Ryan Witt, Industries Solutions and Strategy Leader at Proofpoint joins us to discuss the heightened state of cybersecurity alert, especially in the face of what's going on in Russia and the Ukraine.
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today we have another interview in action from the conferences that just happened down here in Miami and Orlando. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week health instead set of channels dedicated to keeping health it staff current and engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders, Gordian dynamics, Quill health tau site nuance, Canaan, medical, and current health.
Check them out at this week.health.com/today. Here we go. All right, here, we have a little different interview. We have a, this is an interview from the HIMS conference, but we're doing it early because. Ryan, and I couldn't get on the same schedule. We're too busy during the week. And we decided to just catch up here.
So Ryan went with proof point is here. We're going to talk a little cybersecurity. That's a cybersecurity Ryan. welcome to the show.
Always. Good to be here.
Ryan, I think top of mind for everyone has to be, Russia, Ukraine what's going on there. You're in the cybersecurity space. Health guy talked to a bunch of CEOs.
They're on a heightened state of alert. I looked at one CIO, our CSO, who was at the, at the, , previous event at the five event. He looks like he hadn't gotten out of the office for the last three months. And that might even be six months. I mean, it's been a tough, it's been a tough slog for these CISOs for the last couple of months. Has it?
It absolutely really has. And from our standpoint, I mean, we're obviously monitoring this really, really closely. I'm sure everybody is. And you know, being on this heightened alert is the right sort of approach, , to be sure we're not seeing anything. Unusual so far,
nothing new, nothing. I mean, when they, at least this attack, we were worried that we're going to see all sorts of new things, new malware,
I mean, Russian state actors, or, you know, cyber criminal gangs out of Russia, whether they are state sponsored or not.
And you can assess it. That's quite a topic right there. , have always been very active. So. It's not like it's nothing's happening, but we've not seen a huge change in the norm. However, and I think it's important to emphasize the however, and to be cautious here because this could change. It could change quite rapidly.
And as the, as the dynamic of the, of this conflict of this invasion evolves. Who knows what the response and the counter response is going to be. And I, you know, what I'm really referring to is we're seeing more and more Western brands, , pulling out are suspending their business activity, , within China restaurants, retailers, , online gaming, , we see assets for oligarchs being suspended or frozen and multiple geographies.
And. As this happens, you just don't know what the reaction is going to be. , from, from Russia adds a result. To what degree do they start pointing some of their cyber security events? Towards the west end towards those, those organizations until those countries who are seen to be causing, you know, hardship within, within Russia.
So I just don't do we have a sense of volume as the volume gone up at all?
We watch this really, really carefully. And we haven't noticed that nothing that's noteworthy. We definitely saw prior to the invasion, we saw an uptick in DDoSs account attacks on Ukraine. We saw an uptick in, , , account takeover where somebody purports to, or somebody takes over somebody's account and then it's sending out emails on their behalf.
So, but again, that was really leveraged against the EU trainee, the Korean government and ministries and institutions. , but in terms of what's happening outside of Ukraine, we haven't seen a whole lot, but when I think about like what anonymous is doing anonymous, being this kind of this decentralized organization that are, are pointing their activity, you know, squarely towards Russia or the Ukraine.
Establishing this kind of what they call it. You Ukraine it army, which is just kind of like this volunteer sort of cyber cyber peaks and hacks hackers who are, you know, white hat, hackers are joining forces to go launch attacks. And then that combined with the suspension of business with so many Western brands, you just have to wonder at what stage do the re-up the response from, from Russia is not just targeted.
, Ukraine, but it's going to be more broad, but we haven't seen a whole lot so far, so that's kind of the encouraging thing, but, you know, I want to, I just want to emphasize it's already always been pretty active.
Yeah. Well, so there's part of me. I want to get to healthcare here in a minute, but you know, in a conflict, in a war like this, I, I tell people, you know, it's, it's a conflict.
If you're looking at it from the United States, it's a war. If you're living in the Ukraine right now. , and the. Bombs are going off around you, but the, , , you know, it in, in the physical it's obvious, it's like, get underground, get in your bunker. Don't walk around on the streets, but you know, I log we're we're on zoom right now.
You know, I logged in this morning, got on the internet. This there's a, there's a battle going on on the internet right now. And I got on like, I'm just walking through the streets and nothing's going on. I mean, is that right? Am I not thinking right about this? Or is it just heightened state of alert in terms of, , making sure I have the right tools in place, making sure I have the right procedure for my company and myself.
I mean, This is an opportunity. Don't let a crisis go to waste. No good put a waste. So this is a really good opportunity to make sure you are heightened your not only your awareness, but you know, if you had some investments, you were, you were pondering or maybe that were hadn't happened yet, or you were contemplating in the near term.
