Heroes in Business - Experian Identity Report with Brian Stack Vice President of Engineering and Dark Web Intelligence for Experian, pt2
Episode Date: April 17, 2023Experian Identity Report with Brian Stack Vice President of Engineering and Dark Web Intelligence for Experian is interviewed by David Cogan Host of the Heroes Show. They discuss The Rise of Ransomwar...e.
Transcript
Discussion (0)
Up in the sky, look, it's captivating, it's energizing, it's Eliance's Heroes.
Eliance's is the destination for entrepreneurs, investors, CEOs, inventors, leaders, celebrities
and startups, where our heroes in business align.
Now here's your host flying in, David Kogan, founder of Alliances.
Oh, I'm so excited to be back again this week. We just have a full show of excellent,
incredible information that you can use. Why? Because we're back again, too. It's the Experian
Identity Report on Alliances, and we're bringing you these special reports with the world's leading experts about game-changing impact of identity
and the need to use reliable data to make confident decisions that safely accelerate customer engagement.
And this week, we're joined again by Brian Stack.
He is the Vice President of Engineering and Dark Web Intelligence.
You can reach him at Experian.com.
That's E-X-P-E-R-I-A-N.com.
All right.
What a topic we have today.
Brian, what is ransomware?
Yeah.
So, I mean, it's been in the news a lot the last few years.
And ransomware is a tactic used by cyber criminals to extort businesses. So they'll
infect their networks, often locking down their systems. And during that process, they will ask
for some type of payment in order to unlock their systems. That's great. That's, I mean, excellent.
Now, why did it take, I mean, I think the thing is, is what, it took over 20 years for
the creation of ransom model to actually take hold?
Why?
Yeah, well, I mean, I think we start with the genesis of ransomware.
And so it's actually a pretty fascinating story.
So the first documented case officially of ransomware was by Dr. Joseph Popp in 1989. He sent out 20,000 floppy disks,
for those who remember floppy disks being used in computers back in the 80s and 90s,
for a survey for medical researchers. And he demanded about $189 as a license fee to be sent to a P.O. box. And so
doctors got this research report. They put it into their computer. Their computer was locked.
It said, well, thank you. You've now been infected with this ransomware. Please send $189
to this P.O. box in Panama. And so it did. That was in 1989.
It was groundbreaking.
But then ransomware really didn't take hold
and become a global problem until about 2012, 2013.
And there's a number of reasons for that.
I like to kind of break it down after I've been doing this.
I've been doing this for so many years now
to what I like to call kind of stack, Brian Stack's law of novel cyber events. And it's based on kind of three factors.
So one is the technical accessibility and viability of the technology, multiplied by
how does it manipulate human behavior? And then finally, the economic benefit.
And so when we look at technical accessibility and viability, it really boils down to is
the technology that is leveraging this attack, this type of attack, is it generally available
to the average person, right?
So back in 89, when this attack happened, writing a piece of code was generally very
skilled. You couldn't
just pick a ransomware up off the dark web market for $100 and use it in an attack. You had to write
it yourself. So the accessibility was hard back then. Manipulation of human behavior, well,
ransomware works. When all of a sudden your system is locked down and you can't use anything, and then there's
a ransom over your head, it evokes fear, it evokes anxiety. So the human behavior piece was there in
89. And finally, the economic benefit. No one really knew, would people pay for this? Would
they not? And so when we apply these three factors, it really didn't take hold because
trying to do a payment, cryptocurrency didn't exist in 89.
So there was no way to anonymize a payment.
You had to send stuff to a P.O. box in Panama to try to hide your identity, which is obviously very clunky and very clumsy and not very efficient.
The technical accessibility, again, very low coefficient.
You had to write your own code. You couldn't just pick it up as going on the dark web.
And there's Amazon-like sites on the dark web where you can pick up code to implement these ransomware attacks very easily.
And so both those things, technical accessibility, the human factor, cryptocurrency availability, all make it very, very attractive now moving forward.
And we've seen nothing but growth over the last decade.
Brian, again, extremely valuable information.
And we can't thank you enough for being here today
because you're watching and listening to me,
David Kogan, host of the Alliance's Hero Show.
You know, the only place to go where entrepreneurs align,
E-L-I-A-N-C-E-S.com.
