1 00:00:04,019 --> 00:00:06,389 Sean Aylmer: Welcome to the Fear and Greed Business Interview. I'm Sean 2 00:00:06,390 --> 00:00:09,780 Sean Aylmer: Aylmer. If businesses ever needed a reminder of the importance 3 00:00:09,780 --> 00:00:12,898 Sean Aylmer: of cybersecurity, they got it earlier in the month. Internet 4 00:00:12,900 --> 00:00:17,309 Sean Aylmer: giants, Google, Amazon, and CloudFlare revealed they'd blocked a cyber 5 00:00:17,309 --> 00:00:20,639 Sean Aylmer: attack, a denial of service attack that Google said was 6 00:00:20,640 --> 00:00:25,170 Sean Aylmer: seven times bigger than anything seen before. Fortunately, they fended 7 00:00:25,200 --> 00:00:27,840 Sean Aylmer: it off, but with more businesses using the cloud to 8 00:00:27,840 --> 00:00:30,750 Sean Aylmer: store so much data, it's a salient reminder of the 9 00:00:30,750 --> 00:00:34,500 Sean Aylmer: need to be taking cybersecurity seriously, with responsibility going all 10 00:00:34,500 --> 00:00:37,050 Sean Aylmer: the way up to board level. Paul Garner is the co- 11 00:00:37,050 --> 00:00:41,040 Sean Aylmer: founder and Chief Operating Officer of Australian cloud security platform, 12 00:00:41,040 --> 00:00:44,250 Sean Aylmer: Plerion, which is a supporter of this podcast. Paul, welcome 13 00:00:44,250 --> 00:00:45,030 Sean Aylmer: to Fear and Greed. 14 00:00:45,598 --> 00:00:46,919 Paul Garner: Hi, Sean. Great to be here. 15 00:00:47,490 --> 00:00:49,829 Sean Aylmer: So I just talked about that attack on Google, Amazon, 16 00:00:49,830 --> 00:00:54,450 Sean Aylmer: CloudFlare. What impact does an attack like that one have 17 00:00:54,450 --> 00:00:58,110 Sean Aylmer: in terms of general awareness around the business community? 18 00:00:58,860 --> 00:01:01,740 Paul Garner: Yeah, it's a good question, Sean. And I think what 19 00:01:01,740 --> 00:01:05,669 Paul Garner: it does, given that the organizations who were the subject 20 00:01:05,670 --> 00:01:10,530 Paul Garner: of that attack are household names, right? Google, Amazon, CloudFlare. 21 00:01:11,219 --> 00:01:17,820 Paul Garner: It just helps bring the consideration around cybersecurity, how your data 22 00:01:18,300 --> 00:01:21,840 Paul Garner: is protected back to the top of the priority list 23 00:01:21,840 --> 00:01:26,549 Paul Garner: of many people whose data is hosted by these types 24 00:01:26,549 --> 00:01:30,330 Paul Garner: of organizations. And then for businesses as well, how well 25 00:01:30,330 --> 00:01:34,020 Paul Garner: are they geared up to protect themselves from these types of 26 00:01:34,020 --> 00:01:35,640 Paul Garner: attacks if it were to happen to them? 27 00:01:36,450 --> 00:01:39,179 Sean Aylmer: Okay, so how prepared are we? There's been a bunch 28 00:01:39,179 --> 00:01:42,750 Sean Aylmer: of security breaches locally across the past 12 to 18 months, or 29 00:01:42,750 --> 00:01:44,819 Sean Aylmer: maybe it's just that we're hearing more about it. I'm 30 00:01:44,819 --> 00:01:48,660 Sean Aylmer: just interested why have there been more? Is it more 31 00:01:48,660 --> 00:01:50,940 Sean Aylmer: attackers out there? Is it because we use the cloud 32 00:01:50,940 --> 00:01:53,400 Sean Aylmer: more or greater volume of data? What's the reason? 33 00:01:54,120 --> 00:01:57,210 Paul Garner: Yeah, I think the reality, Sean, is it's an amalgamation 34 00:01:57,210 --> 00:02:01,259 Paul Garner: of all of those things. So there's organizations who have 35 00:02:01,259 --> 00:02:05,789 Paul Garner: benefited hugely from the transition to the cloud, that empowers 36 00:02:05,789 --> 00:02:10,050 Paul Garner: them as businesses to grow faster without too many barriers, 37 00:02:10,139 --> 00:02:15,360 Paul Garner: and to really empower their developers to bring about the 38 00:02:15,360 --> 00:02:18,508 Paul Garner: results that