Share this article on:
US data management and security company Rubrik looks beyond cyber attack prevention. As threat actors get more sophisticated and the barrier for entry into cybercrime gets lower, it's important to have a plan on how to bounce back fast. Cyber Daily sat down with former CISO of the Central Intelligence Agency (CIA) and Rubrik CISO Michael Mestrovich to discuss the current threat landscape and the importance of planning for the inevitability of cyber attacks.
Q: How have you seen the landscape change in cybersecurity, in particular, ransomware and advanced persistent threats?
I think one of the things that I've noticed over the years is just the pace of cyber attacks has continuously increased. I think one of the other trends that we have seen is the rise of ransomware, the monetization of ransomware and then ransomware as a service. So the reality is that where before, you needed to be relatively sophisticated with your skill sets from a cybersecurity perspective or a cyber crime perspective, now individuals with reduced skill sets can buy ransomware as a service technologies, and they can conduct their own ransomware attacks. So that has lowered the bar for entry for a lot of cybercriminal elements.
I think the other thing that we've seen is the nexus between cybercriminal elements and foreign intelligence services. A lot of cyber criminal elements operate outside the jurisdiction and the bounds of law enforcement entities. They operate in places where it's difficult for worldwide legal law enforcement entities to go get them. It's great to be able to tear down the technical capabilities that these organisations have constructed, but ultimately you have to get to the individuals, and when they're operating in places where you just legally don't have a law enforcement presence, it makes this relatively hard. I think it's no surprise foreign intelligence services often front these cyber criminal groups.
They provide them with tools and techniques and then they even oftentimes provide them with the harvested credentials to allow them to go and conduct these cyber operations against commercial enterprises in any one particular targeted country. And I think that Nexus continues, it continues to grow, and that's going to be a challenge for all of us going forward.
Q: How easy is it now for unsophisticated or novice actors to conduct these cyber attacks using these tools and techniques?
Well, I wouldn't say a novice, but I would say that someone who is reasonably computer savvy has some basic fundamental understandings of how computer systems are built and operated and administered, and a rudimentary understanding of networks and how those and cloud infrastructures operate. With that basic knowledge, you can buy on the dark web, complete attack packages. I'm not going to say that a novice could do this, but it's relatively straightforward.
I think the other piece here is, as much as Cyber's defenders have gotten better at securing entry enterprises, there's always legacy systems, like legacy HR systems that for whatever reason, haven't been turned over and haven't been patched. There are data stores that remain unprotected simply because people don't know that these data stores exist. They were potentially set up for a marketing campaign or a sales campaign or some type of registration drive, and then somebody forgot to tear them down. And so there's these exposures that sit out there that cyber defenders just don't know about. And when you have rudimentary knowledge and you can buy cyber attacks on the dark web and then go execute them, it kind of changes the dynamic.
Q: Let's now look at the recovery side of things. How does Rubrik use zero trust to help companies recover in the event of a breach and how do you prioritise resilience in your overall cybersecurity posture?
One of the critical pieces that I think organisations are coming to understand today is prevention isn't good enough. They have to have a contingency plan for when a cyber attack occurs, and they need to be able to fight through that cyber attack to keep their business operations going, or to reconstitute those business operations if they have been compromised.
This is where we get to talk about this thing called cyber resilience. What is your cyber resilience strategy? It's no different to any resilience strategy when faced with a crisis. How can your organisation withstand that crisis to continue to operate and fight through it?
Specifically, when we talk about Rubrik, we started out in the backup and recovery space, and if you look at the traditional backup and recovery architecture, it was built at a time when we assumed that the infrastructure was populated by system admins who were conducting backup operations. It's vulnerable in various different instances if a cyber attacker is able to get into the traditional backup infrastructure, and you've seen in many cases, what many cyber actors have done is they've actually targeted the backup system because they know if they can compromise the backup, well then they've got the organisation over a barrel, because now the organisation no longer has access to a good backup. And so this is a differentiator for Rubrik.
Rubrik changes that backup architecture to condense it into a single platform that provides an immutable data store. We've got over 6000 customers across the globe. Now, if our customers are hit with a cyber attack, they know that they have a valid backup copy that they can begin to use to restore their business operations once they have evicted the cyber actor from the playing field. Rubrik provides that ace in the hole that an organisation has, that insurance card, so that they can go ahead and restore their operations when they need to.
Additionally, as we've continued to build on the platform, we've been able to build threat intelligence into that system to be able to discover where malware may have been injected into the organisation. That then helps an organisation understand the point in time when to roll back data sets and in virtual machines and workloads, because they can see the point in time when the malicious action took place and they know that prior to day x, it was a clean environment. If you restore a compromised workload, well, you've enabled their persistence.
Q: How often do you store backup data?
The customer gets to determine what their backup schedule is, and what the targets are for backup. So they determine what are the workloads are and what they want to back up and what the frequency is.
How long do they think that they can be down, should there be any catastrophe of which a cyber incursion could be one of those catastrophes? It's up to the customer to determine what that sequence is from a backup perspective.
The customer also gets to determine the target. Where do they want to send these individual backups? Do they want a backup from on prem to cloud, from cloud to prem, cloud to cloud? That's all up to the customer. So they really get to be in the driver's seat when it comes to that.
Tune in to hear more!
You can hear the full discussion between Cyber Daily and Rubrik CISO Michael Mestrovich on the Cyber Uncut podcast, here: