WEBVTT 1 00:00:00.000 --> 00:00:02.550 Anna Delaney: Hi. Thanks for joining us at the ISMG Editors' 2 00:00:02.550 --> 00:00:06.150 Panel. I'm Anna Delaney and this is where ISMG editors meet on a 3 00:00:06.150 --> 00:00:09.300 weekly basis to share their thoughts and insights on the top 4 00:00:09.300 --> 00:00:13.110 stories, interviews and industry trends. Really pleased to be 5 00:00:13.110 --> 00:00:16.350 joined today by our senior vice president of editorial Tom 6 00:00:16.350 --> 00:00:19.050 Field, Mathew Schwartz, executive editor of 7 00:00:19.050 --> 00:00:22.260 DataBreachToday and Europe, and Michael Novinson, managing 8 00:00:22.260 --> 00:00:25.530 editor for ISMG business. Excellent to see you all. 9 00:00:25.710 --> 00:00:27.450 Episode 97. Can you believe? 10 00:00:27.780 --> 00:00:29.040 Tom Field: We're close to 100, aren't we? 11 00:00:29.280 --> 00:00:32.940 Anna Delaney: Getting there. Tom, you got a beautiful scene 12 00:00:32.940 --> 00:00:37.230 behind us. It is almost like a Japanese piece of artwork. Tell 13 00:00:37.230 --> 00:00:37.350 us. 14 00:00:37.710 --> 00:00:39.210 Tom Field: This actually was when we were leaving dinner a 15 00:00:39.210 --> 00:00:42.420 couple of weeks ago during a snowstorm and walking, that was 16 00:00:42.420 --> 00:00:49.380 an old Revolutionary era in with a tavern and walking from the 17 00:00:49.380 --> 00:00:53.130 old building through the snow to a lower parking lot. Looking up 18 00:00:53.430 --> 00:00:55.650 and seeing the full moon up through the tree is just saying, 19 00:00:56.430 --> 00:01:01.110 "this is a moment." Yes, because this is the 97th panel, also 20 00:01:01.110 --> 00:01:02.970 thinking this is the background. 21 00:01:04.580 --> 00:01:08.660 Anna Delaney: Very well plan there. Michael, is that in your house? 22 00:01:08.000 --> 00:01:11.630 Michael Novinson: That house does not have quite this high 23 00:01:11.630 --> 00:01:15.740 ceilings. But this is actually the Providence Athenaeum. It is 24 00:01:15.740 --> 00:01:18.560 a private subscription library predating the start of the 25 00:01:18.560 --> 00:01:23.660 public library service built back in 1836. If you're not a 26 00:01:23.660 --> 00:01:26.210 member, you're allowed to look, and you can touch, but you can't 27 00:01:26.210 --> 00:01:29.930 take anything with you. Most famous visitor there was H.P. 28 00:01:29.930 --> 00:01:31.730 Lovecraft who lived just down the street. 29 00:01:32.830 --> 00:01:36.100 Anna Delaney: So almost as many books as in Tom's house. 30 00:01:36.910 --> 00:01:37.870 Tom Field: But not as old! 31 00:01:38.710 --> 00:01:40.150 Mathew Schwartz: Fewer pentagrams because of H.P. 32 00:01:40.150 --> 00:01:41.020 Lovecraft, right? 33 00:01:42.830 --> 00:01:44.390 Anna Delaney: Mathew, you're donning your personal Postman 34 00:01:44.390 --> 00:01:44.990 Pat? 35 00:01:46.280 --> 00:01:49.220 Mathew Schwartz: Yep, here is a look into Matt's psyche. What do 36 00:01:49.220 --> 00:01:54.080 I want to be when I grow up? And the answer could be postie. Or 37 00:01:54.080 --> 00:01:56.840 it could be someone who talks about a certain ransomware 38 00:01:56.840 --> 00:02:01.610 attack that's been afflicting the United Kingdom recently. 39 00:02:02.440 --> 00:02:04.240 Anna Delaney: Well, we'll have to guess. 40 00:02:05.230 --> 00:02:06.610 Mathew Schwartz: Hold your breath, Anna. 41 00:02:08.250 --> 00:02:11.190 Anna Delaney: I am joining you from the rooftops of Beirut 42 00:02:11.220 --> 00:02:14.880 today. So I was last here, I think in 2019. It's the city 43 00:02:14.880 --> 00:02:19.560 that never sleeps. It's always fun and very beautiful. So here 44 00:02:19.560 --> 00:02:24.330 we go. Tom, take us to see Ceylon. You regularly speak with 45 00:02:24.330 --> 00:02:28.050 a range of CISOs as part of our Profiles in Leadership Series. 46 00:02:28.740 --> 00:02:30.690 What insights have you gleaned recently? 47 00:02:30.930 --> 00:02:33.510 Tom Field: Like the CISO land, like it's a cable subscription 48 00:02:33.510 --> 00:02:37.560 network. You can watch past interviews with CISOs on a 24/7 49 00:02:37.560 --> 00:02:42.390 basis. As you know, we all get the opportunity to participate 50 00:02:42.390 --> 00:02:45.120 in these Profiles in Leadership and it's a chance to sit down 51 00:02:45.120 --> 00:02:49.440 with individual CISOs. They're part of ISMG's CyberEdBoard 52 00:02:49.440 --> 00:02:53.610 community. This is our CISO club, our global CISO 53 00:02:53.640 --> 00:02:58.440 association. These people become advisors to us, they participate 54 00:02:58.440 --> 00:03:01.890 in our programs, they participate in our events. And 55 00:03:01.890 --> 00:03:04.950 when we get the opportunity to sit down and have conversations, 56 00:03:05.130 --> 00:03:10.140 it's a rare chance to really