WEBVTT - Security, Bookmarked: Manufacturing (Sponsored Content)

0:00:02.800 --> 0:00:04.840
<v Speaker 1>The bad guys like to attack over holidays, so it's

0:00:04.840 --> 0:00:05.720
<v Speaker 1>really not fun for me.

0:00:06.040 --> 0:00:10.200
<v Speaker 2>That's Curtis Minder, a renowned ransomware negotiator, telling me about

0:00:10.200 --> 0:00:12.320
<v Speaker 2>a time when he picked up an emergency call on

0:00:12.400 --> 0:00:13.280
<v Speaker 2>a major holiday.

0:00:13.640 --> 0:00:16.600
<v Speaker 1>The initial call is always very emotional, as you can imagine,

0:00:17.000 --> 0:00:19.000
<v Speaker 1>even in the large companies, you know, you may have

0:00:19.040 --> 0:00:22.400
<v Speaker 1>a boardroom of people with it's very emotional.

0:00:22.760 --> 0:00:24.840
<v Speaker 2>On the other end of the call was a chemical

0:00:24.880 --> 0:00:28.800
<v Speaker 2>manufacturing company who'd been locked out of their own assembly line.

0:00:29.000 --> 0:00:32.400
<v Speaker 1>They had a complete operational interruption, so they couldn't manufacture

0:00:32.400 --> 0:00:32.960
<v Speaker 1>their product.

0:00:33.440 --> 0:00:35.839
<v Speaker 2>Costs can add up quickly when a cyber attack delays

0:00:35.840 --> 0:00:38.120
<v Speaker 2>at game studio's next release or leads to a data

0:00:38.159 --> 0:00:40.640
<v Speaker 2>breach at a bank. But when attackers shut down a

0:00:40.640 --> 0:00:43.960
<v Speaker 2>manufacturing line that's part of a global supply chain, you

0:00:44.000 --> 0:00:45.960
<v Speaker 2>can almost see the money circling the drain.

0:00:46.200 --> 0:00:49.559
<v Speaker 1>They were losing millions of dollars a day in revenue.

0:00:49.040 --> 0:00:51.840
<v Speaker 2>And for this chemical manufacturer, like with any business shut

0:00:51.840 --> 0:00:55.120
<v Speaker 2>down by ransomware, the losses went way beyond a few

0:00:55.200 --> 0:00:56.320
<v Speaker 2>days of missing shipments.

0:00:56.640 --> 0:00:59.240
<v Speaker 1>I call it the ransomware blast radius. It's like we

0:00:59.320 --> 0:01:02.200
<v Speaker 1>know the base impact. It's operational interruption, But what about

0:01:02.240 --> 0:01:04.920
<v Speaker 1>these other things? And so that's cost of goods going bad,

0:01:04.959 --> 0:01:08.200
<v Speaker 1>supplier confidence, that's hey, wait, you didn't make payroll for

0:01:08.200 --> 0:01:11.160
<v Speaker 1>two weeks, the attrition that just occurred, wuldn't that cost you?

0:01:11.560 --> 0:01:12.840
<v Speaker 3>Those are all part.

0:01:12.600 --> 0:01:16.360
<v Speaker 1>Of the fairly complex equation on total cost of impact.

0:01:17.120 --> 0:01:19.840
<v Speaker 1>That formula, if you will, kind of helps his decide

0:01:19.840 --> 0:01:22.920
<v Speaker 1>on whether to pay a bad guy or not, or

0:01:22.959 --> 0:01:24.360
<v Speaker 1>to engage a bad guy or not.

0:01:24.840 --> 0:01:28.360
<v Speaker 2>In this case, after finishing this exhausting analysis with Curtis,

0:01:28.400 --> 0:01:30.880
<v Speaker 2>the company decided to pay the ransom.

0:01:30.360 --> 0:01:33.720
<v Speaker 1>And my job as a negotiators to make sure we

0:01:33.760 --> 0:01:36.200
<v Speaker 1>don't pay the price on the window.

0:01:35.760 --> 0:01:36.400
<v Speaker 3>On the sticker.

0:01:37.040 --> 0:01:40.200
<v Speaker 2>Before long, the systems were back online, products were going

0:01:40.240 --> 0:01:42.920
<v Speaker 2>out the door again, and Curtis was helping the company recover.

0:01:43.480 --> 0:01:45.280
<v Speaker 2>But when he sat down with the companies see so,

0:01:45.760 --> 0:01:48.600
<v Speaker 2>he heard something that changed how he thought about the industry.

0:01:49.080 --> 0:01:52.120
<v Speaker 1>He said, Curtis, here's my biggest concern. We have been

0:01:52.160 --> 0:01:55.320
<v Speaker 1>the manufacturer of this particular product for almost one hundred years,

0:01:55.960 --> 0:01:58.320
<v Speaker 1>and the way that we manufacture this product and the

0:01:58.360 --> 0:02:01.920
<v Speaker 1>materials we use to manufacture this product are our trade secret.

0:02:03.240 --> 0:02:06.360
<v Speaker 1>I am concerned that that information has left the building,

0:02:07.120 --> 0:02:10.000
<v Speaker 1>and I won't know about that risk for some time

0:02:10.160 --> 0:02:13.160
<v Speaker 1>until a competitor of mine makes the exact same product

0:02:13.200 --> 0:02:19.400
<v Speaker 1>in five years from now and puts me out of business.

