WEBVTT 1 00:00:00,330 --> 00:00:03,270 Anna Delaney: Hi, welcome to the ISMG Editors' Panel. I'm Anna 2 00:00:03,270 --> 00:00:06,720 Delaney and I am joined by three teammates to discuss the top 3 00:00:06,750 --> 00:00:10,080 cybersecurity stories of the week. And those brilliant 4 00:00:10,110 --> 00:00:13,440 teammates are Tom Field, Senior Vice President of Editorial; 5 00:00:13,530 --> 00:00:17,190 Tony Morbin, Executive News Editor of the EU; and Rashmi 6 00:00:17,190 --> 00:00:20,820 Ramesh, Senior Sub Editor for the ISMG Global News Desk. 7 00:00:21,300 --> 00:00:25,770 Welcome all of you. And a very happy birthday to Rashmi. 8 00:00:26,250 --> 00:00:27,960 Tom Field: Indeed! Happy birthday, Rashmi. 9 00:00:28,320 --> 00:00:29,100 Rashmi Ramesh: Thank you. 10 00:00:30,420 --> 00:00:32,640 Anna Delaney: So Rashmi, where are you today? Celebrating I'm 11 00:00:32,640 --> 00:00:32,940 sure. 12 00:00:33,920 --> 00:00:36,500 Rashmi Ramesh: Yeah, so my background is actually a lake 13 00:00:36,530 --> 00:00:40,670 that is about five minutes from where I live. It's usually just 14 00:00:40,670 --> 00:00:43,520 where I go to decompress a little bit. The interesting bit 15 00:00:43,520 --> 00:00:46,820 about this place is that it was a piece of dry land, even about 16 00:00:46,820 --> 00:00:51,800 three years ago. So it's been renewed by NGOs and individuals 17 00:00:51,800 --> 00:00:54,230 who have taken it upon themselves to rejuvenate lakes 18 00:00:54,230 --> 00:00:58,370 across the city. So it's a pretty place. 19 00:00:58,490 --> 00:00:59,360 Tom Field: That's really phenomenal. 20 00:00:59,870 --> 00:01:00,290 Rashmi Ramesh: Yeah. 21 00:01:00,560 --> 00:01:03,650 Anna Delaney: Beautiful sky. Now, Tom, you have perhaps a 22 00:01:03,650 --> 00:01:04,880 halo behind you, if you move, 23 00:01:05,320 --> 00:01:07,960 Tom Field: Likewise. So natural. This is the the Space Needle in 24 00:01:07,960 --> 00:01:12,130 Seattle. It's significant because ISMG is hosting its 25 00:01:12,160 --> 00:01:16,480 first live event of the year in the Pacific Northwest at the end 26 00:01:16,480 --> 00:01:19,480 of March. And it's the first live event that we have hosted 27 00:01:19,870 --> 00:01:24,130 since the end of 2019. But a long time coming emerging from 28 00:01:24,130 --> 00:01:28,180 pandemic to be able to greet one another live and in person. I'm 29 00:01:28,180 --> 00:01:31,780 looking forward to it. So my tribute to Seattle today. It 30 00:01:31,780 --> 00:01:35,920 does give me sort of a bestowed look, I would say. 31 00:01:36,400 --> 00:01:39,100 Anna Delaney: Keep it like that. That's great. Exciting news. 32 00:01:39,310 --> 00:01:41,590 Now, Tony, a familiar scene. Beautiful. 33 00:01:41,690 --> 00:01:46,250 Tony Morbin: Yes. St. Michael's Monastery in Kiev. Well, how can 34 00:01:46,250 --> 00:01:49,040 you avoid it? I mean, it's going to be what we're going to be 35 00:01:49,040 --> 00:01:51,920 talking about. And it's what everybody's thinking about at 36 00:01:51,920 --> 00:01:52,400 the moment. 37 00:01:52,850 --> 00:01:58,310 Anna Delaney: For sure. And I'm in a spices market, well in a 38 00:01:58,310 --> 00:02:01,220 market in Yerevan in Armenia, because it is going to be a 39 00:02:01,220 --> 00:02:06,110 spicy episode ahead. But Tom, all eyes, of course, have been 40 00:02:06,350 --> 00:02:08,750 on Ukraine this week and Russia's invasion of Ukraine, 41 00:02:09,050 --> 00:02:14,060 and the West reactions and sanctions and severing Russia 42 00:02:14,060 --> 00:02:17,750 from the SWIFT system and cultural and sports events, to 43 00:02:17,750 --> 00:02:21,170 name a few. And we've been monitoring the impact on 44 00:02:21,200 --> 00:02:25,790 cyberspace and cybersecurity. And I know you've spoken with 45 00:02:25,820 --> 00:02:28,250 Sam Curry this week. So what was his take? 46 00:02:29,650 --> 00:02:31,570 Tom Field: You know, we've all spoken with so many people. This 47 00:02:31,570 --> 00:02:34,900 is a story that changes by the day, by the hour, seemingly by 48 00:02:34,900 --> 00:02:38,440 the minute. And it's something we've talked for a long time, 49 00:02:38,740 --> 00:02:42,460 about having to approach cybersecurity as a business or 50 00:02:42,460 --> 00:02:46,840 as a government. To approach it as if we're not in peacetime but 51 00:02:46,840 --> 00:02:50,410 as if we are in wartime. Well, we're in wartime now. And we're 52 00:02:50,410 --> 