Ransomware and other types of cyber attacks pose urgent national and international security issues and huge problems for large corporates. During a DLD Sync virtual conference Siemens Chief Cyber Security & Chief Security Officer Natalia Oropeza and Atos VP for Digital Security Zeina Zakhour talked with The Innovator’s Editor-in-Chief about why combating attackers will require innovation and creativity and hiring a more diverse group of cyber security experts.
Below find some key takeaways from their October 21st conversation:
- Ransomware attacks are on the rise. JBS, the world’s largest meat processing company, with headquarters in Brazil and more than 250,000 employees worldwide, announced May 30 that it was the target of an organized cyber attack, illustrating, once again, that ransomware is an urgent national and international security issue. JBS facilities in Australia, the U.S., and Canada were disrupted causing some plants to shut down and workers to be sent home. The attack – which the FBI said was launched by a Russian group of hackers – followed another in April on Colonial Pipeline. That attack, for days halted fuel distribution from a crucial pipeline on the East Coast of the United States, leading to a spike in gas prices, panic buying and localized fuel shortages in the southeast. That’s not all. There has been a whole slew of other ransomware attacks that don’t always make international headlines. The Cyberpeace Institute has just put out a report that says that there have been 116 ransomware attacks on healthcare facilities, such as hospitals in 24 countries in the past 12 months. Systems were sometimes shut down for months, ambulances had to be diverted and surgeries delayed. At least one death – that of a baby – has been directly linked to hospitals IT systems being shut down by malicious hackers seeking ransom. Other types of attacks, such as stealth entry into corporate networks to steal intellectual property or customer information, are also on the rise, as are state-sponsored attacks.
- The days when companies and governments could protect the perimeter with firewalls are long over. Now the focus is on Zero Trust, a set of principles used to build a security strategy that is founded on the assumption that your is already breached and will continue to be breached. The goal is to slow the hackers down and contain attacks. “Never trust but verify” is not just a philosophy, it is a tech architecture. Just as people now have to not only show their ID but also a certificate to show they are healthy at airports, technology can not only check the identity of a user but the health of the device they are using and further combine it with real-time intelligence to determine whether a device is being used from the right location and whether the user has a legitimate reason to access specific data. Artificial intelligence and machine learning help accelerate detection of unusual activity on networks, devices, and users on the network by modeling behavior but companies need to have the right cyber data scientists to properly fine-tune these kind of analytics. The key is to ensure that your company or organization has the ability to respond fast enough. If it takes two days to detect an attack and another day to quash it, it will be too late: the data will have been breached. Think of it like running a marathon, you need to keep running to stay ahead.
- Too often companies only act after they have been breached instead of proactively ensuring that their cyber security is up to date. Colonial Pipeline could have easily protected itself against the vectors used in the attack by using basic controls, according to the panelists. The attackers succeeded in entering the network because a firewall had not been updated and Colonial Pipeline was using weak credentials. Companies need to be aware of their cyber risk and come up with a game plan if an attack happens. A security by design approach is needed. When organizations began their digital transformations, many took the approach that digital was core to their business but security was not. If organizations think about security after installing new technology, it will cost more money. Organizations made this mistake in the past, with the adoption of Internet of Things technology and migration to the Cloud. Now they have understood that every company and every organization is a potential victim of a cyber attack.
- There is an increased need for coordination between companies and governments. Both the White House and the European Union are encouraging governments to collaborate on cybersecurity. Companies are also starting to share information with each other about attacks. Both Siemens and Atos, along with 14 other companies, belong to a group called Charter Of Trust, which does just that.
