Ransomware may not be on your machines due to your negligence or mistakes. It could be there because of third-party software you are utilizing. Do you know what to do if this happens to you?
Today’s guest is Amitabh Sinha. Amitabh has a PhD in Computer Science and more than 20 years of experience in enterprise software, end-user computing, mobile, and database software. He co-founded Workspot in 2012. He was the General Manager of Enterprise Desktop and Applications at Citrix Systems. In his five years at Citrix, he was the VP of Product Management for XenDesktop and VP of Engineering for the Advanced Solutions Group.
“It’s not necessarily something you are doing wrong. You might be using a contractor or a consultant that does something on your network that exposes everything that you are doing.” - Amitabh Sinha Share on XShow Notes:
- [1:03] – Amitabh shares his background and current role and contributions at Workspot.
- [4:35] – The first sign of ransomware in an organization is widespread blue screens and Microsoft machines shutting down.
- [5:40] – How does ransomware find its way to a device?
- [6:59] – Ransomware in your organization is not necessarily your fault.
- [10:37] – Amitabh describes how he has helped client organizations back up and running after having been infected with ransomware.
- [13:11] – Typically, it is not recommended to pay the ransomware, but it may be a viable option for some organizations.
- [15:59] – Most small companies are not prepared to prevent or handle ransomware.
- [17:34] – In most large companies, not all PCs are up to date on security patches.
- [20:41] – Cloud storage is much safer and can be accessed on other physical machines in the event that ransomware shuts down an organization.
- [24:41] – For those who work from home, sometimes multiple machines makes things even more complicated.
- [27:35] – What are you willing to pay to not have something happen? That’s how ransomware takes advantage of people.
- [31:20] – For small companies, there is typically an architectural solution, but that isn’t always viable for large organizations.
- [33:14] – Consider the critical functions of your organization and what a plan could be if computers were not accessible.
- [34:37] – These types of attacks are more and more frequent.
- [36:44] – Amitabh is confident that AI will make preventing ransomware even more challenging.
- [40:38] – Most people have accepted that a lot, if not all, their information has already been leaked on the internet. But businesses are particularly vulnerable.
- [42:30] – A whole organization can be drastically impacted by just one machine being hit by ransomware.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Amitabh Sinha on LinkedIn
- Workspot.com
Transcript:
Amitabh, thank you so much for coming on the Easy Prey Podcast today.
Happy to be here, Chris.
Can you give myself and the audience a little bit of background about who you are and what you do?
I was one of the co-founders for WorkSpot back in 2012. Today, I'm the Chief Strategy Officer. I Just transitioned into this role from being the CEO for the last 12 years. It's in capable hands of Brad Tompkins, who just became CEO. He came on board as COO a few months ago and then we felt it was the right time for him.
Before WorkSpot, I was actually leading the VDI product line at Citrix, which is the market leader in this, and I left really with the notion of there must be a better way of doing this now that the Cloud is there, now that SaaS is there, and sort of the transition people often went to make it to Workday or BMC to ServiceNow. There's a massive legacy market that is complex and can be simplified using the cloud. That was the innovation 12 years ago and continues to be the motivation today.
It's very slick. Has industry been a slower conversion of the Cloud or a longer conversion to the Cloud than you expected?
Much slower than we expected. I think it's a super difficult workload. I think the Cloud wasn't ready for the workload itself. I think a combination of things. The Cloud wasn't ready. I think it took about 2017 or 2018 before the Cloud was fully ready for it. It's a massively difficult, complex infrastructure and a heavy workload. In order to get it to be the simple fab thing that you want in the Cloud, it took us a while.
Yeah, I know for me personally, I've had my own physical servers and a co-location facility not too far from me. It's just taken a couple of years to say, “OK, I need to not be able to physically touch my machines. I’ve just got to trust that.”
That's right.
They're in somebody else's comparable hands, and it usually comes down to, for me, the technology, for the physical stuff, has surpassed my ability to keep up with it as I focus more on marketing and other things that I just don't have the expertise in the hardware anymore.
I think skill set is probably one of the biggest things. I think one of the analysts at IDC says this, which is the number of people who can actually rack and stack servers and storage are retiring at a faster rate. The new kids on the block don't know how to do that. That's sort of like if you don't have people to do it, you've got to go to the Cloud. There's no other option.