the businesses want. So scale faster, get more 39 00:02:18,508 --> 00:02:22,230 Paul Garner: users, get more customers, have more growth. And one of 40 00:02:22,230 --> 00:02:27,510 Paul Garner: the unfortunate consequences of that is that security sometimes isn't 41 00:02:27,510 --> 00:02:30,570 Paul Garner: one of the fundamental pillars with which these organizations are 42 00:02:30,570 --> 00:02:35,370 Paul Garner: building from day one. So that leaves a situation where 43 00:02:35,370 --> 00:02:39,719 Paul Garner: attackers know that data might be exposed, and if they 44 00:02:39,719 --> 00:02:42,600 Paul Garner: go looking for it hard enough, they might find it. 45 00:02:42,930 --> 00:02:45,690 Paul Garner: And as you quite rightly mentioned, in Australia, we've seen 46 00:02:45,690 --> 00:02:48,570 Paul Garner: a lot of these kind of issues, especially over the 47 00:02:48,570 --> 00:02:52,020 Paul Garner: last 12 to 18 months. And my guess is that that will 48 00:02:52,020 --> 00:02:53,369 Paul Garner: only accelerate somewhat. 49 00:02:53,910 --> 00:02:58,649 Sean Aylmer: So Plerion is all about protecting company's data when it's 50 00:02:58,650 --> 00:03:02,100 Sean Aylmer: in the cloud or helping that data be protected. Are 51 00:03:02,100 --> 00:03:04,530 Sean Aylmer: we getting better at doing the right... So I'm sure 52 00:03:04,560 --> 00:03:08,490 Sean Aylmer: whatever Plerion or AWS does, it's fantastic, right? But what 53 00:03:08,490 --> 00:03:11,099 Sean Aylmer: about us as individuals, as a business? Are we getting 54 00:03:11,099 --> 00:03:16,590 Sean Aylmer: better at this, at not making silly mistakes, but often 55 00:03:16,590 --> 00:03:20,460 Sean Aylmer: quite... Everyone understands the mistake people make, but are we 56 00:03:20,460 --> 00:03:21,840 Sean Aylmer: getting better at it, understanding it? 57 00:03:22,380 --> 00:03:25,380 Paul Garner: I think it's a really pertinent question, and I think 58 00:03:25,380 --> 00:03:31,078 Paul Garner: principally, organizations who do really well understand and they understand 59 00:03:31,110 --> 00:03:35,459 Paul Garner: early that this is always a mixture of people, process 60 00:03:35,459 --> 00:03:39,390 Paul Garner: and technology in terms of how you equip yourselves to 61 00:03:39,420 --> 00:03:43,590 Paul Garner: be protected, and most importantly, how you're equipping yourselves as 62 00:03:43,590 --> 00:03:49,469 Paul Garner: an organization to protect your customer's data. Because principally, that's 63 00:03:49,469 --> 00:03:53,129 Paul Garner: where the attackers know that the highest value is. So 64 00:03:53,129 --> 00:03:55,890 Paul Garner: if we're talking about breaches that we've seen in Australia, 65 00:03:55,890 --> 00:04:02,850 Paul Garner: across telco, across insurers, across financial institutions, attackers are always looking, " 66 00:04:02,970 --> 00:04:05,250 Paul Garner: How do we get to the customer data?" Because they 67 00:04:05,250 --> 00:04:08,940 Paul Garner: know that's going to cause businesses the biggest headache. And 68 00:04:08,940 --> 00:04:13,710 Paul Garner: fundamentally, there's still progress that needs to be made, I 69 00:04:13,710 --> 00:04:16,350 Paul Garner: think, across the ecosystem where that's concerned. 70 00:04:16,770 --> 00:04:18,150 Sean Aylmer: Is that an education piece? 