00:02:54,850 seeing the impact of cybersecurity, both as a weapon 53 00:02:55,240 --> 00:02:59,710 by the competence, and we're seeing it in terms of, you know, 54 00:03:01,600 --> 00:03:04,750 additional impact, and how organizations around the world 55 00:03:04,750 --> 00:03:08,890 might feel the impacts if there are repercussions to sanctions 56 00:03:08,890 --> 00:03:12,700 that have been taken against Russia. So, so many questions, I 57 00:03:12,700 --> 00:03:16,840 spent some time with Sam Curry, the CSO of Cybereason, to talk 58 00:03:16,840 --> 00:03:21,010 about the implications, and to talk about what does happen if 59 00:03:21,010 --> 00:03:26,140 the US goes on active defense or goes on the offense against 60 00:03:26,770 --> 00:03:30,370 Russia, and what the potential blowback could be. And we had a 61 00:03:30,370 --> 00:03:32,830 good discussion about it. But ultimately, it came down to a 62 00:03:32,830 --> 00:03:37,420 question I asked him, which is, what should security leaders as 63 00:03:37,420 --> 00:03:41,680 risk managers be doing? How should they be acting? What 64 00:03:41,680 --> 00:03:46,300 should they be looking for, in the days ahead, as the combat 65 00:03:46,300 --> 00:03:49,960 escalates, and the situation grows? So I'll share with you a 66 00:03:50,440 --> 00:03:53,470 clip of what Sam had to say. I think his words are timely and 67 00:03:53,470 --> 00:03:54,040 thoughtful. 68 00:03:54,570 --> 00:03:57,360 Sam Curry: We are first and foremost, by the way, not IT 69 00:03:57,360 --> 00:03:59,970 managers for all, that we're technical, and that we represent 70 00:03:59,970 --> 00:04:03,750 technical things, we are risk managers. And that begs us to 71 00:04:03,750 --> 00:04:07,200 think more than about controls and even processes. It says we 72 00:04:07,200 --> 00:04:09,810 have to pay attention to the geopolitical situation. It means 73 00:04:09,810 --> 00:04:12,390 talk to your peers in your industry, and in others, it 74 00:04:12,390 --> 00:04:15,720 means have dialogue with the business. Even if you feel like 75 00:04:15,720 --> 00:04:18,780 you don't have to be on high alert, have a regular call to 76 00:04:18,780 --> 00:04:22,920 reassess that. At what point on that escalating ladder are you 77 00:04:22,920 --> 00:04:26,490 threatened? Or does your supply chain come under under risk? So, 78 00:04:26,730 --> 00:04:29,280 you know, this is a risk management job. And this is 79 00:04:29,280 --> 00:04:32,430 frankly, the time for us to shine. You know, I said this 80 00:04:32,430 --> 00:04:35,760 during COVID as well, with you. I said, now's the time to renew 81 00:04:35,760 --> 00:04:38,280 the dialogue with the business and don't just turn up and say I 82 00:04:38,280 --> 00:04:41,820 need this control. By all means do that. But start with a risk 83 00:04:41,820 --> 00:04:44,280 discussion. And then you'll be taken seriously as a business 84 00:04:44,280 --> 00:04:47,310 person. And I still say this, the biggest problem in our 85 00:04:47,310 --> 00:04:49,710 industry is the gap between security and the business. 86 00:04:49,840 --> 00:04:52,270 Tom Field: I say again, there's so many conversations to be had. 87 00:04:52,270 --> 00:04:55,300 You can talk with so many different people but there is an 88 00:04:55,300 --> 00:04:58,510 impact and there are concerns that organizations have to have 89 00:04:58,510 --> 00:05:00,940 and, you know, even if you're in the US and you're sitting in a 90 00:05:00,940 --> 00:05:05,650 financial institution or a power company or any part of the 91 00:05:05,650 --> 00:05:08,560 critical infrastructure, you have to be thinking about the 92 00:05:08,560 --> 00:05:12,190 possibility of an attack and a potential takedown. I've lived 93 00:05:12,190 --> 00:05:16,330 through, I've been through many different ice storms that have 94 00:05:16,330 --> 00:05:19,690 taken out power for a day, a couple days, maybe even part of 95 00:05:19,690 --> 00:05:24,400 a week. And I've always felt that if you keep people without 96 00:05:24,400 --> 00:05:26,830 their Dunkin Donuts or their Starbucks for three to five 97 00:05:26,830 --> 00:05:29,500 days, you'll find out how quickly we can become a barbaric 98 00:05:29,500 --> 00:05:34,510 race. What happens if one of our financial institutions or other 99 00:05:34,510 --> 00:05:37,180 critical infrastructure takes a serious hit? This is something 100 00:05:37,180 --> 00:05:40,300 