050 Adam Myers: universe and we've created this eCrime index. If you're familiar 49 00:03:07,050 --> 00:03:10,260 Adam Myers: with the Dow Jones Industrial Average, that was something that 50 00:03:10,260 --> 00:03:14,100 Adam Myers: was created in the late 1800's to enable people to get a 51 00:03:14,100 --> 00:03:18,030 Adam Myers: sense of the overall health of the industrial economy. They 52 00:03:18,030 --> 00:03:21,960 Adam Myers: take back in 1899 or whatever it was when Charles 53 00:03:21,960 --> 00:03:24,180 Adam Myers: Dow came up with it, they came up with, I 54 00:03:24,180 --> 00:03:27,480 Adam Myers: think about a dozen or so different industrial companies, looked 55 00:03:27,480 --> 00:03:30,570 Adam Myers: at their stock and kind of used an index of 56 00:03:30,570 --> 00:03:33,090 Adam Myers: these 12 different companies to get a sense of the 57 00:03:33,090 --> 00:03:36,630 Adam Myers: overall health of the industrial economy. When World War II 58 00:03:36,630 --> 00:03:40,710 Adam Myers: ends, the Dow Jones goes up. When the energy crises 59 00:03:40,710 --> 00:03:44,010 Adam Myers: in the seventies hit, the Dow goes down. When COVID 60 00:03:44,130 --> 00:03:46,890 Adam Myers: the pandemic hit, it went down initially, but it came 61 00:03:46,890 --> 00:03:49,050 Adam Myers: back up when people realized that we would figure out 62 00:03:49,050 --> 00:03:52,500 Adam Myers: a way through it. This whole index, which just changed 63 00:03:52,500 --> 00:03:55,290 Adam Myers: over the years, they've added different stocks as textiles kind 64 00:03:55,290 --> 00:03:57,600 Adam Myers: of gave way to computers and things like that. But 65 00:03:58,200 --> 00:04:00,030 Adam Myers: this gives you a sense of the overall health of 66 00:04:00,030 --> 00:04:03,570 Adam Myers: the economy. We created what we call the eCrime index, 67 00:04:03,570 --> 00:04:07,950 Adam Myers: which tracks 34 different observables that we're able to see 68 00:04:07,950 --> 00:04:10,890 Adam Myers: day in and day out from the underground economy and 69 00:04:10,890 --> 00:04:13,080 Adam Myers: gives us the ability to track the overall health of 70 00:04:13,080 --> 00:04:16,979 Adam Myers: the underground economy. When different holidays come around, we notice 71 00:04:16,980 --> 00:04:20,760 Adam Myers: a fluctuation in this eCrime index. When there's a major ransomware 72 00:04:20,760 --> 00:04:24,750 Adam Myers: event, like the Colonial Pipeline, which got lots of attention 73 00:04:24,750 --> 00:04:28,050 Adam Myers: last may, there was initially a drop off right after 74 00:04:28,050 --> 00:04:30,420 Adam Myers: that because all of the eCrime operators kind of pulled 75 00:04:30,450 --> 00:04:34,470 Adam Myers: back. They didn't want to have this extra heat on 76 00:04:34,470 --> 00:04:36,540 Adam Myers: them. A lot of things kind of pulled back. A lot of 77 00:04:36,540 --> 00:04:40,770 Adam Myers: things changed. There were some disruptions to the market. We've 78 00:04:40,770 --> 00:04:43,170 Adam Myers: been kind of watching this in real time and have 79 00:04:43,170 --> 00:04:46,620 Adam Myers: created this open model that people can go look at 80 00:04:46,620 --> 00:04:47,700 Adam Myers: to see how it's changing. 81 00:04:48,510 --> 00:04:52,049 Sean Aylmer: The Dow James over time has always trended higher in 82 00:04:52,050 --> 00:04:55,650 Sean Aylmer: the long, long term. It always trends higher. Is your 83 00:04:55,650 --> 00:04:56,729 Sean Aylmer: index trending higher? 