Tag Archive for: ceo

CrowdStrike CEO says AI can help prevent ransomware attacks


  • CrowdStrike CEO George Kurtz told CNBC’s Jim Cramer why AI can help companies fight against cybercrime.
  • “We can identify these pieces of ransomware without ever seeing them in the past. And that’s different than signature-based technologies that are out there today,” Kurtz said.

CrowdStrike CEO George Kurtz told CNBC’s Jim Cramer that using artificial intelligence is important in fighting increasingly sophisticated ransomware attacks.

“We can identify these pieces of ransomware without ever seeing them in the past. And that’s different than signature-based technologies that are out there today,” Kurtz said. “Right now, ransomware, on average is, $8.5 million per ransom event, which is double just over the last month.”

But as much as AI helps outfits like CrowdStrike, cybercriminals are also benefitting from it with “Dark AI” tools like FraudGPT. The new technology allows them to attack organizations without having a lot of knowledge in house, Kurtz said.

Kurtz stressed the importance of identity verification when it comes to preventing cybercrime, saying the biggest weakness is “between the keyboard and the chair,” or individuals. He said CrowdStrike’s technology gives extra identity challenges to adversaries, even if credentials have already been compromised, buying more time to stop them.

Publicly-traded companies are reassessing their cybersecurity measures since the Securities and Exchange Commission adopted new rules that require them to disclose breaches within four days. Kurtz said this has created more business for CrowdStrike.

“Those are tailwinds that we see in the business, and it’s something that every publicly traded company is going to have to deal with,” he said.

Jim Cramer’s Guide to Investing

Source…

Clearwater CEO Steve Cagle discusses reducing risk of ransomware attacks


If hospitals want to reduce the odds of major disruptions from ransomware attacks, Steve Cagle says they need to understand the risks.

Cagle, the CEO of Clearwater, a cybersecurity company, recently spoke with Chief Healthcare Executive®. He says hospital boards and their CEOs must be engaged in cybersecurity, and that healthcare organizations must engage in an ongoing effort to improve their defenses.

Scores of health systems and hospitals have been hit with ransomware attacks, which threaten patient safety and incur enormous costs, both financially and to the reputation of an organization.

“And at some point, there’s a line that has to be drawn somewhere,” Cagle says. “How much risk are we willing to accept?”

Health systems looking to bolster their cybersecurity defenses are likely going to have to invest more money, and Cagle acknowledges that can be a difficult choice for hospitals.

Hospital leaders need to ensure that cybersecurity is an organization-wide priority, and it can’t be relegated to information technology departments, Cagle suggests.

Hospitals need to do more than implement tools to deter cyberattacks, Cagle says. They need to test those defenses.

“We see a lot of controls, a lot of tools that have been put in place,” Cagle says.

“What we haven’t seen enough of is actually testing those putting those to the test to see if they work,” he adds.

Cagle calls for continual testing of cybersecurity tools and training of employees.

“That’s how organizations will get better, is understanding where where the high risks are, focusing efforts there, putting the controls in place, testing the controls, making sure that you’re raising awareness throughout the organization, so that people are aware of those situations that get through right, the phishing email, the social engineering, and just leveraging all the resources in the most optimal way to to reduce risk,” he said.

Healthcare organizations have demonstrated a greater awareness of the risk of cybersecurity in recent months, although they still have work to do, Cagle says. He’s especially encouraged by the greater focus on the risks of cyberattacks to patient care, including the disruption of electronic…

Source…

The CEO who also ran IT, Strava strife, and TikTok tall tales • Graham Cluley


Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by T-Minus’s Maria Varmazis.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – @mvarmazis

Episode links:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
  • hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or

Source…

3CX CEO suggests state-sponsored hackers behind supply chain malware attack


Business communications firm 3CX confirmed the downloader for its voice over IP (VoIP) desktop software has been tampered with and now installs a version that sideloads malware onto a victim’s computer

The issue, dubbed ‘SmoothOperator’, is believed to be a supply chain malware attack carried out by a suspected state-sponsored threat actor, with attacks starting last week, according to user reports.

3CX revealed in a blog post on Thursday that it noticed a “security issue” in its Electron Windows App with Update 7, version numbers 18.12.407 & 18.12.416.

It added that antivirus vendors may have flagged the legitimate 3CXDesktopApp.exe and uninstalled it.

3CX said it was still researching the issue, but believes it originated in one of the bundled libraries it compiled into the Windows Electron App via GIT. The domains contacted by the compromised library have already been reported, with most shut off overnight, said CISO Pierre Jourdan.

“A GitHub repository which listed them has also been shut down, effectively rendering it harmless,” he said.

“Worth mentioning – this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state-sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware,” said Jourdan. “The vast majority of systems, although they had the files dormant, were in fact never infected.”

The company is currently working on a new Windows App that isn’t affected by the issue, and will also issue a new certificate for the app. Jourdan said this will take at least 24 hours.

He also encouraged customers to use its PWA app, which is completely web-based. “The advantage is that it does not require any installation or updating and chrome web security is applied automatically,” he said.

3CX CEO Nick Galea said in a company forum post that the issue was reported to the organisation on the evening of 29 March.

He recommended uninstalling the app and installing it again, and added that if customers are running Windows Defender it will uninstall it automatically. Galea said the company is going to analyse the issue and release a report later on Thursday, but is now only…

Source…