Palo Alto Networks – EMEA 2021 Cybersecurity Predictions
[00:02:25] And welcome to this very special broadcast brought to you by Palo Alto Networks, I’m Andrew McLean. Today we are live on LinkedIn. We are covering the EMEA 2021 cyber security predictions. And I have to absolutely fantastic guests lined up to speak to you today. However, before we start, I want to talk to you, the audience. You are the most important part of this show, I can assure you. We are a live studio. Are we live? We are live. And as a result, I want you guys to ask us questions and I want you guys to give your predictions. So if you have any predictions around cybersecurity in twenty twenty one, please feel free to comment below in the LinkedIn post and let us know if you have any questions or any feedback. Let us know and we will do our best to answer them live on air.
[00:03:22] Are we live. Yay. Right.
[00:03:26] Well, without further ado, I’m absolutely delighted to be joined by my two fantastic guests today.
[00:03:33] Travelling all the way in from the remote locations, I have Greg and Ryan, Greg, Ryan, welcome to the show.
[00:03:43] Hi. Great to be with you.
[00:03:45] It’s it’s fantastic. I did see you. I’ve read your article. I’ve read some of your predictions.
[00:03:51] I can’t wait to hear some of your predictions today. But why don’t we start with the beginning, get you to introduce yourself. I will start with my favourite, Greg. Greg, what do you tell us who you are and what you do?
[00:04:06] Yeah. Hi, everybody. My name is Greg Day. I am the chief security officer for Palo Alto Networks in a mayor. I’ve been with company for five years, but in the cybersecurity industry since 1991. So Otim veteran in the industry trying to keep up with the ever evolving technology world and of course, cybersecurity world.
[00:04:31] Fantastic. And my very, very special guest, Ryan Olson. Ryan, to introduce yourself to.
[00:04:38] Hey, everybody, I’m Ryan Olson. I lead the global threat intelligence team for Palitha Networks, which we call unit forty two. I’ve been called and for just about seven years now. I’ve started this team in 2014 and our mission is today what it was then. It’s to use all the data that’s available to the networks to better understand adversaries and help our customers protect against them better. And one of the things we do is share a lot of what we know through briefings like this, as well as through our blog at forty two thousand networks dot com.
[00:05:07] Fantastic. I told your audience that we had a fantastic line up today and we’ve not been disappointed.
[00:05:13] So Palo Alto have come up with ten predictions in total for cybersecurity in twenty twenty one. No, I don’t know if we’ll get to all of these today, but we’ll, we’ll, we’ll try our best. But please audience remember because we’re live come let us know in the comments section and your predictions or any questions and we will endeavour to answer them or read them out. So let’s start with our first prediction. I’m going to open up. All I have is the titles of these. So you’re going to have to explain them to me and the audience can. The first prediction is to do with the consumer hop.
[00:05:50] What is the consumer hype and why is your first prediction?
[00:05:56] Yeah, I think this is very much tied in to the changing world that we now are all facing, unfortunately, which is a result of the pandemic.
[00:06:06] And if you think about it, what has happened is just about everybody has shifted from going to some form of workplace, even using a desktop computer, a laptop computer. Either way, they were inside a business environment on a secured network connecting into their own data servers, traditionally a very protected and safe environment. Now, what we’ve had is everybody’s had to shift to work from home or other places. If you’re lucky, you had a work device, maybe a laptop plug in from home. If you weren’t so lucky, maybe having to use your own device or had to buy a device. But the Hohhot part of this is the business will probably set up some secure method for you to connect back in a VPN client, a can a encrypted method of communication. But as I say here today, I’m in my home. I’m connected to my home wi fi, and that’s connecting to to a Wi-Fi hub. If I a look at that, there are over 70 other things on that same connexion.
[00:07:14] I’ve got smart doorbell’s, I’ve got smart speakers, I’ve got smart TV, Cybersmart, smart refrigerator. We have all of these different things, you know, wearable devices, smart watches that are all sharing that same point of connectivity. And unfortunately in a lot of them have zero or very, very basic cybersecurity capabilities. And so what we have seen already and we’ll see more of is adversary starting to realise that these consumer devices we have in our homes are like the bridge to get onto our corporate devices, our laptops, and then a way to get inside that VPN tunnel back to the business.
[00:07:59] Just to build a little bit on what Greg said as well. I also have 50 something devices connected up here. And as we think about Iot, oftentimes people think of them as just physical devices, things that don’t necessarily do present a cyber security risk. But something we’ve been talking a lot to enterprises about in the last year is really starting to manage their Iot devices through a life cycle. Think about onboarding them the same way that you and any other Iot device think about the process of that lifecycle so that you can secure them as well as when they’re useful. Life in something that we don’t think about necessarily at home as that. These devices over time, if they have vulnerabilities in them and they’re not getting patches, the risk level from them increases over time. And it may make sense to manage them out, to throw them away before they have actually failed from a physical perspective. The software is going to wear out these things before the gears and everything else that goes into them wears out.
