Building Cybersecurity Confidence
Understanding and Preventing Modern Cyber Attacks
Cyberattacks are an inescapable part of business life. But whether a data breach severely disrupts an organization’s daily operations to the extent that its customers, board members, and employees lose confidence in the company’s executive leadership rests on how well-prepared the business is for an attack.
As it turns out, most organizations aren’t. In a recent survey conducted by data protection company Rubrik’s newly launched research department, Zero Labs, 92% percent of security and IT leaders expressed concern they would be unable to maintain business continuity if they experienced a cyberattack.
According to Zero Labs’ State of Data Security report, ransomware attacks are among the most common and thus the source of considerable concern. As ransomware attacks deny organizations of their data, they require immediate and effective intervention. And yet, even though many leaders are aware of the increased threat of ransomware attacks, most reported a misalignment between senior IT and security operations teams in defense plans. As a result, more than 75% say they would simply resort to paying the ransom, further exacerbating the risk.
Unsurprisingly, many of these leaders believe their board has little faith in their ability to recover critical data and business applications following an attack, and about a third of those surveyed reported leadership changes in the aftermath. Beyond the business implications, 96% percent of leaders surveyed experienced significant emotional or psychological consequences following the attack.
With the frequency of attacks at record highs – nearly all respondents experienced an attack in the past year – the potential for significant impact is a top concern for many organizations.
“As an entire industry, we’re still really dealing with the ‘knowns.’ The things that are already out there are the majority of things that are waking our bosses up at night affecting our organizations.” says Steve Stone, who recently joined Rubrik to lead Zero Labs. “We’re years into this ransomware issue and we still see a real large challenge with organizations not having the highest degree of confidence in how they want to respond to this,”
Stone and Rubrik CEO Bipul Sinha sat down with Greymatter to discuss the findings of the report, the aim of Zero Labs, and outlined strategies for organizations to prepare and protect their data from attacks. This episode was guest hosted by MarketWatch reporter Jon Swartz. You can listen to the interview at the link below or wherever you get your podcasts.
Hi, and welcome to Greymatter, the podcast from Greylock. I’m Jon Swartz, senior reporter at Market Watch and your guest host today.
On today’s program, we’ll be discussing the ongoing challenge that businesses, government agencies, and public institutions face when it comes to keeping up with cybersecurity threats. As our technologies become more sophisticated, so too has the level of cyber attacks, and many organizations feel ill-prepared to keep up.
Joining me to deep dive into this topic are Bipul Sinha, who is CEO of cybersecurity company Rubrik, and Steve Stone, who just joined the company to head its newly-created research department, Zero Labs.
Bipul, Steve, thanks so much for being here today.
Let’s start with the first question. Rubrik provides data protection and recovery for large organizations across numerous industries. In the past decade since the company was founded the nature of what that looks like in practice has continually evolved. At a high level, what are people worried about today?
Thanks, Jon, and thank you so much for this opportunity.
Just by way of background, I’m an engineer-turned-venture capitalist-turned-entrepreneur, and I started Rubrik with three of my friends almost nine years ago with this vision to transform data protection into a full on data security company.
Rubrik is a cybersecurity company and our mission is to secure the world’s data. We believe that the future of cyber securities is data security because when your data is secure, your business is secure. And as we have seen in the last several years, cyber breaches continue to happen unabated in spite of businesses spending collectively $50, $60 billion for cybersecurity tools and platforms, as well as installing 30, 40 different solutions.
So what’s really going on? What is going on is the prevention and detection technology that everybody has been buying is not foolproof, and businesses have to rethink their cyber strategy specifically around resilience. How do they keep their business going even when the cyber breaches are happening?
So we’re going to go over to Steve. Steve, you joined Rubrik just a few months ago. Tell us a bit about Rubrik Zero Labs and what it does.
Yeah, I would love to, John. Thanks for having me. Excited to be here.
One of the really neat things that we’re doing at Rubrik is creating this Rubrik Zero Labs from the ground up. And that’s both a daunting task that we’re starting something so big from the ground up, but it also gives us a really interesting touch point where we could start this report by saying, let’s take a step back. Let’s not start diving right into a specific problem, a specific threat, a specific technical aspect. We got to really take a macro view of the landscape and not just the threat landscape, but the risk landscape and the impacts to people and teams.
Steve, Tell us a bit about your background
My background is pretty unusual, as in you wouldn’t really put out a career path for how I’ve got from A to B (although there’s quite a few of us that have had pretty similar backgrounds starting in cyber security). This still feels like a pretty new industry overall, so I think you’ll see a lot of folks like me that have had a pretty wandering journey.
My background really started in the U.S. military. I started out in law enforcement, nuclear security, moved into being a special agent with the Air Force Office of Special Investigations. There’s quite a few OSI agents or former agents moving across this space. A lot of great experience coming out of different cyber aspects and forensic aspects, but I wasn’t that kind of agent. I was a very standard agent. I worked crimes against children, I worked counter-terrorism, I worked counter espionage and was really focused primarily on the counter-terrorism mission space for most of my career and ended up really backing into cybersecurity. I ended up working as a case agent, with several of the nation state intrusions against the U.S. government, not because I was qualified (and I wasn’t at the time; I just had the right number of clearances based on what I was doing for counter-terrorism work).
I really kind of split time between these very, very different worlds when I was in the military. I left the military, joined the U.S. intelligence community on the government side – again, ostensibly as a counter-terrorism expert and was reflagged immediately into cyber intelligence. And I didn’t really have a background as an intelligence professional and I didn’t really have a background in cyber security, but it was just there was a lot of need. There were a lot of emerging areas and anybody that had any experience and was willing to try. It was a different time. So I spent about five years in the U.S intelligence community.
I stood up at a cyber intelligence shop at one of the combatant commands and really focused on some high level intrusions. And what sounds crazy today is we spent a lot of our time back then discussing “Why is this happening, what does it mean? Is this real?” You just heard Bipul talk about just the vision and how this landscape has changed.