0:02:20.400 --> 0:02:25.600
<v Speaker 2>From Bloomberg Media Studios and Chrome Enterprise, this is Security Bookmarked.

0:02:28.240 --> 0:02:31.760
<v Speaker 2>I'm your host, Kate Fazzini. I've been a cybersecurity professional

0:02:31.840 --> 0:02:35.040
<v Speaker 2>and journalist for over twenty years, and on this podcast,

0:02:35.080 --> 0:02:38.560
<v Speaker 2>I'm talking with leaders in gaming, finance, and manufacturing about

0:02:38.560 --> 0:02:41.360
<v Speaker 2>what security looks like in a workplace that's moved to

0:02:41.440 --> 0:02:46.600
<v Speaker 2>the cloud. In twenty twenty three, ransomware attacks against manufacturers

0:02:46.600 --> 0:02:50.160
<v Speaker 2>and other industrial companies increased by fifty percent, and since

0:02:50.200 --> 0:02:55.760
<v Speaker 2>twenty nineteen, cybersecurity incidents targeting operational technology have risen exponentially.

0:02:57.320 --> 0:03:00.520
<v Speaker 2>So today I'm speaking with Curtis about why manufacturs are

0:03:00.520 --> 0:03:04.440
<v Speaker 2>facing more ransomware attacks than ever and how AI is

0:03:04.480 --> 0:03:08.280
<v Speaker 2>amplifying threats and offering new defenses for cybersecurity leaders.

0:03:08.560 --> 0:03:10.680
<v Speaker 1>I'm the founder of Group Sense, which is a digital

0:03:10.760 --> 0:03:14.560
<v Speaker 1>risk protection company. I'm also the lead ransomware negotiator at

0:03:14.560 --> 0:03:17.280
<v Speaker 1>group Sense, and I have about thirty years in what's

0:03:17.320 --> 0:03:18.760
<v Speaker 1>now just called cyber.

0:03:18.760 --> 0:03:21.600
<v Speaker 2>Then i'll chat with David Adrian security product manager for

0:03:21.720 --> 0:03:24.920
<v Speaker 2>Chrome about how a web focused strategy can help manufacturers

0:03:24.960 --> 0:03:33.720
<v Speaker 2>secure the connection between their IT and their OT. The

0:03:33.840 --> 0:03:37.320
<v Speaker 2>job title of ransomware negotiator is still fairly new, but

0:03:37.400 --> 0:03:40.080
<v Speaker 2>Curtis has been dealing with cyber attackers since the early

0:03:40.160 --> 0:03:43.360
<v Speaker 2>nineties when he worked on systems for an Internet service provider.

0:03:43.920 --> 0:03:46.720
<v Speaker 2>He's seen pretty much every kind of ransomware scenario you

0:03:46.720 --> 0:03:48.280
<v Speaker 2>could imagine.

0:03:47.760 --> 0:03:51.760
<v Speaker 1>Incidence where the victim has started the negotiation before we

0:03:51.840 --> 0:03:56.200
<v Speaker 1>showed up and has made some very very novice mistakes.

0:03:56.640 --> 0:03:58.120
<v Speaker 3>We've also had incidents.

0:03:57.680 --> 0:04:00.960
<v Speaker 1>Where we're in the middle of the negotiation and the

0:04:01.040 --> 0:04:03.440
<v Speaker 1>thread actors get back in and do more damage, where

0:04:03.520 --> 0:04:06.600
<v Speaker 1>there's some confidence from the victim that hey, we've got

0:04:06.600 --> 0:04:08.720
<v Speaker 1>the doors locked, they can't get back in, and they

0:04:08.720 --> 0:04:11.520
<v Speaker 1>were wrong about that, and that causes issues.

0:04:12.280 --> 0:04:15.520
<v Speaker 2>Going back to his ransomware story, Curtis couldn't reveal exactly

0:04:15.560 --> 0:04:17.600
<v Speaker 2>how the attacker got in, but he told me they

0:04:17.600 --> 0:04:19.080
<v Speaker 2>didn't have to be very creative.

0:04:19.400 --> 0:04:22.440
<v Speaker 1>One of the things that is frustrating for us is

0:04:22.480 --> 0:04:24.800
<v Speaker 1>that at the end of this we're taking stock on

0:04:24.839 --> 0:04:28.159
<v Speaker 1>how the thread actors gained access, and it can be

0:04:28.200 --> 0:04:33.440
<v Speaker 1>distilled down into like seven to eight sort of preventable things.

0:04:33.600 --> 0:04:37.400
<v Speaker 2>Strong passwords, multi factor authentication, staying on top of your

0:04:37.480 --> 0:04:41.200
<v Speaker 2>updates and patches, securing remote access. These are just a

0:04:41.200 --> 0:04:44.039
<v Speaker 2>few of the things Curtis considers low hanging fruit for

0:04:44.160 --> 0:04:45.440
<v Speaker 2>any company.

0:04:45.480 --> 0:04:47.880
<v Speaker 1>They're trying to gain access to your systems as cheaply

0:04:47.960 --> 0:04:51.160
<v Speaker 1>and as efficiently as possible, and so they're not buying

0:04:51.680 --> 0:04:53.680
<v Speaker 1>zero days on the dark web to break into your

0:04:54.279 --> 0:04:56.159
<v Speaker 1>to break into your network because they don't have to.

