Chris Krebs, former Director of the Cybersecurity and Infrastructure Security Administration (CISA) and the new Chair of Rubrik’s CISO Advisory Board, joined us at FORWARD to discuss ransomware, cyber resilience, and all things data security with co-founder and CTO, Arvind (Nitro) Nithrakashyap. His vast experience working with executives, government officials, and IT experts across the country has given him a unique insight into cybersecurity, which he shared, only at FORWARD.
What we can do about the current cyber threat landscape
As he traveled the country speaking with people, it became clear much work is needed to protect organizations from ransomware and other forms of cyber risk. “I hear three main questions right now. ‘Why is it so bad? What is the government doing about it?’ And then when they hear the answers to those two questions…‘Well what can we do about it?’”, Chris said the problem can be boiled down to two main concerns.
The Cyber Battlefield is Growing
“[The problem] all relies, at least initially, upon this incredibly vulnerable install base that we’re all relying on everyday to conduct business operations, to just get through our daily lives. The real challenge is that it’s not just a today problem but it’s a tomorrow problem as well.” He later goes on to say that these attackers have learned how to monetize this install base at great scale, and the issue is only growing.
“Just think five years in the future, will you have more devices…or fewer? Will you have more data from which we’re deriving insights…or fewer? It’s more.” The stats bear this out: the global amount of data created, captured, copied, and consumed is projected to double in just three years to an unfathomable 181 zettabytes. For scale, a single zettabyte can store about 330 billion full-length HD movies.
Chris continued, saying, “This attack surface is expanding…and across all of that, you have a set of savvy, innovative, intelligent attackers that are not necessarily sitting at the top of the hierarchy of threats.” He also pointed out the growing threat cyberattacks pose to organizations on a daily basis, citing the conflict in Ukraine and recent attacks in Costa Rica and Peru, which ground government operations to a halt.
Cybercriminals are more organized than ever…
The second factor comprising the problem is the rise in state-sponsored ransomware gangs. “It’s not just in the cybercriminal space, it’s also every country on Earth is figuring out how to bring digital exploitation into their national security tool sets,” Chris told the audience. He noted how this new development has brought the corporate sphere into new battles as critical infrastructure comes under attack, using the Colonial Pipeline attack as an example.
The hacker’s goal could be for profit, or as shown by the SolarWinds’ hack, the goal could be to spy on government agencies and private companies alike to gain sensitive information. Highly regulated industries like healthcare and banking have grown used to protecting themselves. But now, all corners of the information economy have to be aware of how their systems can be used for nefarious purposes.
“There’s a broader set of organizations that are systemically important that unfortunately, the really sophisticated actors have [put them] on their targeting list. Now everyone who has a key role in the information economy now has to think, ‘How could I be a part of a supply chain attack?…How might I be exploited to help a bad guy achieve their own objectives?’”
Nitro pointed out how the COVID-19 pandemic and remote work has driven this expanded attack surface as well. “Business as usual won’t work anymore, and companies have to think in new ways to counter the threat,” said Nitro. Chris continued by talking more about how organizations can do that with Rubrik as a partner.
Krebs explained that in years past, cybersecurity defense commonly included an identity solution, a vulnerability management solution and a strong incident response plan. Being able to recover your operations was often overlooked, but has become critically important.
The recovery aspect Rubrik brings to the table impressed Chris the most when he spoke to co-founder and CEO, Bipul Sinha. “[Bipul] unveils Rubrik and this incredible data recovery solution, that is innovative, that is threat-informed, it was such a radical departure from just pulling the tapes out of cold storage…It's just a brilliant solution.”
Chris finished by highlighting the need for a robust data security solution, something that can conquer the modern threat landscape. Zero Trust solutions like those offered in the Rubrik Security cloud offer the comprehensive security and protections that enterprises and government agencies need to prepare for ransomware so that in the event of an attack, you’re ready.
View the interview in its entirety here or catch up on other on-demand FORWARD sessions that you may have missed.