Dave Maasland (ESET): “Ransomware is starting to resemble more and more characteristics of organized crime and the pressure on victims is rising’’.
ESET is one of the exhibitors at Cybersec Netherlands on November 1st and 2nd in Utrecht. Dave Maasland, CEO of ESET, tells us why he’s looking forward to this Dutch Cybersecurity event. He also explains the pressing threats, recent trends, and how their organization addresses these challenges in cybersecurity.
Why are events like Cybersec Netherlands important?
At this moment it’s crucial to engage in dialogue about cybersecurity, because so much has changed over the past three years. After the pandemic, we’ve all adapted to new ways of working, a war in Ukraine is ongoing, and the threat landscape has severely shifted. We view Cybersec Netherlands as the ideal platform to reconnect with each other, and exchange knowledge about these matters. We need to meet new people, gain fresh insights, and learn about innovative technical approaches. We believe that Cybersec Netherlands provides an opportunity for the commercial and public sectors to reestablish connections. This has never been more important.
What are the most urgent threats in cybersecurity?
We’re witnessing an increase in aggressive behaviour among ransomware criminals. This aggressiveness exists on multiple levels. Previously, ransomware criminals had certain ‘codes’ regarding which types of organizations they wouldn’t attack, such as hospitals and charities. We see those boundaries blurring. We even have examples of ill children being extorted.
In addition to a shift in whom they target, we also see a difference in how extortion is carried out. In the past, hackers would lock your system to put pressure on you. Nowadays, data is stolen, and threats are being made to share this data online if you don’t pay. Additionally, a component of physical threat has emerged. Hackers threaten victims with things like, “we know where your family lives.” Attacking different sectors, exerting pressure, and using physical threats all aim to increase pressure on victims. We see that ransomware is starting to resemble more and more characteristics of organized crime.
What trends do you observe in cybersecurity?
The most significant trend we see is the changing threat landscape. By this, we simply mean: who should we be afraid of? A good example is that ransomware crime now plays a role in the war in Ukraine. Attacks are being carried out with the aim of influencing the war. Additionally, we see the so called ‘boys in the attic’ sharing knowledge and working with each other. An example of this is the Lapsus$ group. This was a group of teenagers who gained access to very large companies. Also, the attack on MGM Resorts in Las Vegas began with a group of teenagers joining forces.
We also observe a change in the threat profile of state actors. They used to mainly carry out targeted espionage in other countries. Currently it happens more often that state actors attempt to infiltrate in case they need information or want to sabotage something in the future.
Another trend we see is that many attacks start with social engineering, manipulating people to undertake digital action. Things like chat GPT, and credible voice cloning contribute to this. This emphasizes the need for a shift from security to resilience. An example is the recent incident at Booking.com, where an email was sent to hotel guests from Booking.com’s own email address, asking them for payment. In such situations, it’s mainly important to ensure that the impact is minimized.
Lastly, an important issue is: ‘how do we keep the supply chain secure?’ In the past, people used to think that if they were better protected than their neighbour, they wouldn’t be attacked. Nowadays, this no longer applies. We’re all connected to each other. It’s important that we’re all protected at some basic level. A positive trend is that large companies are increasingly stepping up, and helping their (smaller) suppliers protect themselves.
How do these trends impact businesses’ defense strategies and risk assessments?
There are two routes for companies to follow. First, companies must protect themselves from the outside in. People are using more and more applications and programs. This results in an increase of the attack surface, the number of ways someone can enter your network. Companies need to build deeper layers of protection. The second route is from the inside out. It’s about what you do when someone has already penetrated your system. This is why prevention alone is no longer sufficient. It’s about prevention, detection, and response. Without any of these elements, your defence strategy remains inadequate
A positive trend related to this is that companies are no longer only holding their employees responsible, for example by warning them not to click on suspicious links. Due to the credibility of ransomware emails, this isn’t a realistic expectation. It’s more about the question: ‘how do you respond when this happens?’ It’s even more important to create a culture where employees are motivated to report anything unusual. We strive towards a ‘if you see something, say something’ culture.
How does your organization address these challenges and/or opportunities in the field of cybersecurity?
We strongly believe in the future of Extended Detection and Response (XDR) combined with an AI powered prevention first approach. This involves connecting the most relevant data sources with intelligent tools, which are then analysed by intelligent individuals. AI can do the detection, but we still require humans for the “treatment” part. This becomes particularly interesting when we combine this with threat intelligence from the real world, such as insights from the war in Ukraine.
We aim to support businesses from start to finish. Whether it’s about handling the complete security system or investigating a small piece of malware. We believe it’s important for businesses to have choices among suppliers, also European suppliers, because this contributes to digital sovereignty. As ESET, we operate globally but are based in the EU, and have Dutch-speaking experts on our team. We consider this important because we strive for long-term personal relationships with customers, given that cybersecurity is highly complex.