Judah van Wees (Barracuda): ‘The most successful cyberattacks still start with an email’
Why are events like Cybersec Netherlands important?
The only thing that can change your life is a new insight. You must expose yourself to new environments or meet new people to gain new insights. Events play an important role in this. As Barracuda, we focus every day on helping organizations of all sizes to protect themselves. We can’t wait to see some of them at the event. More important than meeting us, it’s important for visitors to meet peers at events like these. Peers with similar goals and challenges can benefit greatly from sharing and meeting. Finally, we find Cybersec Netherlands interesting because Jaarbeurs is one of our favourite clients. This event presents an exceptional chance to emphasize our partnership.
What are the most urgent threats in cybersecurity?
We see that the type of attacks are changing, but where they start remains largely the same. The most successful cyberattacks still start with an email. Everyone uses email and relies on it for business communication. Through email, you’re connected to the whole world. In the past, hackers used to send links or attachments in emails. We can counteract these easily with traditional solutions. Currently however, hackers often just send plain text messages, such as: ‘I have a quick question, can you call me?‘ By the time you make the call, it’s starting to get dangerous.
One of the most vicious attacks is ‘the account takeover.’ Traditional security, like a spam filter, checks everything that comes from the internet into the email environment. If an account takeover occurs, someone’s already past the spamfilter and can, for example, send emails, encrypt stuff and leak information. When this happens, traditional security measures fail. This is why modern security is more than just prevention. It involves prevention, detection, and response capabilities. We know there are 13 threats for email. You can block 3 of them using your traditional email security, but the other 10 slip through effortlessly. This is why we use AI, already since 2015, to detect irregularities in user profiles and emails (e.g., in language usage) in order to take appropriate action.
We also see more supply chain attacks. An example recently occurred, when a company discovered that its supplier had an exploit in their firewall. As a result, the hackers gained entry not just to the supplier but also to some of the company’s servers. This threat becomes even greater when hackers target software suppliers, allowing them to attack many companies at once. We offer protection by applying layered security. Additional layers of security make sure hackers have to overcome multiple barriers to gain access.
What trends do you observe in cybersecurity?
We summarize the most pressing trends as ‘the perfect storm’ for cybercriminals. We’re talking about 4 characteristics. First, the evolving threat landscape. By this, we mean that the type of attacks are becoming more sophisticated. Second, the significant rise of remote work. When you work in the office, you find yourself in a protected office network, but with remote work, there’s less control over your much needed access to company crown jewels. Therefore, a new mindset is needed. We often say: ‘if you can’t afford to protect it, you can’t afford to connect it.‘. This is part of the next aspect, the digital revolution. Before Covid, we talked about digital transformation, but Covid has accelerated this, and we can now speak of a revolution. Lastly, a lack of talent plays a role. Worldwide, there is a gap of 3.4 million cybersecurity workers. This has several reasons. For example, cybersecurity is very technical and complex, and not everyone wants or can do it. Moreover, the growth of the sector is outpacing our ability to keep up with proper education.
How does your organization address these challenges and/or opportunities in cybersecurity?
Have you ever heard anyone say cybersecurity is easy? We haven’t. Our mission is to make cybersecurity as easy as possible. We make security available for organisations of all sizes. And what we offer, is ridiculously easy to use. We also have a uniquely comprehensive portfolio, allowing us to work as a one-stop-shop.
We secure email, networks, data, and applications for more than 230.000 customers worldwide. So, we have a lot of data at our disposal. We use AI to realtime leverage this data. For example, if one customer is attacked via email, we use this intelligence even to the benefit of our application security clients. Moreover, we freely show all insights about contemporary threats and attempted attacks to the global public on a threats dashboard. By sharing this type of information publicly, we stand stronger together and are contributing to our purpose of a safer world.