71 00:04:18,930 --> 00:04:23,339 Paul Garner: I think it's an education piece, it's an awareness piece, 72 00:04:23,790 --> 00:04:29,039 Paul Garner: and it's how senior leadership and boards think about the 73 00:04:29,039 --> 00:04:32,460 Paul Garner: impact. And when I say the impact, it's easy to 74 00:04:32,460 --> 00:04:36,210 Paul Garner: think about, well, the average data breach costs companies in 75 00:04:36,210 --> 00:04:42,118 Paul Garner: Australia $ 4 million. That's an important headline, but fundamentally, there's 76 00:04:42,210 --> 00:04:44,578 Paul Garner: always that case at a board level that says, " Well, 77 00:04:44,580 --> 00:04:47,910 Paul Garner: if it hasn't happened to us, should we be proactive 78 00:04:48,180 --> 00:04:51,750 Paul Garner: about investing in the people, in the process, in the 79 00:04:51,750 --> 00:04:55,500 Paul Garner: technology to ensure that it's not us?" And then there's 80 00:04:55,500 --> 00:04:58,620 Paul Garner: a thought process that says, " Well, if we are compliant, 81 00:04:58,860 --> 00:05:01,619 Paul Garner: if we've gone through the ISO certification or the SOC 82 00:05:01,620 --> 00:05:06,570 Paul Garner: certification process, then we must be secure." Unfortunately, it doesn't 83 00:05:06,570 --> 00:05:09,930 Paul Garner: work like that. So there's two elements to it at a board 84 00:05:09,930 --> 00:05:13,200 Paul Garner: and senior level. One is how do you buy down 85 00:05:13,200 --> 00:05:15,779 Paul Garner: on risk? The other is how do you set your 86 00:05:15,779 --> 00:05:21,750 Paul Garner: business up successfully to grow without limitations? That to me 87 00:05:21,750 --> 00:05:23,999 Paul Garner: is one of the key business drivers. And if you 88 00:05:24,000 --> 00:05:28,650 Paul Garner: haven't baked in the right level of security processes and 89 00:05:28,650 --> 00:05:32,849 Paul Garner: the technology to underpin it, then that's usually where problems 90 00:05:32,849 --> 00:05:34,620 Paul Garner: can arise further down the track. 91 00:05:35,250 --> 00:05:37,170 Sean Aylmer: Stay with me, Paul, we'll be back in a minute. 92 00:05:43,410 --> 00:05:45,810 Sean Aylmer: My guest today is Paul Garner, co- founder and COO 93 00:05:46,529 --> 00:05:50,789 Sean Aylmer: of Plerion. I hesitate to ask this because I'm a non- 94 00:05:50,790 --> 00:05:54,719 Sean Aylmer: technical person, but how do you do it? So Plerion, 95 00:05:54,779 --> 00:05:58,738 Sean Aylmer: as an organization, how do you help safeguard this data 96 00:05:58,740 --> 00:06:00,060 Sean Aylmer: of my business, for example? 97 00:06:00,479 --> 00:06:03,839 Paul Garner: So it is a technology play. So Plerion is a SaaS 98 00:06:03,839 --> 00:06:09,388 Paul Garner: platform that effectively continuously scans cloud environments, whether it be 99 00:06:10,110 --> 00:06:13,709 Paul Garner: AWS, Microsoft, Google. And not only are we looking for 100 00:06:13,710 --> 00:06:20,970 Paul Garner: vulnerabilities or misconfigurations or overly permissive resources in the environment, 101 00:06:20,970 --> 00:06:24,089 Paul Garner: we are looking to bring all of that data together to 102 00:06:24,089 --> 00:06:28,379 Paul Garner: drive context. Because another thing that organizations are really struggling 103 00:06:28,380 --> 00:06:31,829 Paul Garner: with, even those who want to have an acute focus 104 00:06:31,830 --> 00:06:35,610 Paul Garner: on cyber and cloud security is, " Where do I start?" 105 00:06:35,850 --> 00:06:38,969 Paul Garner: If I'm a huge organization who's got a massive cloud 106 00:06:38,970 --> 00:06:43,620 Paul Garner: footprint, I could go and find thousands, tens of thousands, 107 00:06:43,710 --> 00:06:47,640 Paul Garner: if not hundreds of thousands of things that aren't actually 108 00:06:47,670 --> 00:06:51,539 Paul Garner: built to best practice, but they don't necessarily leave my 109 00:06:51,540 --> 00:06:56,609 Paul Garner: business or my customer's data exposed to risk any one 110 00:06:56,610 --> 00:07:00,060 Paul Garner: moment in time. So the value proposition of a platform 111 00:07:00,060 --> 00:07:02,700 Paul Garner: like Plerion is how do we bring all of that 112 00:07:02,820 --> 00:07:08,460 Paul Garner: telemetry together to drive context? And context could be, " Okay, 113 00:07:08,460 --> 00:07:12,450 