WEBVTT - F5 Offering Protection from Threat Actors

0:00:00.120 --> 0:00:03.920
<v Speaker 1>These sees Bloomberg Business Week with Carol Massier and Tim

0:00:03.960 --> 0:00:08.560
<v Speaker 1>Stentovic on Bloomberg Radio. One of the great growth stories

0:00:08.600 --> 0:00:11.399
<v Speaker 1>I think for the next decade twenty years. If I

0:00:11.440 --> 0:00:14.640
<v Speaker 1>was you know, I gave my kids advice go into cybersecurity.

0:00:14.680 --> 0:00:18.240
<v Speaker 1>Other than trust your gut, trust your gut, go into cybersecurity.

0:00:18.239 --> 0:00:20.960
<v Speaker 1>It's it's like the plastics of the nine sixties. And

0:00:21.200 --> 0:00:24.040
<v Speaker 1>explain that reference to deal later. Kara Sprague, executive vice

0:00:24.040 --> 0:00:27.520
<v Speaker 1>president and chief product officer, she's into cybersecurity. The firm

0:00:27.600 --> 0:00:32.280
<v Speaker 1>is F five. She joined us on Zoom from Seattle. Uh, Karen,

0:00:32.320 --> 0:00:35.400
<v Speaker 1>give us an overview of kind of from your perspective

0:00:35.400 --> 0:00:38.360
<v Speaker 1>at F five. How are how is corporate America? How

0:00:38.360 --> 0:00:43.520
<v Speaker 1>are global corporations dealing with cyber security these days? Um,

0:00:43.560 --> 0:00:45.560
<v Speaker 1>it just seems like because of the pandemic, maybe even

0:00:45.600 --> 0:00:48.239
<v Speaker 1>more so, we put even more and more data and

0:00:48.320 --> 0:00:53.199
<v Speaker 1>applications into the cloud. Absolutely, and thanks for having me on.

0:00:53.880 --> 0:00:56.520
<v Speaker 1>What we have seen over the past several decades is

0:00:56.600 --> 0:01:00.360
<v Speaker 1>just an increasing reliance of organizations on their digital verses

0:01:00.440 --> 0:01:04.080
<v Speaker 1>and applications. And so what you see today is most

0:01:04.120 --> 0:01:07.160
<v Speaker 1>companies their their fundamental business processes, the way that they

0:01:07.200 --> 0:01:09.920
<v Speaker 1>engage with their employees, the way they engage with their customers.

0:01:10.200 --> 0:01:12.760
<v Speaker 1>Those they are all facilitated by some sort of digital

0:01:12.800 --> 0:01:17.280
<v Speaker 1>service or application, and the landscaper cybersecurity just continues to

0:01:17.319 --> 0:01:20.200
<v Speaker 1>grow more complex. And so the reality is with this

0:01:20.640 --> 0:01:24.280
<v Speaker 1>increasing dependence on applications and on digital services and the

0:01:24.280 --> 0:01:28.400
<v Speaker 1>increasing sophistication and breaths of threat actors, it's becoming a

0:01:28.480 --> 0:01:32.080
<v Speaker 1>very dangerous world out there. Let's talk about those threat

0:01:32.080 --> 0:01:36.000
<v Speaker 1>actors in this dangerous digital world, because it seems like,

0:01:36.120 --> 0:01:38.560
<v Speaker 1>I mean, there's been so many stories of the past

0:01:38.600 --> 0:01:41.360
<v Speaker 1>few years, but a big story of the past few

0:01:41.440 --> 0:01:44.440
<v Speaker 1>years is just how many cyber attacks there were, and

0:01:44.480 --> 0:01:47.800
<v Speaker 1>it was really spread out very broadly when you think

0:01:47.800 --> 0:01:50.600
<v Speaker 1>about some of the pipelines and of the other attacks

0:01:50.640 --> 0:01:53.080
<v Speaker 1>that happened. I mean, is that the future that we're