organizations have to be thinking about. They have to 101 00:05:40,300 --> 00:05:45,280 ensure that their controls are complete, that their patches are 102 00:05:45,280 --> 00:05:48,820 updated, and that their plans are updated and tested as well. 103 00:05:48,910 --> 00:05:52,060 A lot has changed over the past two years as organizations have 104 00:05:52,060 --> 00:05:55,450 shifted to hybrid workforces, and are working more in the 105 00:05:55,450 --> 00:05:59,410 cloud and using devices that didn't have access before. I 106 00:05:59,410 --> 00:06:03,250 hope that their Incident Response Plans have adapted as 107 00:06:03,250 --> 00:06:03,550 well. 108 00:06:04,420 --> 00:06:06,640 Anna Delaney: One comment that stood out in the interview was 109 00:06:06,640 --> 00:06:10,540 Sam surprised that Russia has not used all her capabilities in 110 00:06:10,540 --> 00:06:14,350 her cyber tools. They are keeping some in reserve. So what 111 00:06:14,350 --> 00:06:17,140 does that mean? What can we expect to see in the next few 112 00:06:17,140 --> 00:06:18,580 weeks and months? 113 00:06:18,640 --> 00:06:20,740 Tom Field: The one thing we have to remember is Russia is pretty 114 00:06:20,740 --> 00:06:24,220 busy right now, you know, the Ukraine is maybe a bigger 115 00:06:24,460 --> 00:06:28,300 engagement than they expected from the outset. So there's a 116 00:06:28,300 --> 00:06:33,070 lot going on there to maintain the assault and to maintain 117 00:06:33,070 --> 00:06:38,110 their own defenses. We're in uncharted waters here. Nobody 118 00:06:38,110 --> 00:06:42,430 knows what to expect next, the only thing we do know is that 119 00:06:42,430 --> 00:06:49,660 cyber now is not just an element in the drawer, it potentially is 120 00:06:49,660 --> 00:06:52,510 the element, it might be the first weapon that communists 121 00:06:52,510 --> 00:06:55,780 reach for. That's something that we've known about, we've talked 122 00:06:55,780 --> 00:06:58,060 about, we've expected for years. Now we're here. 123 00:06:59,170 --> 00:07:01,930 Anna Delaney: Tom, there's a lot of noise out there. How are you 124 00:07:01,930 --> 00:07:05,830 wading through the FUD as a discerning journalist? What's of 125 00:07:05,830 --> 00:07:08,590 concern? And what are you leaving to the side? 126 00:07:09,100 --> 00:07:12,430 Tom Field: Well, you've got to sort of filter this and keep an 127 00:07:12,430 --> 00:07:16,330 eye on the news as it comes through and try to keep up with 128 00:07:16,360 --> 00:07:21,400 CNN or BBC or whatever your news menu of choice is, and follow 129 00:07:21,400 --> 00:07:24,220 what's happening minute to minute Talk with people, talk 130 00:07:24,220 --> 00:07:28,150 with organizations and try to get a sense of, you know, how 131 00:07:28,150 --> 00:07:31,960 has the threat landscape changed for them? What alerts are they 132 00:07:31,960 --> 00:07:35,890 seeing? How have they responded within their own organization? 133 00:07:35,890 --> 00:07:39,400 What are the conversations that they're having? It's just a 134 00:07:39,400 --> 00:07:43,780 matter of trying to keep up with what you see on the ground, what 135 00:07:43,780 --> 00:07:46,870 the governments release in terms of guidance, and what's 136 00:07:46,870 --> 00:07:51,790 happening within your own region, in terms of how critical 137 00:07:51,790 --> 00:07:56,230 infrastructure organizations and associations are responding. 138 00:07:56,710 --> 00:08:00,970 Filter is the best I can say, filter and analyze. But there's 139 00:08:00,970 --> 00:08:05,230 so much coming out so quickly right now that you need to have 140 00:08:05,230 --> 00:08:06,730 that filter trained pretty well. 141 00:08:08,260 --> 00:08:10,780 Anna Delaney: Tony, would love your input on the longer term 142 00:08:10,840 --> 00:08:12,490 effects on cybersecurity. 