[00:08:55] It’s I mean, yes, so many people have got in their homes.
[00:08:59] I know that these smart devices, I mean, we’re we’re I mean, yeah, they’re kind of ripe for being attacked. But where does the line go with this? I mean, is is this more to do with consumer awareness and consumers should know about patching or is it more to do with the other side and the technology companies that, you know, where exactly does this line come?
[00:09:22] You’ve kind of hit probably to that to kind of very useful kibbitz. One, I think you’re right, is consumer awareness. You know, if you look, we did a piece last year around smart toys for children for Christmas and actually the risks to our own children and our family of other people be able to connect into those devices. So one part of this is how do we protect ourselves and our families as consumers? And then you’ve got the flip side here, which is the the business risk. And so businesses typically, you know, I remember five years ago business saying I’m going to put super glue in the USB port to make sure you can’t use it. You know, companies would do this. And in our business, in this world, we’re pretty good at locking things down. Now, we’ve moved to this work from anywhere space. We’ve almost had to go the flip way and open things back up. And so now businesses need to start thinking about what is the bridge need to be in the home. So, for example, I still need to print things. How do I allow, you know, my work device to connect to the printer and print things, but make sure the other sixty nine devices actually in my household can’t connect to my work device. And actually what you see is a lot of businesses don’t think of it even deeper and say the applications that I’m using on my work computer, how do I make sure the connexion is secure between that application and the things that it needs to communicate with? And you’ll hear this concept a lot being bandied around, this and the industry, which is zero trust networking. But really what it means is how do I distil things down to the smallest possible thing, the thing I care about most? And then how do I start to think about what that that thing needs to communicate with? And it could be an application, a bit of data, a specific process. But that’s kind of the next step for businesses, is we can work from anywhere, connect to anything. Which bits do we need to to really care about and how we put the wrapper around that to make sure it’s got the right controls.
[00:11:24] And on top of that, the challenge that enterprises always have in providing security for their users is how do they do so in cooperation with their users so that they feel comfortable with whatever is happening, especially when you’re extending that corporate network into the house. How do you do that while also ensuring that your employees don’t feel like they’re being spied on by somebody who is looking at the traffic or maybe looking at the kinds of do they care whether or not I have a printer or another kind of Iot device? That’s one of the challenges of anything. And security is how do you get users on board so they’re not trying to circumvent you and they’re comfortable with the process. That’s all about the transparency of how the security application is applied and really getting them on board from the start.
[00:12:05] Jeff, Wise words indeed, and thank you, that was our first prediction on the consumer hop.
[00:12:11] And please keep the questions coming and keep your predictions because we’re really interested in your predictions. So the second prediction, which is it’s my favourite, I saw this and I thought this is this is fantastic, is that cyber criminals love current affairs. Tell us about that.
[00:12:29] Yeah. And in many ways, this is a perennial prediction, but it’s one that we really have to think about again in the changing workspace. And I’ll start with an example. As we started to see, you know, vaccines being rolled out around the world very quickly, I had an email come into my inbox that basically said, you know, click here.
[00:12:52] To register for your vaccination and of course, when you click through into this thing, it starts asking you for everything from your you know, your name address, your date of birth, your mother’s maiden name. Funny enough, my bank details and everything else. So which human beings and what we see is cyber criminals are very good at tapping into what is happening in the world around us, whether that is elections. The next one for those of you aren’t prepared, Valentines Day or you know, and we’ve seen this again in a slightly different man, which is investment fraud we’ve seen against small businesses or home people as we struggled through this recent crisis. Get your special loan, get your government back loan, and will often mimic genuine environments, but redirect you to something that isn’t actually the real fact. And often these are playing on emotions where we’re looking for an answer. We’re looking for a way out. We’re looking for a response. And, of course, to leverage that and put it in front of our eyes, but really redirect us off into something completely different.
[00:14:03] And just to give a little bit of context on how clever some attackers have got around their fishing themes that they choose, we absolutely see them following the current trends.
[00:14:12] But certain activities started using what we call thread hijacking, where they find they infect one person and then they look at their email and look at the actual titles of the threads and who they’ve been sending them to, and then start sending phishing emails with the exact same subject and spoof the same user as who they sending it from so that it basically just injects their malicious content into the same thread the person was expecting to see. So all the guidance we gave to people around don’t open attachments and people don’t know. Don’t click links if you’re not expecting them, they’ve really found a way to inject themselves in and that helps them stay ahead of the trends as well. Whatever is in that thread is going to be whatever the latest thing you’re interested in because you’ve already been communicating about it.