I think there's a little bit of that. Even though it's not technically new, it's new. It's not under my control the way I'm used to. For those of us that are aging, that's a harder thing to accept than we would like. But we're not talking about that. We're talking about ransomware.
Can you—not that my audience isn't aware of what ransomware is, but we're going to talk a little bit about the second aspect of it. Everyone's pretty much well aware of what ransomware is, but give us a two-to-three-minute primer on what is ransomware.
Ransomware, I think the first sign for a company that's infected is your Windows machines all go down. Desktops, it’s a blue screen or a message that says, “You have been ransomware, and here's how to pay us money,” and it shows up on every single screen on your organization's computers. Once that happens, you can't do anything. You can send people home because they can't work, they can't touch the computers. The whole organization comes to a standstill until people figure out how to, how to get away from it.
We've had a couple of customers who have come to us with that kind of a scenario. Many customers are looking not to be in that scenario, but yes, ransomware is basically once it happens, you're locked out of your complete business computing environment.
The most common entry point of ransomware into someone's platform or network?
I think it's either the Windows PC or the browser that runs in the Windows PC, which is you click on a link you shouldn't have clicked on. You download a file you shouldn't have downloaded on, you install a browser plugin you shouldn't have installed. I think phishing is just getting an email—either it's on your Outlook client or something—you click on that.
I think just today we actually got an email from a company pretending to be our expense management company with a very similar looking URL that says, “Just register yourself here.” I think email browser and the Windows PC, and if you mix all of that together, that's pretty much everybody's computing environment right now.
Do you think it's a matter not of if an organization's going to have ransomware on some portion of their network, or just a matter of when it's going to happen?
I think it's definitely when. The interesting thing as we talk to customers is it's not necessarily always something you did, something wrong because you might be using a contractor or a consultant that does something on your network that exposes you to everything. We have had customers come to us where there was a supply chain of 50 companies that interact with them on a daily basis. One of those companies got infected and the supply chain shut down.
We were talking about this, the CDK, the car dealer—I don't know what K stands for—software. Just one organization, the whole supply chain for cars is stopped right now, 60% of the global auto manufacturing. It's pretty pervasive because it could be anybody that works for you, with you in any full-time capacity, part-time capacity. It's very difficult to keep it out, its not an if – its a when for organizations.
It's not like anyone at any car dealership did anything. It wasn't the receptionist playing video games while there's no customers in the door. It was an infrastructure provider that was compromised. I think if I remember what little I've read about it, it's car sales, financing, the parts department, managing inventory of parts, scheduling service, appointments, CRM. Just kind of all of that has become a black hole for about a week now, I think.
Yeah, I think it started about a week ago. I was supposed to drop my car off a week ago, and they called and said we can't take your car in today.
That's going to be devastating for someone like a dealership. Here we are right at the end of the quarter and not that there's nothing they can do about it, but as far as getting the platform up, there's nothing they could do about that. Their redundancies don't exist for this stuff. It's paper and pen for everybody.
The person who took my car into this said something to the effect of, “It's 2024, and why does this stuff happen in 2024?” Because your software was written in 1995 and it's 2024, that's why this stuff happens.
Yes, not to say that CDK is old software or anything out there, but there's probably way more old software out there running on old computers than anyone wants to admit.
I don't think it matters whether the software is new or old; I think it's an equal opportunity target.
The meat of the conversation here is, OK, your network is someone has clicked on a phish, on a phishing link or a link that's installed ransomware on every computer in your organization. The screen is up saying—I guess depending on how well-targeted it is—“Give us $10,000 in crypto, or give us $10 million in crypto, or we're going to wipe everything on this date, or we're going to sell all your personal information.” What's the first step? Then what's the first phone call you make?
We had one customer about three years ago that showed up on a Friday and said, “We have no customers.” They just found us and said, “We got ransomware. We have 750 employees we've sent home. We don't know what to do. Can you give us Cloud PCs so that we can actually get people up to work?” I was like, “Yeah, that's not a big problem for us.” We set up a standalone environment for them in the Cloud with about 750 Cloud PCs. Cloud PC is basically your Windows desktop running in the Cloud and your users can access it using the WorkSpot client.