143 00:08:13,060 --> 00:08:15,340 Tony Morbin: Yeah, sure. I mean, exactly. As you said, you know, 144 00:08:15,340 --> 00:08:19,510 we've not really seen the worldwide cyberattacks that were 145 00:08:19,510 --> 00:08:23,260 first predicted. And while there is obviously still time to see 146 00:08:23,260 --> 00:08:27,460 that happen, or a post war cyber retaliation for the economic 147 00:08:27,460 --> 00:08:31,240 damage that sanctions inflict on Russia's economy. Even if those 148 00:08:31,240 --> 00:08:34,330 don't materialize, we are likely to see longer term effects from 149 00:08:34,390 --> 00:08:37,630 the Ukraine conflict on both cyberspace and cybersecurity 150 00:08:37,630 --> 00:08:43,060 generally. Now, the global Internet domain nonprofit, 151 00:08:43,090 --> 00:08:45,820 ICANN, confirmed on Tuesday that it received a letter from the 152 00:08:45,820 --> 00:08:49,000 Ukrainian government asking it to remove Russian domains from 153 00:08:49,000 --> 00:08:52,990 the global web. Now whoever that caused, hid it or not, and if 154 00:08:52,990 --> 00:08:56,410 the current regime stays in place, Russia and probably China 155 00:08:56,410 --> 00:08:59,620 too, are likely to want to increase their separation from 156 00:08:59,620 --> 00:09:02,950 the global Internet and build their own alternatives, as 157 00:09:02,950 --> 00:09:06,040 they've been doing already with social media alternatives. So 158 00:09:06,040 --> 00:09:08,680 we're likely to see further balkanization of the internet 159 00:09:08,680 --> 00:09:12,880 following the war. Secondly, we've got Microsoft reporting, 160 00:09:13,060 --> 00:09:16,000 identifying and mitigating new malware that was targeting 161 00:09:16,000 --> 00:09:19,300 Ukraine within three hours. Now Microsoft saying it achieved 162 00:09:19,300 --> 00:09:22,630 this by increasing the baseline security features on Windows 163 00:09:22,630 --> 00:09:26,830 PCs, with Windows 11 System Requirements mandating support 164 00:09:26,830 --> 00:09:30,520 for previously optional security features. So I'd suggest we can 165 00:09:30,520 --> 00:09:33,820 expect to see security features increasingly mandated or 166 00:09:33,820 --> 00:09:38,380 supplied as default by providers themselves in IT products. It's 167 00:09:38,380 --> 00:09:42,490 also reported that Russian cyber threats spurred the Senate on to 168 00:09:42,490 --> 00:09:46,540 action on the hacking reporting bills and in the US, there's now 169 00:09:46,540 --> 00:09:50,290 calls for the legislation to be passed by unanimous consent to 170 00:09:50,320 --> 00:09:54,370 get patted down as soon as Tuesday. Not really related to 171 00:09:54,370 --> 00:09:56,830 the war, but India is actually looking at introducing stricter 172 00:09:56,830 --> 00:09:59,950 breach reporting this summer, and I think we can expect to see 173 00:10:00,340 --> 00:10:03,940 breach reporting regulations become more common globally. Now 174 00:10:03,940 --> 00:10:08,080 that it's actually a national security issue and not just a 175 00:10:08,080 --> 00:10:13,570 personal privacy issue. Another report from Microsoft on Monday 176 00:10:13,570 --> 00:10:17,020 was that in the hours leading up to the invasion, it detected a 177 00:10:17,020 --> 00:10:20,410 new form of offensive and disruptive software targeting 178 00:10:20,410 --> 00:10:23,650 Ukrainian institutions. And it was suggesting that the 179 00:10:23,680 --> 00:10:27,430 cyberattacks tied to the war in Ukraine could potentially be 180 00:10:27,430 --> 00:10:31,750 considered war crimes under international law. I would 181 00:10:31,780 --> 00:10:34,660 suggest that we're going to see increasing calls for Geneva 182 00:10:34,660 --> 00:10:37,750 Convention on the use of cyber attacks to make the rules 183 00:10:37,750 --> 00:10:41,200 clearer and agreed with the Tallinn manual the likely basis 184 00:10:41,200 --> 00:10:44,320 because there isn't really an agreed international basis and 185 00:10:44,380 --> 00:10:49,720 there really needs to be. We long suspected Russians use 186 00:10:49,720 --> 00:10:53,890 cyber criminals to conduct cyber offensive operations. As I'm 187 00:10:53,890 --> 00:10:58,390 sure, Rashmi may well cover, discussing Conti. The papers 188 00:10:58,390 --> 00:11:03,160 leaked show that the FSB actually tasked Conti to target 189 00:11:03,190 --> 00:11:06,610 a Bellingcat contributor to steal information over the 190 00:11:06,610 --> 00:11:12,310 poisoning of opposition figure, Navalny. Moves to use state 191 00:11:12,310 --> 00:11:15,130 resources against cyber criminals are vindicated now, 192 00:11:15,130 --> 00:11:18,460 because we've seen that, you know, the cyber mercenaries are 193 00:11:18,460 --> 00:11:21,700 actually being used, it's official. So how do we respond? 