interview

“Some boards don’t view [it] as necessary” – Darktrace on cybersecurity

Rhodri Morgan speaks to Justin Fier, director for cyber intelligence & analysis at Darktrace, to find out the scale of the task at hand when it comes to changing perceptions around cybersecurity in the drinks industry.

In recent years, cyberattacks have become a common, but no less worrisome, aspect of business in the 21st Century. 

Since November, The Campari Group, Kirin Holdings, Molson Coors Beverage Co, and alcohol e-tailer Drizly all had their security systems compromised, resulting in issues ranging from theft of customer data to production shutdowns. 

With all companies using technology in their operations, protection from digital threats has become more important than ever before. 

To understand the scale of the task at hand – and some of the prevention methods companies need to implement, we spoke to Justin Fier, director for cyber intelligence & analysis at Darktrace, an artificial intelligence (AI) company headquartered in the UK that specialises in cyber defence.

Rhodri Morgan: What does today's hacker look like?

Justin Fier: I don't call them hackers anymore - that term doesn't convey what's happening. They're criminals, and that's what we should be calling them. 

You still have your 'lone wolf' attackers, who operate on their own, sourcing all the material they need. In certain cases, some nation states employ criminal organisations to carry out cyberattacks for them for plausible deniability or other political reasons.

Cyberattacks are the new form of war and can be more disruptive than storming the beach – ones and zeros are the new bullets in today's day and age. Sadly, we're going to see that escalate.

What do the attackers do once they gain access?

It depends on the criminal – with ransomware, the end goal is usually money. Traditional ransomware locks up a lot of computers, encrypts everything and says 'pay me a sum of money or I'm not going to decrypt it for you'.

There are also double-threat actors, which encrypt your machines before taking sensitive data like trade secrets or supply sources and holding it ransom.

There is also a third type, which is just there to do maximum destruction – that's probably your worst-case scenario.

How long can attackers spend within an organisation's mainframe?

If there's no security, there are documented cases where an attacker has spent months if not years in a network. If companies are looking at their traffic, hackers can live freely within that environment.

Many of the big attacks that you see today are not nearly as sophisticated as people think. A lot of the time, the attackers go through the front door, re-using credentials that are probably sourced from previous breaches.

What work have you done for companies within the food and beverage industry?

We worked with a family-owned business in the US. After deploying in their network, we found over 50% of devices on its manufacturing line infected with a very old piece of malware and they didn't know. 

Automated machines with names such as 'mixer', 'bagger', and 'slicer' – the real meat and bones of the operation – were compromised.

If people can get in and take that offline, that's your entire revenue stream.

How have cyberattacks changed over the time you've been with Darktrace?

I've been in this industry for 15 years. We're seeing the attacks become so sophisticated that they're moving at a speed human beings just can't compete with.

At Darktrace, we've coined the phrase 'machine-speed attacks', meaning the future is not going to be human against machine, but machine against machine. The attackers are going to be using the same AI and automation that we are.

What side are the humans and the machines currently on in the cyber wars?

Security teams are the humans – they're the ones still trying to piece together what happened, do damage control, brief upper management etc – we need to find a way to help them move faster. 

Every time we patch a vulnerability, the attackers are five steps ahead of us with another set of tools and tricks in their pockets. 

We're already starting to see the very beginnings of adversarial AI. Imagine a piece of malware or an operation that has a mind of its own and blends in to look like other human beings. That's the scary world that we are heading into.

What's the basic level of cybersecurity protection companies should focus on implementing?

Anomaly detection used to be a nice-to-have but is now a necessity in every security stack because it doesn't just show the malware or the attacker. It also shows misconfigurations by your own internal team, insider threats etc. – it captures a much wider net than just a firewall would.

Are there companies out there that still aren't taking these threats seriously?

Just look at the news, there are still some companies' boards that don't view cybersecurity as a necessary spend. Major supply chain attacks have happened in the last few months. 

Even the most well-resourced companies – including various parts of the US Government – are still ill-prepared and not ready to capture these things.

The majority have caught on and the ones that haven't just need that little bit of education to get out of the mindset that 'just because I haven't been compromised doesn't mean I won't be in the future'.