84 00:04:57,690 --> 00:05:00,210 Adam Myers: It's been relatively stable, but it's only about two years 85 00:05:00,210 --> 00:05:04,920 Adam Myers: old. The Dow Jones has a solid 120 plus years, 86 00:05:04,920 --> 00:05:10,800 Adam Myers: I think, on our index. I think this is really 87 00:05:10,800 --> 00:05:14,880 Adam Myers: interesting because we're seeing a major shift in the eCrime ecosystem 88 00:05:14,880 --> 00:05:18,270 Adam Myers: today. It'll be interesting in a year from now for 89 00:05:18,270 --> 00:05:19,979 Adam Myers: us to get together and have this conversation and say " 90 00:05:19,980 --> 00:05:23,159 Adam Myers: Well, what did we learn based on this?" Because what 91 00:05:23,160 --> 00:05:25,380 Adam Myers: we're seeing now is ransomware is kind of giving way 92 00:05:25,380 --> 00:05:29,130 Adam Myers: to data extortion. A lot of the criminal actors that 93 00:05:29,130 --> 00:05:33,779 Adam Myers: are out there, they started hearing from their victims that 94 00:05:33,839 --> 00:05:37,230 Adam Myers: they weren't going to pay. They had backup solutions in 95 00:05:37,230 --> 00:05:41,099 Adam Myers: place and they weren't going to pay these different actors 96 00:05:41,100 --> 00:05:44,250 Adam Myers: to get their data back. They had to pivot, they 97 00:05:44,250 --> 00:05:47,849 Adam Myers: had to change how they were doing things. What we 98 00:05:47,850 --> 00:05:50,039 Adam Myers: started seeing about two or three years ago was what 99 00:05:50,040 --> 00:05:52,349 Adam Myers: a lot of people will call a double extortion, where 100 00:05:52,350 --> 00:05:55,529 Adam Myers: they were running a ransomware operation and they were stealing 101 00:05:55,529 --> 00:05:58,710 Adam Myers: data and they would charge you one price to get 102 00:05:58,710 --> 00:06:01,529 Adam Myers: your crypto keys to decrypt your files, and a different 103 00:06:01,529 --> 00:06:04,169 Adam Myers: price to just not have your data get leaked to 104 00:06:04,170 --> 00:06:07,560 Adam Myers: the internet. As more and more organizations are saying " We're 105 00:06:07,560 --> 00:06:11,040 Adam Myers: not paying for ransom," we're starting to see this shift 106 00:06:11,040 --> 00:06:13,740 Adam Myers: and it's happening right now. In real time, we're seeing 107 00:06:13,740 --> 00:06:17,789 Adam Myers: more threat actors that are kind of issuing the traditional 108 00:06:17,790 --> 00:06:20,880 Adam Myers: ransomware tools and are more focused on the data extortion. 109 00:06:21,060 --> 00:06:23,669 Adam Myers: They're looking at ways to optimize the stolen data so 110 00:06:23,670 --> 00:06:26,339 Adam Myers: that people can search through it much easier, which brings 111 00:06:26,339 --> 00:06:30,630 Adam Myers: more pain to the victim. Because of all the legal 112 00:06:30,630 --> 00:06:33,599 Adam Myers: and regulatory frameworks that we're putting in place here in 113 00:06:33,600 --> 00:06:36,300 Adam Myers: the U. S., we've got the California Privacy Act and 114 00:06:36,870 --> 00:06:39,180 Adam Myers: there's 50 different states here that are all probably going 115 00:06:39,180 --> 00:06:42,779 Adam Myers: to enact their own privacy act. We've got GDPR out 116 00:06:42,779 --> 00:06:45,690 Adam Myers: of Europe, there's across the globe, all of these different 117 00:06:45,690 --> 00:06:50,370 Adam Myers: privacy regimens coming into play. When a global company gets 118 00:06:50,370 --> 00:06:53,460 Adam Myers: data extorted, and that data gets leaked to the internet 119 00:06:53,460 --> 00:06:57,540 Adam Myers: if they don't pay, the compliance and the regulatory fees 120 00:06:57,540 --> 00:06:58,679 Adam Myers: are astronomical. 121 00:06:59,310 --> 00:07:03,000 Sean Aylmer: Okay. It's a really good point. How does... It seems 122 00:07:03,000 --> 00:07:05,700 Sean Aylmer: to me that the criminals are ahead of the curve, 123 00:07:06,210 --> 00:07:08,099 Sean Aylmer: at least when it comes to... Because if someone has 124 00:07:08,100 --> 00:07:12,390 Sean Aylmer: their data stolen and then you run into privacy issues 125 00:07:12,390 --> 00:07:15,300 Sean Aylmer: because of legislation, I'd say it's just a bit unfair. 