I think this is the time to make those investments, whether that's people oriented or whether that technology. , so I think. You know, kind of, as you kinda mentioned a little bit earlier. Yeah. You know, we can see this as like a, a conflict we don't, we're not experiencing the directly, the hardship. Yes.
Maybe at the gas pump that's, you know, compared to bombs falling, that's pretty, you know, pretty insignificant. , but I think in terms of like, what's going on, it's, it's not. It's not that problematic yet, but this can change really, really quickly. Right. And I think that's where we need to be ultra concerned.
I noticed that there was a, , and this is like saying a very small incidental, , example, but one of the very large online gaming companies, , mobile gaming companies suspended all the Russian accounts, , millions and millions of users. And. So if you're in that, if you're in Russia and you can use your game or whatever.
Okay. That's not the end of the world, obviously. It's not like bombs are falling on you, but how many of these dominoes have to fall? You know, McDonald's sucks. Starbucks is suspended, apple suspended.
I was just thinking, I mean, credit cards were suspended. , Netflix is suspect. I mean, it, they have been, , I, I mean, I I'm sure some things haven't suspended, but it almost feels like we've cut them off from the. Right.
I can't imagine what that's doing in the households and whatnot. I think what we hope is happening is that the Russians are sitting around and saying, Hey, I'm not sure I like our leadership
and where they're taking us. Right. And I think I see intended consequence, and that might be a very positive outcome ultimately, but along the way, Target those organizations from a cyber standpoint who have, or not targeted those organizations just target just the west, generally trying to also inflict some pain.
So I think that's where we have to be really sensitive to, to what's going on. And the heightened awareness should be really, really. Do those
attacks look different. So health care, now we're getting back to healthcare. They do those attacks look different if I'm a assist. So are they, you know, ransomwares about money, those kinds of tax aren't necessarily about money.
They're more about, , it's retaliation of some kind and it's about causing havoc. Do they
look different? Do they feel different? They can actually. And one thing I did, I didn't want to mention a little bit, so we're seeing definitely an uptick in what we call wiper. So wiper where being a version of ransomware, but as the name implies, you wipe the data.
So there's no intention to extract some sort of payment. The attention is to extract pain, essentially. So you delete that data. Permanently and then, so that yes, we have to end up taking that and use that use of that form of malware. , so that's something we should be particularly concerned about.
How is that delivered? Is that delivered through the same way or are they using a little different?
Yeah, I mean, essentially, , it goes back to credentials. Are the Nirvana state, right? Someone's credentials, particularly somebody who has good access or know solid credentials into, into the environment. Then you're in the network, you're in the health it network, you're in the network.
And then there, you have the ability to move laterally you out, their ability to do reconnaissance and you have the ability then to go decide what is the best form of malware that's available. And I think one of the changes we just seen more broadly. In the cybersecurity landscape is the sophistication at the level of exploits that are now available on the black market.
So it's not just, you have this one sort of a bad actor or a threat actor who really focuses on ransomware. What do you focus on fraud attacks now? They're like, I just want to get it. I want to figure out what's my most impactful or most my best ROI, and I will launch various forms of attack. So, but the key is to get in and the best, easiest way, the most impactful way to get in is to steal someone's credentials.
And there's still, the front door is still email, right?
Largely. I mean, if you have. You have systems that are, that are pointing to the network, or they're not protected adequately if you're not using multi-factor, there are other ways in, but the easiest way in the one that requires no real technical knowledge at all, is putting together some sort of compelling email or that is
just, just asking for the credentials. They'll give it to you.
Right. You know, writing a lot of emails over time, asking for different pieces of information that allowed you to formulate the puzzle. Okay.
It's amazing. Have they had the, as my last question, I mean, we don't have a lot of time in these interviews, but I, I appreciate you making the time for this, the, , the, , protection, , are we changing the way we're protecting at all?
Are we updating? I know that we're a lot more responsive than we used to be. I read this Microsoft store. That, , they identified a new form of wiper where that was heading towards the Ukraine. They got involved with the federal government, like within 24 hours of identifying what not seems like we're more responsive or more, I don't know, more nimble, more responsive than we used to be.
I'm not the 24 hours as fast enough, but it's, it's faster than we've ever
been. It feels like, I think maybe the connective tissue is from. So we're all kind of rallying behind and want to help each other out a lot right now. So maybe that connective tissue is allowing better sharing, , better engagement with agencies, , better utilization of the tools that are out there to go help, help defend against these attacks.
So maybe that's, maybe that's partly where it's about
Ryan. I want to thank you for your time for this non hymns hymns interview prep. Appreciate
catching up with you.
Thanks another great interview. I want to thank everybody who spent time with us at the conferences. It is phenomenal that you shared your wisdom and your experience with the community, and it is greatly appreciated.
We also want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, Gordian dynamics, Quill health tau site nuance, Canon medical, and current health. Check them out at this week. health.com/today. Thanks for listening. That's all for now.