These sees Bloomberg Business Week with Carol Massier and Tim Stentovic on Bloomberg Radio. One of the great growth stories I think for the next decade twenty years. If I was you know, I gave my kids advice go into cybersecurity. Other than trust your gut, trust your gut, go into cybersecurity. It's it's like the plastics of the nine sixties. And explain that reference to deal later. Kara Sprague, executive vice president and chief product officer, she's into cybersecurity. The firm
is F five. She joined us on Zoom from Seattle. Uh, Karen, give us an overview of kind of from your perspective at F five. How are how is corporate America? How are global corporations dealing with cyber security these days? Um, it just seems like because of the pandemic, maybe even more so, we put even more and more data and applications into the cloud. Absolutely, and thanks for having me on.
What we have seen over the past several decades is just an increasing reliance of organizations on their digital verses and applications. And so what you see today is most companies their their fundamental business processes, the way that they engage with their employees, the way they engage with their customers. Those they are all facilitated by some sort of digital service or application, and the landscaper cybersecurity just continues to
grow more complex. And so the reality is with this increasing dependence on applications and on digital services and the increasing sophistication and breaths of threat actors, it's becoming a
very dangerous world out there. Let's talk about those threat actors in this dangerous digital world, because it seems like, I mean, there's been so many stories of the past few years, but a big story of the past few years is just how many cyber attacks there were, and it was really spread out very broadly when you think about some of the pipelines and of the other attacks that happened. I mean, is that the future that we're heading into is should that be something that you know,
the average person should expect to see? Absolutely? And I think that future is is here today. Um, maybe it helps to think about some of these attacks in a few categories. We hear a lot about data breaches in the last year. Alan what we would say is that inadequate cyber security has resulted in almost two billion users
passwords and and credentials falling into the hands of cyber criminals. UM. Just one example I would point to there was a very material breach at a service provider in Australia just a few months ago in which ten million customer records and not to open a bank account were taken and exceltrated through an API that was just not protected. UM. And so that speaks to why API security has become such an important topic. Another category of cyber threats we
see are these bots UM. And so anybody who's who's really really excited like I am for the upcoming Taylor Swift tour UM is going to know that it was very, very difficult to get tickets UM, largely because there's all this automation which was pounding Ticketmaster in order to secure those hits on their own and then be able to
resell them in the in the gray market. UH. And so boss is another major threat, and that affects everything from the sneakers that your kids might be trying to buy, UH to UH, you know, stuffing fraudulent credentials into various UM places to try and figure out and break into those accounts. UH. If you have a loyalty card or any other kind of thing that transacts financial information oftentimes
boss or material problem there. And then the third category I would points to and it's one Katie that you you brought up is ransomware. UM. That was that was the issue at Colonial Pipeline. And what we see is that if cyber criminals get access to a network, they can install malware which allows them to uh take data and then encrypt that data and then hold that data for ransom uh forcing organizations to to pay them money in order to get the data back. And that affects
a large number of organizations. We saw a lot of them,
even going after hospitals in the past year. UH. And there was a recent example in a lay at a school where that the data from from students and parents was taken and that was particularly sad for me because what happened there was the hacker group eventually released that information on the employees and students, and for the children at least, it's going to be many years before they realized that many elements that are core to their digital identity have been out there on the open Internet for
a long time. So, Karen, maybe I'm just glass half empty on this one. I just feel like it's this cybersecurity is is something that we as a society will never get ahead of. We will always be playing ketchup, we will always be plugging holes. Uh in in the damn? Is that the right way to look at it? Uh? Well, I think it will require constant vigilance and it requires
us to consistently raise our game. But I mean, if you if you look at uh an analogy I sometimes think about is when broadly we adopted bar soak right, that immediately wiped out a large amount of the spread of disease, and we put in place other practices around you know, don't mix your drinking water with your with your stewage water. That was another practice that wiped out a whole bunch of pestilence and help communities stay stay healthier.
And so if we think about cybersecurity in a similar way, there's just some standard practices that we can all start adopting that I think will make in general, the digital
world a much safer place. Is there a sense that at the board level that you know, companies really have an appropriate appreciation for the investment required to ensure data security on an ongoing basis, I would say increasingly, so it's probably um I would expect that it is not uh uniform uniformly understood, but increasingly it is very much a board level topic, and and board members will prioritize ensuring that companies are protected from from ransomware type attacks,
making sure that they can recover their operations and their operational environments even if a ransomware attack hits them, Ensuring that they have the right tools in place to detect data breaches and also remediate them. And then in the case of bots, there's technology out there that can solve in most in many ways the problem. And so we all know that the technology exists, and it's a matter of investment and putting the right prioritization to ensure that
organizations implement them. And Kara, we're talking on December, just days away. What do you see is the biggest threat or risk from your vantage point? I think the biggest risk because we're you know, I think we're all looking at the macroeconomic clouds and and see some of some darkening signals, and I think the risk from a corporate perspective is that they choose to prioritize other things above
their cybersecurity. And this is a thing that I just think we need to recognize is only going to require increasing focus, increasing diligence, going vigilance going forward. And so it's an area where I think it would be very smart for a company to continue to invest and to continue looking looking for solutions for he for what's hitting them. All right, Chart, really appreciate you taking the time. Kara Sprague, she's executive vice president and chief product officer for F five,
which is a publicly treated company. F f I V is the ticket to put into your Bloomberg Professional terminals. She's joining us on the phone from Seattle, and boy, it just seems like you think about cybersecurity. If I was a board person, a C suite person, I'd be like, Guys, I know we have to prioritize spending, but this is something we cannot cut back on. Trust your gut again to cybersecurity. That is what I always say. This is the takeaways from today. This is Bloomberg