126 00:07:16,110 --> 00:07:17,970 Sean Aylmer: Maybe you should be in trouble for allowing your data to be 127 00:07:18,180 --> 00:07:19,350 Sean Aylmer: stolen, but still. 128 00:07:21,300 --> 00:07:25,590 Adam Myers: Yes, you should do better. Organizations need to do better 129 00:07:25,710 --> 00:07:29,280 Adam Myers: at investing in cybersecurity. You can't stick your head into 130 00:07:29,280 --> 00:07:30,869 Adam Myers: the sand and hope it's not going to happen to 131 00:07:30,900 --> 00:07:35,160 Adam Myers: you because hope is not a strategy. The threat actors, 132 00:07:35,400 --> 00:07:37,650 Adam Myers: there's this Bruce Lee quote that I always kind of 133 00:07:37,650 --> 00:07:39,990 Adam Myers: referenced when I think about threat actors. He said " Be 134 00:07:39,990 --> 00:07:43,260 Adam Myers: like water," right? Water always takes the path of least 135 00:07:43,260 --> 00:07:45,870 Adam Myers: resistance, the easiest way to go down a hill or 136 00:07:45,870 --> 00:07:49,380 Adam Myers: to get to the lowest point. Threat actors do the 137 00:07:49,380 --> 00:07:51,090 Adam Myers: same thing, whether it be a nation, state, or a 138 00:07:51,090 --> 00:07:56,160 Adam Myers: criminal, whatever the motivation is. These threat actors are looking 139 00:07:56,160 --> 00:07:59,670 Adam Myers: to find the easiest way to make the most amount 140 00:07:59,670 --> 00:08:03,030 Adam Myers: of money. As it turns out, as they move away 141 00:08:03,030 --> 00:08:06,210 Adam Myers: from ransomware to data extortion, it actually makes things easier 142 00:08:06,210 --> 00:08:10,050 Adam Myers: for them because they don't have to manage complex cryptographic backends 143 00:08:10,050 --> 00:08:12,840 Adam Myers: to decrypt files, and they don't have to troubleshoot these 144 00:08:12,840 --> 00:08:16,470 Adam Myers: tools working or not working. It's really a simple matter of " 145 00:08:16,890 --> 00:08:19,440 Adam Myers: Do you want this data leaked or not? If you don't 146 00:08:19,440 --> 00:08:21,510 Adam Myers: want it leaked, then you need to pay us." 147 00:08:22,170 --> 00:08:23,940 Sean Aylmer: Adam, stay with me. We'll be back in a minute. 148 00:08:23,940 --> 00:08:32,970 Sean Aylmer: I'm talking to Adam Myers, senior vice president of intelligence 149 00:08:32,970 --> 00:08:36,270 Sean Aylmer: at CrowdStrike. Okay. I'm going to bring you back to 150 00:08:36,270 --> 00:08:40,679 Sean Aylmer: Australia, because we recently introduced some legislation focused on critical 151 00:08:40,679 --> 00:08:44,309 Sean Aylmer: infrastructure. There's 11 different infrastructure sectors. We're talking about stuff 152 00:08:44,309 --> 00:08:48,270 Sean Aylmer: like electricity, gas, ports, water, sewage, et cetera. What sort 153 00:08:48,270 --> 00:08:52,770 Sean Aylmer: of threats do they face? Because they're not necessarily infrastructure 154 00:08:52,770 --> 00:08:55,829 Sean Aylmer: assets with huge amounts of data on individual people or 155 00:08:55,830 --> 00:08:57,750 Sean Aylmer: anything like that. Is that more likely to be a ransomware 156 00:08:58,740 --> 00:08:59,790 Sean Aylmer: style threat? 157 00:09:01,170 --> 00:09:04,740 Adam Myers: We're starting to see an uptick in activity targeting Australia. 