[00:14:54] Yeah, I mean, it’s the so I mean, I’ve seen these emails myself, and there’s so much of it coming in. I mean, this almost comes back to the question I had about IoT, which was it’s a great prediction and I think it’s totally accurate. But what’s the balance here? Because, you know, I ignore emails all the time that come in and probably some of them are are legit. Some of the ones that like, oh, you haven’t paid your bill the spam. I stole a joke from someone else in Palo Alto, by the way. But, you know, there are some genuine things that come in. How how is this education again? Is this technology?
[00:15:38] I think there were probably some simple common rules to start with. You know, probably the best one I’d give people is email is not expected to be real time. Anything that is almost provoking you to give a, you know, a real time response and emotional response, I almost challenge going, you know, why is this driving this behaviour? And me step back. Don’t answer it now. Take a bit of time. Think about it. I think probably the second tip I would give is I think this pretty global now, organisations like banks, and it’s great. It’s not just them, but most organisations now will say we will not ask you for important, sensitive information via email. So somebody is asking you for your bank username and password or they need your mother’s maiden name or some summoning the secret. Again, I think there’s a secondary thought process says is this information that I should get out, give out over email. And I think, you know, probably the final tip always gives, if in doubt, go back to your trusted method of communication. So, you know, I literally had one the other week, random phone call, and it was an automated message. You know, this is your bank. We’ve seen a fraudulent transaction, you know, press two to go through to a, you know, an operator. So this is a we call it a phishing scam to avoid phishing scams. So, you know, hang up the phone number and I go look at my bank account and there’s no fraudulent transactions. No. Two, you actually call your bank on the number, you know, to do the verification. So if in doubt, use the methods of communication, you reach back out in the method that you know and trust. Don’t follow that process through.
[00:17:26] Now agree with Greg, it’s a combination of things that people need to use to prevent this, and I’ll especially agree with his note about not immediately reacting to something that is designed to make you react. And I’d say that’s true for email, but also for social media in general. Things that are that get you to immediately have a visceral reaction have been designed to make you click on them, whether they’re malicious or whether they’re just trying to get you to go and do something. And then on the bright side, the machines have gotten pretty good at detecting phishing and identifying things that look strange. This is, I think one of the biggest advantages of machine learning is this massive amount of data that is available for us to be able to determine does something look good or is something bad and they do a nice job. And that wait period also gives your email provider an opportunity to say, hey, this is something malicious, let’s go and strip it out, remove it, block it, whatever might be necessary.
[00:18:18] Yeah, I got to say, you know, I think people would be amazed if they actually knew the degree of analytics that goes on in the background to detect things like phishing emails and the correlation between where it came from. Did that did that dress look genuine? What is the user look like? Have we seen that content before? You know, there are millions of permutations, and I think that’s the power of cloud based cybersecurity, almost having that elastic compute power to do some amazing maths, to give us an answer to what really is a very sophisticated problem.
[00:18:54] Well, very interestingly, we have we’ve had a question, a few predictions come, and we’ll read them out in a minute, but we’ve had a question from Julia Stole Julia. Thank you for watching.
[00:19:04] Julia is asked, Do you discuss how to identify phishing e-mails automatically? And what do you think of the best mechanisms of algorithms to do so?
[00:19:15] Yeah, let me I think the short answer is yes, but let me kind of hand over to Ryan, who can kind of walk you through the technical detail of that.
[00:19:25] Sure. So this is one of the places where machine learning has had the most advantages from a cyber security perspective, because there are a lot of features to an email, as Greg was mentioning. Who’s that? What was the sending IP address? What’s the the email? What are the headers look like? What is the content of the email AIX the subject, how long it is, what time of day that it gets in? All of these things are features of the email at the moment that it’s sent. All of those in a machine learning algorithm can be boiled down to numeric factors that then can add up to a score and how suspicious it is. There isn’t one best way of doing this. There’s going to be many, many ways that a security vendor is going to put in a row basically to decide, is this really good or is it really bad?
[00:20:05] And all of them have to play a component because phishing is both simultaneously one of the biggest challenges in cybersecurity, as well as one of the biggest advantages from an attacker, because they can send email to anyone at any time for practically no cost. So this is constantly a battle of machines versus machines, one trying to outdo the other one while the other one tries to keep people safe.