get into the CISO's mindset and find 57 00:03:10.140 --> 00:03:13.020 out what are the challenges that mean the most? What are the 58 00:03:13.020 --> 00:03:16.470 threats of greatest concern? What have been their biggest 59 00:03:16.470 --> 00:03:19.050 leadership challenges and what do they want to pass on to a new 60 00:03:19.050 --> 00:03:22.110 generation. So I embrace these, I love doing these. I had the 61 00:03:22.110 --> 00:03:27.270 chance recently to sit down with Aleksandr Zhuk. He is the CISO 62 00:03:27.540 --> 00:03:30.990 of sFOX, which is a crypto broker. Now interesting enough, 63 00:03:31.440 --> 00:03:38.130 Aleksandr isn't an older CISO, seasoned in his career. He likes 64 00:03:38.130 --> 00:03:41.940 to work in the startup community because he enjoys the energy 65 00:03:42.030 --> 00:03:45.330 that comes with startups. And in the middle of our conversation, 66 00:03:45.540 --> 00:03:50.070 he made the comment to me that as a CISO in these startup 67 00:03:50.070 --> 00:03:55.380 organizations, he feels like the first family doctor coming to a 68 00:03:55.380 --> 00:03:59.220 small village and I said "Look, all the CISO interviews I've 69 00:03:59.220 --> 00:04:02.670 done over the past decade or so, no one has ever said that they 70 00:04:02.670 --> 00:04:05.220 feel like the first family doctor of village. Please 71 00:04:05.220 --> 00:04:08.610 explain that." And he did and I want to share with you what he 72 00:04:10.110 --> 00:04:12.880 Aleksandr Zhuk: Especially when I begin my job at a different 73 00:04:10.920 --> 00:05:08.820 had to say about that. 74 00:04:12.942 --> 00:04:16.760 company, I start fresh. This is when company fundamentally has 75 00:04:16.821 --> 00:04:20.639 matured enough or have realized that they need to bring us in, 76 00:04:20.701 --> 00:04:24.149 so think about the village growing up enough to realize, 77 00:04:24.211 --> 00:04:27.782 "okay, we can afford and should bring in a family doctor." 78 00:04:27.844 --> 00:04:31.600 Again, they are not looking for somebody who will come in and 79 00:04:31.662 --> 00:04:35.295 stop everybody at their track and clap. "Stop at that. Stop 80 00:04:35.356 --> 00:04:39.051 doing what you're doing. Drop everything. Listen to me." No, 81 00:04:39.113 --> 00:04:42.499 that's not how it works. They look for a family doctor, 82 00:04:42.561 --> 00:04:46.440 somebody who comes in, who puts up a shingle, opened an office, 83 00:04:46.502 --> 00:04:50.012 and starts nurturing the community one by one. What keeps 84 00:04:50.073 --> 00:04:54.076 you up at night? What brings you joy? What are some of the things 85 00:04:54.138 --> 00:04:57.894 that concern you? And while you have these conversations with 86 00:04:57.955 --> 00:05:01.404 every stakeholder, look around. It's literally like that 87 00:05:01.465 --> 00:05:04.975 physical that a good doctor would do. As they talk to the 88 00:05:05.037 --> 00:05:08.424 person, they will look, "Oh, look at this scar. That is 89 00:05:08.485 --> 00:05:12.241 bleeding. I need to fix this. Oh, look at this rash. This may 90 00:05:09.560 --> 00:05:25.880 Tom Field: Kind of refreshing though, like he could have come 91 00:05:12.303 --> 00:05:16.121 be something worth evaluating." On the other hand, "Hey, maybe 92 00:05:16.182 --> 00:05:19.815 all of this is yes, it's not as bulletproof, but it's good. 93 00:05:19.877 --> 00:05:23.387 We're going to give some vitamins to that person and keep 94 00:05:23.448 --> 00:05:23.880 going." 95 00:05:25.880 --> 00:05:29.120 to me and said, "I feel like a mercenary carpetbagger." Even a 96 00:05:29.120 --> 00:05:33.200 hitman is enough. I can mean like a family doctor. I thought 97 00:05:33.200 --> 00:05:36.500 that was a nice image to convey. I just enjoyed the conversation 98 00:05:36.500 --> 00:05:38.180 and look forward to being able to share this with the greater 99 00:05:38.180 --> 00:05:38.690 community. 100 00:05:39.320 --> 00:05:40.910 Anna Delaney: Yeah, and I suppose that highlights the 101 00:05:41.600 --> 00:05:47.990 compassionate collaborative role of the CISO as well. Fantastic. 102 00:05:47.990 --> 00:05:49.550 Well, we look forward to watching the interview. I don't 103 00:05:49.550 --> 00:05:50.600 think it's on the sites yet. 104 00:05:51.200 --> 00:05:52.490 Tom Field: But it will be shortly. I look forward to 105 00:05:52.490 --> 00:05:54.830 sharing with everybody, and many more to come as you know. 106 00:05:55.140 --> 00:05:58.980 Anna Delaney: Fantastic. Okay, Mathew, you've written a couple 107 00:05:58.980 --> 00:06:01.530 of pieces in the past week about a ransomware attack, which 108 00:06:01.530 --> 00:06:05.490 targeted our very own British Postal Service, the Royal Mail. 109 00:06:05.820 --> 00:06:09.150 And for those of you who don't know, the Royal Mail is already 110 00:06:09.150 --> 00:06:11.820 in our bad books and the service has also been impacted by 111 00:06:11.820 --> 00:06:15.360 various strike action by postal workers over the weeks leading 112 00:06:15.360 --> 00:06:18.240 up to Christmas. So it's definitely had its fair share of 113 00:06:18.240 --> 00:06:21.810 disruption lately. Tell us about this attack, and how it all 114 00:06:21.810 --> 00:06:23.400 unfolded, because there are a few twists. 