Full Transcript
[0:05.2]
Good afternoon, everybody. My name is Adam DeLuca. I'm the director of Risk Intelligence here at Everbridge. And welcome to another rapid resilience video. Today I'm joined by Ignacio Brada. He is one of our leading cybersecurity expert here, and he's the lead security and AI architect and a proud graduate of Michigan State University.
[0:23.5]
It's good to see you, Ignacio. Good to see you, Ann. Go green. Yeah. Go white. You know, as we all know, the World cup is coming up in a couple weeks, and I think there's a lot of threats on everybody's mind, right? There's travel challenges, language barriers. There's going to be strains on infrastructure throughout this unique event that's spawning three different countries and 16 sites.
[0:45.8]
Now, there's also possibly domestic violent extremism under the, kind of backdrop of the political climate that we're in here in the United States. But I don't think a lot of people hear World cup and think cyber security risk and challenge. But we're here to tell you today that there are real cybersecurity threats out there surrounding an event like this, and we want to talk about it.
[1:05.6]
So, Ignacio, a lot going on in the world right now. Can you just kind of give us a general overview of the cybersecurity threat landscape heading into the tournament? Absolutely, Adam. And it's an incredible time. I think, in the cybersecurity world. Things, are changing fast.
[1:22.0]
AI is having amazing developments, and at the end of the day, AI is just a tool. So just how it's helping us on the different side, the bad thing is that it's helping the bad guys as well. So I'm sure a lot of people here, have heard about how, bad actors are using, the different LLM models to find zero labeling abilities, string exploitability, windows, since a vulnerability is discovered till someone is able to abuse it.
[1:56.7]
And also, it's creating, you know, a lot of noise out there in the Internet. Scanners are getting smarter, by guys are using this in large amounts, and it's relatively cheap. Surprisingly right to use these. Anyone can get access to these.
[2:13.4]
While some of the most dangerous, models are used mainly in research, the current models are pretty strong. And I do think that we're, we're, you know, heading into these FIFA, World cup with a lot of that in the news. But it's also important not to forget the classic cybersecurity threats, right?
[2:33.0]
Phishing, QR codes, just sometimes you know, all the. With all the lights in the news, that captures all our attention. But it's also very, very important to remember, that the traditional way of attacks, are still happening, and we need to be ready for those.
[2:51.3]
Yeah, well, those, types of attacks, those trade craft, are there for a reason, right? Because the social engineering is very successful. And with AI kind of accelerating the landscape, it's also, broadening, the amount of threat actors out there.
[3:06.5]
Because AI makes these traditional apt groups associated with large nation states. Now individuals and smaller groups can kind of leverage the same technology and get some of the same results. Obviously, we have a developing situation going on in the Middle east with the Iran, Israel, United, States conflict.
[3:25.1]
Is there any heightened threat coming to the World cup based off of that conflict, or is it just business as usual? No, absolutely, Adam, I'm glad you brought that up. And let me start by saying this. Our organizations do not have to be politically active to become a cyber target here. Right?
[3:46.2]
With, a big event like the World cup, being visible, being visually connected, or being part of that, operational indispensable vendor, of the chain here makes you a target. So, it's really important to think about that.
[4:02.3]
And then on the other side, I think that, you know, with everything going on in the world, and we've seen this in the past, right, the different political actors are trying to take advantage of this.
[4:17.6]
It could be creating disruption to create, political unrest. It could be maybe taking advantage of this for cyber espionage. So definitely, there's a lot of angles there, that people need to be thinking about in order to stay on top of this.
[4:37.3]
I think one of the key things, right, is we need to understand what the core asset. So, for example, if you're a broadcasting or streaming platform, the trust is really what separates you from the rest. If you're a ticketing or payment system, you become part of the operation and the transactions there.
[4:55.5]
So, people can have used that or launch a, denial of service attack, to. To affect that. Not even, you know, if we talk about transportation, hospitality, local services, you know, people are working really, really hard with an increased demand.