[00:20:26] I’m always impressed, and this is a few years ago now, and it’s a good example of machine learning. We started to use what I call genetic algorithms, and the best way I can describe this is like imagine the old style graphic equaliser and you’ve got all these controls to kind of mix the sound levels. Imagine you’ve got like one hundred of those. And the point is we have millions of phishing examples that we know have been manually analysed and we know what the outcome is. And every few minutes, every day as we modify those algorithms and we add new data, those graphic equalises all of the scoring for every one of those kind of different methods of detection is being tweaked and retuned by trying them in millions of permutations. And that’s the power of cloud computing to go. What is the ultimate mix in today’s music list in today’s Spamalot? So, you know, it’s amazing what the technology is doing in the back end, and that’s constantly changing because there’s a bad guy on the other side of the table.
[00:21:30] So that’s when you try to get a self-driving car working. Same sort of technology that goes into it. Think about self-driving car also with people constantly trying to screw it up, which maybe would be the case. We’ll see. But in any case, that’s the same sort of technology that’s going into it.
[00:21:45] Fantastic stuff. Well, thank you for that and thank you actually for the question. So our first prediction from the audience that has come in and we may be covering some of this a little later in the show, but thank you for watching.
[00:21:59] With digital transformation blending into our personal life and working from home becoming the norm in the next two years, cyber security will be reaching its peak starting from now, and it will actually sustain a position for quite a long time.
[00:22:17] Interesting, yeah.
[00:22:19] You know, I was very fortunate in the 90s, I started working for Dr. Solomon’s antivirus, and I can tell you in the late 90s, the founder of that said, look, you know what?
[00:22:30] We’ve reached the peak and now it’s just a mouse game. And, you know, I think I agree with the prediction in one sense. But the problem is technology keeps evolving at such a pace. You know, when you think you’ve kind of reached the peak, you turn around and there’s a bigger mountain behind you. So I think, you know, the Iot innovation space is still very much in its infancy of what we will see.
[00:22:59] And I think one of the things that’s hard to predict around the transition to more people working from home is there’s certainly a set of the population who loves it. And then there’s a set of the population who just was going to spend six months travelling around the world with their laptop now because they just need to get out. And that presents a really interesting challenge from a security perspective as well, because suddenly you have a really mixed environment as far as where they’re entering your network from and different kinds of environments that they’re operating in, hotels and coffee shops, sort of like we used to, but at a smaller scale. So I think it’ll be really interesting to see how the work from home development evolves over twenty, twenty one if we see a backslide, because I definitely think it’s something that socks are going to have to pay attention to if they start seeing a lot more diversity in how people connect.
[00:23:42] Yeah, you you kind of flagged another part that I think is going to come into this, when you talked about kind of the driverless car, you know, one of the other predictions we put was around kind of the growth of 5G and edge computing. You know, more and more friends, colleagues now are actually getting 5G enabled phones.
[00:24:01] The rollout of that is kind of slowed down for different political reasons. But what we have to recognise is all the people developing things to run over 5G haven’t slowed down, whether it’s us getting into a car. And you now go, you know, my smartphone connects to my smart car that connects to, you know, the smart manufacturer, but also connects to all sorts of other resources.
[00:24:25] And in the next year or so, as 5G rolls out more and more as an infrastructure with such a huge array of different applications, different edge devices, and we’re really going to move from this historical I connect to my business or I kind of make these more mono style connexions to suddenly now it’s a cyber mesh, a plug in, and immediately I’m connected to 50 different things. And I think that’s going to be game changing, honestly.
[00:24:55] I also, as those things become more valuable to us, all the Iot devices in my house and in Greg’s house, that sort of continues to expand as 5G expands, all of a sudden your car and everything else is connected as well. When I think about it from the attackers perspective, my mind immediately goes to the ransomware business model, not necessarily encrypting files, but the generic business model around cyber extortion by denial of access to a system or data or whatever it might be. Because, you know, a smart refrigerator is hard for me to take control of, steal data from and turn that into cash. But if I can prevent access to it, if I can threaten you and say I’m going to melt your ice cream, I can hold it for ransom. And that really continues to extend. The more we rely on a device, a smart device that’s doing something and providing value systems, being used by municipalities for nine one one or camera systems, whatever they might be, they may be difficult for an attacker to really take advantage of for monetisation. But ransomware as a business model nearly always works. So I definitely expect as that proliferation occurs, the first attack model that we’re going to see is much more likely to be ransomware than it’s going to be data theft or or something else.
[00:26:11] Yeah, yeah, great, well, that was her first prediction from the audience, so, audience, please keep it coming. We are live our life. So that little noise that you just heard there brings be nicely on to my next prediction or not my prediction, your prediction, it’s employee fatigue.
[00:26:32] So employee fatigue. Tell me about it. And why is it your third prediction for twenty twenty one?