Paul Garner: we've assessed your environment. There's an attack path that exists 114 00:07:12,540 --> 00:07:16,680 Paul Garner: from the internet right through to your customer's data where 115 00:07:16,680 --> 00:07:21,269 Paul Garner: you've got PII, PCI, PHI information that you thought was 116 00:07:21,270 --> 00:07:25,080 Paul Garner: protected, but actually it's not. So it's all about empowering 117 00:07:25,080 --> 00:07:29,819 Paul Garner: organizations to understand where is the risk right now and 118 00:07:29,820 --> 00:07:34,650 Paul Garner: take proactive measures around that because security teams and investment 119 00:07:34,650 --> 00:07:37,650 Paul Garner: just isn't there for organizations to try and look at 120 00:07:37,650 --> 00:07:41,969 Paul Garner: every minor little indiscretion by itself. You'd never get on 121 00:07:41,969 --> 00:07:43,140 Paul Garner: top of things in that way. 122 00:07:43,950 --> 00:07:46,199 Sean Aylmer: Where are you looking? Where are the greatest risks from 123 00:07:46,199 --> 00:07:48,179 Sean Aylmer: now? We had the denial of service attack that we 124 00:07:48,180 --> 00:07:50,340 Sean Aylmer: talked about at the top of the show. Obviously that's 125 00:07:50,340 --> 00:07:52,770 Sean Aylmer: happening a lot more, but what are the areas that 126 00:07:52,770 --> 00:07:57,869 Sean Aylmer: you are seeing criminals effectively tapping into to hurt businesses? 127 00:07:58,710 --> 00:08:01,559 Paul Garner: Probably the biggest one that we see, Sean, is around 128 00:08:01,559 --> 00:08:07,350 Paul Garner: identity and permissions. And more often than not, when you 129 00:08:07,350 --> 00:08:11,940 Paul Garner: hear about attacks or data that's been infiltrated out of 130 00:08:11,940 --> 00:08:16,020 Paul Garner: an organization's cloud environment into the hands of attackers, it's 131 00:08:16,020 --> 00:08:21,150 Paul Garner: because the attackers have managed to implement themselves somewhere into 132 00:08:21,150 --> 00:08:25,530 Paul Garner: the permission stack. So that's whether there are actual assets 133 00:08:25,530 --> 00:08:29,040 Paul Garner: in the cloud environment that are vulnerable and overly permissive 134 00:08:29,490 --> 00:08:32,728 Paul Garner: or where they've managed to get hold of credentials that 135 00:08:32,790 --> 00:08:36,570 Paul Garner: allow them into the cloud environment and then give them 136 00:08:36,570 --> 00:08:40,289 Paul Garner: escalated privileges to go and access things that they shouldn't 137 00:08:40,289 --> 00:08:45,030 Paul Garner: access. So the identity and permission segment is a consistent 138 00:08:45,030 --> 00:08:49,140 Paul Garner: challenge for organizations to get right, and monitoring that is 139 00:08:49,140 --> 00:08:52,770 Paul Garner: really important and being proactive about, " Okay, we had users 140 00:08:52,770 --> 00:08:55,469 Paul Garner: that we don't have anymore. Let's make sure that we 141 00:08:55,469 --> 00:08:59,070 Paul Garner: delete those users and all associated permissions," as opposed to 142 00:08:59,070 --> 00:09:02,400 Paul Garner: just leaving them hanging in the embers because that's where 143 00:09:02,400 --> 00:09:04,500 Paul Garner: attackers can often find a way in. 144 00:09:04,950 --> 00:09:07,890 Sean Aylmer: Okay. So I'm a business, got 200 people, and I've 145 00:09:07,890 --> 00:09:09,870 Sean Aylmer: listened to this interview and I think, " What do I 146 00:09:09,870 --> 00:09:13,468 Sean Aylmer: do?" I obviously call Plerion. That's the short answer, but 147 00:09:13,469 --> 00:09:16,708 Sean Aylmer: let's go beyond that. What should I as a business 148 00:09:16,708 --> 00:09:20,100 Sean Aylmer: with 200 people, maybe it's a 1,000 people, I think, " I have to take 149 00:09:20,100 --> 00:09:22,740 Sean Aylmer: this more seriously." What's the first step? What's the second step? 150 00:09:23,190 --> 00:09:27,420 Paul Garner: Yeah, so the first step genuinely isn't technology because I 151 00:09:27,420 --> 00:09:28,830 Paul Garner: don't want to do myself out of a job here, 152 00:09:28,830 --> 00:09:31,679 Paul Garner: but technology isn't the silver bullet in and of itself. 