115 00:06:24.710 --> 00:06:27.142 Mathew Schwartz: Yes, definitely. I know. It's a very 116 00:06:27.209 --> 00:06:31.128 British story. I was thinking on the heels of Tom's family 117 00:06:31.196 --> 00:06:35.115 doctor, all cybersecurity creatures - great and small. And 118 00:06:35.182 --> 00:06:39.439 we've got this beautiful British - probably European actually - 119 00:06:39.507 --> 00:06:43.155 but in this case, it's definitely a British van behind 120 00:06:43.223 --> 00:06:47.547 us, which if you've been in the United Kingdom, the four nations 121 00:06:47.615 --> 00:06:51.331 that comprise it, you'll recognize as your local postal 122 00:06:51.398 --> 00:06:55.452 carriers method of transport. Well, the transport's working. 123 00:06:55.520 --> 00:06:59.574 What isn't working so well is anyone's ability in Britain to 124 00:06:59.641 --> 00:07:03.898 post anything abroad - letters and parcels. Now, in what's been 125 00:07:03.966 --> 00:07:08.222 more than a week of disruptions remain interrupted. Royal Mail, 126 00:07:08.290 --> 00:07:12.276 which is our post office, has urged anyone who's in Britain 127 00:07:12.344 --> 00:07:16.398 not to try to send anything abroad. They're saying, "Keep it 128 00:07:16.466 --> 00:07:20.722 at home. Please, don't put it in a post box, don't take it to a 129 00:07:20.790 --> 00:07:24.911 post office, because things are going to get so backed up. We 130 00:07:24.979 --> 00:07:28.763 don't know how we're going to dig ourselves out." So, as 131 00:07:28.830 --> 00:07:33.019 you've mentioned, there was some industrial action, there were 132 00:07:33.087 --> 00:07:36.465 some strikes that happened throughout December and 133 00:07:36.533 --> 00:07:40.654 Christmas cards, for example, some were still arriving in the 134 00:07:40.722 --> 00:07:44.573 early weeks of January, really slowed things down. So the 135 00:07:44.641 --> 00:07:48.695 postal workers are striking for higher wages, as Britain has 136 00:07:48.762 --> 00:07:52.479 been beset by in a crazy cost-of-living crisis. We have 137 00:07:52.546 --> 00:07:56.060 that. Now, we have this ransomware attack, which has 138 00:07:56.127 --> 00:07:59.911 only technically been described by Royal Mail as a cyber 139 00:07:59.978 --> 00:08:03.965 incident. But, of course, cyber incidents these days are so 140 00:08:04.032 --> 00:08:07.951 often - another way to say "we got hit by ransomware." And 141 00:08:08.019 --> 00:08:11.938 there's been extensive reporting that the note that's been 142 00:08:12.005 --> 00:08:15.789 flashing up on disrupted, on unlocked systems at various 143 00:08:15.857 --> 00:08:20.248 facilities throughout Royal Mail traces to the LockBit group. The 144 00:08:20.316 --> 00:08:24.302 LockBit group initially denied this. Of course, they would, 145 00:08:24.370 --> 00:08:28.356 right? This is a little bit of an awkward hit. But then the 146 00:08:28.424 --> 00:08:32.343 leader of the group or the persona that is attached to the 147 00:08:32.410 --> 00:08:36.464 leader of the group, LockBitSupp came out and said, "Oh, you 148 00:08:36.532 --> 00:08:40.383 know, we're so busy, we have a hard time keeping track of 149 00:08:40.451 --> 00:08:44.437 everything. It turns out that one of our affiliates did hit 150 00:08:44.505 --> 00:08:48.829 Royal Mail. Isn't that too bad? So if they pay the ransom, we'll 151 00:08:48.897 --> 00:08:52.816 stop extorting them." So same old with ransomware attacks, 152 00:08:52.883 --> 00:08:56.937 disrupting something major. I think in this case, we can say 153 00:08:57.005 --> 00:09:00.586 it's a piece of the critical national infrastructure, 154 00:09:00.653 --> 00:09:04.910 although, as yet, His Majesty's government hasn't weighed in on 155 00:09:04.978 --> 00:09:09.032 this crisis. Yet. Apparently, ransomware attacks have become 156 00:09:09.099 --> 00:09:13.221 so common that when we have the emergency Cobra meetings with 157 00:09:13.288 --> 00:09:17.477 the government, I won't say more often than not, they're about 158 00:09:17.545 --> 00:09:21.667 ransomware. But many have been about ransomware, have reached 159 00:09:21.734 --> 00:09:25.991 out to Royal Mail, said what's happening, no response yet. It's 160 00:09:26.058 --> 00:09:29.910 not clear when they might get systems restored. So people 161 00:09:29.977 --> 00:09:34.302 might say, "Postal Service. Who uses that these days, especially 162 00:09:34.369 --> 00:09:37.883 to send things abroad?" Unfortunately, this seems to 163 00:09:37.950 --> 00:09:41.869 have had a massive impact, especially on small businesses. 