[00:26:38] Yeah. And let me kind of give you just a very honest example from one of my peers. You know, in the run up to Christmas, everybody was busy and many people had been in lockdown. I think a lot of people we talk to them will say they spend hours now on video conferences as part of their business. And they were trying to do a nice thing, which was to send out a Christmas note to a lot of the people they worked with.
[00:27:09] So what do you do? You take your spreadsheet and all of their names and you dump it in the email for a minute so you can then open it up and cut and paste all of those names into the DoubleLine copy list. And you write your email and you hit send. Two minutes later, they go, oh, my God, I didn’t take this sheet with all of those contact details out of my document. And, you know, I think there’s a couple of key elements to this. The first bit is just recognising people are fatigued and just lock down long working hours, even if they have been that unfortunate that maybe they’re not working right now.
[00:27:50] Stresses looking after friends and family. I think we’re all prone to make more mistakes. That’s just human nature. And I don’t think that’s the problem. The problem is almost the follow up of this. If I’m sat in my office, you know, I feel like I’m part of my business space, I would probably sit there, in all honesty, going, oh, God, did somebody see me do that? They probably did. Somebody, you know, sat next to me. I better go tell somebody and you probably get up, leave your chair and go walk and talk to the right person because you don’t want to do that over the phone. Now you’re at home, you’re in your own domain. This is your castle. You know, it’s your space. Nobody’s looking over your shoulder. And, you know, it’s not as easy to go report the problem. So I think there’s two halves to this. One is we have to recognise everybody is more fatigued for different reasons. We are going to make more mistakes. Then the second part of that is it’s harder for people to do the right thing. So in this instance, actually, that person picked up the phone and called me and said pretty well in tears, I’ve made a stupid mistake. What do I do? Help me. And of course, we work through it. And it was OK. But you know what? I have to give kudos to that person because I think a lot of people would go to Christmas, maybe, you know, people wouldn’t notice. I don’t really want to admit it. You know, how do I escalate this in a subtle, quiet way? So, you know, I think my challenge here is if you’re in a cyber security team, you probably want to think about how do you reinforce good practise, good behaviour? How do you really make it easy for people if they’ve made a mistake, say, look, you know what, we’re all making mistakes. The world is changing around us. Don’t be afraid. This is the process cooler’s. So I think we have to empower people. The there is a safe way to report when they make mistakes, recognise they will, so that we can respond to those in the right way.
[00:29:49] And I think an element of what Greg is talking about as well as is really around the culture of an organisation around security, which is harder to build up when everybody is remote. So it’s been a year almost at this point. There’s a lot of companies have and a lot of new people to their teams. And if you were to do this in an office, when somebody gets up to go to the restroom and they look around and everybody’s screen is locked, as soon as they stand up, they see that as a cultural thing. This company cares about locking screens. They care about security. They look at desks and they say, on the flip side, it’s covered in passwords. Everything is open. Nobody cares about security. Those cultural things come through if you establish a good in office security culture and you hire people in who aren’t part of that culture yet, they haven’t seen it. They haven’t been told yet. You can do that somewhat through training. You can do that through conversations. But it’s just more difficult to accomplish because they are not immersed in that sort of environment. And so I think that’s an element that we’re going to continue to see people making mistakes, people not necessarily thinking about security first simply because they haven’t been immersed in the culture of the company yet.
[00:30:55] Well, read a couple more predictions, the first one, and I think of this relates to without naming any names, has been a quite a popular investment being made on the stock market at the moment, which has been very rich and probably a lot of people very poor. But Jampolis says with growing media, focus on social media related investing patterns will definitely see a rise in stock related phishing attacks. Paula, thank you for watching.
[00:31:36] I’ll just note that the director of the pump and dump via email started a long, long time ago, the attachment of meanings to this supercharged recently, which has definitely been very interesting to watch.
[00:31:56] And I think it does present a new opportunity for attackers who can attach to sort of as like ice that begins and continues pushing forward. They may be able to stir them as well. But as far as pump and dump over email, you might not have got one recently, but you used to get a lot of emails from penny stocks that used to be super common to get emails saying buy this penny stock that’s going to the not to the moon. We’d say something different back then. But, yes, I think that might experience a resurgence this year. That’s a good prediction.
[00:32:24] Yeah, I think this is probably the hardest thing to predict, though. In many ways, a lot of what we see will be an attack methodology that’s been used before and then the technology around us changes. And it really kind of almost empowers the opportunity to really leverage that that methodology again. But actually this also kind of ties back into this criminal’s love current affairs.