0:01:53.080 --> 0:01:55.960
<v Speaker 1>heading into is should that be something that you know,

0:01:56.320 --> 0:02:00.920
<v Speaker 1>the average person should expect to see? Absolutely? And I

0:02:00.960 --> 0:02:03.800
<v Speaker 1>think that future is is here today. Um, maybe it

0:02:03.840 --> 0:02:06.000
<v Speaker 1>helps to think about some of these attacks in a

0:02:06.040 --> 0:02:09.680
<v Speaker 1>few categories. We hear a lot about data breaches in

0:02:09.840 --> 0:02:12.560
<v Speaker 1>the last year. Alan what we would say is that

0:02:12.600 --> 0:02:16.760
<v Speaker 1>inadequate cyber security has resulted in almost two billion users

0:02:16.800 --> 0:02:20.919
<v Speaker 1>passwords and and credentials falling into the hands of cyber criminals. UM.

0:02:21.000 --> 0:02:23.280
<v Speaker 1>Just one example I would point to there was a

0:02:23.400 --> 0:02:27.040
<v Speaker 1>very material breach at a service provider in Australia just

0:02:27.080 --> 0:02:30.079
<v Speaker 1>a few months ago in which ten million customer records

0:02:30.440 --> 0:02:33.120
<v Speaker 1>and not to open a bank account were taken and

0:02:33.200 --> 0:02:36.919
<v Speaker 1>exceltrated through an API that was just not protected. UM.

0:02:36.960 --> 0:02:39.400
<v Speaker 1>And so that speaks to why API security has become

0:02:39.440 --> 0:02:42.840
<v Speaker 1>such an important topic. Another category of cyber threats we

0:02:42.840 --> 0:02:45.760
<v Speaker 1>see are these bots UM. And so anybody who's who's

0:02:45.840 --> 0:02:48.560
<v Speaker 1>really really excited like I am for the upcoming Taylor

0:02:48.600 --> 0:02:51.880
<v Speaker 1>Swift tour UM is going to know that it was very,

0:02:52.000 --> 0:02:55.120
<v Speaker 1>very difficult to get tickets UM, largely because there's all

0:02:55.160 --> 0:02:59.560
<v Speaker 1>this automation which was pounding Ticketmaster in order to secure

0:02:59.680 --> 0:03:01.880
<v Speaker 1>those hits on their own and then be able to

0:03:01.919 --> 0:03:04.680
<v Speaker 1>resell them in the in the gray market. UH. And

0:03:04.720 --> 0:03:07.320
<v Speaker 1>so boss is another major threat, and that affects everything

0:03:07.360 --> 0:03:10.400
<v Speaker 1>from the sneakers that your kids might be trying to buy,

0:03:10.960 --> 0:03:15.959
<v Speaker 1>UH to UH, you know, stuffing fraudulent credentials into various

0:03:16.040 --> 0:03:18.799
<v Speaker 1>UM places to try and figure out and break into

0:03:18.800 --> 0:03:21.640
<v Speaker 1>those accounts. UH. If you have a loyalty card or

0:03:21.680 --> 0:03:25.120
<v Speaker 1>any other kind of thing that transacts financial information oftentimes

0:03:25.200 --> 0:03:28.239
<v Speaker 1>boss or material problem there. And then the third category

0:03:28.240 --> 0:03:29.840
<v Speaker 1>I would points to and it's one Katie that you

0:03:29.840 --> 0:03:32.640
<v Speaker 1>you brought up is ransomware. UM. That was that was

0:03:32.680 --> 0:03:35.760
<v Speaker 1>the issue at Colonial Pipeline. And what we see is

0:03:35.800 --> 0:03:38.640
<v Speaker 1>that if cyber criminals get access to a network, they

0:03:38.640 --> 0:03:43.200
<v Speaker 1>can install malware which allows them to uh take data

0:03:43.400 --> 0:03:45.880
<v Speaker 1>and then encrypt that data and then hold that data