164 00:09:41.937 --> 00:09:45.720 For example, there's a story in the BBC recently about a 165 00:09:45.788 --> 00:09:49.639 gentleman who sells Vinyl records and the majority of his 166 00:09:49.707 --> 00:09:54.099 sales are to overseas customers. And yes, there are other options 167 00:09:54.166 --> 00:09:57.815 for sending parcels abroad. But speaking from personal 168 00:09:57.882 --> 00:10:01.869 experience, if you want to track these things, for example, 169 00:10:01.936 --> 00:10:05.720 Britain's Royal Mail Postal Service has connections with 170 00:10:05.788 --> 00:10:09.774 other national postal services. So you can issue a tracking 171 00:10:09.842 --> 00:10:14.166 number and you and the buyer of your goods can watch the item as 172 00:10:14.233 --> 00:10:18.490 it works its way abroad - eBay, same sort of thing. If you want 173 00:10:18.558 --> 00:10:22.882 to track things, it's typically the most effective way. The most 174 00:10:22.950 --> 00:10:26.531 reliable way is to use the Postal Service. So this is 175 00:10:26.598 --> 00:10:30.720 having a big impact on people. There's no ETA from Royal Mail 176 00:10:30.787 --> 00:10:34.909 about when this situation might get resolved. And just to sum 177 00:10:34.976 --> 00:10:38.490 everything up, ransomware has been a huge disruptive 178 00:10:38.557 --> 00:10:43.220 challenge. And now that we're into 2023, doesn't seem to be changing. 179 00:10:43.000 --> 00:10:47.050 Anna Delaney: So I've got a few questions for you. So tell us a 180 00:10:47.050 --> 00:10:50.920 bit about LockBit first, and what makes them so successful, 181 00:10:50.920 --> 00:10:53.110 why they stay prolific at the moment? 182 00:10:53.990 --> 00:10:57.140 Mathew Schwartz: Yes, one of the big groups, definitely, top five 183 00:10:57.170 --> 00:11:03.260 in terms of the most known attacks that we have seen. In 184 00:11:03.260 --> 00:11:07.070 terms of attacks that we know about, LockBit's one of the top 185 00:11:07.070 --> 00:11:10.310 five groups over the past year. They've been really successful, 186 00:11:10.310 --> 00:11:13.970 because we've LockBit 2.0, also known as LockBit Red, they 187 00:11:13.970 --> 00:11:17.000 introduced a version of the ransomware that was extremely 188 00:11:17.000 --> 00:11:22.880 easy to use. So in a lot of cases, ransomware is designed 189 00:11:22.910 --> 00:11:26.210 where you don't need to be a technical expert, but LockBit 190 00:11:26.240 --> 00:11:29.090 took it to another level apparently, and just made it 191 00:11:29.090 --> 00:11:32.600 exceptionally easy to use. So anybody who might want to turn a 192 00:11:32.600 --> 00:11:35.780 criminal profit using ransomware, probably can get 193 00:11:35.780 --> 00:11:38.300 their head around this tool set. And then they've come up with 194 00:11:38.300 --> 00:11:41.960 version three, also known as LockBit Black, which apparently 195 00:11:41.960 --> 00:11:45.890 has made things even better. And then technically their 196 00:11:45.920 --> 00:11:50.330 ransomware apparently works very quickly, very effectively. So 197 00:11:50.330 --> 00:11:53.570 they've put a lot of time and effort into crafting a better, 198 00:11:53.600 --> 00:11:57.500 more automated and easy to use product, which is great for 199 00:11:57.500 --> 00:12:20.930 criminals and bad for the rest of us. 200 00:11:58.620 --> 00:12:02.109 Anna Delaney: And in terms of, you know, the seriousness of 201 00:12:02.186 --> 00:12:06.606 this, is this on the same level as comparable to Colonial 202 00:12:06.684 --> 00:12:11.491 Pipeline in the U.S., you've got Medibank in Australia? And if 203 00:12:11.569 --> 00:12:15.678 so, are we likely to see a tougher stance in terms of 204 00:12:15.756 --> 00:12:20.331 response from U.K.'s GCHQ and NCSC, as we saw from the U.S. 205 00:12:20.408 --> 00:12:22.890 and Australia in those examples? 206 00:12:22.270 --> 00:12:24.778 Mathew Schwartz: So I would imagine that if you were the 207 00:12:24.842 --> 00:12:28.701 U.K. Government and you were going to task your intelligence 208 00:12:28.765 --> 00:12:32.303 agency GCHQ to go after somebody, LockBit's now looking 209 00:12:32.367 --> 00:12:36.355 like a really good target. Is this going to have any effect? I 210 00:12:36.419 --> 00:12:39.764 don't know. LockBit was disrupted last year after it 211 00:12:39.828 --> 00:12:43.815 attempted to leak some records from one of its larger victims, 212 00:12:43.880 --> 00:12:47.481 and in return, suffered DDoS attacks, which, again, they 213 00:12:47.546 --> 00:12:51.469 disrupted LockBit's operations to some extent. Unfortunately, 214 00:12:51.533 --> 00:12:55.457 it doesn't seem to have taken a bit out of LockBit's profits. 