[00:32:51] You know, when we start to see kind of these kind of big media hypes. And over the last year or so, we’ve seen some schemes where people have done really well and everyone now is, you know, maybe struggling a little bit more financially. They start to become a little bit more believing of what the opportunity is.
[00:33:08] Yeah, and my second prediction is coming in this sex session is from Derrius George. Thank you for watching.
[00:33:19] I believe it in the future. More legislation will be placed on IoT companies to promise vulnerability, support for the devices or IoT devices are being produced, yet the security of them are being neglected instead of patching older products. It seems that they’re focussed on producing new ones.
[00:33:37] Yeah, that’s that’s. Wow. We actually had a session with the World Economic Forum looking actually at the cyber risks in twenty, twenty five. That’s a long way out. And this Iot space was one that came in there.
[00:33:52] So there is more standards coming out and this has a standard around Iot devices. But I think there are a few kind of almost lifetime challenges within this. You know, number one, you can buy our Iot devices from all over the world. And all I’m going to say is some countries will become more persistent. The device is built for lower standards and others don’t. And, you know, then we have the great thing of the Internet which allows us to buy from anywhere. And IoT almost point back to the simplest example.
[00:34:28] Any battery you buy today should follow standards and have crit marks and stamps on it. Yet you can buy batteries from all over the world. Some are official and have been certified. Some will have the marks and stamps and be completely bogus, and then there’ll be others that don’t even have those crit marks on. So it’s great those standards will come and they will roll out. But there’s also a part on all of us to make the decision of do I want the really cheap one or do I want to pay the money for the one that’s actually probably been through the process?
[00:35:02] So there is definitely I agree with Greg. There’s a role for legislation to play in this, but it’s not going to solve a global problem like this. There’s just too many Iot devices are too numerous and too valuable and expanding too quickly for us to sort of go back and say, let’s start this over and do it all securely. From the beginning, we haven’t even figured out how to do this for normal computers that sit on our desks, let alone twelve dollar computers that are being produced by them, by the millions and shipped around the world.
[00:35:31] It also brings back to this whole concept of zero trust, and if you think about it, on one hand, I kind of have a medical device that costs a million dollars that really could either save somebody or kill somebody connected to it. I could actually buy for one dollar a temperature control sensor on Amazon or eBay or any social network. And you go, you know how much cybersecurity thought process and capability goes into something that’s worth one dollar versus something that’s worth a million dollars. And I can plug the two together. And so I think we’re going to see more and more, especially in the business world. But actually we need to do this as individuals. But the thought process of going, how do I create swim lanes, how do I keep the things that are really cheap and low grade away from the things that I care about and that may be more expensive things or it may be just more intellectually rich things.
[00:36:27] And that million dollar device might still be running Windows XP. So how do you even though there might be lots of threats to it from the cheap things as well, how do you ensure that it’s just doing exactly what it’s supposed to do and do that from the networking perspective?
[00:36:41] Because you’re never going to install a complicated endpoint agent on that device, because if you could do that, you could patch it. If you do that, you potentially disrupt its function. You’ve got to control it from the network. And that’s what zero trust is all about.
[00:36:53] Yeah. Well, thanks for the questions that are coming in, we’ll come back to those questions in a minute. But I want to take up another prediction from Palo Alto for Greg and run number four.
[00:37:06] Soccer teams struggle with a new working environment and increased workloads. Who wants to take that?
[00:37:13] Yeah, let me I should I guess it was it was my team and part of Runcie that worked on writing these. You know, I think it’s very easy to focus on all of us as individuals, but we also have to think of people that sit on the other side of cybersecurity. And we think over the last year, number one, the telemetry that they have to analyse to find the problems has changed because we’ve moved from the office to the home. We moved to different forms of connectivity. We using different devices. We’re using different applications with more Cloud by September one, they’re on a steep learning curve. What is the new normal look like compared to what they’ve worked with for years? So that’s kind of problem number one. Then the second problem is, you know, soccer teams typically sat together for a reason. They sat together for a reason. They need to be able to do big data analytics. They go talk to each other, challenge each other to figure out how to solve these problems. Now, they’re all sat in isolation. They’re working from home. If you’ve ever seen and actually I got a picture of a sock from a big global bank today. Somebody sent me the virtual tour. It was better than the Starship Enterprise. They’ve got like screens everywhere, like, you know, each person have eight screens, big screens on the wall. The reason for that is that correlating lots and lots of bits of data together to figure out the problem. Now, suddenly, they’ve got a probably a laptop and a 14 inch screen. If they’re lucky. They’ve gone to the local hardware store and bought a 30 inch screen. But it’s still a very different experience. Take that as well, that just like the rest of us, they’ve got to support the kids with home schooling and all of these other things. And basically what we’re doing is giving them different world to work in a different way of actually doing that work and probably even more pressure, because the business is saying we’ve now become probably three times more dependent on the technology because everybody’s working from home than they were before. So it’s pretty easy to see why we’re putting more pressure on the people in the back end.