0:04:56.880 --> 0:05:00.279
<v Speaker 1>They can use some very simple mistakes and so fiber

0:05:00.360 --> 0:05:03.960
<v Speaker 1>hygiene or processes to gain access, and often that is

0:05:04.000 --> 0:05:05.839
<v Speaker 1>the case. It is something fairly simple to gain the

0:05:05.839 --> 0:05:08.679
<v Speaker 1>initial access, and then once they're in, they're very good

0:05:08.800 --> 0:05:10.600
<v Speaker 1>at expanding their access and pivoting.

0:05:11.320 --> 0:05:13.479
<v Speaker 2>Later in the episode, i'll chat with David Adriene at

0:05:13.520 --> 0:05:16.280
<v Speaker 2>Chrome about how a web focused strategy can secure that

0:05:16.320 --> 0:05:17.200
<v Speaker 2>point of access.

0:05:17.400 --> 0:05:18.640
<v Speaker 3>But first i'll hear.

0:05:18.600 --> 0:05:22.360
<v Speaker 2>More from Curtis about his experiences helping manufacturers recover from

0:05:22.440 --> 0:05:25.200
<v Speaker 2>ransomware attacks and what he sees in the near future

0:05:25.240 --> 0:05:26.679
<v Speaker 2>for enterprise cybersecurity.

0:05:29.440 --> 0:05:32.400
<v Speaker 1>You know, when you talk about partners or constituents who

0:05:33.000 --> 0:05:37.000
<v Speaker 1>lose confidence in the manufacturing and supply chain space, a

0:05:37.000 --> 0:05:41.520
<v Speaker 1>lot of these companies have a fairly robust supply chain

0:05:41.720 --> 0:05:46.000
<v Speaker 1>resiliency strategy, right, and if one of your manufacturers in

0:05:46.040 --> 0:05:50.880
<v Speaker 1>your supply chain stops producing, you've got a backup or

0:05:50.920 --> 0:05:54.000
<v Speaker 1>two or three, and you might not never ever go

0:05:54.120 --> 0:05:57.400
<v Speaker 1>back to that manufacturer. When I'm talking to companies about

0:05:57.400 --> 0:06:00.280
<v Speaker 1>how to prepare and respond to this in ants of

0:06:00.279 --> 0:06:03.880
<v Speaker 1>an attack, I tell them that when the dust settles

0:06:04.440 --> 0:06:08.000
<v Speaker 1>on an attack, you're going to need a tremendous amount

0:06:08.040 --> 0:06:11.599
<v Speaker 1>of goodwill from your community, and the quickest way to

0:06:11.680 --> 0:06:14.919
<v Speaker 1>make that go away is to lie to them or

0:06:15.000 --> 0:06:17.560
<v Speaker 1>make them think you're lying to them or withholding information.

0:06:17.880 --> 0:06:21.599
<v Speaker 1>And so their ability to address this quickly and also

0:06:22.000 --> 0:06:25.160
<v Speaker 1>communicate transparently is so important.

0:06:25.400 --> 0:06:27.880
<v Speaker 2>Yes, I am so kind. You're saying that I've seen

0:06:27.920 --> 0:06:31.480
<v Speaker 2>the communication piece goes so wrong, both as a practitioner

0:06:31.600 --> 0:06:34.240
<v Speaker 2>and then as a reporter, even though that doesn't have

0:06:34.320 --> 0:06:36.880
<v Speaker 2>to be the case. So thank you for emphasizing that. Now,

0:06:37.040 --> 0:06:39.400
<v Speaker 2>going back to the start of your ransomware story, I

0:06:39.440 --> 0:06:43.680
<v Speaker 2>want to ask something more simple. Why are manufacturers and

0:06:43.720 --> 0:06:47.880
<v Speaker 2>in particular, operating technology itself a target? To begin with?

0:06:48.200 --> 0:06:50.640
<v Speaker 1>Yeah, I think increasingly, like everywhere else in the world,

0:06:50.680 --> 0:06:54.680
<v Speaker 1>the devices and manufacturing are connected, and the reason why

0:06:54.720 --> 0:06:57.080
<v Speaker 1>we're connecting them is data. We want to manage them,

0:06:57.080 --> 0:06:59.200
<v Speaker 1>we want to optimize them, we want to look for

0:06:59.320 --> 0:07:01.960
<v Speaker 1>errors and mist and things like that. And so as

0:07:02.000 --> 0:07:08.360
<v Speaker 1>we've implemented technology to manage those manufacturing devices and connected

0:07:08.400 --> 0:07:12.640
<v Speaker 1>those systems to the network, we've introduced a new attack

0:07:13.000 --> 0:07:14.040
<v Speaker 1>vector for the bad guys.

0:07:14.240 --> 0:07:17.160
<v Speaker 2>And it's not just one attack vector, right, there's this

0:07:17.240 --> 0:07:20.320
<v Speaker 2>whole Internet of things now, lots of new devices attached

0:07:20.360 --> 0:07:20.920
<v Speaker 2>to the network.

0:07:20.960 --> 0:07:22.200
<v Speaker 3>They're all targets. Yeah.