153 00:09:32,130 --> 00:09:33,960 Paul Garner: What you need to be able to do is get 154 00:09:33,960 --> 00:09:38,280 Paul Garner: better visibility first and foremost. So where is the edge 155 00:09:38,280 --> 00:09:41,790 Paul Garner: of my environment? What assets do exist in my environment? 156 00:09:41,790 --> 00:09:44,400 Paul Garner: And once you've got that map and it's easy to 157 00:09:44,400 --> 00:09:49,199 Paul Garner: visualize and understand, then you can start to drill down into, " 158 00:09:49,410 --> 00:09:53,069 Paul Garner: Well, where are my users? What are their permissions? What 159 00:09:53,070 --> 00:09:57,090 Paul Garner: are the vulnerabilities or misconfigurations that exist in the environment?" 160 00:09:57,450 --> 00:09:59,940 Paul Garner: And you can start to then understand, " Well, if this 161 00:09:59,940 --> 00:10:02,880 Paul Garner: is what we're working with today, how do we do 162 00:10:02,880 --> 00:10:06,660 Paul Garner: a moment- in- time assessment of how effectively we are 163 00:10:06,660 --> 00:10:10,289 Paul Garner: geared up from a security and compliance perspective? And then 164 00:10:10,289 --> 00:10:13,110 Paul Garner: how as an extension do we then drive to a 165 00:10:13,110 --> 00:10:15,960 Paul Garner: position where we can do this on a continuous basis?" 166 00:10:16,170 --> 00:10:21,150 Paul Garner: Because in that segment that you mentioned, organizations with between 167 00:10:21,780 --> 00:10:27,208 Paul Garner: 200 and a 1,000 or 2, 000 people, these are often organizations, especially 168 00:10:27,210 --> 00:10:30,690 Paul Garner: in the technology space that have been growing quickly, have been 169 00:10:30,690 --> 00:10:35,160 Paul Garner: growing without abandon because until recent macroeconomic headwinds, that was 170 00:10:36,179 --> 00:10:39,600 Paul Garner: the playbook. And it just needs a little bit of 171 00:10:40,139 --> 00:10:43,289 Paul Garner: pragmatism to say, " Right, let's make sure we understand what 172 00:10:43,290 --> 00:10:46,770 Paul Garner: we've got." Because there are many stats out there. Around, 173 00:10:46,799 --> 00:10:51,000 Paul Garner: I think it's 62% of hypergrowth businesses are actually using 174 00:10:51,000 --> 00:10:54,360 Paul Garner: security as an enabler for growth. And so that's the 175 00:10:54,360 --> 00:10:57,389 Paul Garner: mindset I would encourage businesses to have. It's like, " We 176 00:10:57,389 --> 00:11:00,389 Paul Garner: want to grow, we want to grow fast. Actually, we 177 00:11:00,389 --> 00:11:04,380 Paul Garner: can do that more effectively if we bake security controls 178 00:11:04,708 --> 00:11:07,140 Paul Garner: and the importance of them into the organization at a 179 00:11:07,140 --> 00:11:10,559 Paul Garner: design level as quickly as possible," effectively. 180 00:11:11,309 --> 00:11:13,230 Sean Aylmer: Paul, thank you for talking to Fear and Greed. 181 00:11:13,710 --> 00:11:14,130 Paul Garner: Thank you. 182 00:11:15,000 --> 00:11:17,850 Sean Aylmer: That was Paul Garner, co- founder and Chief Operating Officer 183 00:11:17,910 --> 00:11:20,669 Sean Aylmer: of Plerion, a supporter of this podcast. This is the 184 00:11:20,670 --> 00:11:23,279 Sean Aylmer: Fear and Greed Business Interview. Join us every morning for 185 00:11:23,279 --> 00:11:25,559 Sean Aylmer: the full episode of Fear and Greed, Australia's best business 186 00:11:25,559 --> 00:11:27,900 Sean Aylmer: podcast. I'm Sean Aylmer, enjoy your day.