Former Cisco CEO on how companies can navigate cyber attacks
Yahoo Finance’s Myles Udland, Brian Sozzi, and Julie Hyman speak with Former Executive Chairman & CEO of Cisco Systems & JC2 Ventures Founder & CEO, John Chambers, about the recent surge in cyber attacks, U.S. infrastructure, startups, and much more.
Video Transcript
[MUSIC PLAYING]
BRIAN SOZZI: Big tech's role in society remains front and center amid various high profile hacks and calls for higher corporate taxes. Let's dive into all these big issues with JC2 Venturers' founder and CEO, John Chambers, who, of course, is the former longtime CEO of Cisco. John, always good to see you.
Listen, this morning McDonald's is out with news that it was hacked. You had the JBS hack. You had the Colonial pipeline hack. Bad things come in threes. How can this issue ultimately be solved?
JOHN CHAMBERS: Well, first, Brian, it's a pleasure to be with you again. Julie, good to see you. Myles, good to see you. And I'll try to do a good job for you today.
You said bad things come in three. Unfortunately, I wish that were accurate. There'll be 65,000 ransomware attacks this year in the US. And that's probably a conservative number. You're seeing it with solar wind. You're seeing it with Centurion on a global basis, nation states, et cetera.
So I think this is here to stay. I think it's one of the top three issues facing corporate boardrooms. And being very candid, having been the CEO and a chairman, it's uncomfortable. Because you get your chief information security officer up in front of the court. They show the data. And your board looks at you, and they say, can you prevent this? And can you recover? And you're really betting on the CSO being able to do that for you.
You're going to see a host of new startups that your investors might be in coming at this marketplace. A company like [? VernsTech, ?] which has only had a product at market for two years-- one of the companies I've invested in-- they, according to a major Department of Defense hackathon, if you will, with over 218 teams, 14,000 attacks, 218 hackers and 17 teams-- I'm sorry-- on that. It was the only platform ever tested with perfect results.
Now, where I'm leading you is you've got to be able to prevent these attacks. And you will see a new generation of startups, in my opinion, do that. And then you've got to recover from these attacks.
And you see an example from the pipeline company where I listened to the testimony of the CEO in Congress. His recovery was done by a company like Rubriks, which basically isn't a storage company and retrieval. It really is a security company. So prevention, and then how do you recover are the two issues in front of boards and CEOs today.
But every company is going to be affected. I wish it was three. I wish it were 300. But it's going to be 65,000, maybe 100,000 this year. Average ransomware, $170,000.
MYLES UDLAND: And, you know, John, you mentioned all the challenges that CSOs are going to be facing in the years ahead. And something that stands out to me, in at least the pipeline and in the JBS hack is that there was a cryptocurrency ransom attached to getting this fixed. How complicated does that make the decision making for the board? And certainly, you know, when you're an executive at a company that's been breached, you're now interfacing with the government. And paying ransoms, not paying them, that brings all kinds of complicated dynamics into play.
JOHN CHAMBERS: It really does, Myles. And this is kind of challenging, both for business and for the government. If you look at the complexity of this-- and it's easy to remember, Myles-- and Brian, you might remember what I said at the World Economic Forum in 2015.
Only six years ago I said there are only two types of companies in the world. Those that have been hacked, and those that don't know they've been hacked. And it was like a major statement of surprise. Yet today we understand how this is going to come at every company.
The speed of change is dramatic. The economic implication is there. Myles, as you said, it isn't one or two variables in the complexity. It is a huge number of variables. And the time to resolve, and using SolarWinds as an example, was six months often in companies before they even knew they were in there.
So what you've got to do, you've got to be able to see you have a problem. You've got to be able to correct it on the fly in milliseconds. And that's what a company like [? VernsTech ?] does. Then you've got to recover if it comes in a different way.
You've got to also--
[COUGHS]
Excuse me-- make it much easier for identification. The way that often these hacks occur is they come in through a traditional call center, or they come in through another connection. You'll probably see voice be the primary identification capability so that when you call in to an event, they can identify, this is you, Myles. Or this is you, Julie. Or this is you, Brian.