0:07:22.240 --> 0:07:24.760
<v Speaker 1>So in a manufacturing environment that is dealing with something

0:07:24.760 --> 0:07:27.080
<v Speaker 1>that is sensitive to temperature control, the HVAC system is

0:07:27.160 --> 0:07:31.440
<v Speaker 1>very important. So the thread actors obviously have gotten better

0:07:31.480 --> 0:07:34.520
<v Speaker 1>at this. They know that impacting those devices and those

0:07:34.560 --> 0:07:39.920
<v Speaker 1>systems makes a bigger impact operationally. And so HVAC systems

0:07:40.000 --> 0:07:42.920
<v Speaker 1>and IP phone systems and product life cycle devices.

0:07:43.440 --> 0:07:44.760
<v Speaker 3>You lock one of those up.

0:07:44.720 --> 0:07:48.440
<v Speaker 1>In manufacturing stops, things stop getting built.

0:07:49.120 --> 0:07:52.000
<v Speaker 2>It's just devastating. And when you think about the kind

0:07:52.040 --> 0:07:55.480
<v Speaker 2>of leverage that an attacker can get when they deploy

0:07:55.560 --> 0:08:00.000
<v Speaker 2>ransomware on these operational devices, it's astonished.

0:08:00.560 --> 0:08:04.560
<v Speaker 1>Yeah, I mean, the thread actors have gotten better at

0:08:05.280 --> 0:08:11.360
<v Speaker 1>learning how to disrupt our businesses and ot or ICs

0:08:11.360 --> 0:08:15.200
<v Speaker 1>devices industrial control devices. They are computers, they are running

0:08:15.200 --> 0:08:19.200
<v Speaker 1>an operating system. It is typically not a normal operating system,

0:08:19.360 --> 0:08:22.800
<v Speaker 1>and so one of the challenges for organizations is how

0:08:22.840 --> 0:08:26.600
<v Speaker 1>do you secure those And on top of that, those

0:08:26.720 --> 0:08:31.400
<v Speaker 1>devices are often not managed by the IT staff or

0:08:31.440 --> 0:08:35.240
<v Speaker 1>even the organization itself. Sometimes whoever's making these devices have

0:08:35.559 --> 0:08:39.040
<v Speaker 1>a maintenance contract to manage those devices inside the network.

0:08:39.240 --> 0:08:42.080
<v Speaker 1>So you've got a third party who's responsible for keeping

0:08:42.080 --> 0:08:44.640
<v Speaker 1>that device up to date and secure, et cetera. And

0:08:44.640 --> 0:08:46.520
<v Speaker 1>then you've got an IT staff who's responsible for the

0:08:46.520 --> 0:08:51.280
<v Speaker 1>overall organization. And it makes for an interesting dynamic that

0:08:51.320 --> 0:08:54.400
<v Speaker 1>creates a sort of a paradox for the IT security

0:08:54.440 --> 0:08:57.400
<v Speaker 1>folks in those organizations as far as protecting those devices,

0:08:57.440 --> 0:09:00.640
<v Speaker 1>and they are connected, so that connected he needs to

0:09:00.640 --> 0:09:04.880
<v Speaker 1>be closely monitored and managed and also be minimalistic, so

0:09:04.920 --> 0:09:07.480
<v Speaker 1>it only the things that need to talk need to talk,

0:09:07.520 --> 0:09:10.080
<v Speaker 1>and that is it right, and keep it very very tight.

0:09:10.360 --> 0:09:13.000
<v Speaker 2>That's great advice, Thank you so much, Curtis. Now you're

0:09:13.040 --> 0:09:16.200
<v Speaker 2>constantly reminding business leaders that they don't want to have

0:09:16.280 --> 0:09:18.800
<v Speaker 2>low hanging fruit, that attackers have plenty of old tricks

0:09:18.840 --> 0:09:21.120
<v Speaker 2>that still work so, and I know you also do

0:09:21.160 --> 0:09:23.960
<v Speaker 2>reconnaissance on thread actors. So looking to the future, do

0:09:24.040 --> 0:09:27.120
<v Speaker 2>you see it change happening in the way cyber attackers

0:09:27.160 --> 0:09:28.760
<v Speaker 2>are approaching their attacks?

0:09:29.000 --> 0:09:31.440
<v Speaker 1>You know, I think having done quite a bit analysis

0:09:31.480 --> 0:09:33.640
<v Speaker 1>on this, and my core company does a lot of

0:09:33.679 --> 0:09:37.880
<v Speaker 1>work around intelligence, I think right now our biggest concern

0:09:38.320 --> 0:09:43.360
<v Speaker 1>is synthetic content. So the phishing campaigns are more effective,

0:09:43.480 --> 0:09:46.079
<v Speaker 1>the landing pages that they send you to to carvesture

0:09:46.120 --> 0:09:48.640
<v Speaker 1>credentials are more real. I'll just give you a quick

0:09:48.679 --> 0:09:51.520
<v Speaker 1>example of one of those. The thread actors will go

0:09:51.640 --> 0:09:55.000
<v Speaker 1>to your management page of your company and they'll pick

0:09:55.040 --> 0:09:57.280
<v Speaker 1>out all the names of your board members, and then

0:09:57.320 --> 0:10:00.880
<v Speaker 1>they will have AI generate a fake email threat between

0:10:00.920 --> 0:10:04.439
<v Speaker 1>those people on a particular topic, and it looks very

0:10:04.559 --> 0:10:05.000
<v Speaker 1>very real.

