Bloomberg Audio Studios, Podcasts, radio news. This is Bloomberg Business Week with Carol Masser and Tim Steneveek on Bloomberg Radio.
Hey, you mentioned Emily Graffeo some of the stuff happening when it comes to hacks coinbase specifically, I'm gonna read some headlines here, Okay, Sequoia Capital Partners data hacked and Coinbase breach. Coinbase hack highlights how greed can overwhelm cyber defenses, coinbased customer data stolen. Just a sample of headlines from Bloomberg News and from the Wall Street Journal. This garnering our attention on a day such as today and kind
of perfect to have Wendy Whitmore back with us. She's chief intelligence officer of the one hundred and twenty eight billion dollar market cap Palabelto network. She joins us from Santa Clara, California. Wendy, good to have you back with us. The Coinbase hack, I think, really highlights how our information is at rich even if we think as consumers, as
users of these products and services, it's safe. I mean when you talk about the type of data that's at risk here, I mean we're talking images of drivers' licenses, being available to hackers as a result of accessing the network. Talk to us a little bit about what we know regarding this hack and what it highlights about the vulnerabilities out there.
Yeah, hey, thanks Tim, great to be back here today with you. So, I think what you highlighted is really just the fundamental problem we see here, which is how challenging it is for organizations to defend against every possible type of attack. The really interesting part of this case is that these attackers have demanded twenty million dollars in ransom payment, and coinbases really turn the table on them in something that we haven't seen yet, which is a
very public disruption of the attacker. And they said, you know what we're going to do. We're going to invest twenty million dollars into a fund that goes after finding out who the attackers are that are responsible for this
attack and bringing them to justice. And I think, you know, as the largest cybersecurity company in the world, we at Palo Alto Networks, we don't ever want to see any client be paying a ransom, But we have not seen organizations previously take this kind of tactic, and I think what they're doing to disrupt the incentive structure and to
make it a little more challenging. And I think attackers in the future asking the question of a wait, I don't know if I want that twenty million dollar international fund, which is going to mean people who you know, I may be in my network, but maybe willing to kind of turn me over to international law enforcement. I think they're going to start asking questions, and disruption in this cycle is really critical.
Yeah, I mean, I the sense that I have is that our information is not safe. I mean, I don't know how many times a day I get text messages. I probably get half a dozen text messages from these so called pig butchers. I oftentimes I don't even pick up my phone if I don't recognize the number. I mean, honestly, the world we live in when it comes to this stuff, it's pretty annoying. Like this is a very annoying place to be as a consumer right now. Is it going
to get any better? Or is this just the reality that we live with?
Yeah, it's a great question. I don't think you're alone in that sentiment whatsoever. It is challenging, right So, we are actually blocking thirty one billion attacks per day across our customer base, and up to nine million of those every single day are new attacks where their novel we haven't seen that same type of vector. So that gives you an idea of what companies throughout the world are up against. And then certainly you highlighted some examples that you,
as an individual consumer are feeling. So your question though, was you know, hey, is it getting any better?
It's not getting any better for me, will it?
I think it can get better, and I think that we're seeing AI actually be a massive tool for the side of the defenders because, as I highlighted, we're up against such a major scale problem, these attacks are going to be more sophisticated. Real time defense is absolutely critical. So what you're going to start seeing tim certainly at the company level, all of the technologies we're able to use are actually making us able to scale against that better.
But you're going to see that get into your consumer technologies as well, where they're going to start doing more effective blocking and you're going to receive less text match messages moving forward that are scams in nature.
When you talk about AI, you know, something that comes to mind is just how scammers can use AI to say impersonate so impersonate a parent, a family member, a loved one and try and hack you that way. How concerned are you that the advancement of this technology like we're not going to be able to keep the defenses up strong enough to kind of combat the growth of cyber criminals using AI.
Well, I think there's two parts of it to really hit effectively to answer your question. First is on the tech side that has to continue to get better. But two, we have to continue to increase awareness at the public level and then make sure that people are making smart decisions about how they use technology. So when we look at it at a wider spread level in organizations, we
see what you're talking about. Just last week, we were investigating a case where we were working for a firm who was a victim of ransomware, and we were negotiating with the attackers to try to get additional information from them, and it became very clear almost instantly that we weren't talking to a person on the other end, but we were actually talking to a chatbot that they had enabled to do the negotiations for them. We certainly will continue
to see more of that. Another example that we saw just in the last couple weeks of investigating a case for a major organization, the attackers, once they got inside the environment they actually used, they went straight to that company's internal large language model and started interacting with it to try to get more sinse me asking them questions about where the domain controllers were, what were their names, and finding out information that was actually helpful for them
in the course of an attack. So that means that in order to really be successful here, organizations have to fight AI attacks with AI on the defense, and that has to be in real time.
And then what do we do as consumers? I mean, I know a guy who was getting calls like that looked like it was from his bank. It literally said his bank's name on the phone, and he was so close to actually giving up the information when he realized that it wasn't actually his bank. Like, what are we supposed to do as consumers?
Well, I think we've got to approach every conversation unfortunately with skepticism, do that same with every message. But for your bank, for example, most banks will say, hey, we're not going to reach out to you and ask you
for personal information. Everywhere you can use multi factor authentication, it not only sometimes adds a little bit of time for you to get in, but it's going to make it a lot harder for an attacker to try to log in as you and essentially try to steal money or move money or maybe infact a social media account if they have to go through a number of additional steps to get there as well.
All right, well leave it on a positive note. Make sure to have two factor authentication, art time unique passwords too, is something that we hear over and over again when it comes to sort of safe security hygiene. Wendy always appreciate you joining us. Wendy Whitmore, chief intelligence officer of the one hundred and twenty eight billion dollar market cap Palo Alto Networks, joining us from Santa Clara, California,