215 00:12:55.521 --> 00:12:59.187 So, will the government talk tough? Probably. Will we see 216 00:12:59.251 --> 00:13:03.175 action? I mean, it might be top secret. So you might not know 217 00:13:03.239 --> 00:13:07.162 about it anyway. But this does get to a bigger problem, which 218 00:13:07.227 --> 00:13:10.893 is that ransomware is a big problem. And there's been the 219 00:13:10.957 --> 00:13:15.009 ransomware task force that was gathered by the White House, for 220 00:13:15.073 --> 00:13:18.803 example, which brought 30 nations together. They had their 221 00:13:18.868 --> 00:13:22.405 second meeting late last year and agreed on a number of 222 00:13:22.470 --> 00:13:25.943 strategies that they're going to try to use to disrupt 223 00:13:26.007 --> 00:13:29.544 ransomware. That's good. Hopefully, the strategies will 224 00:13:29.609 --> 00:13:33.596 have some success. But I've been reviewing a number of reports 225 00:13:33.661 --> 00:13:37.648 into 2022 ransomware trends, and the number of attacks that we 226 00:13:37.712 --> 00:13:41.700 know about didn't decline from 2021. So definitely, more needs 227 00:13:41.764 --> 00:13:45.623 to be done. There's a great essay by Ciaran Martin, who used 228 00:13:45.688 --> 00:13:49.547 to lead the NCSC, the National Cybersecurity Center, that he 229 00:13:49.611 --> 00:13:52.955 put out this week. He says ransoms are the oxygen of 230 00:13:53.020 --> 00:13:56.750 cybercrime. And if we're going to get really serious about 231 00:13:56.814 --> 00:14:00.545 stopping this, he has been proposing that we outlaw ransom 232 00:14:00.609 --> 00:14:04.661 payments, just like kidnapping. Britain outlaws paying a ransom 233 00:14:04.725 --> 00:14:08.070 if people get kidnapped, that led to fewer terrorist 234 00:14:08.134 --> 00:14:11.671 organizations and others attempting to hold the British 235 00:14:11.736 --> 00:14:15.595 government or its people to ransom using kidnapping. He says 236 00:14:15.659 --> 00:14:19.647 we've got to get tough and do the same thing with ransoms. The 237 00:14:19.711 --> 00:14:23.377 government in the U.K. hasn't outlawed paying a ransom to 238 00:14:23.441 --> 00:14:27.172 ransomware artists, actors, crime groups, but they did for 239 00:14:27.236 --> 00:14:30.773 kidnapping. Why this difference, he says. Why is it any 240 00:14:30.838 --> 00:14:34.632 different? So just because it's cyber doesn't mean it isn't 241 00:14:34.697 --> 00:14:38.620 having this massive impact as we've seen now with Royal Mail. 242 00:14:38.684 --> 00:14:42.672 So I think we're going to have some tough conversations. What, 243 00:14:42.736 --> 00:14:46.660 if anything, and when might it change? It's really not clear. 244 00:14:46.000 --> 00:14:50.470 Anna Delaney: And I, just at this point, highlight your 245 00:14:50.470 --> 00:14:54.010 fantastic interview that you conducted with researcher Jon 246 00:14:54.010 --> 00:14:58.330 DiMaggio on LockBit and their behavior and their business 247 00:14:58.330 --> 00:15:00.820 operations and he had some really interesting thoughts 248 00:15:00.820 --> 00:15:03.970 about the fact that indictments are not actually working at the 249 00:15:03.970 --> 00:15:08.560 moment, and we should think about psychology and LockBit. 250 00:15:09.370 --> 00:15:12.400 After all, they're humans. So their behavior, and how we can 251 00:15:12.400 --> 00:15:15.250 use psychology to our advantage. I mean, there's so much to 252 00:15:15.280 --> 00:15:18.520 unpack there. Could you just briefly talk on that? 253 00:15:18.000 --> 00:15:20.791 Mathew Schwartz: Yeah. So great point bring this up. Really 254 00:15:20.857 --> 00:15:24.978 fascinating, great timing for Jon to have put out this report. 255 00:15:25.044 --> 00:15:28.699 He's a former intelligence analyst. He's got experience 256 00:15:28.766 --> 00:15:32.820 infiltrating groups. And he did that with LockBit. He applied 257 00:15:32.886 --> 00:15:36.874 for a job, didn't get it, and was able to parlay that into a 258 00:15:36.940 --> 00:15:40.994 bit of a fanboy kind of persona, and got some one-on-one time 259 00:15:41.060 --> 00:15:44.782 with LockBitSupp, who he found was a very boisterous and 260 00:15:44.849 --> 00:15:48.504 probably low self-esteem individual who kept bigging up 261 00:15:48.570 --> 00:15:52.757 everything he did. And him and others, Jon says, there's a real 262 00:15:52.823 --> 00:15:56.479 opportunity there with a psychology of how these people 263 00:15:56.545 --> 00:16:00.533 operate and just the ego, and they take everything extremely 264 00:16:00.599 --> 00:16:04.653 personally. So there's a lot more detail to unpack there. But 265 00:16:04.719 --> 00:16:08.640 he says, we need to use these kinds of - what we know about 266 00:16:08.707 --> 00:16:12.628 their human behavior to sow chaos, sow doubt, infiltrate it 267 00:16:12.694 --> 00:16:16.482 like he's done, and make others suspect LockBit, turn the 268 00:16:16.549 --> 00:16:20.403 community against itself, much more than we've been doing. 