0:03:45.960 --> 0:03:49.560
<v Speaker 1>for ransom uh forcing organizations to to pay them money

0:03:49.680 --> 0:03:52.640
<v Speaker 1>in order to get the data back. And that affects

0:03:52.640 --> 0:03:55.240
<v Speaker 1>a large number of organizations. We saw a lot of them,

0:03:55.640 --> 0:03:58.280
<v Speaker 1>even going after hospitals in the past year. UH. And

0:03:58.320 --> 0:04:00.680
<v Speaker 1>there was a recent example in a lay at a

0:04:00.760 --> 0:04:04.360
<v Speaker 1>school where that the data from from students and parents

0:04:04.400 --> 0:04:07.440
<v Speaker 1>was taken and that was particularly sad for me because

0:04:07.440 --> 0:04:10.320
<v Speaker 1>what happened there was the hacker group eventually released that

0:04:10.360 --> 0:04:12.760
<v Speaker 1>information on the employees and students, and for the children

0:04:12.800 --> 0:04:14.560
<v Speaker 1>at least, it's going to be many years before they

0:04:14.600 --> 0:04:17.359
<v Speaker 1>realized that many elements that are core to their digital

0:04:17.400 --> 0:04:19.640
<v Speaker 1>identity have been out there on the open Internet for

0:04:19.680 --> 0:04:23.839
<v Speaker 1>a long time. So, Karen, maybe I'm just glass half

0:04:24.040 --> 0:04:27.160
<v Speaker 1>empty on this one. I just feel like it's this

0:04:27.320 --> 0:04:31.640
<v Speaker 1>cybersecurity is is something that we as a society will

0:04:31.720 --> 0:04:35.200
<v Speaker 1>never get ahead of. We will always be playing ketchup,

0:04:35.279 --> 0:04:38.719
<v Speaker 1>we will always be plugging holes. Uh in in the damn?

0:04:39.760 --> 0:04:43.120
<v Speaker 1>Is that the right way to look at it? Uh? Well,

0:04:43.160 --> 0:04:46.120
<v Speaker 1>I think it will require constant vigilance and it requires

0:04:46.200 --> 0:04:48.880
<v Speaker 1>us to consistently raise our game. But I mean, if

0:04:48.920 --> 0:04:50.920
<v Speaker 1>you if you look at uh an analogy I sometimes

0:04:50.920 --> 0:04:55.640
<v Speaker 1>think about is when broadly we adopted bar soak right,

0:04:56.080 --> 0:04:59.360
<v Speaker 1>that immediately wiped out a large amount of the spread

0:04:59.360 --> 0:05:02.480
<v Speaker 1>of disease, and we put in place other practices around

0:05:02.520 --> 0:05:04.719
<v Speaker 1>you know, don't mix your drinking water with your with

0:05:04.800 --> 0:05:07.880
<v Speaker 1>your stewage water. That was another practice that wiped out

0:05:07.920 --> 0:05:12.080
<v Speaker 1>a whole bunch of pestilence and help communities stay stay healthier.

0:05:12.560 --> 0:05:14.880
<v Speaker 1>And so if we think about cybersecurity in a similar way,

0:05:14.920 --> 0:05:17.479
<v Speaker 1>there's just some standard practices that we can all start

0:05:17.480 --> 0:05:20.320
<v Speaker 1>adopting that I think will make in general, the digital

0:05:20.320 --> 0:05:23.960
<v Speaker 1>world a much safer place. Is there a sense that

0:05:24.839 --> 0:05:29.919
<v Speaker 1>at the board level that you know, companies really have

0:05:30.040 --> 0:05:35.800
<v Speaker 1>an appropriate appreciation for the investment required to ensure data

0:05:35.880 --> 0:05:41.560
<v Speaker 1>security on an ongoing basis, I would say increasingly, so

0:05:41.920 --> 0:05:44.480
<v Speaker 1>it's probably um I would expect that it is not

0:05:44.880 --> 0:05:49.440
<v Speaker 1>uh uniform uniformly understood, but increasingly it is very much