158 00:09:05,280 --> 00:09:07,920 Adam Myers: I was just in Australia a few weeks ago. I 159 00:09:07,920 --> 00:09:12,480 Adam Myers: went through Melbourne and Canberra and Sydney. One of the 160 00:09:12,480 --> 00:09:14,790 Adam Myers: things that we were conveying to all of the people 161 00:09:14,790 --> 00:09:18,360 Adam Myers: that we talked to was we're seeing an increase in criminal 162 00:09:18,360 --> 00:09:21,270 Adam Myers: actors targeting Australia. When we started off, we talked about 163 00:09:21,270 --> 00:09:24,449 Adam Myers: there's lots of different criminal hustles out there. We're talking 164 00:09:24,450 --> 00:09:27,780 Adam Myers: about ransomware here, but there's also things like business email 165 00:09:27,780 --> 00:09:31,439 Adam Myers: compromise, which is heavily focused by groups operating out of, 166 00:09:31,440 --> 00:09:34,590 Adam Myers: or with some sort of adjacency or a nexus to 167 00:09:34,590 --> 00:09:39,840 Adam Myers: Nigeria. There's these vast criminal enterprises there called confraternities and 168 00:09:39,840 --> 00:09:45,030 Adam Myers: they run romance schemes, and business email compromise schemes. There's 169 00:09:45,030 --> 00:09:47,640 Adam Myers: groups emerging out of China now that are doing, I 170 00:09:47,640 --> 00:09:49,410 Adam Myers: won't try to butcher the name in Chinese, but it's 171 00:09:49,679 --> 00:09:53,069 Adam Myers: basically called the pig slaughter where they go through this 172 00:09:53,070 --> 00:09:56,309 Adam Myers: effort where they fatten up a target. One of the 173 00:09:56,309 --> 00:09:59,550 Adam Myers: things you'll typically get is this errant text message. That'll 174 00:09:59,550 --> 00:10:01,679 Adam Myers: say something along the lines of " Are you so and 175 00:10:01,679 --> 00:10:04,860 Adam Myers: so from this," and people respond and then they kind 176 00:10:04,860 --> 00:10:06,720 Adam Myers: of use that as the end to start to build 177 00:10:06,720 --> 00:10:10,620 Adam Myers: rapport. Then ultimately try to get them into some sort 178 00:10:10,620 --> 00:10:12,780 Adam Myers: of a crypto scam or something like that, where they 179 00:10:12,809 --> 00:10:15,929 Adam Myers: can fatten them up by getting them to invest money, 180 00:10:15,929 --> 00:10:19,109 Adam Myers: start to see profit. Then they take them out. That's 181 00:10:19,110 --> 00:10:22,500 Adam Myers: called the pig slaughter. There's these different scams out there, 182 00:10:22,500 --> 00:10:27,479 Adam Myers: different schemes. As we look across the totality of this, 183 00:10:27,480 --> 00:10:30,090 Adam Myers: we're seeing more and more of this activity targeting Australia. 184 00:10:30,390 --> 00:10:33,150 Adam Myers: As an example, we've seen one of the types of 185 00:10:33,150 --> 00:10:37,350 Adam Myers: things that we track are botnets. Botnets are malicious tools, malicious 186 00:10:37,350 --> 00:10:39,720 Adam Myers: programs that are going to try to steal your bank 187 00:10:39,720 --> 00:10:43,710 Adam Myers: account information. In order to steal a bank account information, 188 00:10:44,010 --> 00:10:46,319 Adam Myers: the tool needs to know about the bank. They need 189 00:10:46,320 --> 00:10:49,920 Adam Myers: to know about what website. I won't mention any Australian 190 00:10:49,920 --> 00:10:53,010 Adam Myers: banks, but we know who the big ones are. They 191 00:10:53,010 --> 00:10:55,559 Adam Myers: need to know about that bank website in order to 192 00:10:55,559 --> 00:10:57,780 Adam Myers: steal the information as you go to log into it. 193 00:10:58,410 --> 00:11:01,920 Adam Myers: We're seeing an increase in botnets over the last couple 194 00:11:01,920 --> 00:11:04,829 Adam Myers: of months that are, and I'm talking three months here, 195 00:11:05,130 --> 00:11:09,210 Adam Myers: that have begun targeting Australian banks. That have begun targeting 196 00:11:09,780 --> 00:11:13,860 Adam Myers: businesses in Australia. This is a little bit of a 197 00:11:13,860 --> 00:11:18,270 Adam Myers: diversification after they've hit enough targets in the U. S. 198 00:11:18,300 --> 00:11:20,790 Adam Myers: They're looking for other targets. They can go after. They're 199 00:11:20,790 --> 00:11:24,540 Adam Myers: looking for other opportunities to generate revenue. As they're expanding 200 