We got them up and running over the weekend and so 750 users came in on Monday morning. The old state is gone because they are trying to figure out how to repeat it. Seven hundred fifty people got brand new Windows PCs with nothing on it, but they were at least able to get something and then get started.
Over time, they were able to put a few more applications here, a few much more data here, and I think it took them about six weeks for them to fully go from a fully infected environment to a fully clean environment.
Let me just clarify when you said 750 new machines, they had to go out to some computer supplier?
No, they put them up in the Cloud. They are all using their home machines.
Home machines, got you.
Personal laptops with works for clients on it and connecting up to the Cloud to the corporate Windows machine running in the Cloud . But we had never worked with this customer before. The first time I met them was on Friday afternoon. We had them up and running over the weekend and that's how they got to spend the next six weeks basically, their employees working on a WorkSpot Cloud PC running up in the Cloud.
That's got to be a lot of challenge with your employees calling everybody over the weekend.
It barely registered because that stuff we can do. I think the only challenge sometimes is capacity and in about less than a thousand years, you typically don't have a capacity problem. You can find a thousand machines in the Cloud and by capacity, I mean Azure, AWS, and GCP.
I'm thinking more of a disruption on the employee side because they're potentially all ready to walk into the office or log into their work machine that's sitting at their home via the VPN and all of a sudden, someone's telling them, “No, you're not going to be doing that today.”
That's right. Oh, sorry. For their employees, yes. Massive disruption. They had to be sent home on Friday because there was nothing they could do on Friday, but Monday morning they were able to start getting machines and start doing things. But again, you're doing things on a brand new machine, like you have nothing on really. It takes time for that machine to start looking more and more like your corporate machine.
I can't imagine how long it would take me to get a fresh machine to look like my current desktop.
That's right.
I guess the other option people have is to pay the ransomware. I guess there are a couple of different options. They have an option to pay the ransomware. I think governments generally recommend not doing that, but is that a potentially viable option for some organizations?
The stories you have heard is if you paid once, they know you're vulnerable for a second and a third time, so the odds of you getting ransomware a second and a third time is pretty high. I think that's one.
I think two is, there is a gap between when the ransomware process started and when the alert showed up on your computer. You don't know how far back you need to go in order to recover fully because you can't even fully recover even if you have the keys. I think people have to be careful in how they do it, which is if you pay once, you might pay a second and a third time. Even if you pay, you might not get all your data back.
I think people have to be careful in how they do it, which is if you pay once, you might pay a second and a third time. Even if you pay, you might not get all your data back. -Amitabh Sinha on ransomware Share on XThere's a bunch of caveats on that, which is if it's not a massive amount and your cybersecurity insurance covers it, then that's valid. I think that's a valid option.
Then once you're up and running, you've got to figure out, “How do I keep this from happening a second time?”
That's even more difficult because I think smaller, medium-sized customers with less than a thousand employees, I think it is extremely difficult because the attacks are much more sophisticated than the internal tools are.
Like you said, it's that timetable. It's one thing if you knew we were compromised on this day that the ransomware got into our network on this date and time. OK, we can go back before that and figure out where it came in and deal with that. But if you don't know when it got into your systems, that's got to be extremely frustrating because OK, yeah, you can restore, but you're restoring the ransomware back into existence.
What we've found is some of the bigger companies—I’m thinking more about this problem in a more strategic fashion because smaller companies have the ability to do what this one customer did with us, which is, “Hey, just fire up 750 machines and let's get going.” But larger customers, if you have 30 employees, you couldn't even do that because capacity doesn't exist in many Clouds. Disrupting 30,000 or 40,000 users is incredibly painful.
There's much more ransomware prevention going on, strategies going on, much more sort of what happens if your ransomware going on than in the smaller companies that are, I think, just much less prepared. Either protecting as well as recovering from ransomware.
Are there some kind of, I think from the network perspective, the access control list and segregating groups and departments and things like that? Is that one of the ways to not prevent ransomware, but to keep it a little bit more fenced in potentially?
