WEBVTT - IBM Study on Evolution of Hacks

0:00:00.080 --> 0:00:03.320
<v Speaker 1>You're listening to Bloomberg Business Week with Carol Messer and

0:00:03.400 --> 0:00:07.560
<v Speaker 1>Tim Stenebec on Bloomberg Radio. You might recall on Monday,

0:00:07.600 --> 0:00:11.320
<v Speaker 1>Bloomberg reported on an episode that underscores the vulnerability of

0:00:11.320 --> 0:00:15.160
<v Speaker 1>global computer networks when hackers got hold of logging credentials

0:00:15.160 --> 0:00:16.880
<v Speaker 1>for data centers in Asia use by some of the

0:00:16.920 --> 0:00:19.800
<v Speaker 1>world's biggest businesses. The move scene is a potential bonanza

0:00:20.160 --> 0:00:23.960
<v Speaker 1>for spying or sabotage, according to a cybersecurity research firm.

0:00:24.040 --> 0:00:26.680
<v Speaker 1>So we thought, let's get an update if you will

0:00:26.840 --> 0:00:30.120
<v Speaker 1>when it comes to cyber attacks. Yeah, really important story

0:00:30.200 --> 0:00:33.479
<v Speaker 1>that we definitely need to keep monitoring, monitoring, and I

0:00:33.520 --> 0:00:35.280
<v Speaker 1>think our next guest is going to help us be

0:00:35.520 --> 0:00:38.600
<v Speaker 1>smarter on it. This is Charles Henderson, Global Managing Partner

0:00:38.600 --> 0:00:41.760
<v Speaker 1>and head of IBMS X Force, joining us via zoom

0:00:41.880 --> 0:00:45.080
<v Speaker 1>from Austin, Texas. Charles, thank you so much for being

0:00:45.159 --> 0:00:48.000
<v Speaker 1>here with us. Give us just the lowdown on IBM

0:00:48.159 --> 0:00:53.840
<v Speaker 1>State of Security Report. What are your big takeaways? So

0:00:54.000 --> 0:00:57.360
<v Speaker 1>you know, you think about every company that you just

0:00:57.400 --> 0:00:59.400
<v Speaker 1>dealt with A closing Belle, and the name of the

0:00:59.440 --> 0:01:02.960
<v Speaker 1>game is agency and return on investment and criminal organizations

0:01:02.960 --> 0:01:06.039
<v Speaker 1>are no different. What you're seeing is organized crime step

0:01:06.120 --> 0:01:08.000
<v Speaker 1>up to the plate and look at how do we

0:01:08.040 --> 0:01:11.639
<v Speaker 1>gain efficiencies, how do we improve our gross profit margin,

0:01:12.160 --> 0:01:15.120
<v Speaker 1>and how do we do that with automation. All the

0:01:15.240 --> 0:01:18.160
<v Speaker 1>same things that you want to see companies doing, and

0:01:18.800 --> 0:01:23.640
<v Speaker 1>right now they're doing it exceedingly well. Go ahead, no, no,

0:01:23.640 --> 0:01:26.000
<v Speaker 1>go ahead no. Really really interesting to hear you talk

0:01:26.040 --> 0:01:29.520
<v Speaker 1>about them doing well, because we don't always get good

0:01:29.640 --> 0:01:32.000
<v Speaker 1>good news on this topic. What are some of the

0:01:32.000 --> 0:01:35.240
<v Speaker 1>other major findings when it comes to sort of where

0:01:35.280 --> 0:01:41.160
<v Speaker 1>you're seeing energy attacks at X Force specifically, so you know,

0:01:41.400 --> 0:01:44.039
<v Speaker 1>one of the key things the attackers are looking for.

0:01:44.160 --> 0:01:48.800
<v Speaker 1>The criminals are looking for is leverage. They are looking

0:01:49.080 --> 0:01:53.200
<v Speaker 1>for real world output of their labors. So you know,

0:01:53.200 --> 0:01:57.840
<v Speaker 1>if you think about like energy or manufacturing or industry

0:01:58.920 --> 0:02:02.480
<v Speaker 1>a little tolerance for downtime, they are a key target

0:02:02.480 --> 0:02:06.520
<v Speaker 1>of attackers because those sectors tend to know what the

0:02:06.600 --> 0:02:09.000
<v Speaker 1>cost of downtime is going to be down to the

