Tony Anscombe, Chief Cyber Threat Officer for ESET, joins Yahoo Finance to discuss cyberthreat trends and cybersecurity amid supply chain bottlenecks.
- Well, October is National Cybersecurity Awareness Month. And cyber attacks have become much more pervasive. In fact, according to one recent study, 97% of businesses have been negatively impacted in some way by the type of breach that affected Colonial Pipeline in May. Here to discuss the vulnerabilities that supply chain issues face and pose as well as risks to our own personal security is Tony Anscombe, chief cyber threat officer at ESET, a global cybersecurity research firm.
Thank you so much for being here, sir. So these attacks, these attackers, are becoming much more brazen. The attacks are much more pervasive. You say you've identified three particular types of attacks that are trending right now and are of great concern. Can you tell us what those threats are? And which sectors are the most at risk?
TONY ANSCOMBE: Well, obviously, ransomware is a huge issue in the cybersecurity world because we hear of many companies being hit with those types of attacks. But if you look beyond that, how does the incursion actually happen? So cyber attackers coming in through remote access protocols. Phishing is a big issue. And there are other many different types of attacks. This is about a long game for cybercriminals. This is not about a click and infect anymore. This is about them being in a network and spending time working out what is in that network and what's valuable.
- And Tony, we know that President Biden has come out and said cybersecurity is a matter of national security and trust. And I know that he released an executive order back in May on improving the nation's cybersecurity. But what role should the government play in trying to keep our infrastructure and our own information safe?
TONY ANSCOMBE: Well, cybersecurity is a team game. I mean, you do actually need all the different components in there. If you look at payment methods, and there's a resourcing issue in the cybersecurity industry. You've got anonymous payment methods. You've got so many different parts of a cyber attack. So actually having a joined up taskforce that puts pressure on companies to make sure they're spending the right amounts and doing the right things to secure their infrastructure is actually super important.
- Tell me, how do current supply backlog issues, how does that create a bigger risk for cyber attack? Does it?
TONY ANSCOMBE: It certainly creates a bigger opportunity for the cyber criminal. Think back to the start of the pandemic. We all saw lots of phishing emails, and we saw increased attacks against medical establishments, et cetera by cyber attack gangs. And that could happen with this supply chain issue. If you're in a company involved in that issue, if you were hit by a ransomware attack now, your probability to pay is probably higher. Now, cyber criminals, unfortunately, are aware of that and will utilize that and come after those companies.
- What kind of attacks might we expect? And how vulnerable is our supply chain, especially right now with with-- we spoke to the person who heads up the Long Beach Port the other day. He called it a supply chain crisis.
TONY ANSCOMBE: Well, think about that supply chain crisis. It involves hundreds of companies. Not only shipping companies, but you've got distribution companies on the docks. You've got the docks themselves. There's so many different companies and organizations involved. A cybercriminal only needs to get in to one component of that and cause more chaos while you have chaos. And that likely chaos will monetize, unfortunately, for the cybercriminal because those companies will group together and pay to stop that chaos. And that's the issue is that opportunity for the cyber criminal to monetize their efforts.
- And, sir, how difficult is it to find trained professionals in this field? President Biden recently said that there were 500,000 open vacancies in the field. We know at Colonial Pipeline, there was an opening for a security manager open for a long time when they got hacked.
TONY ANSCOMBE: Cybersecurity professional resourcing is an issue. And whichever number you believe-- I think I've seen numbers all the way from that 500,000 all the way through to 2 million people being short in the industry. But there are also tools available to companies that help them focus. So look at the interesting things or the things that are more urgent for them to go look at in their networks. And of course, they could outsource and use managed service providers or expert companies in the field as well, to bring in that outside resources as well. But there is without question a big shortage.
- What about just for regular folks who are just trying to keep their credit cards safe, and to get on websites, and shop online, and keep their personal information safe. What's the best way they can do that? And I'm wondering, is it just a matter of time before passwords, all the different passwords we need to keep track of, are a thing of the past?
TONY ANSCOMBE: Well, certainly you saw Microsoft very recently say they're removing passwords and moving solely to two-factor authentication. I think this is a trend that's likely to continue. And what my big thing for anybody is actually make sure that you turn on two-factor authentication where possible. And that's that receiving the text message with a code, and you log on that way.
The other caution I'd say is during the supply chain issue, consumers should expect to see more phishing emails landing in their inboxes offering them the goods that are in short supply because cybercriminals will see that as an opportunity too. We saw that during the pandemic of cybercriminals offering face masks, and toilet rolls, and such like. As we come into the holiday season, I'd expect to see emails in my inbox for, let's say, champagne and different festive products, offering those products.
- All right. Well, we don't think that this sort of cyber attack is going to come to an end any time soon. It has to be something that we are constantly vigilant about. Tony Anscombe, chief cyber threat officer at ESET. Thank you so much for your time today.