0:10:05.160 --> 0:10:07.040
<v Speaker 2>Okay, that's a new one. That's new. I haven't heard

0:10:07.080 --> 0:10:07.480
<v Speaker 2>that before.

0:10:07.600 --> 0:10:10.360
<v Speaker 1>Yeah, you're a mid level finance person and then suddenly

0:10:10.400 --> 0:10:13.720
<v Speaker 1>you're looped in on this email thread by a board

0:10:13.760 --> 0:10:16.840
<v Speaker 1>member and they say, hey, we need you to do this,

0:10:17.080 --> 0:10:20.240
<v Speaker 1>and you scroll back and you look at Oh my gosh,

0:10:20.280 --> 0:10:23.720
<v Speaker 1>it's the board they need you know, I feel important.

0:10:23.760 --> 0:10:25.120
<v Speaker 1>I'm going to do this thing right away. I'm not

0:10:25.120 --> 0:10:27.800
<v Speaker 1>going to ask any questions. We've seen evidence of that,

0:10:27.880 --> 0:10:29.959
<v Speaker 1>and the AI makes that very easy for the bad

0:10:30.000 --> 0:10:31.960
<v Speaker 1>guys to do, to create the sort of synthetic content

0:10:32.000 --> 0:10:34.320
<v Speaker 1>that looks very very real to the average person and

0:10:34.400 --> 0:10:36.760
<v Speaker 1>create sort of a social pressure in the email chains

0:10:36.800 --> 0:10:38.679
<v Speaker 1>and things like that. And I say that in lieu

0:10:38.760 --> 0:10:42.040
<v Speaker 1>of are the bad guys using AI to write custom malware?

0:10:42.080 --> 0:10:44.840
<v Speaker 1>Not yet, we haven't seen any in the wild yet,

0:10:44.880 --> 0:10:48.160
<v Speaker 1>but it is plausible that AI can write, you know,

0:10:48.400 --> 0:10:51.800
<v Speaker 1>polymorphic malware for bad guys. But primarily they're not doing

0:10:51.880 --> 0:10:52.800
<v Speaker 1>that because they don't have.

0:10:52.760 --> 0:10:55.120
<v Speaker 2>To exactly, it's just totally unnecessary.

0:10:55.240 --> 0:10:57.840
<v Speaker 1>Yeah, they're running a business, and this is it's just

0:10:57.880 --> 0:11:00.280
<v Speaker 1>easier to trick you into giving your credentials or wiring money.

0:11:00.280 --> 0:11:02.040
<v Speaker 3>That's easier and cheaper for them.

0:11:02.160 --> 0:11:04.600
<v Speaker 1>Where I do think AI will play a risk, if

0:11:04.679 --> 0:11:08.720
<v Speaker 1>it hasn't already, is the volumes and volumes and volumes

0:11:08.720 --> 0:11:11.440
<v Speaker 1>of data that have been collected, you know, prior to

0:11:11.760 --> 0:11:15.480
<v Speaker 1>generative AI, finding the needle in the proverbial haystack in

0:11:15.520 --> 0:11:20.120
<v Speaker 1>that data was difficult and time consuming. So in some

0:11:20.160 --> 0:11:22.319
<v Speaker 1>ways we were sort of protected by the fact that

0:11:22.400 --> 0:11:26.680
<v Speaker 1>they have too much data right, But now AI, they

0:11:26.720 --> 0:11:28.319
<v Speaker 1>can train a model in AI and say this is

0:11:28.360 --> 0:11:30.760
<v Speaker 1>the kind of information that I'm looking for in this haystack,

0:11:31.040 --> 0:11:32.960
<v Speaker 1>and it will go find it for them in seconds.

0:11:33.400 --> 0:11:36.160
<v Speaker 3>And that is dangerous. Now on the.

0:11:36.160 --> 0:11:39.240
<v Speaker 1>Flip side, you could say the same On the defense,

0:11:39.559 --> 0:11:42.520
<v Speaker 1>one of the biggest challenges the security teams have is

0:11:42.600 --> 0:11:43.360
<v Speaker 1>log data.

0:11:43.480 --> 0:11:46.400
<v Speaker 3>It's just huge. They can find they're finding a needle

0:11:46.400 --> 0:11:47.200
<v Speaker 3>in a haystack too.

0:11:47.840 --> 0:11:50.160
<v Speaker 1>AI can also help with that, right, AI can help

0:11:50.200 --> 0:11:51.920
<v Speaker 1>them find the bad guys quicker.

0:11:52.280 --> 0:11:56.000
<v Speaker 2>So I'm just thinking that what we know about technology

0:11:56.120 --> 0:11:59.000
<v Speaker 2>and how it's always part of this race between attackers

0:11:59.000 --> 0:12:01.760
<v Speaker 2>and their targets, what do you say to CISOs who

0:12:01.760 --> 0:12:04.960
<v Speaker 2>maybe feel like they're losing this race, especially when it

0:12:05.000 --> 0:12:07.960
<v Speaker 2>comes to AI, or maybe to put this another way,

0:12:08.840 --> 0:12:11.600
<v Speaker 2>we often know the first steps in attacker will take

0:12:11.840 --> 0:12:14.920
<v Speaker 2>to compromise your business. What's the first step a cybersecurity

0:12:14.960 --> 0:12:17.760
<v Speaker 2>leader needs to take so their operation can stand up

0:12:17.760 --> 0:12:18.280
<v Speaker 2>to that risk.