269 00:16:20.470 --> 00:16:24.325 Because what we are doing, obviously, as you emphasize, as 270 00:16:24.391 --> 00:16:25.920 you note, isn't enough. 271 00:16:25.170 --> 00:16:28.453 Anna Delaney: Excellent. Well, I implore anybody watching this to 272 00:16:28.517 --> 00:16:32.702 to go check out the interview on our sites. Michael, moving on to 273 00:16:32.766 --> 00:16:36.242 business news. Now you've written about cloud security 274 00:16:36.307 --> 00:16:40.362 vendor NetSkope this week, and how it's taken on more than $400 275 00:16:40.427 --> 00:16:43.839 million in debt to further develop its SASE platform. 276 00:16:43.903 --> 00:16:46.350 Please share an overview of the story. 277 00:16:46.960 --> 00:16:50.680 Michael Novinson: Of course, and I'm happy to be here. So just to 278 00:16:50.680 --> 00:16:54.100 take a step back. If you think about the economic downturn and 279 00:16:54.100 --> 00:16:56.890 who it's affected most, it's really these late-stage startups 280 00:16:56.890 --> 00:17:00.070 folks who thought they're going to go public in 2022 or 2023. 281 00:17:00.490 --> 00:17:02.980 And now realize that they can't, and they have to come up, have 282 00:17:02.980 --> 00:17:07.630 to turn to Plan B or Plan C. So for a lot of these companies was 283 00:17:08.260 --> 00:17:11.560 workforce reductions, layoffs, we saw a lot of those among 284 00:17:11.560 --> 00:17:14.140 late-stage startups, not Netskope, but a lot of their 285 00:17:14.140 --> 00:17:16.360 peers who thought they're going to go public decided to buy some 286 00:17:16.360 --> 00:17:21.070 time by cutting cost, reducing the size of their workforce. And 287 00:17:21.070 --> 00:17:24.430 now as these folks think about, essentially, the expectation and 288 00:17:24.430 --> 00:17:27.520 downtime, that you want to have 24 months, two years of cash on 289 00:17:27.520 --> 00:17:31.240 hand, to be able to weather anything that comes your way. So 290 00:17:31.240 --> 00:17:33.940 when these folks are thinking about, IPO's not really a 291 00:17:33.940 --> 00:17:37.930 possibility in 2023, who knows in 2024. It's not clear if the 292 00:17:37.930 --> 00:17:41.020 market is going to be better. So if we can't IPO this year, and 293 00:17:41.020 --> 00:17:44.650 we can't IPO next year, what does that mean? So one of the 294 00:17:44.650 --> 00:17:47.140 challenges for these companies, I was excited when that happened 295 00:17:47.140 --> 00:17:49.450 was that a lot of these companies took in funding in 296 00:17:49.450 --> 00:17:53.920 2021, which was a fantastic year to get a really rich valuation 297 00:17:53.920 --> 00:17:56.650 because investors love these high-growth companies. They 298 00:17:56.650 --> 00:17:58.420 didn't really care about profitability, didn't care if 299 00:17:58.420 --> 00:18:02.140 you're losing money, but high growth and high valuation. Now 300 00:18:02.140 --> 00:18:04.750 they're going back to the market and the market really desperate. 301 00:18:05.410 --> 00:18:09.550 Nobody is worth as much today as they were worth in mid-2021. So 302 00:18:09.550 --> 00:18:11.890 what does that mean? So there's a couple different things that 303 00:18:11.890 --> 00:18:17.260 folks can do. One thing would be to just bite the bullet as you 304 00:18:17.260 --> 00:18:19.870 were and take out some more equity and take the valuation. 305 00:18:19.870 --> 00:18:23.110 If this is what we saw, sneak in the application security market, 306 00:18:23.230 --> 00:18:27.880 they were worth 8.5 billion in September of 2021, wanted 307 00:18:27.880 --> 00:18:31.930 another round of equity funding in November of 2022. And they 308 00:18:31.930 --> 00:18:36.970 reduced their valuation down to 7.4 billion, about 12-13% cut. 309 00:18:37.570 --> 00:18:40.810 So what that means is everybody who's invested in them after 8.5 310 00:18:40.810 --> 00:18:44.200 billion essentially, their investment is now worth 12-13% 311 00:18:44.200 --> 00:18:46.930 less. So you have to get in touch with, on-board with that. 312 00:18:47.200 --> 00:18:51.070 And it's not great for morale to have to say like, "Even though 313 00:18:51.070 --> 00:18:53.200 we've grown, we're not worth as much as we were a little over a 314 00:18:53.200 --> 00:18:56.380 year ago." The other option, the way to essentially kick the can 315 00:18:56.380 --> 00:18:58.870 down the road is of course to issue what's called convertible 316 00:18:58.870 --> 00:19:01.630 notes. They're a form of short-term debt. And 317 