194 00:11:21,730 --> 00:11:24,640 We're going to need to decide. Do we outlaw it or what do we 195 00:11:24,640 --> 00:11:30,610 do? Another really difficult issue to even discuss because 196 00:11:30,970 --> 00:11:35,770 it's so controversial, both sides in the Ukraine invasion, 197 00:11:35,890 --> 00:11:38,560 have called upon freelance hackers to assist in their 198 00:11:38,560 --> 00:11:43,570 offensive cyber attacks. It's entirely understandable. And if 199 00:11:43,570 --> 00:11:46,360 you're within the conflict zone, who wouldn't use whatever means 200 00:11:46,360 --> 00:11:50,230 you can to defend yourself. But the wider implication for those 201 00:11:50,230 --> 00:11:53,830 who are not directly affected is potentially to encourage cyber 202 00:11:53,830 --> 00:11:57,040 attacks against those who disagree with. There are likely 203 00:11:57,040 --> 00:12:01,690 to be unintended consequences if we go down that road. And I 204 00:12:01,690 --> 00:12:04,720 suspect we may struggle to put this genie back in its bottle 205 00:12:04,750 --> 00:12:05,920 after the war's over. 206 00:12:06,370 --> 00:12:08,110 Tom Field: If I may add that there are three things that you 207 00:12:08,110 --> 00:12:11,200 said that really jumped out to me. One is that we're seeing 208 00:12:11,740 --> 00:12:15,730 governments sanction cyber activity and activists now, 209 00:12:15,730 --> 00:12:18,700 that's something we haven't seen in conflict before, not overtly. 210 00:12:19,330 --> 00:12:24,430 That we have got hacktivists that are becoming involved in 211 00:12:24,430 --> 00:12:28,540 being used as an underground army. These are, you know, this 212 00:12:28,540 --> 00:12:32,230 is what we saw in Paris in World War II, but was cyber tools, 213 00:12:32,230 --> 00:12:35,620 your underground resistance. And as you point out, you've got the 214 00:12:35,620 --> 00:12:38,830 hacktivist groups such as Anonymous getting involved, and 215 00:12:38,830 --> 00:12:43,570 many of us in Western countries, may philosophically support 216 00:12:44,140 --> 00:12:47,980 that, you know, Anonymous is going after and is fighting back 217 00:12:47,980 --> 00:12:51,520 against a bully. But what happens if that bully is your 218 00:12:51,520 --> 00:12:55,150 own government that has raised taxes, which is something that 219 00:12:55,480 --> 00:12:59,530 the activists philosophically disagree with? These are 220 00:12:59,560 --> 00:13:02,950 circumstances that raise questions we haven't had to 221 00:13:02,950 --> 00:13:05,650 answer before. It's historic times. 222 00:13:06,430 --> 00:13:09,520 Tony Morbin: I think so many people will jump in to help 223 00:13:09,550 --> 00:13:13,240 people like Anonymous, or potentially on the Russian side, 224 00:13:13,420 --> 00:13:15,910 you know, to help the Russian government. People who were not 225 00:13:15,910 --> 00:13:20,890 previously involved in, say, hactivism. And that's what I'm 226 00:13:20,890 --> 00:13:23,020 saying about the genie's out of the bottle. If they start 227 00:13:23,020 --> 00:13:26,560 getting involved, will they then want to use the same tools for 228 00:13:26,560 --> 00:13:27,910 other causes that they have, 229 00:13:28,630 --> 00:13:31,360 Anna Delaney: It could get very messy. Rashmi, I know you're 230 00:13:31,360 --> 00:13:34,510 going to talk about ContI. And Conti is part of this equation 231 00:13:34,510 --> 00:13:35,830 as well. So tell us more. 232 00:13:36,650 --> 00:13:38,390 Rashmi Ramesh: Right. So, there's been a lot of 233 00:13:38,390 --> 00:13:42,290 interesting stuff going on with the ransomware gang. And like I 234 00:13:42,290 --> 00:13:45,020 said, it does have a link to the Russia Ukraine situation as 235 00:13:45,020 --> 00:13:49,550 well. So I'll just start with the latest. So on Monday, a 236 00:13:49,550 --> 00:13:52,940 Ukrainian cybersecurity researcher released about 13 237 00:13:52,940 --> 00:13:57,650 months of sensitive data, you know, starting Jan 2021. So that 238 00:13:57,650 --> 00:14:01,370 came from the internal systems of Conti ransomware gang. So now 239 00:14:01,370 --> 00:14:05,330 this data included Bitcoin addresses, it had IP addresses, 240 00:14:05,330 --> 00:14:08,330 it had, you know, infrastructure data associated with the gang. 241 00:14:08,600 --> 00:14:11,780 But it also offered a glimpse into the workings of the 242 00:14:11,780 --> 00:14:15,980 criminal enterprise, you know, complete with like internal chat 243 00:14:16,640 --> 00:14:20,810 among its like 100 plus employees, details on 244 00:14:20,810 --> 00:14:24,350 negotiations between ransomware victims and the Conti attackers, 245 00:14:24,680 --> 00:14:29,360 