0:12:18.520 --> 0:12:23.160
<v Speaker 1>Yeah, So cyber risk, in mitigating cyber risk is a

0:12:23.200 --> 0:12:27.000
<v Speaker 1>top down thing for organizations. I think that it does

0:12:27.040 --> 0:12:32.040
<v Speaker 1>start with culture and education for the greater staff. That

0:12:32.280 --> 0:12:36.120
<v Speaker 1>is step one is understanding that you know cybersecurity is

0:12:36.160 --> 0:12:39.800
<v Speaker 1>not an overhead. It is a fundamental operational part of

0:12:39.840 --> 0:12:43.680
<v Speaker 1>the business. When we start talking about how to mitigate

0:12:43.720 --> 0:12:46.520
<v Speaker 1>these risks, there's this very well known set of cyber

0:12:46.600 --> 0:12:49.360
<v Speaker 1>risk practices that all companies should use. That said, you

0:12:49.440 --> 0:12:52.280
<v Speaker 1>should also assume that that's not always going to work.

0:12:52.520 --> 0:12:56.520
<v Speaker 1>What organizations can do, and manufacturers specifically can do, is

0:12:56.679 --> 0:13:01.720
<v Speaker 1>put in place a response in mitigations strategy that contains

0:13:01.800 --> 0:13:03.199
<v Speaker 1>these things quickly.

0:13:07.440 --> 0:13:10.480
<v Speaker 2>The AI assisted phishing emails that Curtis told me about,

0:13:10.720 --> 0:13:14.559
<v Speaker 2>the warning that attackers will eventually breach your perimeter, these

0:13:14.640 --> 0:13:17.080
<v Speaker 2>reminded me that the first step of so many cyber

0:13:17.120 --> 0:13:19.640
<v Speaker 2>attacks is using your own accounts against you.

0:13:20.240 --> 0:13:22.840
<v Speaker 4>Step one is like, if an employee doesn't have access

0:13:22.880 --> 0:13:26.679
<v Speaker 4>to something, they can't leak it right, whether intentionally or

0:13:26.800 --> 0:13:29.920
<v Speaker 4>because their account was taken over by an attacker or otherwise,

0:13:30.000 --> 0:13:32.800
<v Speaker 4>so strong access control sort of limits the problem down.

0:13:33.080 --> 0:13:35.640
<v Speaker 2>That's David Adrian and the security product manager for Chrome.

0:13:36.480 --> 0:13:39.120
<v Speaker 2>When I brought up the equipment that attackers can target

0:13:39.240 --> 0:13:42.280
<v Speaker 2>after they gain account access, David took a step back

0:13:42.320 --> 0:13:45.200
<v Speaker 2>and looked at the overall posture. He explained how the

0:13:45.240 --> 0:13:48.680
<v Speaker 2>network connections that make them vulnerable could be transformed into

0:13:48.720 --> 0:13:49.640
<v Speaker 2>points of defense.

0:13:50.520 --> 0:13:53.920
<v Speaker 4>I saw some research recently about we'll call it industrial

0:13:53.920 --> 0:13:58.319
<v Speaker 4>control systems or ICs systems, these sort of factory floor

0:13:58.520 --> 0:14:02.440
<v Speaker 4>management systems, and it was saying that the core sort

0:14:02.480 --> 0:14:05.880
<v Speaker 4>of ICs protocols, you weren't really seeing them online as

0:14:05.920 --> 0:14:08.880
<v Speaker 4>much anymore, which is good because these protocols don't really

0:14:08.880 --> 0:14:12.040
<v Speaker 4>have any security in them, but they do expose a

0:14:12.040 --> 0:14:18.680
<v Speaker 4>web interface HTTP configuration pages for this equipment for managing

0:14:18.720 --> 0:14:23.240
<v Speaker 4>factories or other industrial control systems or other manufacturing processes.

0:14:23.520 --> 0:14:28.040
<v Speaker 4>It's bad if these administration pages are accessible, but it's

0:14:28.080 --> 0:14:30.560
<v Speaker 4>good because it kind of shapes the problem from how

0:14:30.600 --> 0:14:34.680
<v Speaker 4>do I secure this old protocol that wasn't built for security,

0:14:34.800 --> 0:14:38.680
<v Speaker 4>that's confusing, that's used for somewhat niche applications for like

0:14:39.280 --> 0:14:42.600
<v Speaker 4>managing centrifuges or whatever it is that you're using in

0:14:42.600 --> 0:14:45.720
<v Speaker 4>your manufacturing process, And instead it just boils down to

0:14:46.320 --> 0:14:50.080
<v Speaker 4>limiting access to websites on the front end and then

0:14:50.240 --> 0:14:53.400
<v Speaker 4>sort of strong network segmentation on the backside. And then

0:14:53.400 --> 0:14:56.320
<v Speaker 4>you can build access controls on top of a system

0:14:56.320 --> 0:14:58.200
<v Speaker 4>that was never built for this in the first place,

0:14:58.560 --> 0:15:00.680
<v Speaker 4>right by just routing all of the traffic and all

0:15:00.720 --> 0:15:03.160
<v Speaker 4>of that access through an enterprise browser.