0:02:09.040 --> 0:02:12.120
<v Speaker 1>dollars and cents. So if you have ransomware against an

0:02:12.560 --> 0:02:15.600
<v Speaker 1>energy provider and the lights go out or a manufacturing

0:02:15.639 --> 0:02:20.160
<v Speaker 1>facility and the assembluny line star stops working, criminals are

0:02:20.160 --> 0:02:21.880
<v Speaker 1>relying on the fact that they're likely to pay a

0:02:21.960 --> 0:02:25.519
<v Speaker 1>ransom or extortion because they know how much it's costing

0:02:25.520 --> 0:02:29.400
<v Speaker 1>them in the real world dollars. Hey, listen, what I'm

0:02:29.440 --> 0:02:31.320
<v Speaker 1>always curious about it, and and I feel like at this point, Charles,

0:02:31.320 --> 0:02:33.560
<v Speaker 1>we know that this is happening, right, It's happening around

0:02:33.560 --> 0:02:36.120
<v Speaker 1>the world. It's kind of a part of normal operations

0:02:36.120 --> 0:02:38.839
<v Speaker 1>when it comes to business. What are we learning year

0:02:38.880 --> 0:02:41.680
<v Speaker 1>by year? What's different about what happened last year versus

0:02:41.680 --> 0:02:44.160
<v Speaker 1>the year before. Is it just the frequency, is it

0:02:44.200 --> 0:02:46.880
<v Speaker 1>the type of cyber attacks that are happening? What is

0:02:46.919 --> 0:02:48.519
<v Speaker 1>it or is it all kind of the same. It's

0:02:48.560 --> 0:02:54.040
<v Speaker 1>just more perhaps, So you know, one of the biggest things,

0:02:54.040 --> 0:02:55.880
<v Speaker 1>and I already talked about efficiency, but let's put that

0:02:55.919 --> 0:03:01.040
<v Speaker 1>into numbers. A ransomware activity on the part of a

0:03:01.080 --> 0:03:05.320
<v Speaker 1>criminal enterprise takes ninety five percent less time than it

0:03:05.360 --> 0:03:07.959
<v Speaker 1>did three years ago. So three years ago, we'd say

0:03:07.960 --> 0:03:09.880
<v Speaker 1>two two and a half months soup denuts from the

0:03:09.880 --> 0:03:11.360
<v Speaker 1>point at which they got in to the point at

0:03:11.360 --> 0:03:14.760
<v Speaker 1>which they accomplished their goals. Now that's closer to four days.

0:03:14.800 --> 0:03:17.720
<v Speaker 1>That is huge efficiency gains. That means that we as

0:03:17.720 --> 0:03:20.360
<v Speaker 1>an industry have way less time to detect and respond

0:03:20.400 --> 0:03:22.920
<v Speaker 1>to an active attack. That means we need to get better.

0:03:23.280 --> 0:03:27.360
<v Speaker 1>We need to gain those efficiencies as well. Where are

0:03:27.400 --> 0:03:30.920
<v Speaker 1>we at now with those efficiencies? How what like letter

0:03:31.080 --> 0:03:34.120
<v Speaker 1>grade would you give us in our ability to respond

0:03:34.200 --> 0:03:38.920
<v Speaker 1>to these four day attacks? Not great? And I'll tell

0:03:38.960 --> 0:03:44.560
<v Speaker 1>you why. We have a vulnerability debt that is going

0:03:44.600 --> 0:03:47.480
<v Speaker 1>to be difficult to overcome. Most organizations cannot keep up

0:03:47.480 --> 0:03:53.120
<v Speaker 1>with patching anymore, and so it's no longer a wise

0:03:53.160 --> 0:03:55.920
<v Speaker 1>strategy to just try and keep everybody out and count

0:03:55.960 --> 0:03:58.480
<v Speaker 1>on that as working. So what we need to do

0:03:58.720 --> 0:04:02.760
<v Speaker 1>is focus on assuming that you've been breached and what

0:04:02.800 --> 0:04:05.240
<v Speaker 1>can you do to detect and respond to an attacker

0:04:05.280 --> 0:04:08.320
<v Speaker 1>that's moving laterally through your environment. That pivot is going

0:04:08.360 --> 0:04:11.680
<v Speaker 1>to be key as we go forward. Organizations are starting

0:04:11.680 --> 0:04:13.880
<v Speaker 1>to do it. You see, you saw an executive order

0:04:15.560 --> 0:04:19.839
<v Speaker 1>two years ago that has really changed the way a