And make sure, again, you go to it click on radio because you'll be able to view
and listen to past interviews with experian because we have with us uh brian stack the vice
president of engineering and dark web intelligence so you can reach him again by going to experian
dot com uh brian how costly though is this whole thing with ransomware
and cyber attacks in general? You mentioned that it affects and can affect anyone. So talk to us
about the costs on that. Yeah, so I'll give your audience a few stats that I think really
hit the theme home. The first is that in terms of cyber crime overall worldwide, it's estimated
that it'll be about a $10 trillion problem by about 2025, 2026. And there's some variability
there, but anywhere from $8 to $10 trillion. Putting that in some context, the overall GDP of the world is roughly a little over $100 trillion.
So the potential is that 10% of the world economy could be based on cybercriminality.
Ransomware in general, so focusing specifically on ransomware, the cost to the world in 2021 was about $20 billion.
on ransomware, the cost to the world in 2021 was about $20 billion. That number is expected to rise tenfold to about $265 billion by 2030. The impact to businesses. So at the end of the day,
okay, your systems are locked. There's an impact to consumers. But the reality is the average
downtime for a business impacted by ransomware before they become kind of fully functional again, it's 25 days.
So think about critical systems, whether that be for a business or even more so that we're starting to see schools, hospitals,
the impact on students, on people receiving medical care.
You know, people can't necessarily go without medical care for 20 days.
Now you can say, well, just because a system is locked, why does someone not get medical care?
Well, often those systems can't function anymore. And so people who are part of very sensitive
medical treatments that rely on very expensive pieces of equipment. That equipment is often offline.
The median price of ransomware in terms of a payment is around a quarter of a million
dollars that gets paid out during some of these extortion processes.
Yeah, incredible.
All right.
So let me ask you the magic question here.
Five years from now, what will you see with with what do you see with ransomware and the whole cybercrime community more generally looking like?
Yeah, so I think there's a few pieces here. Right. So one is everyone is talking about chat GPT and AI. Right. So that obviously will play a role.
obviously will play a role. They will leverage that to make more efficient, more convincing social engineering types of attacks. So whether it be through email, through calling you through
the phone, they will leverage that technology to hone in and make the attacks more convincing.
Because at the end of the day, often these attacks attacks are twofold one is there's some type of uh system failure that allows the criminal in the other often what often happens
is there's human error somebody clicks somebody accepts the notification they shouldn't accept
so that'll have a huge impact i think again this is a business these are not just one-off hackers
like that you see in the movies or super geniuses.
These are businesses that run.
And so they're going to work on being more operationally efficient.
So they will go back to the basics.
They will say, you know what, instead of just blasting phishing emails out or text messages, we're going to try to figure out maybe let's send these out later in the day when people are more tired.
these out later in the day when people are more tired so they'll try to figure out geolocate their victims to figure out when's the best time to probably send them that that that you know
amazon notification that their package is late click here probably 10 o'clock or 11 o'clock at
night probably better than doing it at noon probably going to trick someone much easier
also i think space is on the horizon i think space is a new frontier I think space is a new frontier. The metaverse is a new frontier. I think we will see attacks migrate into those new areas. And in terms of ransomware overall, we've seen
the evolution from single extortion, which was just locking a computer, to double extortion,
which was locking a computer, publishing information online about what they
stole. Then it was third, triple extortions, where they locked your company's computer,
they published the information they stole online, and then they did an attack on your network.
And then finally, most recently, we've seen quadruple extortions, which are all the first
three. Plus, they reach out directly to your consumers through email or through some types of ad online.
I've seen situations of these criminal organizations
posting ads online saying,
we stole the data from company X.
How do you feel about that?
You should call them and let them know
they probably should pay our extortion
if you ever want to see your data.
So that is the evolution.
It is evolving every day
and getting more brazen and novel. Wow. And again, I mean, extremely valuable information
that you've been sharing today. It's a whole new world. This has been the Experian Identity Report
with Brian Stack, Vice President of Engineering and Dark Web Intelligence. Make sure that you go
to Experian.com. And of course, this is David Kogan. It sure that you go to Experian.com.
And of course, this is David Kogan.
It's been an honor to have you here today, Brian.
Make sure that you go to alliances.com.
That's E-L-I-A-N-C-E-S.com.
The only place where entrepreneurs align.
Thank you again, Brian.
Thank you, David.