Kris Hagerman: "There is an increasingly well-oiled market for buying and selling cyberattacks"

Cybersecurity is today one of the main concerns of managers of companies and public institutions.

The level of threats has grown, and cybercriminals have become more professional.

According to a study by the British Sophos, one of the largest cybersecurity companies in the world, there are gangs that even have their human resources departments, payroll and even physical offices.

The FBI dismantled one of them last week with the collaboration of various international police forces, including the Spanish National Police.

Kris Hagerman, born in California 58 years ago, has been at the helm of Sophos for eleven years.

The executive believes that the emergence of teleworking as a result of the pandemic or the war in Ukraine have not caused cybercriminals to increase their activity: "that was the trend that we were already experiencing," he explains.

Question.

How would you describe the cybersecurity industry?

Reply.

It is one of the largest and fastest growing markets.

It moves about 100,000 million dollars a year and grows between 10% and 12% annually.

It is the number one priority for those responsible for information technology in companies, whether they are large multinationals or small companies.

And that's because cyber attacks have been growing year after year in frequency and complexity for two decades.

These attacks, moreover, are being marketed more and more quickly.

Q.

You say that the number of attacks increases every year.

Is this because there are more cybercriminals or because they are getting more sophisticated?

A.

Both are happening.

More and more sophisticated and advanced zero day threats [

in the jargon] are being created.

A zero-day threat is a vulnerability that has been identified in a system and that no one else knows about, not even the developer of the system in question.

Finding them is very complicated, it can take months or years to identify and develop them.

Well, more and more are appearing.

On the other hand, we are seeing that there is an increasingly well-oiled market for buying and selling cyberattacks.

So, for example, there is something called

).

And they only do one thing: they find a way to penetrate a certain network and then they sell that information or entry key.

So right now I can become a cybercriminal without knowing anything about programming.

First, I pay an initial access agent to be able to break into a network.

And then I can go to companies that offer

[a form of computer attack that encrypts the system and demands a ransom to release it] as a subscription and tell them to prepare a specific one for my target.

After that, all that remains is to sit and wait for the money to arrive.

Hagerman has been at the helm of the British multinational for 11 years.JUAN BARBOSA

Q.

How can companies defend themselves against all this?

A.

First and foremost, you need to think of cybersecurity as having three components: protection, detection, and response.

If you have a house, you don't want to leave the doors wide open, but rather lock them.

That's fine, but if you want more protection you'll need a security system with video cameras capable of detecting if someone enters.

And you want to have the ability to respond to get them out of there.

These three components are fundamental to building a cybersecurity strategy.

We also recommend our customers to focus on getting the basics right.

There is no use adding a motion detector to my house if I leave the door open.

Q.

To what extent does cybersecurity use artificial intelligence?

A.

All of our products generate information that fills a single big data lake in the cloud.

We use artificial intelligence and machine learning to work with all that information.

That helps us detect anomalies much faster than a human would.

On the other hand, for some time now we have been able to offer cybersecurity as a service, that is, remotely and in exchange for a monthly subscription.

For us, this is one of the most interesting advances in the last decade in terms of cybersecurity, because it is easy to manage and implement and it allows us to offer results at a lower price.

Q.

Does the rise of remote work pose new problems for companies in terms of cybersecurity?

A.

We are doing more and more online, creating more data and having more connected devices.

That increases the surface area of ​​cybercriminals.

What that means for organizations is that they have to secure all of those devices.

One of the new concepts in cybersecurity is

: it consists of creating an environment in which it is assumed that none of the devices connected to the organization are safe.

So when the device connects, it requires a series of steps before enabling them.

This approach can also help those who work remotely.

Hagerman, after the interview carried out in Madrid. JUAN BARBOSA

Q.

No matter how much protection is applied to the devices, if the worker clicks where he shouldn't, it can cause problems.

R.

Effectively.

Cybersecurity is about people, processes and technology.

It's not enough to have good software, you also need employees to know how to use it and how to manage their online life.

I get asked a lot why we haven't solved cybercrime yet.

The answer is the same as with all other crime: crimes have always been committed, so I think the realistic approach is not to try to stamp out cybercrime, but rather to make it a manageable problem.

If you and I don't know each other, we cross the street and you ask me for my credit card, I won't give it to you.

But on the internet, if you ask the right way, people will.

We are more inexperienced managing our online lives than our physical lives.

Therefore, it is vital to train people in this field.

Q.

Ransomware is one of the main problems

face in the field of cybersecurity.

How often do you advise your clients to pay the ransom they are asked to unlock their systems?

A.

It is a very difficult question to answer.

Paying the ransom for

is generally a bad idea.

In a high percentage of the times it is paid, the victims do not even recover the data.

Obviously, the organizations that have kidnapped their data are not trustworthy and nothing guarantees that, even if you pay, everything will be resolved.

We don't have a hard and fast rule about it, saying you'll never do anything.

Each situation is unique.

Q.

Do you think we take cybersecurity seriously enough?

A.

I think so.

Most organizations of any size know that cybersecurity is a real problem, that they are vulnerable, and that they have to get it right because if they get it wrong, they could be in very real trouble.

You can follow

Subscribe to continue reading

Read without limits

Keep reading

I'm already a subscriber