00:19:01.630 --> 00:19:05.230 essentially, it's just an IOU, it's a bit of a game of 318 00:19:05.230 --> 00:19:07.870 Roulette. And it says, "Hey, we're not going to worry about 319 00:19:07.870 --> 00:19:11.650 the valuation right now. But come the next equity event, then 320 00:19:11.650 --> 00:19:14.440 we'll figure out how much you're worth." So ideally, that's an 321 00:19:14.440 --> 00:19:17.860 IPO. But that could also just be another round of funding that 322 00:19:17.860 --> 00:19:20.500 could be a sale, and will determine how much your 323 00:19:20.500 --> 00:19:24.640 investment is worth once we reach that next equity event. So 324 00:19:24.640 --> 00:19:27.910 we first saw Arctic Wolf do this back in October, they had been 325 00:19:28.360 --> 00:19:32.230 valued at 5.3 billion in mid-2020. They didn't want to 326 00:19:32.530 --> 00:19:34.630 have to deal with getting a new valuation. So they went the 327 00:19:34.630 --> 00:19:38.950 convertible note route, that 401 billion led by Owl Rock and 328 00:19:38.950 --> 00:19:42.700 convertible notes, October 2022. And that is the year that most 329 00:19:42.700 --> 00:19:46.060 recently, we started Netskope a similar time. They had gotten 330 00:19:46.060 --> 00:19:50.770 the $7.5 billion valuation in July 2021. Didn't want to have 331 00:19:50.770 --> 00:19:55.060 to take that valuation hit. So they did convertible notes as 332 00:19:55.060 --> 00:19:58.210 well. Notably some pretty high profile investment banks 333 00:19:58.210 --> 00:20:01.360 involved here. Morgan Stanley was the lead investor government 334 00:20:01.360 --> 00:20:04.330 taxes involved as well along with the Ontario Teachers' 335 00:20:04.360 --> 00:20:07.300 Pension Plan, who invest in a lot of cybersecurity companies, 336 00:20:07.300 --> 00:20:10.630 some real blue chip investors here. And obviously, these folks 337 00:20:10.630 --> 00:20:13.450 are confident that when the market shakes out, and that's 338 00:20:13.480 --> 00:20:16.870 still a good company, they're a leader in the security service 339 00:20:16.870 --> 00:20:20.140 edge space. And they think that when all is said and done, then 340 00:20:20.260 --> 00:20:24.280 the company's valuation will go up. But it is interesting to see 341 00:20:24.280 --> 00:20:26.680 we've now had seen three companies have to reach this 342 00:20:26.680 --> 00:20:29.680 crossroads and decide how do we want to deal with raising more 343 00:20:29.680 --> 00:20:32.170 money. It'll be interesting, as more of these cases come up. 344 00:20:33.580 --> 00:20:35.920 Anna Delaney: And Michael, just focusing on SASE for the moment. 345 00:20:36.040 --> 00:20:39.340 Where are the market opportunities for Netskope to be 346 00:20:39.370 --> 00:20:41.080 an even bigger leader in this space? 347 00:20:41.360 --> 00:20:43.310 Michael Novinson: Absolutely. It's a fascinating market. So 348 00:20:44.330 --> 00:20:49.130 Netskope was born in this cloud access security broker space, it 349 00:20:49.130 --> 00:20:52.190 was really for many years then and Skyhigh networks who were 350 00:20:52.190 --> 00:20:56.120 then bought by McAfee, which spun them back out of Skyhigh 351 00:20:56.120 --> 00:20:58.970 Security. So those are really the two strongest companies in 352 00:20:58.970 --> 00:21:02.420 cloud access security broker. From there, Netskope built into 353 00:21:02.420 --> 00:21:06.230 the other competencies around security services, built secure 354 00:21:06.230 --> 00:21:09.950 web gateway offering to directly take on Zscaler, as well as zero 355 00:21:09.950 --> 00:21:13.340 trust network access. What's interesting about Netskope is 356 00:21:13.340 --> 00:21:15.890 that they, because there's been so much debate about single 357 00:21:15.890 --> 00:21:19.910 vendor versus multivendor SASE, they historically have been in 358 00:21:19.910 --> 00:21:22.970 that multi vendor camp, figuring that they weren't going to worry 359 00:21:22.970 --> 00:21:26.330 about the networking side, that SD-WAN side, but they did decide 360 00:21:26.480 --> 00:21:29.630 a bid last year to make an acquisition so that they can be 361 00:21:29.630 --> 00:21:32.930 a player in the single vendor SASE spaces. You have folks like 362 00:21:32.930 --> 00:21:35.570 Gartner and Palo Alto Networks really beating the drum on that. 363 00:21:35.930 --> 00:21:40.610 So they do now have SD-WAN as well. So they kind of offer that 364 00:21:40.610 --> 00:21:42.980 full package. Obviously, their strength is going to be in their 365 00:21:42.980 --> 00:21:45.680 heritage, which is really in that cloud security, that web 366 00:21:45.680 --> 00:21:49.400 security. From a competitive landscape, they've been taking 367 00:21:49.400 --> 00:21:55.490 Zscaler, had a lot of back and forth, criticisms of them, of 368 00:21:55.490 --> 