- There is not enough diversity in the cybersecurity field and this is impairing the ability of companies and organizations to be innovative enough. A broader swath of the population is needed to understand the enemy and effectively combat cyber criminals. Requiring applicants to have ten-years of experience and 20 certificates in cyber security is not the answer. Different perspectives are needed from diverse backgrounds. More women need to enter the field and minorities need to be better represented. Role models are important. This is one of the reasons that Siemens appointed Oropeza to be both Chief Cyber Security Officer & Chief Diversity Officer rather than appointing a woman from a more traditional field like human resources to take on the diversity role. Communication around the field needs to help inspire people by helping them to understand that cyber security is technology with a purpose: it is about protecting society. People trained in other fields, such as psychology, or those with high emotional intelligence ,could be a good fit in cyber security. There are more than 462,000 openings for cyber security specialists in the U.S. alone. To fill these jobs companies and organizations will have to become more open-minded about mapping skill sets and helping people to transition to the field.
To read more of The Innovator’s Key Takeaways articles click here.
IN OTHER NEWS THIS WEEK
CYBERSECURITY
Governments Push Ransomware Gang REvil Offline
Reuters reports the ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil’s direct victims include top meatpacker JBS. The crime group’s “Happy Blog” website, which had been used to leak victim data and extort companies, is no longer available. “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Tom Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. “REvil was top of the list.”
Ransomware Gang Masquerades As Real Company To Recruit Tech Talent
The Wall Street Journal reports that a criminal organization believed to have built the software that shut down a U.S. fuel pipeline has set up a fake company to recruit potential employees, according to researchers at the intelligence firm Recorded Future and Microsoft. The fake company is using the name Bastion Secure, or BS for short, according to the researchers. On a professional-looking website, the company says it sells cybersecurity services. But the site’s operator is a well-known hacking group called Fin7. Fin7 is believed to have hacked hundreds of businesses, stolen more than 20 million customer records and written the software used in a hack that disrupted gasoline delivery in parts of the Southeastern U.S., federal prosecutors and researchers say.
FINANCIAL SERVICES
Plaid Pushes Into Payments Business After Scuttled Visa Deal
Financial technology startup Plaid is making a move into the payments business, less than a year after an antitrust lawsuit scuttled its high-price sale to Visa Inc. Plaid makes software that allows banks and other fintech companies to plug into their users’ financial accounts, with their permission, and access their financial data to look up account balances or authenticate personal financial details. Plaid unveiled a new program Thursday that will use the software to make it easier and cheaper for consumers and businesses to make digital payments funded by their bank accounts. It is teaming with Square, Stripe and dozens of others on a digital pay-by-bank offering.
TRANSPORTATION
Israeli Startup Unveils VTOL That Consumers Can Use “Like Cars”
Israeli startup AIR unveiled its first “easy-to-operate” electric, vertical takeoff and landing (eVTOL) aircraft that it aims to sell directly to consumers predominantly in the United States starting in 2024. AIR has been working with the U.S. Federal Aviation Authority (FAA) for two years and expects to obtain certification by the end of 2023 for the AIR ONE, a two-seater, 970 kg (2,138 lb) eVTOL, which will have a flight range of 110 miles (177 km), Chief Executive Rani Plaut told Reuters.
China’s Xpeng Raises Funds To Build Consumer Vehicles That Work For Both Low-Altitude Air Travel And Road Driving
HT Aero, an urban air mobility (UAM) company that’s an affiliate of Chinese electric vehicle manufacturer Xpeng, has raised a $500 million Series A funding round to acquire top-tier talent, advance R&D and “continue to gain airworthiness provision and certification” as it advances towards the next generation of its vehicles, according to Deli Zhao, founder and president of the company.“Our next-generation model will be a fully integrated flying vehicle and automobile, designed for both low-altitude air travel and road driving,” Zhao said in a statement. “We are planning for an official roll-out in 2024.”HT Aero recently revealed its fifth-generation flying vehicle, the Xpeng X2, which can handle autonomous flight take-off and landing for certain city scenarios, back-end scheduling, charging and flight control. The company says it wants to provide UAM solutions for individual consumers, rather than businesses.