and also how it dealt with its own internal breaches. So this 246 00:14:29,360 --> 00:14:37,130 will, of course, be incredibly useful to track the gang as well 247 00:14:37,130 --> 00:14:41,270 as affiliates who use its malware. And another implication 248 00:14:41,270 --> 00:14:45,410 of this based on, you know, something that experts told our 249 00:14:45,410 --> 00:14:48,320 Executive Editor Jeremy Kirk, who actually got the scoop on 250 00:14:48,320 --> 00:14:54,800 the story is that other threat actors may lose trust in a gang 251 00:14:54,830 --> 00:14:57,890 that had its infrastructure infiltrated by cybersecurity 252 00:14:57,890 --> 00:15:02,150 researchers. So this may also make it a little difficult for 253 00:15:02,150 --> 00:15:05,720 Conti to continue its operations, they told him. Now 254 00:15:05,720 --> 00:15:09,650 this whole thing happened after the ransomware group published a 255 00:15:09,650 --> 00:15:14,420 post supporting Russia and its war against Ukraine. So it said 256 00:15:14,420 --> 00:15:17,420 that it fully supported the Russian government to a point 257 00:15:17,420 --> 00:15:19,970 where, you know, if anyone attacked Russia, the group would 258 00:15:19,970 --> 00:15:22,880 strike back at their critical infrastructures. So this 259 00:15:22,880 --> 00:15:27,260 happened last Friday. By Monday, however, this post was gone to 260 00:15:27,260 --> 00:15:31,640 be replaced by another post that more or less said the same 261 00:15:31,640 --> 00:15:35,360 thing, but slightly more diplomatically. So it just said 262 00:15:35,360 --> 00:15:38,660 that, you know, we don't ally with any government, and we 263 00:15:38,660 --> 00:15:42,380 condemn the ongoing war. But if you really go by Conti's 264 00:15:42,380 --> 00:15:46,490 history, it doesn't really care who its victims are or how the 265 00:15:46,490 --> 00:15:50,090 attack might affect them. I mean, a lot of ransomware actors 266 00:15:50,090 --> 00:15:52,220 have also claimed that they won't really go after health 267 00:15:52,220 --> 00:15:55,490 care. But, I mean, how trustworthy are the promises of 268 00:15:55,520 --> 00:16:00,560 extortionists really? So I mean, for example, take the report by 269 00:16:00,560 --> 00:16:03,320 cybersecurity from Sophos that was released on Monday. 270 00:16:03,620 --> 00:16:07,670 Apparently two ransomware actors, Conti, and another one 271 00:16:07,670 --> 00:16:12,230 called Karma, exploited a vulnerability that was unpatched 272 00:16:12,230 --> 00:16:15,440 for a year in a Canadian healthcare organization. And 273 00:16:15,470 --> 00:16:20,120 they did it simultaneously. So while Karma stole the data and 274 00:16:20,120 --> 00:16:23,180 dropped a ransomware note, essentially saying that it do 275 00:16:23,180 --> 00:16:27,200 not do more, because this was a healthcare organization. Sean 276 00:16:27,200 --> 00:16:30,740 Gallagher, who wrote the Sophos report, said that Conti went in 277 00:16:30,740 --> 00:16:34,910 and encrypted everything after, including the first gang's note. 278 00:16:35,330 --> 00:16:39,680 So it's quite an interesting read, to be honest. And I just 279 00:16:39,680 --> 00:16:42,320 feel like we could chat about any ransomware gang for that 280 00:16:42,320 --> 00:16:46,580 matter for hours on end. But I don't really think you would 281 00:16:46,610 --> 00:16:48,680 take that too kindly, would you, Anna? 282 00:16:50,210 --> 00:16:52,430 Anna Delaney: I don't mind. I'm sure you've got other things to 283 00:16:52,430 --> 00:16:55,280 do, like, you know, as it's your birthday. But going back to 284 00:16:55,280 --> 00:17:01,190 Conti, how damaging, how harmful are these leaks in reality 285 00:17:01,190 --> 00:17:06,050 because Conti has been so successful to date, unlike other 286 00:17:06,050 --> 00:17:08,990 ransomware groups who have had to disappear and rebrand. 287 00:17:10,360 --> 00:17:16,600 Rashmi Ramesh: Yeah, so like Jeremy, you know, quoted in his 288 00:17:16,600 --> 00:17:22,390 story, it's sort of divided about how this leak will affect 289 00:17:22,390 --> 00:17:24,790 the gang at all. Like some say that, you know, will really 290 00:17:24,790 --> 00:17:28,900 impact their operations. But others are like, oh, you know, 291 00:17:28,900 --> 00:17:32,680 it had operation difficulties in the past and, you know, similar 292 00:17:32,680 --> 00:17:35,740 incidents have happened, and it's really going to affect how 293 00:17:35,740 --> 00:17:39,310 they operate, and they always bounce back. So it's a little 294 00:17:39,340 --> 00:17:41,950 difficult to say at the moment, but you know, like everything 295 00:17:41,950 --> 00:17:43,870 else, we just have to wait and watch, I suppose. 