0:04:19.880 --> 0:04:23.960
<v Speaker 1>lot of organizations approach working from a sooon breach a strategy,

0:04:24.320 --> 0:04:28.839
<v Speaker 1>implementing zero trust strategies. All these things come together to

0:04:29.000 --> 0:04:32.640
<v Speaker 1>modernize our approach to security. But the final piece of

0:04:32.640 --> 0:04:35.279
<v Speaker 1>this is giving up on the perimeter and starting to

0:04:35.320 --> 0:04:39.159
<v Speaker 1>focus on the interior. Hey, listen, one thing I was wondering, Charles,

0:04:39.200 --> 0:04:43.440
<v Speaker 1>how much of an impact of a global war, the

0:04:43.480 --> 0:04:46.200
<v Speaker 1>war in Ukraine. How is that impact in the frequency

0:04:46.200 --> 0:04:51.080
<v Speaker 1>and severity of cyber attacks? You know, it certainly didn't

0:04:51.200 --> 0:04:55.920
<v Speaker 1>help in any time that you have conflict, you have

0:04:57.400 --> 0:05:02.920
<v Speaker 1>folks that are straying, they're under stress, and that's exactly

0:05:02.960 --> 0:05:07.919
<v Speaker 1>what criminals are looking for. They're looking for either supply

0:05:08.000 --> 0:05:11.359
<v Speaker 1>chain stress, real world stress that they can pile onto

0:05:11.440 --> 0:05:14.760
<v Speaker 1>with cyber attacks and gain leverage. Because at the end

0:05:14.760 --> 0:05:18.279
<v Speaker 1>of the day, extortion is all about leverage. It's knowing

0:05:18.680 --> 0:05:21.279
<v Speaker 1>that your victim has no choice but to pay you.

0:05:22.640 --> 0:05:27.880
<v Speaker 1>And this is also getting worse because of like activist groups. Right,

0:05:28.240 --> 0:05:32.040
<v Speaker 1>I don't necessarily have the best understanding of those groups,

0:05:32.040 --> 0:05:34.039
<v Speaker 1>but I know that it's not good and that they're

0:05:34.040 --> 0:05:38.200
<v Speaker 1>getting better. Are you more concerned about them or about

0:05:38.720 --> 0:05:43.520
<v Speaker 1>um more? I guess institutional hackers that we've already known

0:05:43.560 --> 0:05:48.800
<v Speaker 1>about for some time. You know, Look, activism is a

0:05:49.480 --> 0:05:51.560
<v Speaker 1>real problem for organizations. But at the end of the day,

0:05:51.600 --> 0:05:55.440
<v Speaker 1>I'm most concerned with the evolution of attacks. We've gone

0:05:55.560 --> 0:06:02.800
<v Speaker 1>from the advanced technical attacker to organized crime employing business

0:06:02.839 --> 0:06:06.480
<v Speaker 1>tactics that they've tested long and true in street crime

0:06:06.560 --> 0:06:09.440
<v Speaker 1>and applying them to digital crime. And what that means

0:06:09.560 --> 0:06:13.640
<v Speaker 1>is they're gaining efficiencies, they're working smarter, not harder, and

0:06:13.680 --> 0:06:17.440
<v Speaker 1>they're using a fail fast mentality that quite frankly, it's

0:06:17.440 --> 0:06:19.719
<v Speaker 1>going to be difficult to keep up with. If the

0:06:19.800 --> 0:06:22.680
<v Speaker 1>defenders don't adapt as well, we're gonna need to start

0:06:22.680 --> 0:06:25.320
<v Speaker 1>thinking like attackers. Hey listen, but I wonder too, Charles,

0:06:25.320 --> 0:06:26.680
<v Speaker 1>and I feel like this is just like I said,

0:06:26.760 --> 0:06:29.080
<v Speaker 1>you know, cyber attacks, unfortunately, are just a way of

0:06:29.520 --> 0:06:33.280
<v Speaker 1>life for us increasingly. So having said that, I mean,

0:06:33.320 --> 0:06:36.000
<v Speaker 1>you guys certainly play into the space and provide, you know,

0:06:36.040 --> 0:06:38.880
<v Speaker 1>ways for companies to protect themselves. What's the uptick that

0:06:38.920 --> 0:06:42.600
<v Speaker 1>you've seen in demand for your products? So you know,