I think at least some of the larger companies we're talking to are thinking about the networking very differently now, which is I think previously it was, if it's the managed PC, the PC that we manage, we'll trust it on the network. Increasingly, that's the East-West traffic that starts flowing through. People are much better prepared for North-South firewalls and everything else. East-West is where people get into trouble, because you don't have a lot of protection of ransomware traveling East-West in an organization.
How do you prevent that East-West traffic? I think isolation would be one way. I think people are thinking even more, which is, “How do we not let a PC just get on the network and go East-West at will?”
That's probably, I think the longer term direction, which is you've got to trust fewer and fewer things to the point where you trust nothing and you become zero trust always. That's one.
I think two is, the other problem in large organizations is that all your PCs are not up to date on all the security patches. Because you just need 2% of the people not to be connected on any given day, and that 2% cascades into 20% and then 20% of your PCs are unprotected. One benefit of EDI is actually it keeps everything online. You are always up to the latest security patches and the odds of you getting ransomware become much lower at that point. If you don't have the latest software running on your endpoints, the odds of getting hacked are way higher.
Is part of that limiting what can be installed on machines so that there's less to update? If the user never needs this application, it should never be on the machine, that way it never needs to be updated.
I think a whole bunch of all these things. It's trusting the machine less. If possible, don't trust it at all. Install fewer things. Control browser plugins. I think buy is like an email security tool that protects you from emails because that's a big, big hacking mechanism right now.
Then I think try to keep everything up to date as possible and PCs are, and just physical devices, are distributed all over the world and are just inherently more difficult to protect than virtual devices running in the Cloud or in your data center.
To me, that's a very interesting philosophy if all the computers are virtual in the Cloud somewhere. Does that give you the ability that if the ransomware is happening in the Cloud, it's easier to reset, so to speak?
Also because physical machines backing up are even more difficult. Clouds, you can take snapshots and storage is relatively cheap. You can take a snapshot every day, every month, every week, and you can throw away the old storage. All those things are possible in the Cloud. That's easier, right? Anything is easily created, that's one of the protection mechanisms.
Plus Cloud, I think we recommend people create isolated networks in the Cloud so it's treated like a data center section that is completely isolated from the rest of the organization. Even put a firewall between your Cloud Windows desktops and the rest of the world. You have visibility into East-West traffic coming from your PCs.
There's just more protection mechanisms in the Cloud, and then if you use a Cloud provider, you can get the benefits of that Cloud provider security strategies. That's probably even more, much more capable than most organizations because they just have a much bigger attack surface and they're spending a lot more money trying to secure this stuff.
Does it reduce kind of IT costs in terms of staffing to provide desktop support and address issues? Or is that kind of pretty much the same on the virtual machines?
No, it's significantly less because all the things that happen with a physical device are related to when an update doesn't go through and it affects an end-user experience, and then you actually have to have a physical person meet the physical PC wherever it's in the field and try to resolve that problem. That's not an issue in the Cloud.
It's always available. They can look at it whenever they want. We provide extremely good observability in terms of what's going on in the machine, so you can actually look at it and you can determine what's going on in the machine. You can do a lot more things when the machine is always online versus when the machine is not always online.
Yeah, I can see that as a challenge. Having worked in IT, I remember times where, “OK, I'm going to be doing work over the weekend. Everybody leave your computers on over the weekend so that I can run all the updates. Just don't turn off machines.”
People want the weekends because it's easy. For example, we have many customers who want to do all their updates on Sunday morning, like 2 AM in the morning. It's like nobody cares in the Cloud, but doing it at somebody's house, you hope that they have actually kept the machine on. Otherwise, it's not going to happen.
Do you run across additional issues because now you have kind of two environments in that you've got the virtual environment and then you have the home environment that you still have to kind of manage the physical also?
Yeah, that's a challenge for customers. But what we've tried to do is we've tried to architect a solution so that it feels like you're managing a physical PC. Even though it's virtual and online, all the tools that you use to manage a physical PC are the tools you use to manage a virtual one. To an Intune or SCCM or any of these sorts of Windows management tools, they feel exactly the same way. Except one is always online and virtual and the other one is physical and sometimes not online. There's no difference between the two from a management perspective. It's easier just because it's online all the time and it's always accessible to an ideal person.
