Cybersecurity threats have been on the rise as the current global pandemic sinks its hooks into humanity. Since the arrival of Covid-19, the world has discovered flaws within its systems, and criminals have taken advantage of this opportunity to exploit our weaknesses. In the words of RiskSense’s CEO, Srinivas Mukkamala, “It’s the time of the hour, we’re dealing with two pandemics, one is Covid-19 and the cyber pandemic today. The number of attacks, the frequency of attacks and the impact it’s causing on human life is disturbing now.”
In an exclusive interview, the Co-Founder and CEO of RiskSense gives us an expert perspective on the current developments within the realm of cyber attacks and how to protect ourselves from these cybercriminals. Alongside telling us about Ivanti’s acquisition of RiskSense and what the future will hold for RiskSense’s team and loyal customers.
The Current Cyber Pandemic
There are many things that the pandemic has shown the world and one of the most important is that Asia represents the beginning of the supply chain. “80% of the goods manufactured are from Asia to the world…and cyber will take advantage of that,” Srinivas highlights when asked regarding the current trend in malicious cyber attacks.
Cybercriminals have shifted their focus to the most impactful targets, with the attacks on the shipping industry forcing ports to shut down and costing industries substantial amounts of money. Ransomware attacks on assembly lines prevent necessary production from continuing, as we have seen from the hits taken from pharmaceutical companies. “There is a dire concern to handle the cyber attacks on the ecosystem,” emphasised Srinivas. While the health pandemic restricts us from even the most basic necessities, cybercriminals are cutting our access to important supplies.
“Humans are humans, we can have a different faith, we can have different colour, it doesn’t matter we’re humans,” said Srinivas as he analogises the differences in challenges that distinct regions face with cybersecurity threats. Cyber attacks worldwide follow similar tactics and procedures differing only in the intent. Srinivas goes on to say that there is about a 90% overlap in the way that these attackers operate worldwide. An attacker originating from the eastern bloc may target money, while criminals targeting national databases may be looking for national secrets.
“We call it the animal instinct. The hunt is the same,” but by knowing the intent behind the attack, companies can do a risk ranking. Focusing only on the risks that they should be worried about and putting in more effort to prevent them. Srinivas advised organisations to “always go back to an addressable unit economic,” looking into the vulnerabilities, exploits and patches specific companies must consider.
Ransomware has been around for a while, evolving to ransomware families and Ransomware-as-a-Service. Srinivas explained, “ransomware used to be a single threader they used to use a vulnerability and an exploit, today they use multiple vulnerabilities and multiple exploits, so the time it lives has gone up quite a bit,” about the ransom worm WannaCry. In addition, the threat of ransomware has magnified for the greater public as it has evolved within our tech stack and is no longer limited to endpoints, servers, and desktops but has now shifted to phones, applications and SaaS. These evolutions are caused by unpatched systems, the misconfiguration and coding errors created by humans.
RiskSense has been tracking the evolution of ransomware for about six years and releasing annual reports. “The good news,” stated Srinivas “there are only less than 300 known vulnerabilities that are actively being used by ransomware, 95% of the vulnerabilities that have exploits are remote code executable, the majority of those actually have patches to help you remediate the problem.” Although the cyber attacks on the ecosystem are dire, there are ways that companies can be proactive and get ahead of the problem.
From Partnership to Acquisition
The acquisition process of RiskSense began a partnership between the two companies. In the words of RiskSense’s CEO, “I call it a marriage made in heaven, it’s Nirvana.” The companies are aligned in their mission to stop breaches and both bring something beneficial to the table. Risksense uses intelligent risk-driven analytics to provide its customers with the best data to manage and prioritise a company’s cybersecurity risk. While Ivanti provides some of the best patches in the world. Together with the data to give context and the best solutions, Ivanti decided to join forces with RiskSense, acquiring the company’s data and highly experienced team.
Customers of both companies will benefit from this acquisition as Ivanti has integrated the RiskSense Vulnerability Intelligence and Vulnerability Risk Rating into Ivanti Neurons for Patch Intelligence. This mechanism assists patch users in patch scoring, giving additional context to Ivanti’s clients and the necessary solution to Riskense’s clients. The feature was released on the 2nd of August as Ivanti announced the acquisition and is currently available to customers of Ivanti Neurons for Patch Intelligence, who also have RiskSense licenses.
Learn more about the acquisition here.