0:06:43.200 --> 0:06:47.280
<v Speaker 1>I would say that the biggest demand we are seeing

0:06:47.360 --> 0:06:52.960
<v Speaker 1>now is for you know, threat hunting, adversary stimulation, things

0:06:53.000 --> 0:06:57.000
<v Speaker 1>that help organizations think like an attacker. So they're concerned

0:06:57.000 --> 0:07:00.080
<v Speaker 1>with their attack surface monitor and they're they're concerned with

0:07:00.680 --> 0:07:04.240
<v Speaker 1>red teaming that will help them understand where they may

0:07:04.279 --> 0:07:07.440
<v Speaker 1>have gaps in detection. So it's not enough just to

0:07:07.600 --> 0:07:11.520
<v Speaker 1>defend anymore. Now you need to understand do your defenses

0:07:11.640 --> 0:07:16.440
<v Speaker 1>work and how are they working? Whereas in the past

0:07:16.480 --> 0:07:18.960
<v Speaker 1>it was more of a bioproduct, set it and forget it.

0:07:19.080 --> 0:07:23.080
<v Speaker 1>Now it's more of an interrogation of those products. I

0:07:23.160 --> 0:07:27.560
<v Speaker 1>wonder too, if you've seen any sort of interest from

0:07:27.600 --> 0:07:31.360
<v Speaker 1>consumers about wanting to protect ourselves as well, and if

0:07:31.360 --> 0:07:34.040
<v Speaker 1>you have any advice for the average listener out there

0:07:34.080 --> 0:07:36.520
<v Speaker 1>who might be hearing this and thinking, yes, this is

0:07:36.520 --> 0:07:40.200
<v Speaker 1>obviously bad for big companies and governments, but also we

0:07:40.240 --> 0:07:42.560
<v Speaker 1>want to make sure we're protecting ourselves on an individual

0:07:42.680 --> 0:07:48.000
<v Speaker 1>level from any cybersecurity threats. You know, everyone needs to

0:07:48.040 --> 0:07:51.240
<v Speaker 1>worry about cybersecurity now. It's no longer just big companies,

0:07:51.280 --> 0:07:53.200
<v Speaker 1>and you know, you only need to look at the

0:07:53.240 --> 0:07:57.160
<v Speaker 1>real world repercussions of cyber attack, whether it's colonial pipeline

0:07:57.160 --> 0:08:01.320
<v Speaker 1>a year ago or any number things. But consumers can

0:08:01.360 --> 0:08:04.080
<v Speaker 1>do some things just to protect themselves on a personal level.

0:08:05.760 --> 0:08:09.120
<v Speaker 1>Multi factor authentication is huge, you know that's been in

0:08:09.160 --> 0:08:12.720
<v Speaker 1>the news a lot lately. But a lot of organizations,

0:08:12.760 --> 0:08:16.800
<v Speaker 1>a lot of the businesses that you work with already

0:08:16.840 --> 0:08:19.720
<v Speaker 1>offer multi factor authentication, but it doesn't come enabled by

0:08:19.720 --> 0:08:23.440
<v Speaker 1>default necessarily, So go into your settings, look for multi

0:08:23.440 --> 0:08:26.760
<v Speaker 1>factor authentication. They may call it two factor Authentication or

0:08:27.240 --> 0:08:31.600
<v Speaker 1>other names similarly and enable it. Also, make sure that

0:08:31.920 --> 0:08:34.880
<v Speaker 1>your passwords are are not easily guessed. Make sure that

0:08:34.920 --> 0:08:39.400
<v Speaker 1>you're not sharing passwords between multiple platforms because remember, if

0:08:39.960 --> 0:08:42.440
<v Speaker 1>one password is compromised, you don't want it to affect

0:08:42.440 --> 0:08:49.679
<v Speaker 1>you multiple times. Okay. And then finally, be aware of

0:08:49.720 --> 0:08:53.240
<v Speaker 1>your surroundings into the digital realm. Understand that you're scammer

0:08:53.240 --> 0:08:54.960
<v Speaker 1>on us out there and they're looking to take advantage

0:08:54.960 --> 0:08:57.040
<v Speaker 1>of you. All right, Charles Henderson, thank you so much.

0:08:57.040 --> 0:08:59.640
<v Speaker 1>Global Managing Partner, head of x Force at IBM, joining

0:08:59.679 --> 0:09:01.439
<v Speaker 1>us Vias Zoom from Austin, Texas,