00:11:24,540 --> 00:11:28,859 Adam Myers: their footprint, Australia is a natural progression because it's a 201 00:11:28,860 --> 00:11:32,189 Adam Myers: common language. The criminals don't necessarily speak English, but it's 202 00:11:32,190 --> 00:11:35,309 Adam Myers: easy to go from American English to UK English, to 203 00:11:35,309 --> 00:11:38,309 Adam Myers: Australian English. There is a difference, but it's easy for 204 00:11:38,309 --> 00:11:40,740 Adam Myers: them to go from one to the other versus trying 205 00:11:40,740 --> 00:11:43,740 Adam Myers: to go from English to Japanese, for example. 206 00:11:44,100 --> 00:11:46,589 Sean Aylmer: Yeah. Well, we're kind of running out of time here. 207 00:11:46,800 --> 00:11:49,679 Sean Aylmer: Adam, I do want to ask you, what should we 208 00:11:49,679 --> 00:11:55,560 Sean Aylmer: all be doing business or individual to prepare ourselves or, 209 00:11:56,280 --> 00:11:58,469 Sean Aylmer: I don't know whether I think all of us would 210 00:11:58,470 --> 00:12:02,520 Sean Aylmer: have examples of getting unusual text messages, certainly unusual emails. 211 00:12:03,270 --> 00:12:05,550 Sean Aylmer: I just delete them, and I kind of figure if 212 00:12:05,550 --> 00:12:08,819 Sean Aylmer: it's really important and I've deleted something that I shouldn't 213 00:12:08,820 --> 00:12:10,410 Sean Aylmer: have deleted, they'll come back to me. That's kind of 214 00:12:10,410 --> 00:12:14,490 Sean Aylmer: my theory on it, but how do we prepare ourselves? 215 00:12:14,760 --> 00:12:18,059 Adam Myers: That's a great question. I think let's think about it 216 00:12:18,059 --> 00:12:22,650 Adam Myers: from a business, from an enterprise perspective, organizations really need 217 00:12:22,650 --> 00:12:26,700 Adam Myers: to start to take security, seriously. Basic hygiene things that 218 00:12:26,700 --> 00:12:28,890 Adam Myers: we've been talking about in the security industry for the 219 00:12:28,890 --> 00:12:31,679 Adam Myers: last 20 years still hold true. There's things like the 220 00:12:31,679 --> 00:12:34,170 Adam Myers: concept of the principle of least privilege, where you only 221 00:12:34,170 --> 00:12:37,620 Adam Myers: give users access the amount of information that they need. 222 00:12:38,130 --> 00:12:41,699 Adam Myers: Well, that's evolved, and today we're advising organizations to move 223 00:12:41,700 --> 00:12:44,760 Adam Myers: into what we call zero trust and using identity protection. 224 00:12:45,090 --> 00:12:47,460 Adam Myers: One of the things that lot of these breaches have in common 225 00:12:47,970 --> 00:12:52,260 Adam Myers: is that the threat actor compromises credentials. Either they figure 226 00:12:52,260 --> 00:12:54,809 Adam Myers: out how to guess the password through something like password 227 00:12:54,809 --> 00:12:58,110 Adam Myers: spraying or they've compromised it from some other piece of 228 00:12:58,110 --> 00:13:01,710 Adam Myers: malware. There's again, back to that whole eCrime ecosystem, groups 229 00:13:01,800 --> 00:13:05,160 Adam Myers: that focus just on that. Once they get access to 230 00:13:05,160 --> 00:13:10,709 Adam Myers: the credentials, using identity protection can stop these breaches before 231 00:13:10,710 --> 00:13:14,010 Adam Myers: they become a problem. That's one of the things, another 232 00:13:14,100 --> 00:13:16,260 Adam Myers: concept that I talk to a lot of people about 233 00:13:16,260 --> 00:13:20,640 Adam Myers: is implementing things like threat hunting. You can't wait for 234 00:13:20,700 --> 00:13:23,970 Adam Myers: some alert to fire and then try to figure out 235 00:13:23,970 --> 00:13:27,270 Adam Myers: what happened a few weeks down the line. Once something 236 00:13:27,270 --> 00:13:31,140 Adam Myers: is detected, you need to be actively engaged