With the exception of the physical machine the user has at home. You're not doubling your workload, but you're doubling the number of machines in total. Some virtual and some physical.
Yes and no. I think where we are deployed is more in security-focused environments and in those scenarios, it could be, for example, a contractor in which case it's their machine, they're responsible for it. It could be people working on a Mac, in which case, sort of it's off the network, it's they're responsible for it.
In hospitals, it could be [inaudible 00:23:52] clients, for example. The use case where you have two physical machines that need to be [inaudible 00:24:00] two machines—one physical and one virtual—is less common just because you have the ability to use any device at the edge. You don't necessarily need to manage it or give an actual physical device to manage it.
Some of the younger generation, they want to use their favorite device, their personal device, and then have work sort of come to it versus, “I've been using a Mac all my life and now you're going to make me use a Windows PC.”
I know people whose home setup is way more complicated. “I've got my personal machine here, my work machine here. Way too many monitors on the desk, which keyboard goes to which machine and which mouse.”
I don't deal with that complexity. I like making my life simple. One keyboard, one machine, and everything I want to do the work in the Cloud.
I like that. I haven't had to deal with ransomware experiences personally. How much of it gets beyond the Windows PC and gets into other types of infrastructure?
It affects everything. For a customer to be prepared to get ransomed for ransomware recovery, you need to identify your critical systems. It could be file shares, it could be applications. But customers that are well-planned for set up an isolated environment with sort of protected backups. Some of the storage vendors now actually have backups that go backwards. You can go back at as much time as you want.
There's protected storage, there's isolated storage, isolated applications that permission critical would be needed. All the applications may not be in that environment, but a few of the applications, maybe SAP, maybe file shares, and maybe two or three other applications. Where we come and say, “You already got all this set up, but if you're ransomware, your PCs are useless.”
How are you going to access that isolated environment? In that scenario, you set up an insurance set of isolated PCs that run in the Cloud only when you need them so you're not paying for them when you're not, when people are using the physical machines. You're just keeping them on the standby.
All of this stuff is ready and prepared and hopefully never used, but it's an insurance policy, which is if your actual physical network got ransomware, you wake up these 10,000 Cloud PCs sitting up in five different places in the Cloud for capacity reasons connected, and it's connected to your isolated backup network and then everything in a controlled environment is up and running. The larger the customer, the more prepared to become for something like this.
At what point is the—I’m not going to say speaking break even—does it become reasonable for an, or what size of organization would you be before you switch over to virtual machines?
You don't incur any cost until there's a ransomware attack. That's not a problem. Think of it more as an insurance, which is if you think your total cost of a ransomware attack is X, what would you be willing to pay in order to not have X happen? I think when we've done the ROI analysis, it's about 10x. One-tenth of the cost of a ransomware attack people are willing to pay for insurance.
If an attack costs me a million dollars in lost productivity, it's basically a thousand users who can't work for six weeks. That’s million in lost productivity. Are you willing to pay $100,000 in insurance to make that not happen? But I would say that's sort of the math. The ROI math is pretty compelling, but where we find people is they have to go through the planning process, because if you just have your cloud PCs and you don't have any of the other stuff, then what are you going to do? It's a blank machine.
In order, I think people need to protect their files first, their applications second, and then the third thing is the access devices.
In order, I think people need to protect their files first, their applications second, and then the third thing is the access devices. -Amitabh Sinha Share on XI know we're talking about the ROI side of it, but is there a breakpoint organizational size where it's too much of a hassle if there’s six people in the organization to try to do this? Clearly, if there's over a 1000 or 750 as your prime example, OK, this starts to make sense, but at some point, there's too little for it to be cost effective and practical.
Our focus is from a customer perspective and mid-market and above, so we don't spend a lot of time with very small customers, but I would think smaller customers should have fewer sorts of internal systems that they should be using more SaaS applications. The fewer internal systems can get affected, they should be able to start from scratch and get to a fully functional PC much faster, just because if you're using 10 SaaS applications, your PC is compromised, but everything else is not, so you can just get started faster.
I think smaller companies, architecturally, choose a different path, which allows them to recover faster. But large companies, which have massive real estate in terms of applications internally, file systems and data. It's really tricky for them and not to be prepared for this stuff. I would say I think there's an architectural solution for smaller customers, but for larger customers, that doesn't apply because it's just really difficult for them to adopt that today.
