All Tech Titans including, the CEOs of Amazon, Apple, and Microsoft we know the stakes are high here after a string of high-profile attacks this year alone including, the colonial pipeline has threatened to cripple critical American infrastructure.
Here we have the CEO at Previlon Cyber Security. It’s good to see you again earlier today we had the Deputy National Security adviser for cybersecurity and new burger on and, she was talking about today’s Summit and said that the U.S. government cannot mandate what private companies do with regards to cyber-security. Given that, what do you expect to come from today’s Summit if anything? Well, we all have hopes and unfortunately you know I’m among many of my peers that sort of say that the Playbook keeps getting repeated over and over again that is a little bit old and tired and it’s focused on Bold abilities and patching and things like that which are absolutely essential but they’re far from the actual problem which is that the adversaries were dealing with the level of sophistication and how dynamic they are has facilitated already a compromise effort so rather than suggesting these vulnerabilities that need to be patched we should be addressing this latent embedding of these actors that are actually able to open doors whatever they want and unfortunately were screaming this from the private sector side the government isn’t leading is forward on this is as I think we’d help and the kind of leadership they’re bringing to the table understand it on a on a broad level but not at the technical detail that I think is necessary so I’m a little bit reserved on what I think make of it this does the current by part of that sounds like you don’t think the current bipartisan infrastructure bill goes far enough and putting in place the tools that the public and private sector need to combat these attacks if you were in that room today with all of these folks at the White House how would you guide them absolutely I think it’s a good start and I think the biggest problem that we’re seeing here is again this this misperception that were still in a potentially vulnerable and yet to be a tax say when in reality from all the date of this that we collect from a billion perspective suggests that were already in a compromised State and now it’s about rooting out that evil internally so that those doors can be shut from the inside it is the problem now is that it’s no longer what it was 10 years ago where there’s hackers pounding on the outside of the gate to get their way in there using phishing attacks using very sophisticated means to hack the people of these companies in these governments which then afford the adversary the means to act like they’re authorized to be there so there’s very few defensive technology that afford any defense against. It takes a new breed a new generation of looking at this from a torrid Insider threat perspective meaning the towers resident let’s find a way to root this out so my hope is that this this can be kind of accelerated and the sophistication of the conversation can move to the level of the add to start he’s at so we’re literally bring a knife to a gunfight in these conversations and I really wish we could get on par with what’s really going on out there now where you say ransomware is not the only game in town or something called wipers please tell us what that is certainly it’s a very concerning situation because ransomware was very alarming and I think it kind of hit everyone I like a ton of bricks because it was going to be start event was going to get people to pay money if they if they didn’t you know do certain things with insert amount of time now what they’re doing is they’re going further to either steal the information which is extortion as well but even worse nation-state actors like yeah here on that are a little bit more emotionally motivated in there talking or not as cunning and is calculating they’ll simply just destroy the data will destroy the Machinery the upon which it resides and they’ll do things simply to disrupt and Destroy they won’t be financially motivated like what we’ve seen so far and what that represents for us in the longer run are things that have actors that have very little motivation for financial gain they don’t really care about getting caught their there to essentially deploy something that can destroy infrastructure critical infrastructure water treatment electrical grids and then just watch the Carnage and Sue and that’s the part I think that we haven’t seen yet and my Hope desperately is that we get ahead of that before it gets that point money watch is bad enough you know cyberattacks that manifest into physical or Connecticut taxes is far worse what about the ongoing impact these are having on our supply chain I mean we saw with solar winds we saw with Microsoft Exchange a whole bunch of other companies are going through this at the tip of the iceberg there
Maybe scan them and what I mean by that is assessed whether they’ve got bought her buddies that could be exploited the real issue is much deeper and ingrained which is that the actors he’s red actors know exactly what these ecosystems look like they’ll know exactly which supply chain Partners exist as a turtle hub-and-spoke approach if you get that once apply to a partner that will afford you access to many prime contractors that you might want to get too so it’s sort of a one-to-many ratio that they can use when I saw that as a 1 attack that manifested in too many and so the reality here is that we’ve got to change our Paradigm and our perspective that these supply chain partners are these weak point they can be leveraged and exploited by these bad guys and then they can sit and wait until the right time exist for them to move in when vigilance has been you know with waned and there isn’t quite the level of vigilance that that needs to be there you can’t constantly Vigilant we all know that so unfortunately they wait for that moment they wait for holidays we saw the situation happened with I think it’s a during the 4th of July weekend it’s a strategy plan they know exactly when their skeleton Crews on-site so we’ve got to change our perspective that this is going to be an attack that will find its way in that magically one day and think about it and it’s right here when are they going to activate it and how are they getting that communication into this company to give directives to these this malware what I like to call Electronic spies that already resident there that’s what we got to catch him remove before things get worse because the capacity for higher faster Wireless speeds also has a downside and we know the telecom companies including our parent company Verizon continuing to roll out 5G what are some things they should be thinking about as they continue that push absolutely I mean with any kind of efficiency and speed comes additional security problems because again the problem is that the that the effectiveness of the product for our convenience is exactly with the boys to their advantage so the speed by which they can deploy now or the speed by which they can extract him.