CyberWire Daily - Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
Episode Date: December 30, 2022SHOW NOTES This interview from October 28th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Nick Schneider of Arct...ic Wolf to discuss why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
There are indications that ransomware attacks have slowed down,
and many speculate that Russia's war on Ukraine
is a likely cause of that slowdown.
Some say this lull provides organizations
an opportunity to catch up and shore up their defenses.
Nick Schneider is president and CEO of Arctic Wolf,
and he believes businesses and organizations
should be using this time
to prepare for the next wave of attacks.
Yeah, I mean, there's continuing to be more and more ransomware, you know, within the marketplace.
I think certainly we've seen a little bit of a slowdown in the number of attacks, and I think
that can be attributed to a number of different things, with likely the largest cause being the Russia-Ukraine conflict. But I don't
think ransomware as a threat actors, at least top few choices is going anywhere anytime soon.
So it's something that organizations are going to have to pay attention to, protect against and have plans of actions and budgets for, I believe, likely for the rest of
time here, unfortunately. What are some of the things that you've been tracking in terms of
how the ransomware operators have adjusted, how they've evolved? I think that they've
gotten a lot more sophisticated, both in the manner in which they
attack, but also in their operations themselves. So by doing so, they've been able to get deeper
and wider within organizations over an extended period of time. And by doing that, they're able
to do a lot more damage or get their hands on a lot more company information.
And as a result, they're able to or decide to act in a way that allows them to ask for more ransom or more funds to get the company out out of position that they don't want to be in.
And they've done that both through, you know, kind of the capturing and locking of certain
data or devices, but also through, you know, I think more recently, some extortion tactics,
you know, so, you know, they're real businesses now, you know, so whereas it might have been a little bit more grassroots
in, you know, years past, you know, some of these organizations have, you know, HR teams and,
and, you know, picnics and, you know, things that you'd expect from, you know, a traditional
organization. And as a result, they're a lot more sophisticated in the way in which they approach,
you know, kind of their business and their tactics.
Given where we stand today, what is your advice for organizations who are looking to dial in the amount of resources they apply to helping prevent ransomware?
Yeah, I think we have an interesting time right now in that the number of attacks has subsided slightly.
So there's been a little bit of a reprieve for organizations. And I think what I've found or
what I've heard as I'm talking to folks in the market is that people take that either as an
opportunity to kind of shore up their defenses or, in my opinion, the wrong decision would be
to take a slight lull as an opportunity to,
you know, move or allocate budget or priority elsewhere. You know, I believe that any lull
that we've seen in ransomware, you know, relatively recently will come back and it
will likely come back, you know, and then some, meaning it will come back in a more,
you know, meaningful way than we even saw, you know, prior to a slight slowdown.
And those organizations that use a little bit of slowdown and attacks to really firm up their security posture will be the organizations that are in a really good position.
And those that have, you know, kind of neglected it, you know, over that period of time, of time, I believe will wish they hadn't.
And what to do or the advice would be to make sure that it's a topic of communication with the executive staff, make sure that it's a topic of discussion with the board, and make sure that you're investing in your security posture in a material way so that you can ensure that you're protected,
you know, over time. And I think as companies do that, they'll find that the best way for them to
be protected is to, you know, build a solution or build an ecosystem within their own environment
that allows them to, you know, deliver multiple outcomes to the business. So how do you detect
and respond? How do you, you know, make yourself aware, you know, aware of any potential vulnerabilities? How do you educate,
you know, your employee base? How do you set up education around, you know, phishing and,
and, you know, social attacks? And then, and then do you have a plan if something does go wrong?
So do you have, you know, an incident response an incident response team or a retainer? And tying
that all together is going to be what's important for organizations. And unfortunately, that's a
tall order for a lot of organizations. So that's kind of how we specialize is we like to view
ourselves as a security operations cloud that can provide multiple outcomes to a customer. But
whether it's Arctic Wolf or not, having a comprehensive plan and leveraging what is a
little bit of a lull in activity, I think will be really important for businesses.
Can you speak to the difference between engaging with an outside company such as your own,
or versus handling this sort of thing internally?
Are there, I can imagine there are pluses and minuses
to either approach.
Security is complex.
So you need to have the ability
to understand your security posture
against all your attack surfaces
within your employee base. You need to
do that in a way that allows you to detect and respond, that allows you to identify vulnerabilities,
that allows you to educate your employee base, that allows you to have incident response
capabilities. And for most organizations, being able to, you know, have a full security operation
is really difficult technically. And that's not to even consider
the difficulty of getting the right, you know, talent and skill sets in-house to be able to
deliver against the technology that organizations might have in place. You know, there are far more
cybersecurity jobs than there are, than there is cybersecurity talent. So depending on the organization, you know, you might be able
to consider a portion of or in really large organizations, the entirety of your security
operation being built in-house. But for most organizations, leveraging, you know, a company
that, you know, has built their entire business off of cybersecurity is probably a route that will
provide, you know, better outcomes and likely at less expense and almost certainly make you
redundant to, you know, individuals if you were doing it yourself within a team, you know, leaving
or, you know, taking a new role, which in cybersecurity, you know, means you've
gone from protected to unprotected overnight, right? And I think third parties can allow folks
to kind of minimize that risk. You know, it seems as though the rise of cryptocurrency and the rise
of ransomware kind of went hand in hand that, you know, crypto was an enabler for some of these ransomware actors. We've seen signs that perhaps
crypto will be regulated or clamped down on. Do you think that might move the needle?
Yeah, I think there's two conversations on this. One is the price or the value of cryptocurrency.
I don't think that that will have an impact. They'll just adjust
their requests based on whatever currency that they're benchmarking the crypto against.
The regulations, I think, could have a short-term impact. I don't believe it would be a medium or
long-term impact. Again, these organizations are now running significant businesses. To believe that they will just fold
up shop with some adversity in the crypto markets, I think is a naive belief. So yeah, I do think
that those things will likely help in the short run, but I believe in the long run or even in
the medium run, the bad actors will find a way to continue to
capitalize on vulnerabilities within an organization's cybersecurity posture.
That's Nick Schneider, president and CEO of Arctic Wolf. Thank you. Staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.