JULIE HYMAN: John, I want to ask one more question on the cybersecurity issue, which is, you know, all of these companies that are getting hacked, is it a question of them not taking it seriously enough in advance and spending the resources on prevention? Or is it a technology problem? Or is it both?
JOHN CHAMBERS: It's a combination. As a CEO or chairman, if you realize you have potential problems, then you say to your chief information security officer, where am I most vulnerable? And then if I spend money, would that change this dramatically? Et cetera. And then your vulnerabilities move on an ongoing basis.
So you're going to probably move to an era where there'll be ratings, a company like Safe Securities that will say, here's where you are on a one to five scale done by a neutral party. And a company like a Balbix might be able to say, if you spend money in this category, here's how your scores will change over time.
So I think most-- I don't think. I know most CEOs really take this serious now. And we've realized whether you're in meat-packing, as you did with Senator Tester the other day, where he said our critical infrastructure is being attacked from everywhere imaginable on it. Or you're in hospitals or you're in pipelines, the CEOs want to keep their company secured. They understand the economic and brand damage if you don't.
But how do you do this in a complex and a rapidly changing environment? And that's why I believe, candidly, most of the solutions will come from new startups. As an investor, this is going to be a really fun area for you all to follow. As a CEO it's going to make your life much more challenging as you go forward.
BRIAN SOZZI: John, switching gears a bit, you have done just about everything that could be done in corporate America. What would you do if you were the CEO or on the boards of one of these meme stock companies?
JOHN CHAMBERS: I think the major thing to do. And I think many of us have learned from the past. So let me be critical of myself. In 2000 after we had had, what was it-- [INAUDIBLE]
[AUDIO OUT]
When the market kept going up, my lesson learned is you have to say at a point in time, this is moving beyond what is justifiable. And it's important for my shareholders to know that even I'm happy when the stock goes up, it doesn't justify this type of numbers. And you just got to be transparent and honest.
You can't control the market, nor should you tell people to do it. But you've got to be able to say, here's my concern. I think the price is an unreasonable level. And it will eventually come down because it seeks its own.
As a person that, being very candid, has seen shorts begin to squeeze a company, and it's a very unpleasant prospect, I like the fact there's a little bit of balancing action here. And perhaps over time, if government doesn't overreact, it finds a middle level ground to prevent some of the activities that are going on on both sides of these battles.
JULIE HYMAN: You know, John, as a follow up on that, you know, the only company that we've really seen take advantage of these rising stock prices is AMC by selling more shares. We've seen GameStop start to nibble at that, some of the other companies. Do you think that they actually have a fiduciary duty to do so, to take adv-- you know, whatever the reason that the stock is going up, should more of these companies be raising cash as a result?
JOHN CHAMBERS: Julie, I think this is a cultural question, an ethical question, and a practical question. And I don't ever try to put myself in another CEO's position. But for me, I believe that every time I raise money, whether it's with a startup in series A, or angel investing, series C, you go IPO, and each quarter conference call you make you owe an obligation to try to position each shareholders to make money, and to be able to profit, assuming you execute on your plans.
So I personally struggle if I ever believe that the price we're asking new investors to pay is above what I think that the price should be that is a fair win-win. So I do that when I raise money. And sometimes it shocks other VCs and the startup companies that if I think they're stretching too far, I say that's not good for your future shareholders.
And I tried to be as transparent as I could the entire time I was at Cisco about if I felt the stock was getting overheated a little bit, and we ought to slow down a little bit. So I do think, as a CEO, you've got to be very careful here. And there are questions on multiple fronts.
JULIE HYMAN: Indeed. John, it is always so great to get your perspective on these issues and much more, with the benefit of your experience and wisdom on all of this. John Chambers, former executive chairman and CEO of Cisco Systems, of course. And also, JC2 Ventures founder and CEO. John, be well. Good to catch up with you.