00:21:58.760 one another in the press and blogs and white papers, the 369 00:21:58.760 --> 00:22:01.280 companies. What's interesting is we're seeing really a new 370 00:22:01.280 --> 00:22:04.400 entrant into this market, which is Cloudflare, which is really 371 00:22:04.400 --> 00:22:06.410 more than web application firewall space. But they've been 372 00:22:06.410 --> 00:22:08.990 very clear they want to get into the world to zero trust. And 373 00:22:08.990 --> 00:22:10.970 Cloudflare, in particular, has been very critical of how 374 00:22:10.970 --> 00:22:14.000 Zscaler does things. So clearly that two they're shooting for. 375 00:22:14.000 --> 00:22:16.670 So Netskope is definitely - Cisco was kind of the king of 376 00:22:16.670 --> 00:22:19.640 the hill, so I think they get more of the criticism, but 377 00:22:19.640 --> 00:22:22.370 Netskope definitely is going to be encountering Cloudflare more, 378 00:22:22.400 --> 00:22:25.610 because they are kind of all in on billion to this SSD market as 379 00:22:25.610 --> 00:22:25.910 well. 380 00:22:27.160 --> 00:22:28.690 Anna Delaney: Very interesting. Well, Michael, thanks for 381 00:22:28.690 --> 00:22:33.220 bringing us up to speed on this. Finally, your task is to 382 00:22:33.250 --> 00:22:37.690 commissio a composer to write the next smash hit song or aria 383 00:22:38.200 --> 00:22:41.890 about cybersecurity and you have the pick of all composers, dead 384 00:22:41.890 --> 00:22:43.600 or alive. Who would it be? 385 00:22:45.070 --> 00:22:50.500 Tom Field: My candidate, going to my hero, Brian Wilson. He was 386 00:22:50.500 --> 00:22:54.430 able to - back in 1966 - put forward his teenage symphony to 387 00:22:54.430 --> 00:22:58.510 God with Pet Sounds. And then 30 some years later, was able to 388 00:22:58.510 --> 00:23:02.200 piece together the various elements of the great last album 389 00:23:02.200 --> 00:23:08.110 Smile, an issue that anybody can do it. I'm going with Brian. 390 00:23:08.260 --> 00:23:10.180 Let's go surfing though everybody's learning now. 391 00:23:11.140 --> 00:23:16.210 Anna Delaney: Beach vibes! Love it. Michael? 392 00:23:17.380 --> 00:23:19.990 Michael Novinson: So, I'm thinking really inside the box 393 00:23:19.990 --> 00:23:23.410 here, but I had to say Fish, two reasons, of course. Who better 394 00:23:23.410 --> 00:23:26.170 to fight the Fish with than Fish. And then secondly, 395 00:23:26.170 --> 00:23:29.020 everybody loves to jam with them and it's just incredible that 30 396 00:23:29.050 --> 00:23:32.170 years after they started, they continue to sell out stadiums 397 00:23:32.170 --> 00:23:34.900 shows in the United States, do multiple nights in the same 398 00:23:34.900 --> 00:23:37.600 arena and everybody felt it, so they could really educate the 399 00:23:37.600 --> 00:23:38.920 masses on cybersecurity. 400 00:23:39.130 --> 00:23:43.420 Anna Delaney: It's impressive actually. A great choice. Matt? 401 00:23:43.930 --> 00:23:47.080 Mathew Schwartz: I think cybersecurity's a musical and so 402 00:23:47.080 --> 00:23:51.100 I'd resurrect Meredith Willson, who you might know as the 403 00:23:51.100 --> 00:23:55.300 gentleman behind Music Man, which, to be very brief, is 404 00:23:55.300 --> 00:23:59.350 about a charlatan who comes to town and a librarian with a 405 00:23:59.410 --> 00:24:03.880 heart of gold, sees through the charade and earns him from bad 406 00:24:03.880 --> 00:24:06.700 to good. So, I mean, I just think with Snake Oil and 407 00:24:06.700 --> 00:24:11.440 cybersecurity sales and silver bullets, there's a huge 408 00:24:11.440 --> 00:24:14.680 opportunity here to bring cybersecurity to the masses in a 409 00:24:14.680 --> 00:24:17.590 more accessible way. 410 00:24:17.750 --> 00:24:19.850 Anna Delaney: Yeah, yeah, good choice. I was going to say 411 00:24:19.850 --> 00:24:22.010 Phantom of the Opera actually. You made me think of that. 412 00:24:22.010 --> 00:24:26.090 Wasn't my choice for today - Stravinsky, I think there's lots 413 00:24:26.090 --> 00:24:30.410 of musical dissonance, rhythmic complexity and innovative 414 00:24:30.560 --> 00:24:33.050 orchestration. These are all words we use in cybersecurity. 415 00:24:33.050 --> 00:24:35.450 It's very apt. Don't you think? 416 00:24:36.320 --> 00:24:37.670 Mathew Schwartz: Very difficult to play. 417 00:24:37.700 --> 00:24:41.690 Anna Delaney: Very difficult. Easier to listen to, maybe. 418 00:24:42.450 --> 00:24:44.450 Tom Field: As long as we put together a heck of a compilation 419 00:24:44.210 --> 00:24:48.140 Anna Delaney: Yeah, it's good. Well, as ever, it's always fun. 420 00:24:44.490 --> 00:24:44.730 album. 421 00:24:48.170 --> 00:24:52.790 Tom, Michael, Matt, thank you very much. Thank you. Until next 422 00:24:52.790 --> 00:24:54.020 time. Thanks so much for watching.