Ransomware gangs are using stolen data to threaten CEOs. They almost never get caught
Good morning.
We all think about cybersecurity for different reasons. In the indictment unsealed yesterday in the criminal case against Eric Adams, investigators said the New York City mayor “increased the complexity of his password from four digits to six”—or 10,000 possible combinations to 1 million— two days before the FBI seized his cellphone, and then told investigators that he forgot the new code. Meanwhile, the city council of Santee, Calif., revealed this week that it paid a ransomware consultant more than $600,000 to address an attack on its servers last month. In Washington, the personal information of more than 3,000 congressional staffers was leaked to the dark web. And China-backed hackers are now breaching different U.S. internet providers in what’s being called the Salt Typhoon attacks.
So it was fascinating to interview J. Michael Daniel, president and CEO of the Cyber Threat Alliance, last night at a Fortune CFO dinner in Washington sponsored by Workday and Deloitte (which also sponsors this newsletter). Daniel was the nation’s cybersecurity coordinator in the Obama Administration and an advisor to Bush and Clinton during his years in the Office of Management and Budget. He talked about how ransomware gangs are now using stolen data to physically threaten C-suite executives and their families and squeeze many millions from corporate coffers. He also noted the depressingly low odds of being caught, with a 0.05% rate of detection and prosecution in the U.S.
Senior reporter Sheryl Estrada, who cohosted the dinner and writes Fortune's CFO Daily newsletter, did strike a vein of optimism when turning the conversation to AI. Daniel believes AI gives a slight advantage to defenders of corporate realm as it’s allowing them to more easily detect the signal in the noise of constant attacks.
Nikesh Arora, chairman and CEO of Palo Alto Networks, believes we need a paradigm shift in how we approach cybersecurity. As he recently told me: “People are getting to infrastructure much faster and they have economic reasons now with ransomware to get there, so you have to be able to detect and stop bad guys as quickly as you can.” For him, perhaps unsurprisingly, the answer is better integrated platforms. (Click here to listen to our podcast.)
For Lane Bess, CEO of Deep Instinct, the answer comes through deep learning and “edge-chipped” technology that doesn’t require a big data center. Says Bess: “We have to get at prevention.”
More news below.
Diane Brady
diane.brady@fortune.com
Follow on LinkedIn
This story was originally featured on Fortune.com