I'm wondering if we're getting to a point where virtual machines in general are just going to be the way businesses are going to operate, that you're going to start seeing a lot more of that and a lot less of every two years, I've got to swap out every computer on the floor in my business.
I think where people have used virtual desktops for the last 15 years has always been for security and compliance reasons. The biggest two verticals that have adopted…the three are government, financial services, and healthcare. They have no option. It's just sort of mandated by law. Because of what's happening in the world out there right now with physical machines, I think more and more companies need to think like that and say, “This is a security problem and you solve it.” This is a security solution because you're just going to reduce the odds that you're going to be hacked in any serious way.
That's what we're seeing essentially, which is the number of use cases for virtual desktops—whether it runs on [inaudible 00:31:15] or in the Cloud—go up as a result because driven by security and the costs are about the same in terms of total cost of ownership for a physical machine versus a virtual machine running on the Cloud. A lot of people are doing it just because it's no longer a performance problem. It's no longer complex and it enhances my security profile. I should do it for that reason.
That makes sense. What do you recommend for companies in terms of all the car dealerships that are down with CDK being down? OK, it's a ransomware problem, but it's not their ransomware problem, but it does prevent them from being able to operate because a platform that they use is down.
This is that supply chain network problem. Any large organization—and car industry is one of those—it’s a globally interconnected supply chain. In this case, 60% of the network is gone because one thing that is a software that drives the network is down, everything is up and running. The dealership I went to, they were able to look at my order history, my car history, except they can't look at parts. That's the part that is missing.
The amount of things that are affected so dramatically by one component in a supply chain is crazy. It's difficult enough planning for things to control. How do you plan for things you cannot control? I don't understand how they would solve this problem because everything that connects to your supply chain network is potentially an issue now.
I guess you'd have to look at what are some of our mission-critical functions and if we were not to have the tools that we use to perform our critical functions, how do we do it on paper? You're at least not having to recreate that on the fly.
That's a good question whether every organization can do that for all the critical software. It's difficult, that's all I can say. I don't have any good answers for this, especially in a supply chain network, how do you monitor what everybody else is doing?
For example, we take a lot of care even in our organization. Every piece of software that we bring in for our employees to use has to go through a security review. It doesn't matter what the price is. It doesn't matter how good the functionality is. Every application needs to be reviewed and blessed by our security team.
We've actually rejected buying pieces of software if they cannot prove to us that they're secure enough. Companies should at least have that process in place where you're reviewing every external piece of software to make sure that their security policies meet your requirements.
We've actually rejected buying pieces of software if they cannot prove to us that they're secure enough. Companies should at least have that process in place where you're reviewing every external piece of software to make sure that… Share on XDo you see these types of events becoming more and more frequent or less and less frequent?
I think it's more and more frequent, I would say. I think it's an equal opportunity problem, which is small cities getting hacked. Sixty percent of the global car network is affected by something like this. I mean, these attacks are very sophisticated right now. As an organization, we know this, which is every time a new employee joins our organization, within the first two days, they get a phishing note, a text message, LinkedIn message, email message, pretending to be the CEO or board member asking for the new employee to do something special every single time.
Wow.
The level of sophistication for somebody to figure this out for—we’re not a massive company—so for them to figure out that a new employee has joined WorkSpot—here are the three people who should send an email to the employee that the employee probably doesn't know and take it more seriously. A few of our employees have actually fallen for this. It's very, very sophisticated, I would say.
Yeah, I've definitely heard of that more frequently. People are reporting when they've updated their employment status on LinkedIn, that they suddenly get a massive influx of various phishing attacks and not just, “Hey, congratulations on your new job,” but all sorts of crazy things start to happen. Now it's becoming a security risk to say that you've changed jobs.
That's almost strangely true because it's part of a security training now. When we onboard employees, we say, “Hey, if you get an email from A,B, or C, please confirm it's real before you do anything about it, because it just happens for every single new employee.”
Do you see AI becoming more of a factor in those types of attacks to get ransomware into the networks?