0:05:49.440 --> 0:05:53.520
<v Speaker 1>a board level topic, and and board members will prioritize

0:05:53.880 --> 0:05:57.760
<v Speaker 1>ensuring that companies are protected from from ransomware type attacks,

0:05:58.600 --> 0:06:01.760
<v Speaker 1>making sure that they can recover their operations and their

0:06:01.760 --> 0:06:06.000
<v Speaker 1>operational environments even if a ransomware attack hits them, Ensuring

0:06:06.040 --> 0:06:09.160
<v Speaker 1>that they have the right tools in place to detect

0:06:09.320 --> 0:06:12.360
<v Speaker 1>data breaches and also remediate them. And then in the

0:06:12.440 --> 0:06:15.240
<v Speaker 1>case of bots, there's technology out there that can solve

0:06:15.680 --> 0:06:18.760
<v Speaker 1>in most in many ways the problem. And so we

0:06:18.839 --> 0:06:21.159
<v Speaker 1>all know that the technology exists, and it's a matter

0:06:21.200 --> 0:06:23.640
<v Speaker 1>of investment and putting the right prioritization to ensure that

0:06:23.760 --> 0:06:29.159
<v Speaker 1>organizations implement them. And Kara, we're talking on December, just

0:06:29.279 --> 0:06:32.560
<v Speaker 1>days away. What do you see is the biggest threat

0:06:32.640 --> 0:06:37.200
<v Speaker 1>or risk from your vantage point? I think the biggest

0:06:37.279 --> 0:06:39.920
<v Speaker 1>risk because we're you know, I think we're all looking

0:06:39.960 --> 0:06:43.240
<v Speaker 1>at the macroeconomic clouds and and see some of some

0:06:43.360 --> 0:06:46.039
<v Speaker 1>darkening signals, and I think the risk from a corporate

0:06:46.080 --> 0:06:50.360
<v Speaker 1>perspective is that they choose to prioritize other things above

0:06:50.480 --> 0:06:53.400
<v Speaker 1>their cybersecurity. And this is a thing that I just

0:06:53.400 --> 0:06:56.080
<v Speaker 1>think we need to recognize is only going to require

0:06:56.200 --> 0:07:01.119
<v Speaker 1>increasing focus, increasing diligence, going vigilance going forward. And so

0:07:01.279 --> 0:07:03.680
<v Speaker 1>it's an area where I think it would be very

0:07:03.720 --> 0:07:06.520
<v Speaker 1>smart for a company to continue to invest and to

0:07:06.560 --> 0:07:09.440
<v Speaker 1>continue looking looking for solutions for he for what's hitting them.

0:07:09.480 --> 0:07:12.600
<v Speaker 1>All right, Chart, really appreciate you taking the time. Kara Sprague,

0:07:12.720 --> 0:07:16.320
<v Speaker 1>she's executive vice president and chief product officer for F five,

0:07:16.400 --> 0:07:19.480
<v Speaker 1>which is a publicly treated company. F f I V

0:07:19.960 --> 0:07:22.560
<v Speaker 1>is the ticket to put into your Bloomberg Professional terminals.

0:07:22.560 --> 0:07:26.400
<v Speaker 1>She's joining us on the phone from Seattle, and boy,

0:07:26.400 --> 0:07:28.520
<v Speaker 1>it just seems like you think about cybersecurity. If I

0:07:28.600 --> 0:07:32.360
<v Speaker 1>was a board person, a C suite person, I'd be like, Guys,

0:07:32.640 --> 0:07:35.200
<v Speaker 1>I know we have to prioritize spending, but this is

0:07:35.240 --> 0:07:38.200
<v Speaker 1>something we cannot cut back on. Trust your gut again

0:07:38.400 --> 0:07:41.400
<v Speaker 1>to cybersecurity. That is what I always say. This is

0:07:41.400 --> 0:07:43.400
<v Speaker 1>the takeaways from today. This is Bloomberg