[00:39:18] And we really you can’t underestimate the change in technology and how it impacts the SOC as well. So I a few years ago, I’ve got a team of really experienced analysts, people who understand threat intelligence, malware, security in general. And a few years ago, I was talking to someone about attacks against Cloud environments and we were talking about the cyber kilton. You know, you’ve got these phases of what an attacker has to accomplish to be successful. And to make my point, I said, you know, I opened up the about us page of all their services. There’s I don’t even know how many like one hundred of them. And I said, if you had asked any one of my analysts what role does and I just sort of picked Amazon might say I’ll play in the kill chain, where would it be involved? Like what was the worst that technology involved? Their answer would almost certainly be what is Amazon sale, which for a SOC who has to has decades of experience potentially where they’ve been doing analysis and these types of environments, they understand IP and firewalls and everything else. When you move to the cloud, oftentimes your security is configuration alone. Understanding how something is configured, how it’s deployed is absolutely key. And that goes to an incident response as well as initial deployment. And that’s really different. That’s all new things this team has to learn. And last year, a lot of people move to the cloud really, really fast because they didn’t want to have to walk into data centres anywhere or any more. So I absolutely agree that this is one there is a new world that the site has to deal with at this point for a lot of different reasons. And it’s going to introduce some challenges, continue to introduce challenges.
[00:40:51] OK, so we’ve had a question from the audience of Faisal Muslimah securing IoT allow businesses to exploit this extensive security to criminal Dasch, fraudulent acts who will be able to detect them with detecting such acts become illegal at some point.
[00:41:13] Now, you know, so I think we have to look at this in probably kind of three parts DDoS the Iot we have in our own homes. And I think that’s going to be a really interesting debate for businesses to say, you know, how far into the home in the future does the business actually want to secure? Because there’s value, you know, if people working from home, they need to do that. But there’s also, I think, you know, people’s personal privacy, but I think that that boundary will extend. The second part is in the office space. You know, it’s we take it for granted. But when you walk into office today, you probably use maybe some sort of swipe badge to get in the building, then actually in the building, the air conditioning system, you know, that’s IoT. You’ve probably got, you know, vending machines maybe in a lot of offices. Hey, guess what? Those are smart, connected back to the vending supplier for things like stockage. So, you know, we ran some research last year and I challenge people to go look at this from unit forty two. And it was amazing when we looked around the world, the different IoT things we saw. I think it was smart toilets in Asia, you know, smart teddybears in the office in Europe and UK. Not sure about why that is, but that was what showed up. But, you know, I think in the business space, you know, that’s part of the business responsibility. And actually, you know, there are definitely capabilities. We have capabilities like others to be able to recognise the Iot things that classify themselves properly and therefore we can put security controls around them. But we also have the ability to recognise the things that don’t classify themselves at all, to try and discover them and define what they are and define what normal looks like. Now, I think the hard part of this, almost back to Feisal’s question, will become in the future where you go. So if I’ve got a smart car and maybe that’s some sort of issue, you can’t start to get kind of who should monitor that and who’s responsible for it? Because in that smart car, I’ve probably got maybe some hardware from one manufacturer, probably got software from eight different manufacturers. Then I’m putting things of my own and then my smartphone and other bits. So it’s going to become a very complex process to unpack and go. Where did the boundaries of responsibility lie between all of those bits of interconnectivity and who’s responsible for actually putting the security controls in to keep all of that safe? Is it one or is it multiple?
[00:43:46] I think that also leads to sort of Andreus threat as he’s been asking questions, we keep having these split responsibilities between home and between work. There’s the privacy flip back and forth as well. And I think that’s been the perennial challenge around security as it constantly has the sort of balance of privacy and as things with Iot and transition to the home. I think that just continues to compound one of the notes I started making to people at the beginning of the pandemic when they asked me what what can I do to be secure when working from home? As I said, don’t do anything on your work laptop at home that you wouldn’t do at work on that work laptop. And that’s important from a mental shift perspective. When someone sitting at home and they’ve got the kids next to them and they’re eating lunch and it’s just their normal house, they may choose to start browsing different websites using all their personal email on their computer, and they may lose that privacy barrier.
[00:44:41] They may not be thinking, hey, I’m applying for a job on my work computer right now. Maybe that’s something they didn’t want to do just because that’s what they’re used to doing in their home. So I think this has continued to evolve, but it’s always that flip back and forth between security and privacy. And it isn’t necessarily that everyone’s interests are the same. So it’s important to think about how that will interact in the future.
