WEBVTT - ICYMI: Cybersecurity Scare

0:00:02.520 --> 0:00:09.160
<v Speaker 1>Bloomberg Audio Studios, Podcasts, radio news. This is Bloomberg Business

0:00:09.240 --> 0:00:13.480
<v Speaker 1>Week with Carol Masser and Tim Steneveek on Bloomberg Radio.

0:00:13.920 --> 0:00:17.720
<v Speaker 2>Hey, you mentioned Emily Graffeo some of the stuff happening

0:00:17.880 --> 0:00:21.720
<v Speaker 2>when it comes to hacks coinbase specifically, I'm gonna read

0:00:21.720 --> 0:00:25.599
<v Speaker 2>some headlines here, Okay, Sequoia Capital Partners data hacked and

0:00:25.640 --> 0:00:30.960
<v Speaker 2>Coinbase breach. Coinbase hack highlights how greed can overwhelm cyber defenses,

0:00:32.040 --> 0:00:35.960
<v Speaker 2>coinbased customer data stolen. Just a sample of headlines from

0:00:36.200 --> 0:00:39.240
<v Speaker 2>Bloomberg News and from the Wall Street Journal. This garnering

0:00:39.240 --> 0:00:41.319
<v Speaker 2>our attention on a day such as today and kind

0:00:41.360 --> 0:00:43.879
<v Speaker 2>of perfect to have Wendy Whitmore back with us. She's

0:00:43.960 --> 0:00:46.000
<v Speaker 2>chief intelligence officer of the one hundred and twenty eight

0:00:46.080 --> 0:00:48.800
<v Speaker 2>billion dollar market cap Palabelto network. She joins us from

0:00:49.080 --> 0:00:52.400
<v Speaker 2>Santa Clara, California. Wendy, good to have you back with us.

0:00:52.840 --> 0:00:58.520
<v Speaker 2>The Coinbase hack, I think, really highlights how our information

0:00:59.440 --> 0:01:03.080
<v Speaker 2>is at rich even if we think as consumers, as

0:01:03.240 --> 0:01:06.680
<v Speaker 2>users of these products and services, it's safe. I mean

0:01:06.720 --> 0:01:08.400
<v Speaker 2>when you talk about the type of data that's at

0:01:08.440 --> 0:01:11.720
<v Speaker 2>risk here, I mean we're talking images of drivers' licenses,

0:01:12.080 --> 0:01:16.720
<v Speaker 2>being available to hackers as a result of accessing the network.

0:01:17.040 --> 0:01:18.640
<v Speaker 2>Talk to us a little bit about what we know

0:01:19.160 --> 0:01:22.560
<v Speaker 2>regarding this hack and what it highlights about the vulnerabilities

0:01:22.600 --> 0:01:23.000
<v Speaker 2>out there.

0:01:24.520 --> 0:01:26.800
<v Speaker 3>Yeah, hey, thanks Tim, great to be back here today

0:01:26.840 --> 0:01:29.319
<v Speaker 3>with you. So, I think what you highlighted is really

0:01:30.520 --> 0:01:32.800
<v Speaker 3>just the fundamental problem we see here, which is how

0:01:32.880 --> 0:01:37.200
<v Speaker 3>challenging it is for organizations to defend against every possible

0:01:37.240 --> 0:01:40.240
<v Speaker 3>type of attack. The really interesting part of this case

0:01:40.360 --> 0:01:43.080
<v Speaker 3>is that these attackers have demanded twenty million dollars in

0:01:43.319 --> 0:01:47.160
<v Speaker 3>ransom payment, and coinbases really turn the table on them

0:01:47.240 --> 0:01:49.360
<v Speaker 3>in something that we haven't seen yet, which is a

0:01:49.480 --> 0:01:52.680
<v Speaker 3>very public disruption of the attacker. And they said, you

0:01:52.680 --> 0:01:54.279
<v Speaker 3>know what we're going to do. We're going to invest

0:01:54.280 --> 0:01:57.320
<v Speaker 3>twenty million dollars into a fund that goes after finding

