Or listen in your favorite podcast app
Apple Podcasts / Google Podcasts / Spotify
The imagery has been etched in our minds for decades. Thieves and vandals riding into town on the back of their horses with one mission in mind: robbing a bank to steal your cash. This is the bad actor archetype, and it has stayed much the same for years. But the problem is, Hollywood’s depiction of those events are no longer accurate in today’s digital world. Nobody is physically robbing banks anymore, because they don’t have to.
“If you’re a bad guy, you rob a bank and you’re going to get caught immediately. And that person is definitely getting caught. But if you look at what cyber attackers are doing now, they’re looking for ways to digitally impersonate someone or get to your employees. From there, they can get to your network, or your data. So then they can hold you hostage without really physically harming you, and you could lose tons of money.”
Fleming Shi, the CTO of Barracuda Networks, a security software platform that is designed to prevent those robbers from accessing your accounts or your business. On this episode of IT Visionaries, Fleming discusses the evolution of cyber attacks and how botnets are infiltrating your system much like a virus finds its way into your body, and why fighting off those attacks is the biggest challenge facing cybersecurity teams today.
Main Takeaways
- Built with a Security Mindset: As cybersecurity threats become more advanced and personalized, the onus to protect the user should no longer fall solely on security teams. Instead, application developers must start building their cloud applications with security in mind. If they don’t, the bad actors will continue to find vulnerabilities within systems based on the way they are built.
- Not All Bots Are Good Bots: Bad bot personas are bots that are identified as malicious based on their pattern of behavior. These bots often disguise themselves as user-agent bots, which search sites in order to rank them, then infiltrate your network and mine for your data.
- How to Spot A Thief: One of the most effective ways to spot “bad bots” is to follow their behavior patterns. Typical bot activity peaks during the early morning and late at night, which may indicate if that bot is a safe bot or a cybercriminal.
—–
For a more in-depth look at this episode, check out the article below.
The imagery has been etched in our minds for decades. Thieves and vandals riding into town on the back of their horses with one mission in mind: robbing a bank to steal your cash. This is the bad actor archetype, and it has stayed much the same for years. But the problem is, Hollywood’s depiction of those events are no longer accurate in today’s digital world. Nobody is physically robbing banks anymore, because they don’t have to.
“If you’re a bad guy, you rob a bank and you’re going to get caught immediately. And that person is definitely getting caught. But if you look at what cyber attackers are doing now, they’re looking for ways to digitally impersonate someone or get to your employees. From there, they can get to your network, or your data. So then they can hold you hostage without really physically harming you, and you could lose tons of money.”
Fleming Shi, the CTO of Barracuda Networks, a security software platform that is designed to prevent those robbers from accessing your accounts or your business. On this episode of IT Visionaries, Fleming discusses the evolution of cyber attacks and how botnets are infiltrating your system much like a virus finds its way into your body, and why fighting off those attacks is the biggest challenge facing cybersecurity teams today.
Through his 16 years at Barracuda, Shi has seen it all. From the old days of bad actors passing themselves off as junk email to full end-to-end digital attacks. Cyberspace has never been more vulnerable than it is today, and a lot of that is thanks to the amount of SaaS applications in the ecosystem. More SaaS applications mean more cloud adoption, which inherently provides bad actors more opportunities to attack a company’s security vulnerabilities at the edge.
“A lot of these attacks are no longer launched from a finite set of systems, they’re building botnets to do these things,” Shi said. “Botnets are like an infection into people’s resources. And infrastructure, cloud environments, home devices, IoT devices, whatever it is that you put in your house, it’s opening up a whole bunch of doors and windows.”
Shi stressed that the biggest area of concern right now is how you protect users inside their own homes from these malicious attacks, which he playfully referred to as the new frontier of cybersecurity. Distributed and remote environments are now the norm and aren’t going anywhere, so finding a way to secure those users at the edge has put a lot more pressure on security teams that used to just have to put up a perimeter around a single network.
“There’s the digital world and there’s the real world,” Shi said. “And how does the digital world affect us? If we understand where the threats are coming from and if we prepare humans to be more aware, it can help. I fundamentally think we really need to root out the bad guys that are infecting your infrastructure to make sure your systems are no longer being weaponized.”
The problem is these bad actors are no longer just trying to steal your money, but they are actually holding you hostage. Botnets are quietly siphoning your data behind the scenes into large data lakes to purge at their leisure.
“If you look at where attacks are and how they actually collect their ransom payments it’s no longer just about giving your files back,” Shi said. “Oh, your files got encrypted. Guess what? I have your key. So, I give you a file back, but I still have all your data. So if you don’t pay me the second time, I’m going to basically post your customer data online.”
So how can this be managed as more cloud-based applications come online? Shi said it needs to start with the developers, who have to be more security-minded when it comes to developing their products.
“There needs to be a lot of security, monitoring and event-triggering, and all those things to help,” he said. “All the software companies that are building SaaS applications to protect their cloud environment from being compromised need to be developed with attackers in mind.”
To hear more about the evolving cybersecurity landscape and how to further secure your system, check out the full episode of IT Visionaries.
—
To hear the entire discussion, tune into IT Visionaries here.