[00:45:03] Yeah. Beautiful. Well, I was going to move on to the next section, but this prediction came in a question and I thought, Great Nantasket and Nanjiani, thank you for watching.
[00:45:17] How about the impact of breaches in the health care sector, especially during this crisis period, ordering pills from apps or live counselling from the doctors?
[00:45:28] I’ll let Ron start if you want, because he he’s probably kind of got the very on the ground view, but some interesting things brought new to police.
[00:45:39] The types of attack we’ve seen in health care vary really drastically. Some of the major attacks were ransomware a few years ago with ransomware attackers understanding that, denying people access to health information at that moment, shutting down hospitals and everything else could be really impactful. We’ve seen phishers take great advantage of pharmaceutical information for really a decade or more. Same with taking advantage of information about vaccines as they were rolling out and everything else. I think health care being a very critical sector and an increasingly critical sector during a pandemic increases the likelihood someone wants to attack them. Even when you hear criminals say we’re going to lay off of hospitals during a pandemic, we never saw that to be the case as 20, 20 year old forward. So I continue to expect to see attacks against health care organisations. And I see the same kind of ones we’ve seen in the past, taking advantage of the fact that health care is something that is an absolute need for people. They’re going to be interested in it no matter what, whether there’s a pandemic or not.
[00:46:41] Unfortunately, kind of just to echo this, and I kind come back to that earlier prediction again, criminals love current affairs. We’ve definitely seen an uptick around the world and focus on attacking the health care industry, which which I think is is a horrible thing at this time. But but it is a reality both in the US and also in Japan. And I expect to see more in Europe coming.
[00:47:06] The other thing I think we have to recognise is the health care industry is becoming more and more digitised. So we’re starting to see more and more technology, whether it’s things like pacemaker, insulin pumps, other things that are IP enabled. It allows the DR to track our health. Well, if it’s IP enabled, that means it’s more it’s now vulnerable to attack. We are seeing I was amazed to see, you know, remote surgery done a couple of years ago. You’ve got a DR in one part of the world and a patient having open heart surgery in a completely different and the DR is remotely controlling it. So, you know, whether it is X-rays that now are done digitally that used to be done in an analogue way, whether it’s automated medication application, everything is becoming more digital. And unfortunately, that means the attack surface is significantly growing.
[00:48:04] The first time I heard about wirelessly connected infusion pumps. The thing that’s injecting medicine through an I.V. into your vein, I went, why would anyone ever connect that to a wireless network that seems so unnecessary?
[00:48:15] But in the pandemic times, what people told me was a nurse doesn’t have to go into the room to reset the IV or check it and put it on PPE and get cleaned up afterward. They can do it remotely.
[00:48:26] It’s a hugely advantageous, which makes a lot of sense to me. And I think that is happening times a thousand and all sorts of hospitals around the world. It simplifies care. It makes it easier to happen, even though it introduces that risk. It’s worth the reward, but it’s on a lot of us to figure out how to make sure the risk is as low as possible.
[00:48:44] And I think just to maybe close on this, what’s what’s critical is it’s so easy to overlook these things as being the risk that they really are because we just look in and go. It’s you know, it’s an insulin pump, not, hey, this is something critical, somebody’s life. And actually, without the right security controls, it’s very easy for somebody else to take charge. So, you know, I think there’s a big effort out there and so many organisations going, how do we really step back and go as well as the great value from these? How do we assess the risks that we need to to mitigate with these?
[00:49:20] And it’s a great question from the audience now we’re going to move on to our next prediction in a second, but I can already see the time has just has just run.
[00:49:28] So just to point out to everybody that these predictions are available on Palo Alto networks, dot com, I think the link will be in your LinkedIn comment section. So check out all ten predictions because there’s some really fascinating insights in there that Greg and his team put together. The next thing I want to ask about is prediction number five, rush to the Cloud. You’ve kind of touched on this a little bit right now, but rush to the Cloud security playing catch up. Tell us a little bit about that.
[00:49:57] Yeah, let me maybe start on that and I’ll hand over to Ryan, you know, just about every organisation that I I spoke to, pre pandemic had a Cloud transformation strategy. Some were maybe like 60 percent of the way there. I think a lot well, maybe like 20 percent of the way there, some which would not even started. But I mean, I can give you kind of the best example on the first day of the pandemic. We’re very Cloud negative as a company. I come down, I get online, I carry on as normal. My wife comes down online, brings me a coffee, and she’s like, yeah, nine o’clock I connected to my VPN, back to the office. Everything ground to a halt because suddenly now one.