Absolutely. To defend an AI and to attack an AI, both at the same time, learning from each other, it’s going to be even more difficult, I think, going forward.
I see that and I think there's light at the end of the tunnel or somewhere along the lines in the tunnel, but I do have the impression that the threat landscape is going to get worse before it starts to get better.
I don't know. I'm not as optimistic as you are, but it's just because I feel like 10 years ago, we used to spend $50 billion on cyber security software. We're probably spending about $300 billion now and the threats haven't gone down, ransomware hasn't gone down, it's not under control.
Our customers, when we look at them, they're buying bigger machines because they need to run more security software. They're all running five, seven, and 10 security agents on the machine. They buy bigger machines because they need more security agents to run the machine. It's no longer like, “I need more processing power for PowerPoint.” It's like, “I need to run more security agents and stuff.”
It makes me think of the old days when they would install Norton Antivirus on the machine. It would slow down the machine. Now this is something companies are planning for in allocation of compute cycles, so to speak.
Exactly. It's crazy.
OK, you're making me feel less optimistic. I don't like that.
I'm sorry. Maybe it's a hack for the car company today. It just hit me home today. Like, wow, this is crazy. Sixty percent of the global car network is at a standstill because of a hack to one of the pieces of software they use.
But it also makes me wonder what other platforms are out there where this can happen. Is there a common platform? I'll call somebody out. Cisco delivers food to everybody. All the restaurants out there use Cisco. If Cisco is down, if their platform gets ransomware, then no restaurants are getting their food.
Yes, that's the part of the supply chain, which is a restaurant that needs Cisco to do stuff. I think that's what all these ransomware people are doing right now, which is they're attacking very strategically things that were stored on or isolated. It's like you do one attack, it affects a whole bunch of people. Those are really, really dangerous, I think.
I suppose that's probably what we'll see more. It's more of spear-phishing ransomware, as opposed to, “Hey, we got Bob and his line PC at home. We’re going to ransomware that for $40 or something.”
I don't know whether it freaks you out anymore about your personal data being leaked; it's like leaked 50 times now. I don't know what was there to leak anymore.
I think that's the unfortunate thing is with our personal data, there’s a certain amount of, “Well, it's already all out there.” Maybe five, 10 years ago, we heard about a data breach, our hearts skipped a beat, or our heart rate sped up. Nowadays, it’s, “Oh, didn't it happen yesterday? I thought that was last week. That's right. AT&T again, Verizon again, T-Mobile again.”
I think you're right. I think the personal stuff is less impactful now because you expect all of it has already been leaked and is in the dark web. It's this business stuff now that I think is at a different level right now.
Yeah, that's scary. Are there resources out there that are tracking, logging, not logging, but reporting on ransomware incidents and large organizations and kind of what's happening and why and how?
There's a bunch of resources available. I recently was referred to a book written by this, I think Bloomberg reporter, with a bunch of resources who just track this, solve these problems, have readymade solutions, et cetera, that's available online. They're sort of motivated just by, “I want to find the bad guys.” There's a bunch of these resources out there. They're available, but that's typically post fact. That's a tricky one for you to go and list.
Again, depending on the size of the organization. Smaller organizations, change your work architecture so you don't get into this mess. Larger organizations, be prepared that when you get into this, get ransomware, or get hacked, that you actually have face to go back to a pristine environment, because the dangers of you getting hacked a second, third time also increase at that point. Can you figure out how you got hacked the first time? It's really difficult for you to feel good about not being hacked a second or a third time.
I think my general recommendation for consumers is if you think your home device has been hacked, format it and start over from scratch because you just don't know what's still lurking in there that you, the antivirus software, the anti-ransomware software, the malware checker, might have missed.
Right, but organization is really difficult because you just need one infected one. How do you stamp out everything all at once?
“OK, everybody on three, we're all going to hit the power button.” It's not quite that easy.
Yeah.
If people want to learn more about you and your company, where can they go?
workspot.com.
Where can they find you if they want to reach out to you directly?
LinkedIn, Twitter, those are the two places I spend a lot of time on right now.
Just don't update your employment status.
That's right.
Thank you so much for coming on the Easy Prey Podcast today.
Thank you, Chris. This was fun.
Leave a Reply