Germany’s FlixMobility To Acquire Greyhound Lines, The Iconic U.S. Bus Company
FlixMobility, the $3 billion-German transportation startup that has doubled down on long distance buses and slowly and quietly gobbled up transit lines and operations across Europe, announced it is acquiring Greyhound Lines, the iconic U.S. bus network, from U.K.-based owner FirstGroup.
New Market Entrants To Make Electric Vehicles
Xiaomi Chief Executive Lei Jun said the Chinese smartphone maker will mass produce its own cars in the first half of 2024, a company spokesperson said on Tuesday.The date marks the next major target for the company’s fledgling electric vehicle (EV) divisison, which Xiaomi formally announced earlier this year. Meanwhile,Taiwan tech giant Foxconn is looking at making electric vehicles in Europe, India and Latin America, including “indirectly” cooperating with German automakers, Chairman Liu Young-way said October 20.Foxconn aims to become a major player in the global EV market and has clinched deals with U.S. startup Fisker and Thailand’s energy group PTT.
LOGISTICS
Alphabet’s Wing Project Unveils New Drone Delivery Model
Alphabet’s Wing said October 20 that Walgreens will use its new drones to make deliveries from a store in Texas, in the first use of such vehicles in a major U.S. metro area. Wing said it will launch the effort at a Dallas-Fort Worth area Walgreens store in its parking lot, serving parts of the city of Frisco and town of Little Elm. Prior to this, drone delivery projects have been in smaller U.S. towns.”The aircraft will arrive in small containers that serve as tiny hangars, allowing each store to quickly and easily deploy a small, dedicated fleet from its parking lot, on its roof, or in small spaces adjacent to the building,” Wing said.
FOOD AND AGRICULTURE
The Spoon reports on two important funding rounds aimed at developing the necessary technology and production platforms to enable scale-up of alternative proteins.
Culture Biosciences, which raised $80 million, helps companies developing future food products with its bioreactor-as-a-service platform. The company introduced its first product a couple of years ago, a cloud-connected benchtop bioreactor service for cell-culture and bioprocess development. With their new round of funding, Culture looks to move beyond the bench with cloud-connected 5L and 250L bioreactors-as-a-service that will help firms optimize for pilot scale bio-manufacturing.
The second investment isn’t a traditional venture investment, but the $10 million USDA funding award to Tufts University for a cultured protein center of excellence is a vital investment nonetheless. In partnership with others, Tufts will lead an Institute for Cellular Agriculture to develop foundational technologies and processes to enable the cultivated meat industry to progress towards scaled production. The foundational work done by this organization will include everything from research on next-generation cell-culture medium to the development of education and leadership programs for the cultivated meat industry.
RETAIL
Tesco Takes On Amazon Go With Launch Of “Just Walk Out” Stores
Tesco is fighting back against Amazon with its first “just walk out” store, where it is possible to buy groceries without having to scan items or visit a cash register .The supermarket’s GetGo store in Holborn, central London follows a small trial of a similar store at Tesco head office in Welwyn Garden City, which has been selling goods to the retailer’s staff since 2019. Weight sensors in the shelves work with an AI system that can track an individual’s movement around the store and monitor the items they pick up via cameras, which follow each shopper. The AI system works by building a unique skeleton outline of each person rather than using facial recognition.
SUSTAINABILITY
Ikea, Michelin, Unilever and Amazon Commit To Using Zero-Carbon Shipping Fuels By 2040
Amazon and IKEA are among commercial users of container shipping that will opt for zero-carbon marine fuels by 2040 in a new initiative aimed at speeding up decarbonisation in the maritime sector, executives said on October 19. With about 90% of world trade transported by sea, global shipping accounts for nearly 3% of the world’s Co2 emissions and the sector is under growing scrutiny to become cleaner.The initiative, which was organized by the non-profit Aspen Institute and has nine signatories so far, sets a goal for companies to only purchase ocean freight services powered by scalable zero-carbon fuels by 2040.