0:15:03.600 --> 0:15:06.600
<v Speaker 2>I think if you were talking ten years ago, you

0:15:06.680 --> 0:15:09.120
<v Speaker 2>might say you wanted the OT and IT systems to

0:15:09.200 --> 0:15:12.520
<v Speaker 2>be not connected at all, or that you would want

0:15:12.560 --> 0:15:15.280
<v Speaker 2>an OT system never to connect to the Internet. Talk

0:15:15.320 --> 0:15:17.760
<v Speaker 2>to me a little bit about why, with the way

0:15:17.760 --> 0:15:20.000
<v Speaker 2>that we work today, that's not as realistic.

0:15:20.520 --> 0:15:24.200
<v Speaker 4>Yeah, air gappening sounds nice in practice, but in reality,

0:15:24.480 --> 0:15:27.600
<v Speaker 4>systems end up needing to be connected directly to the

0:15:27.640 --> 0:15:29.760
<v Speaker 4>Internet or to some other network that is then connected

0:15:29.800 --> 0:15:32.000
<v Speaker 4>to the Internet, and so it makes way more sense

0:15:32.040 --> 0:15:35.120
<v Speaker 4>to adopt these sort of zero trust approaches where each

0:15:35.200 --> 0:15:39.000
<v Speaker 4>device is behind its own sort of authentication proxy, and

0:15:39.000 --> 0:15:42.000
<v Speaker 4>then you access the configuration pages through the web browser,

0:15:42.000 --> 0:15:44.640
<v Speaker 4>through the enterprise browser, and you leverage everything that's built

0:15:44.680 --> 0:15:47.320
<v Speaker 4>into the enterprise browser, and then you can do that

0:15:47.840 --> 0:15:51.120
<v Speaker 4>without any of these devices actually needed to be updated

0:15:51.160 --> 0:15:54.760
<v Speaker 4>to understand all of these sort of modern authentication and

0:15:54.840 --> 0:15:56.400
<v Speaker 4>device authentication protocols.

0:15:56.720 --> 0:15:59.200
<v Speaker 2>That's the point that I think is really important because

0:15:59.720 --> 0:16:03.200
<v Speaker 2>it's many conversations about OT developments while you can't keep

0:16:03.320 --> 0:16:06.240
<v Speaker 2>updating all of these different operating systems all of the time,

0:16:06.280 --> 0:16:07.920
<v Speaker 2>and you know it's just never going to get better.

0:16:07.960 --> 0:16:11.280
<v Speaker 2>But then another layer of security on top is what's helpful.

0:16:11.480 --> 0:16:15.240
<v Speaker 4>Absolutely or alternatively, if you somehow made a mistake and

0:16:15.320 --> 0:16:17.960
<v Speaker 4>there is a way to access sort of the configuration

0:16:18.040 --> 0:16:20.280
<v Speaker 4>or the management of some ot device that doesn't go

0:16:20.320 --> 0:16:22.440
<v Speaker 4>through the browser, then hopefully that's a lot more obvious

0:16:22.480 --> 0:16:25.720
<v Speaker 4>than the sign of like immediate concern because commands are

0:16:25.760 --> 0:16:29.640
<v Speaker 4>getting sent or configuration is being pushed to some device

0:16:29.680 --> 0:16:33.440
<v Speaker 4>on the manufacturing floor and isn't corresponding with some sort

0:16:33.480 --> 0:16:36.440
<v Speaker 4>of known employee log in, like this is a red flag, and.

0:16:36.400 --> 0:16:38.080
<v Speaker 2>It's an instantaneous red flag too.

0:16:38.280 --> 0:16:41.720
<v Speaker 4>Absolutely, So one thing you get from Chrome Enterprise is

0:16:41.920 --> 0:16:44.920
<v Speaker 4>sort of real time reporting and analytics of what all

0:16:44.960 --> 0:16:47.520
<v Speaker 4>of your users are doing. And if you have strong

0:16:47.560 --> 0:16:51.240
<v Speaker 4>authentication of all of your users, you know they're your employees.

0:16:51.360 --> 0:16:54.400
<v Speaker 4>Then if you have you know, corresponding visibility on the

0:16:54.440 --> 0:16:57.880
<v Speaker 4>say factory floor manufacturing floor that isn't aligned with what

0:16:57.920 --> 0:17:00.840
<v Speaker 4>you're seeing out of the Chrome braan houser, then you know, well,

0:17:00.880 --> 0:17:04.320
<v Speaker 4>something is wrong. Something is accessing something on the manufacturing

0:17:04.320 --> 0:17:06.960
<v Speaker 4>floor and is not going through one of my managed browsers,

0:17:07.000 --> 0:17:08.439
<v Speaker 4>and that's an immediate red flag.

