David Masson, Director of Enterprise Security at Darktrace
How would you describe your journey with over two decades of experience working in fast-moving security and intelligence environments in the UK and Canada?
It has been an extremely interesting, fascinating, and (at times) deeply worrying journey, as the intelligence needed for national security has expanded in terms of quantity and sophistication, as well as the overall speed of operations and investigations. But this has occurred because the threat to national security has likewise expanded. Our interconnectedness has been a source of innovation and improvement in the quality of life worldwide but has also allowed threat actors to increase the scope of what they can exploit to further their aims. You can be physically far from a threat yet find yourself amid an attack with one click of a mouse.
What do you have to say about a recent warning from the Five Eyes that showcases Russian state-sponsored and criminal cyber threats to critical infrastructure?
Until the very recent past, that intelligence would have been confined to the national government. Now, the Five Eyes nations have set a new precedent in their willingness to disclose intelligence. They have done this to combat other nation-states’ misinformation, disinformation, and malformation, and it has been a successful approach. We should all bear in mind that our national security agencies directly tell us about threats to our critical national infrastructure. These institutions sustain the most crucial systems that support our modern way of life; organizations should heed these warnings.
What, according to you, will be the impact of the war on critical global infrastructure? Is there a risk of increased cyber-attacks?
Even before Russia invaded Ukraine, there was an ever-increasing expansion in the innovation and scope of cyber-threats. As we develop digital transformation (a transformation that would have happened regardless but was sped up by COVID), this means an increase in what we need to protect and the threats we face. While we hope there will be a quick resolution to the war in Ukraine, we are already seeing the impact the war has caused in unexpected economic and societal changes worldwide. The disruption caused by the war has now compounded the disruption caused by the pandemic, and supply chain difficulties and uncertainty are affecting the markets.
How can we prevent targeted social engineering and spear-phishing campaigns that are among the top infection vectors for ransomware?
Let’s all take a deep breath and accept that we will not be able to stop someone altogether from executing a cyber-attack. But, at the same time, let’s accept that we can do a lot to stop threat actors in their tracks and reduce potential damage. One essential prevention technique is to focus on further education around our interconnected world and safety advice for human beings. When allied with solid technology that can deal with the scope, complexity, and speed of cyber-attacks, this education can help organizations be more cyber secure. If in doubt, do not click on the link!
As Russian state-sponsored APT actors can exploit MFA protocols and known vulnerabilities, what are the measures through which organizations can safeguard themselves?
Organizations must start deploying AI technology that gives them the necessary visibility to ensure threat actors cannot hide anywhere inside their digital infrastructures. Attackers might get in, but their actions will quickly be seen and disrupted at machine speed. This technology allows humans to stay dominant in the defence game and still bring their critical thinking to the situation. It isn’t about using AI to replace human beings, but augmenting security teams to give them a defensive advantage.
What specific tips would you like to give to the organizations to protect their digital assets from these cyber-attacks?
- Stick to the basics.
- Pay attention to warnings from your government.
- Use innovative technology capable of finding, stopping, and investigating threats, regardless of the threat’s scale, complexity, novelty, and speed.
- Educate your people.
- Patch and update as quickly as possible.
- Use strong passwords and multi-factor authentication (MFA).
- Have a response plan and practice it – and be ready to disclose what’s happened. Former U.S. President Eisenhower once said, “Plans are useless, but planning is indispensable!”
- Finally, have offline backups so you can restore quickly.