296 00:17:44,230 --> 00:17:45,940 Tom Field: Just to support what Rashmi says, this is what the 297 00:17:45,940 --> 00:17:48,970 mythological Hydra. You cut off the head and two more take its 298 00:17:48,970 --> 00:17:53,290 place. So the people behind Conti, maybe they won't use the 299 00:17:53,290 --> 00:17:57,190 same name, they'll move on and go elsewhere. This business is 300 00:17:57,190 --> 00:18:02,500 too lucrative for them to get out of it. And nothing has been 301 00:18:02,500 --> 00:18:06,850 done to, to change that proposition for them. There's 302 00:18:06,850 --> 00:18:09,610 too much at stake here. I do find it interesting, though, 303 00:18:09,610 --> 00:18:12,370 that the ransomware attackers haven't learned anything from 304 00:18:12,370 --> 00:18:14,620 their targets. And they're keeping all this information 305 00:18:14,830 --> 00:18:17,800 close at hand where it can be accessed by somebody that wants 306 00:18:17,800 --> 00:18:17,920 it. 307 00:18:19,300 --> 00:18:21,880 Anna Delaney: Interesting to see if other ransomware groups come 308 00:18:21,880 --> 00:18:27,880 out in support of Russia. That time will tell. But as a last 309 00:18:27,880 --> 00:18:31,960 question, as we are approaching International Women's Day, who 310 00:18:31,960 --> 00:18:35,740 is an inspirational woman doing great things in the industry? 311 00:18:36,700 --> 00:18:39,910 Tom Field: Oh, I've got a strong candidate there. And I'm a big 312 00:18:39,910 --> 00:18:44,140 fan of Dawn Cappelli. She has just retired as the Global CISO 313 00:18:44,140 --> 00:18:48,010 of Rockwell Automation. And she came to that company some years 314 00:18:48,010 --> 00:18:51,790 ago, first to build their insider threat program. Now she 315 00:18:51,790 --> 00:18:55,540 came directly from Carnegie Mellon University, where she was 316 00:18:55,540 --> 00:19:00,370 in the CERT of the Software Engineering Institute, where she 317 00:19:00,370 --> 00:19:04,360 did head up the insider threat research program there. And she 318 00:19:04,360 --> 00:19:08,680 has been a force in the field for many, many years now. I 319 00:19:08,680 --> 00:19:12,850 think she is a smart, kind, gentle woman who has got 320 00:19:12,880 --> 00:19:18,760 enormous insight into threats and threat actors and controls 321 00:19:18,760 --> 00:19:22,480 and she has been a huge part of the industry and has shared her 322 00:19:22,480 --> 00:19:26,440 knowledge and has worked hard to bring more people, especially 323 00:19:26,440 --> 00:19:30,010 women into the field. She has been a leader and a guiding 324 00:19:30,010 --> 00:19:33,310 force and I know she's going to continue to stay involved even 325 00:19:33,310 --> 00:19:36,670 though formally she has retired. She's at the top of my list. 326 00:19:36,820 --> 00:19:37,570 Dawn Cappelli. 327 00:19:38,410 --> 00:19:40,270 Anna Delaney: Tom, brilliant interview you conducted with 328 00:19:40,270 --> 00:19:40,600 her. 329 00:19:41,350 --> 00:19:42,580 Tom Field: Many times over the years. 330 00:19:42,660 --> 00:19:45,420 Anna Delaney: Yeah. That was great though. That particular 331 00:19:45,510 --> 00:19:48,810 interview is worth watching. I think she said she was in her 332 00:19:48,810 --> 00:19:51,510 pajamas all weekend. Just on it. 333 00:19:52,920 --> 00:19:56,000 Tom Field: This is actually the thing she tells me secretly. 334 00:19:56,063 --> 00:19:59,709 This is the big difference. Retirement to her doesn't mean 335 00:19:59,772 --> 00:20:03,041 that she stops working. Retirement means she doesn't 336 00:20:03,104 --> 00:20:05,430 have to set the alarm in the morning. 