0:17:08.960 --> 0:17:13.080
<v Speaker 2>So David, just looking forward as technology improves, we've seen

0:17:13.119 --> 0:17:16.600
<v Speaker 2>a lot of new approaches by attackers using that technology

0:17:16.600 --> 0:17:20.600
<v Speaker 2>and making it more sophisticated, so particularly attackers using AI

0:17:20.720 --> 0:17:23.800
<v Speaker 2>to their advantage. One example, which I had never heard

0:17:23.800 --> 0:17:27.600
<v Speaker 2>before was an attacker using generative AI to create a

0:17:27.680 --> 0:17:31.439
<v Speaker 2>very realistic email chain that included basically spoofs of the

0:17:31.480 --> 0:17:34.760
<v Speaker 2>target's bosses and even board members, and then after that

0:17:34.760 --> 0:17:37.280
<v Speaker 2>they looped the target into the email.

0:17:37.960 --> 0:17:40.120
<v Speaker 4>In this type of situation, with this sort of AI

0:17:40.200 --> 0:17:42.960
<v Speaker 4>phishing email, it sounds more like they're trying to trick

0:17:43.000 --> 0:17:45.199
<v Speaker 4>the user to go to a legitimate site and do

0:17:45.280 --> 0:17:47.399
<v Speaker 4>the wrong thing. And I think the best way to

0:17:47.440 --> 0:17:50.080
<v Speaker 4>defend against that is to make sure that your organization

0:17:50.640 --> 0:17:55.200
<v Speaker 4>has processes in place for doing things that are sensitive.

0:17:55.400 --> 0:17:57.639
<v Speaker 4>And then once you have those sort of processes in place,

0:17:57.720 --> 0:18:00.600
<v Speaker 4>these sort of steps in your workflow that get pushed

0:18:01.000 --> 0:18:03.119
<v Speaker 4>to some sort of application in the browser is then

0:18:03.160 --> 0:18:06.919
<v Speaker 4>another opportunity to have someone else verify that yes, this

0:18:07.000 --> 0:18:10.800
<v Speaker 4>is actually the business process we expected. And so as

0:18:10.840 --> 0:18:14.320
<v Speaker 4>you start to route these business processes through web apps

0:18:14.440 --> 0:18:17.800
<v Speaker 4>through the browser, then every single step in the process

0:18:17.800 --> 0:18:19.840
<v Speaker 4>where you do that is a step where you can

0:18:20.160 --> 0:18:22.360
<v Speaker 4>secure it in the sense that you can make sure

0:18:22.400 --> 0:18:25.440
<v Speaker 4>that the people participating in it are actually your employees

0:18:25.480 --> 0:18:29.000
<v Speaker 4>and give more people an opportunity to identify when something

0:18:29.080 --> 0:18:29.720
<v Speaker 4>is going wrong.

0:18:30.119 --> 0:18:32.040
<v Speaker 2>This is a really cool way of looking at it too,

0:18:32.080 --> 0:18:34.880
<v Speaker 2>I think from a security person's point of view, where

0:18:35.320 --> 0:18:38.640
<v Speaker 2>you have this visibility now that we didn't have before.

0:18:39.119 --> 0:18:42.040
<v Speaker 2>You can see each step of a compromise or each

0:18:42.040 --> 0:18:45.800
<v Speaker 2>step of an attempted breach. Now you can also see

0:18:45.880 --> 0:18:49.600
<v Speaker 2>each step of the pre breach, the pre boom scenario

0:18:50.080 --> 0:18:52.760
<v Speaker 2>in a way that's really systematic. That's actually really exciting.

0:18:52.880 --> 0:18:55.880
<v Speaker 4>Yeah, in the modern web based workplace that we've all

0:18:55.920 --> 0:18:59.280
<v Speaker 4>become accustomed to, there's a ton of opportunities to solve

0:18:59.400 --> 0:19:03.560
<v Speaker 4>enterprise caity problems that have plagued companies for years. Using

0:19:03.560 --> 0:19:06.200
<v Speaker 4>a managed browser like Chrome enterprise can be a critical

0:19:06.200 --> 0:19:09.600
<v Speaker 4>component of these solutions. But I think we're really understanding

0:19:09.600 --> 0:19:12.520
<v Speaker 4>that there's a leadership aspect to cybersecurity that's absolutely critical

0:19:12.560 --> 0:19:15.399
<v Speaker 4>as well. So I hope that we've been able to

0:19:15.400 --> 0:19:18.320
<v Speaker 4>help leaders understand the direction that cybersecurity is headed in

0:19:18.840 --> 0:19:21.760
<v Speaker 4>and demonstrate how much companies can benefit from setting up

0:19:21.760 --> 0:19:24.040
<v Speaker 4>their teams with protections that take into account the way

0:19:24.040 --> 0:19:25.400
<v Speaker 4>that we all work on the web.

0:19:28.119 --> 0:19:30.920
<v Speaker 2>To learn more about how the most trusted enterprise browser

0:19:31.000 --> 0:19:35.400
<v Speaker 2>can help protect your organization, visit Chrome Enterprise dot Google.

0:19:36.680 --> 0:19:37.160
<v Speaker 3>Security.

0:19:37.160 --> 0:19:40.920
<v Speaker 2>Bookmark does a podcast from Bloomberg Media Studios and Chrome Enterprise.

0:19:41.280 --> 0:19:44.280
<v Speaker 2>Check out our other episodes about cybersecurity and finance and

0:19:44.320 --> 0:19:49.160
<v Speaker 2>gaming in your podcast app. I'm Kate Fazzini. Thanks for listening.