BlackFog founder and CEO Dr Darren Williams discusses the problems facing cybersecurity teams, the rise of ransomware-as-a-service and the sectors most at risk.
Almost anybody with a digital footprint has to consider the risk of cyberattacks, but not every target is equal to these opportunistic criminals.
Certain groups of cyberattackers have prioritised certain sectors over others for various reasons – some industries have more valuable data, while others serve a critical function and are more likely to pay a ransom demand.
Meanwhile, cybercrime has evolved to have its own form of globalisation, as various entities offer services and tools at a price to support other criminals in their activities.
One expert who has witnessed the evolution of the cybercrime sector is Dr Darren Williams, who has founded three tech start-ups over the last 20 years. In 2015 he founded the US-based cybersecurity start-up BlackFog, which recently opened an office in Belfast to expand its operations.
Williams explained the key criteria that cyberattackers generally look for when picking their targets – and the most important clients for his company.
“High value targets for cybercriminals typically have three things in common; a low level of investment in cybersecurity, a reliance on legacy platforms, and valuable data to protect,” he said. “Healthcare, education and government fall into this category.”
“In addition, we focus on SMEs that don’t have large IT departments to invest in overly complex non-automated solutions and immediately understand the value of the solution.”
A bloated industry
Williams believes one of the biggest issues for cybersecurity is the rise of various tools over the years that have grown to “consume IT teams”. He claims a typical IT department has more than a dozen cybersecurity tools such as firewalls and security orchestration systems, which require “dedicated monitoring and large teams to manage”.
“Unfortunately, threats continue to penetrate these solutions as the response times are just too slow,” Williams said. “Teams that have been so focused on these solutions are only looking at one aspect of the problem, often forgetting there are many other perspectives to consider.
“I often talk about the early days of Covid where some countries suggested they never had a problem, when in fact, it was that they never knew they had a problem, because they weren’t looking. They weren’t testing, so they didn’t know the extent of the issue, and we all know how well that turned out. I feel like data exfiltration is exactly like this.”
Williams said BlackFog has focused on stopping ransomware and data breaches with a technique it calls anti-data exfiltration. Creating this technique required a “new paradigm” according to the CEO.
“Conventional wisdom has always focused on stopping threats using defensive-based approaches and external penetration,” he said. “At BlackFog, we think about threats holistically and focus on the goal of the attack which is ultimately data exfiltration.”
There are various examples of criminals selling data on digital black markets after a cyberattack. This data is then used for various purposes, such as gaining credentials to breach large organisations or personal details to target masses of individuals with phishing attacks.
Williams believes organisations need to find the right cybersecurity products to protect themselves and said defences such as antivirus software are “no match for any decent attacker these days”.
“Just as you wouldn’t rely on a single locked door in your house, you need multiple barriers to entry, using several techniques and approaches,” Williams said.
Ransomware-as-a-service
Meanwhile, Williams noted the threat that businesses face in the form of organised gangs providing software and support for other criminals. Gangs such as LockBit have thrived in recent years, providing ransomware for a price and building vast networks of affiliate hackers.
“Ransomware-as-a-service continues to be a thriving industry,” Williams said. “The low barrier to entry and ability to leverage tools from the most successful cyber gangs makes it easy to get involved with relatively few risks compared to other forms of crime.”
A report from BlackFog claimed ransomware surged by 110pc in March and that LockBit ransomware remained a dominant variant, despite the disruption this criminal group faced earlier this year. Williams shared some measures organisations should take to deal with threats such as these groups.
“The best way to deal with cybercrime is to be prepared by ensuring best practices are in place, such as multi-factor authentication and good cybersecurity posture,” he said. “Organisations must assume they will be attacked constantly and have the right policies, procedures and tools in place to both protect and recover from an attack.”
Looking to the future, Williams believes AI is “changing the world” and will have a significant impact on cybersecurity – a viewpoint shared by other experts. He also believes there are both positives and negatives to this fact.
“While we train our software to detect and prevent attacks in real time, cybercriminals are also using this technology to become highly effective at targeting specific companies and even individuals,” Williams said. “A successful attack only requires a single point of entry into and organisation to be effective.
“There is no doubt this technology will evolve with even more power over the next few years and provide even more ways for cybercriminals to steal our data. The rise of deepfakes, both visual and auditory, provide extreme examples of what can be leveraged to get people to hand over secure information. This can then be used to attack individual and corporate networks and devices for extortion.”
Tips for leaders
Speaking about his career, Williams said the biggest risk he ever took was starting his own business back in 1997 and leaving an academic career behind.
“Cashing in all my savings and retirement benefits in the process and sleeping on the floor in the office,” he said. “It was also very rewarding after I sold it three years later just before the stock market crash of 2000. A lot of luck and timing.”
Williams also said the best piece of career advice he ever received was “don’t work for money”.
“Always take the more interesting job with the people you want to hang around with, and the rest will follow, even if it’s at a lower salary,” Williams said. “Much of your life is spent working, you need to enjoy it.”
BlackFog is currently expanding its team and uses Zoom as its main communication tool, due to being both a hybrid company and having offices in different countries. Williams believes the best way to lead is “by example”, work hard and to not micromanage his staff.
“As my dad always says, the harder you work, the luckier you get,” Williams said. “I also try and hire smart people and leave them alone.
“No smart person wants to be micromanaged. Let them get on with it and guide them if they need it. But trust is an important part of the equation.”
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.