0:01:57.360 --> 0:01:59.600
<v Speaker 3>out who the attackers are that are responsible for this

0:01:59.680 --> 0:02:03.000
<v Speaker 3>attack and bringing them to justice. And I think, you know,

0:02:03.080 --> 0:02:05.720
<v Speaker 3>as the largest cybersecurity company in the world, we at

0:02:05.720 --> 0:02:08.120
<v Speaker 3>Palo Alto Networks, we don't ever want to see any

0:02:08.160 --> 0:02:11.440
<v Speaker 3>client be paying a ransom, But we have not seen

0:02:11.600 --> 0:02:14.799
<v Speaker 3>organizations previously take this kind of tactic, and I think

0:02:14.800 --> 0:02:18.680
<v Speaker 3>what they're doing to disrupt the incentive structure and to

0:02:18.800 --> 0:02:21.960
<v Speaker 3>make it a little more challenging. And I think attackers

0:02:22.000 --> 0:02:24.080
<v Speaker 3>in the future asking the question of a wait, I

0:02:24.080 --> 0:02:27.320
<v Speaker 3>don't know if I want that twenty million dollar international fund,

0:02:27.360 --> 0:02:29.880
<v Speaker 3>which is going to mean people who you know, I

0:02:30.000 --> 0:02:32.799
<v Speaker 3>may be in my network, but maybe willing to kind

0:02:32.800 --> 0:02:35.920
<v Speaker 3>of turn me over to international law enforcement. I think

0:02:35.960 --> 0:02:39.120
<v Speaker 3>they're going to start asking questions, and disruption in this

0:02:39.200 --> 0:02:40.960
<v Speaker 3>cycle is really critical.

0:02:41.360 --> 0:02:43.920
<v Speaker 2>Yeah, I mean, I the sense that I have is

0:02:43.919 --> 0:02:48.280
<v Speaker 2>that our information is not safe. I mean, I don't

0:02:48.320 --> 0:02:50.960
<v Speaker 2>know how many times a day I get text messages.

0:02:51.400 --> 0:02:54.400
<v Speaker 2>I probably get half a dozen text messages from these

0:02:54.480 --> 0:02:57.280
<v Speaker 2>so called pig butchers. I oftentimes I don't even pick

0:02:57.320 --> 0:03:00.520
<v Speaker 2>up my phone if I don't recognize the number. I mean, honestly,

0:03:00.600 --> 0:03:02.280
<v Speaker 2>the world we live in when it comes to this stuff,

0:03:02.520 --> 0:03:05.240
<v Speaker 2>it's pretty annoying. Like this is a very annoying place

0:03:05.280 --> 0:03:07.320
<v Speaker 2>to be as a consumer right now. Is it going

0:03:07.360 --> 0:03:09.720
<v Speaker 2>to get any better? Or is this just the reality

0:03:09.760 --> 0:03:10.440
<v Speaker 2>that we live with?

0:03:11.160 --> 0:03:13.800
<v Speaker 3>Yeah, it's a great question. I don't think you're alone

0:03:13.880 --> 0:03:17.640
<v Speaker 3>in that sentiment whatsoever. It is challenging, right So, we

0:03:17.840 --> 0:03:22.280
<v Speaker 3>are actually blocking thirty one billion attacks per day across

0:03:22.280 --> 0:03:25.240
<v Speaker 3>our customer base, and up to nine million of those

0:03:25.440 --> 0:03:28.960
<v Speaker 3>every single day are new attacks where their novel we

0:03:29.040 --> 0:03:31.560
<v Speaker 3>haven't seen that same type of vector. So that gives

0:03:31.600 --> 0:03:33.960
<v Speaker 3>you an idea of what companies throughout the world are

0:03:34.040 --> 0:03:37.120
<v Speaker 3>up against. And then certainly you highlighted some examples that you,

0:03:37.200 --> 0:03:41.160
<v Speaker 3>as an individual consumer are feeling. So your question though,

0:03:41.360 --> 0:03:43.400
<v Speaker 3>was you know, hey, is it getting any better?