337 00:20:05,410 --> 00:20:06,100 Anna Delaney: Tony? 338 00:20:07,350 --> 00:20:11,070 Tony Morbin: Well, here in the UK I'm quite fortunate to know a 339 00:20:11,070 --> 00:20:14,880 lot of prominent women in cybersecurity. And they range 340 00:20:14,880 --> 00:20:17,430 across, you know, evangelists for women in cyber, like Jane 341 00:20:17,430 --> 00:20:21,000 Frankland to our head of National Cybersecurity, Lindy 342 00:20:21,000 --> 00:20:28,080 Cameron. CISOs like Becky Pinkard; Eliza-May Austen, 343 00:20:28,080 --> 00:20:31,560 Founder of the Ladies London Hacking Society; or vendors like 344 00:20:31,830 --> 00:20:36,030 Sian John, Chief Security Advisor, EMEA, at Microsoft, and 345 00:20:36,060 --> 00:20:38,640 a lot of other women, who I'm apologizing for not mentioning 346 00:20:38,640 --> 00:20:42,240 you. But the person who I will actually pick is a Canadian: 347 00:20:42,750 --> 00:20:46,200 Bonnie Butlin, who created and promoted women of influence 348 00:20:46,500 --> 00:20:50,250 around the world. And they serve to increase the visibility of 349 00:20:50,250 --> 00:20:53,550 women doing great things in cyber, and acting as an 350 00:20:53,550 --> 00:20:57,960 inspiration for others. So I'm picking Bonnie not so much for 351 00:20:57,960 --> 00:21:00,900 herself, but what she's done to promote the other women doing 352 00:21:00,900 --> 00:21:01,860 really great stuff. 353 00:21:02,890 --> 00:21:04,510 Anna Delaney: Excellent. And Rashmi? 354 00:21:05,980 --> 00:21:08,020 Rashmi Ramesh: It's interesting that Tony mentioned Jane 355 00:21:08,020 --> 00:21:13,090 Frankland because that's who I picked. So Jane Frankland has 356 00:21:13,090 --> 00:21:17,080 spent over two decades in cybersecurity. She has been 357 00:21:17,080 --> 00:21:20,440 named a UNESCO trailblazing woman in tech. She founded her 358 00:21:20,440 --> 00:21:27,400 own hacking firm. And she has really helped companies figure 359 00:21:27,400 --> 00:21:31,060 out why women leave the workforce and help them 360 00:21:31,060 --> 00:21:34,600 diversify their workforce as well. And she's author of a 361 00:21:34,600 --> 00:21:39,340 book. And she's also the founder of a movement called IN 362 00:21:39,340 --> 00:21:43,060 Security, both of which talk about why the failure to attract 363 00:21:43,060 --> 00:21:45,850 and retain women in cybersecurity is making us all 364 00:21:45,850 --> 00:21:46,660 less safe. 365 00:21:47,860 --> 00:21:50,620 Anna Delaney: It is interesting how the heads of both the UK and 366 00:21:51,010 --> 00:21:54,910 US cybersecurity centers are female. Can't imagine that 367 00:21:54,910 --> 00:21:57,910 happening, say 50 years ago. Well, there are, as you say, so 368 00:21:57,910 --> 00:22:00,850 many brilliant leaders out there. I'm going to nominate Dr. 369 00:22:00,850 --> 00:22:04,360 Victoria Baines. She is a speaker and academic and author 370 00:22:04,600 --> 00:22:08,950 on all things cyber and a former Facebook and Europol employee. 371 00:22:09,400 --> 00:22:12,760 And according to her Twitter bio, a wizard in cyber-related 372 00:22:12,760 --> 00:22:16,330 thought, and that is not an exaggeration. That is definitely 373 00:22:16,330 --> 00:22:20,350 the truth there. She's worth following for her insight. But I 374 00:22:20,350 --> 00:22:24,580 think it's also worth bearing in mind, you know, the situation at 375 00:22:24,580 --> 00:22:27,460 the moment, thinking of all those women with their children, 376 00:22:27,460 --> 00:22:33,010 perhaps having to leave Ukraine and flee the war, and leave 377 00:22:33,010 --> 00:22:36,910 behind husbands, fathers, even grandfathers who have been told 378 00:22:36,910 --> 00:22:39,760 to pick up weapons and defend their homeland. So that must 379 00:22:39,760 --> 00:22:42,700 require the utmost strength and courage. 380 00:22:43,390 --> 00:22:45,520 Tom Field: Heartbreaking, Anna. As a world, we should be beyond 381 00:22:45,520 --> 00:22:45,910 this. 382 00:22:46,240 --> 00:22:46,570 Anna Delaney: Yeah. 383 00:22:47,440 --> 00:22:49,120 Tony Morbin: And it's really unfortunate, but some of the 384 00:22:49,120 --> 00:22:51,160 women are also finding themselves in a position where 385 00:22:51,160 --> 00:22:52,750 they're picking up guns as well. 386 00:22:53,290 --> 00:22:55,450 Anna Delaney: Yeah. And journalists remaining on the 387 00:22:55,450 --> 00:22:59,890 ground as well. So yes, well, it has been very, very busy week 388 00:22:59,890 --> 00:23:03,700 and I know perhaps, week ahead, but thank you very much for 389 00:23:03,700 --> 00:23:05,440 taking the time and speaking to me. 390 00:23:05,920 --> 00:23:06,850 Tom Field: Thanks for the opportunity. 391 00:23:07,300 --> 00:23:08,530 Rashmi Ramesh: Thanks for having us, Anna. 392 00:23:08,530 --> 00:23:08,980 Tony Morbin: Thank tou. 393 00:23:09,030 --> 00:23:10,800 Anna Delaney: Take care, everyone. And thanks so much for 394 00:23:10,800 --> 00:23:12,270 watching. Until next time,