and fighting 237 00:13:31,140 --> 00:13:34,590 Adam Myers: with those threat actors, those adversaries in hand to hand 238 00:13:34,590 --> 00:13:37,590 Adam Myers: combat on the endpoint. Threat hunting is one of the 239 00:13:37,590 --> 00:13:40,650 Adam Myers: things that enables that. Another thing is to use machine 240 00:13:40,650 --> 00:13:43,650 Adam Myers: learning and artificial intelligence. A lot of the security tools 241 00:13:43,650 --> 00:13:45,929 Adam Myers: that have been out there for years, what I would 242 00:13:45,929 --> 00:13:49,320 Adam Myers: call legacy tools. They rely on signatures. That means that 243 00:13:49,320 --> 00:13:51,809 Adam Myers: they have to know about a particular threat, write a 244 00:13:51,809 --> 00:13:54,690 Adam Myers: signature for that threat in order to detect and stop 245 00:13:54,690 --> 00:13:58,110 Adam Myers: it. With machine learning, we're doing this at scale and 246 00:13:58,110 --> 00:14:02,520 Adam Myers: we're looking for across billions of different files that we've 247 00:14:02,520 --> 00:14:05,429 Adam Myers: identified as good and bad. Now we can start to 248 00:14:05,460 --> 00:14:09,030 Adam Myers: bring some statistical analysis into it and machine learning can, 249 00:14:09,030 --> 00:14:11,579 Adam Myers: at speed, determine if something is good or bad with 250 00:14:11,580 --> 00:14:15,329 Adam Myers: a very high degree of confidence. Today that's table stakes. 251 00:14:15,330 --> 00:14:20,280 Adam Myers: Using what would be called NextGen antivirus or something along 252 00:14:20,280 --> 00:14:24,150 Adam Myers: those lines will really make the difference between finding a 253 00:14:24,150 --> 00:14:28,050 Adam Myers: threat and not finding a threat. The fourth thing is 254 00:14:28,050 --> 00:14:33,090 Adam Myers: to use tabletop exercises, to drill, to practice, to say " 255 00:14:33,090 --> 00:14:35,340 Adam Myers: What would happen if we came in today and there 256 00:14:35,340 --> 00:14:37,620 Adam Myers: was a ransom note, whether it was data extortion or 257 00:14:37,620 --> 00:14:40,200 Adam Myers: file encryption, what would we do? Who would we call? 258 00:14:40,200 --> 00:14:44,280 Adam Myers: Do we have outside counsel?" Going through those thought exercises 259 00:14:44,280 --> 00:14:46,500 Adam Myers: in a conference room or on a Zoom call every 260 00:14:46,500 --> 00:14:50,520 Adam Myers: month, every quarter really builds that muscle memory. You play 261 00:14:50,520 --> 00:14:53,130 Adam Myers: like you practice. If you don't practice, you're going to 262 00:14:53,130 --> 00:14:56,850 Adam Myers: fall on your face. Then finally having the intelligence, understanding 263 00:14:56,850 --> 00:14:59,160 Adam Myers: who these threat actors are, how they operate, what they're 264 00:14:59,160 --> 00:15:03,420 Adam Myers: after, and how they target organizations like you, how they 265 00:15:03,420 --> 00:15:07,710 Adam Myers: target organizations in your geographic location enables you to build 266 00:15:08,100 --> 00:15:11,730 Adam Myers: accurate and applicable defenses to make sure that you don't 267 00:15:11,730 --> 00:15:12,450 Adam Myers: become a victim. 268 00:15:13,410 --> 00:15:15,150 Sean Aylmer: Adam, thank you for talking to Fear and Greed. 269 00:15:15,570 --> 00:15:16,290 Adam Myers: My pleasure. 270 00:15:16,650 --> 00:15:19,530 Sean Aylmer: That was Adam, my senior vice president of intelligence at 271 00:15:19,650 --> 00:15:22,650 Sean Aylmer: CrowdStrike. This is the Fear and Greed daily interview. Join 272 00:15:22,650 --> 00:15:24,570 Sean Aylmer: us every morning for the full episode of Fear and 273 00:15:24,570 --> 00:15:28,350 Sean Aylmer: Greed, Australia's most popular business podcast. I'm Shawn Aylmer. Enjoy 274 00:15:28,350 --> 00:15:28,710 Sean Aylmer: your day.