0:03:43.480 --> 0:03:46.600
<v Speaker 2>It's not getting any better for me, will it?

0:03:48.320 --> 0:03:50.320
<v Speaker 3>I think it can get better, and I think that

0:03:50.400 --> 0:03:54.080
<v Speaker 3>we're seeing AI actually be a massive tool for the

0:03:54.120 --> 0:03:56.840
<v Speaker 3>side of the defenders because, as I highlighted, we're up

0:03:56.880 --> 0:04:00.200
<v Speaker 3>against such a major scale problem, these attacks are going

0:03:59.920 --> 0:04:03.800
<v Speaker 3>to be more sophisticated. Real time defense is absolutely critical.

0:04:03.920 --> 0:04:06.400
<v Speaker 3>So what you're going to start seeing tim certainly at

0:04:06.400 --> 0:04:10.640
<v Speaker 3>the company level, all of the technologies we're able to

0:04:10.760 --> 0:04:13.560
<v Speaker 3>use are actually making us able to scale against that better.

0:04:13.760 --> 0:04:15.680
<v Speaker 3>But you're going to see that get into your consumer

0:04:15.760 --> 0:04:18.320
<v Speaker 3>technologies as well, where they're going to start doing more

0:04:18.360 --> 0:04:21.039
<v Speaker 3>effective blocking and you're going to receive less text match

0:04:21.240 --> 0:04:24.040
<v Speaker 3>messages moving forward that are scams in nature.

0:04:24.480 --> 0:04:26.840
<v Speaker 4>When you talk about AI, you know, something that comes

0:04:26.880 --> 0:04:31.520
<v Speaker 4>to mind is just how scammers can use AI to

0:04:31.560 --> 0:04:36.919
<v Speaker 4>say impersonate so impersonate a parent, a family member, a

0:04:37.000 --> 0:04:41.159
<v Speaker 4>loved one and try and hack you that way. How

0:04:41.200 --> 0:04:45.000
<v Speaker 4>concerned are you that the advancement of this technology like

0:04:45.080 --> 0:04:47.799
<v Speaker 4>we're not going to be able to keep the defenses

0:04:47.920 --> 0:04:50.680
<v Speaker 4>up strong enough to kind of combat the growth of

0:04:51.640 --> 0:04:53.200
<v Speaker 4>cyber criminals using AI.

0:04:54.520 --> 0:04:56.679
<v Speaker 3>Well, I think there's two parts of it to really

0:04:56.839 --> 0:04:59.719
<v Speaker 3>hit effectively to answer your question. First is on the

0:04:59.720 --> 0:05:02.599
<v Speaker 3>tech side that has to continue to get better. But two,

0:05:02.600 --> 0:05:05.200
<v Speaker 3>we have to continue to increase awareness at the public

0:05:05.360 --> 0:05:08.120
<v Speaker 3>level and then make sure that people are making smart

0:05:08.120 --> 0:05:11.480
<v Speaker 3>decisions about how they use technology. So when we look

0:05:11.520 --> 0:05:15.160
<v Speaker 3>at it at a wider spread level in organizations, we

0:05:15.200 --> 0:05:17.600
<v Speaker 3>see what you're talking about. Just last week, we were

0:05:17.640 --> 0:05:21.640
<v Speaker 3>investigating a case where we were working for a firm

0:05:21.839 --> 0:05:24.800
<v Speaker 3>who was a victim of ransomware, and we were negotiating

0:05:24.839 --> 0:05:28.160
<v Speaker 3>with the attackers to try to get additional information from them,

0:05:28.200 --> 0:05:30.880
<v Speaker 3>and it became very clear almost instantly that we weren't

0:05:30.920 --> 0:05:33.240
<v Speaker 3>talking to a person on the other end, but we

0:05:33.240 --> 0:05:36.120
<v Speaker 3>were actually talking to a chatbot that they had enabled

0:05:36.120 --> 0:05:40.120
<v Speaker 3>to do the negotiations for them. We certainly will continue

0:05:40.200 --> 0:05:43.320
<v Speaker 3>to see more of that. Another example that we saw

0:05:43.400 --> 0:05:47.000
<v Speaker 3>just in the last couple weeks of investigating a case

0:05:47.040 --> 0:05:50.279
<v Speaker 3>for a major organization, the attackers, once they got inside

0:05:50.279 --> 0:05:53.760
<v Speaker 3>the environment they actually used, they went straight to that

0:05:53.880 --> 0:05:58.160
<v Speaker 3>company's internal large language model and started interacting with it

0:05:58.279 --> 0:06:01.520
<v Speaker 3>to try to get more sinse me asking them questions

0:06:01.520 --> 0:06:04.120
<v Speaker 3>about where the domain controllers were, what were their names,

0:06:04.360 --> 0:06:06.880
<v Speaker 3>and finding out information that was actually helpful for them

0:06:06.880 --> 0:06:09.440
<v Speaker 3>in the course of an attack. So that means that

0:06:09.560 --> 0:06:13.040
<v Speaker 3>in order to really be successful here, organizations have to

0:06:13.080 --> 0:06:16.800
<v Speaker 3>fight AI attacks with AI on the defense, and that

0:06:16.960 --> 0:06:18.040
<v Speaker 3>has to be in real time.

0:06:18.480 --> 0:06:20.160
<v Speaker 2>And then what do we do as consumers? I mean,

0:06:20.160 --> 0:06:23.040
<v Speaker 2>I know a guy who was getting calls like that

0:06:23.120 --> 0:06:26.000
<v Speaker 2>looked like it was from his bank. It literally said

0:06:26.040 --> 0:06:28.200
<v Speaker 2>his bank's name on the phone, and he was so

0:06:28.360 --> 0:06:31.000
<v Speaker 2>close to actually giving up the information when he realized

0:06:31.040 --> 0:06:33.920
<v Speaker 2>that it wasn't actually his bank. Like, what are we

0:06:33.960 --> 0:06:35.160
<v Speaker 2>supposed to do as consumers?

0:06:35.880 --> 0:06:38.760
<v Speaker 3>Well, I think we've got to approach every conversation unfortunately

0:06:38.800 --> 0:06:41.839
<v Speaker 3>with skepticism, do that same with every message. But for

0:06:41.960 --> 0:06:45.320
<v Speaker 3>your bank, for example, most banks will say, hey, we're

0:06:45.360 --> 0:06:46.880
<v Speaker 3>not going to reach out to you and ask you

0:06:46.880 --> 0:06:52.240
<v Speaker 3>for personal information. Everywhere you can use multi factor authentication,

0:06:52.600 --> 0:06:55.039
<v Speaker 3>it not only sometimes adds a little bit of time

0:06:55.040 --> 0:06:56.720
<v Speaker 3>for you to get in, but it's going to make

0:06:56.760 --> 0:06:59.159
<v Speaker 3>it a lot harder for an attacker to try to

0:07:00.320 --> 0:07:03.640
<v Speaker 3>log in as you and essentially try to steal money

0:07:03.720 --> 0:07:07.200
<v Speaker 3>or move money or maybe infact a social media account

0:07:07.400 --> 0:07:09.840
<v Speaker 3>if they have to go through a number of additional

0:07:09.880 --> 0:07:11.080
<v Speaker 3>steps to get there as well.

0:07:11.600 --> 0:07:14.160
<v Speaker 2>All right, well leave it on a positive note. Make

0:07:14.200 --> 0:07:17.520
<v Speaker 2>sure to have two factor authentication, art time unique passwords too,

0:07:17.600 --> 0:07:20.040
<v Speaker 2>is something that we hear over and over again when

0:07:20.080 --> 0:07:23.559
<v Speaker 2>it comes to sort of safe security hygiene. Wendy always

0:07:23.560 --> 0:07:26.920
<v Speaker 2>appreciate you joining us. Wendy Whitmore, chief intelligence officer of

0:07:27.000 --> 0:07:29.160
<v Speaker 2>the one hundred and twenty eight billion dollar market cap

0:07:29.200 --> 0:07:34.640
<v Speaker 2>Palo Alto Networks, joining us from Santa Clara, California,