[5:11.6]
So the door for, for attackers to, you know, sneak in is a little bit bigger than normal. So. So that's. That's definitely an area of focus, I think. And especially with all the geopolitical developments that we're having, you know, nation state, are going to take advantage of that.
[5:29.2]
Yeah, I mean, it's a good point. That you make. Because a lot of different sectors are involved, not only in the planning and the preparation for this, but, you know, on the operational side. So, you know, supply chain, you have transportation sector, financial sector, healthcare sector, you know, in these cities. And, you know, these threat groups can go after those sectors in a variety of different ways.
[5:48.0]
Like you're discussing, you know, so you mentioned QR codes, you mentioned some other social engineering, kind of basic level, cybersecurity, hygiene, type issues. What are some of the other tradecraft and tactics that some of these cyber groups might be looking to leverage, during the event?
[6:07.0]
Yeah, I think, you know, definitely causing disruption. So definitely your denial of service attacks, are what, you know, if you look, if you look at some of those expert agencies, you know, Canada on their side, cisa, they have put a lot of, documentation out there talking about some, some of these things.
[6:27.1]
But, you know, ransomware, that's always, that's always there. They can, you know, they will definitely try to take, advantage of, the high volume of transactions and people and things happening, to try to try to find the door and be able to, get some financial benefits from it.
[6:44.7]
I would say, you know, for teams, it's definitely important, you know, keep the user, and Employees, you know, aware of these. On paying, extra attention, I think, understanding, you know, what are the new traffic patterns that, you know, there's online services might be expecting, increasing monitoring at the WAF layer, making sure that your dos, protections are in place, being able to scale up to handle the demand.
[7:14.5]
I think those are good things to look at. And Adam, let me just call out one more thing as well. Although it's not a technical control, I think tabletop exercises are super important in these scenarios. Right. You can look at it, you know, at the top, at the top layer.
[7:30.0]
You have, places like Miami and cisa, right. The city of Miami and CISA did an exercise already specifically, for some of the World Cup. And, you know, if they can do it, I think small organizations can do it too. And this really helps you. One, make sure that you know how to react and respond.
[7:48.4]
And then to the coordination part, make sure you're ready to coordinate. And potentially you could even find gaps, you know, depending what scenario you have, to be able to, to get in front of those before the bad guys do. Yeah, it's kind of identifying those unacceptable consequences and kind of ranking a rich risk register. Right.
[8:07.9]
Like, of what you can afford and what, what amount of risk that you're actually comfortable with. And when it comes to some of these cybersecurity threat actors and the impact that they can, you know, whether it's ransomware, denial of service, or some of those traditional social engineering attacks, you know, they can cause a lot of disruption.
[8:24.7]
You talked about exercising, right, you mentioned a couple other things that businesses can do to mitigate this threat. But are there any other things that businesses and individuals associated with this event that they can do to actually improve their risk posture? Yeah, I think, you know, I think you call out great things, you know, knowing what your crown jewels are.
[8:44.7]
Right. In order to do a good risk metrics there, you need to know where your crown jewels are. What are those assets that cannot fail? What are those processes that need to be running in order for you to keep operating? And then, based on that, you can start making some risk based decisions.
[9:04.6]
Definitely user training, make sure people are aware and then all the technical controls that we talked about before with AI, I think you can also experiment on some new things. So I'll give you some things that we've been looking at.
[9:21.2]
So for example, making sure that, you're using AI to scan your public facing infrastructure, and going back to the scenarios. LLMs can be very, useful creating some scenarios for you and help you think about things that you haven't thought about.
[9:37.6]
So if you're planning on doing a tabletop exercise, make sure you spend some time playing with LLMs. See what scenarios they can come up with and see if they can look at angles that you haven't really thought about before so that you can start thinking how you can react to some of those.
[9:54.4]
No, that's a really good point again about, using AI defensively to monitor and even start recovery on some of these incidents that get into your organization. But Ignacio, it was really good to have you here. I just want to have one more question before you go.
[10:09.9]
Who are you rooting for? Yeah, well, I have my jersey right here, with the third star. So I'll be rooting for Argentina, the last champion, and the United States as well. So hopefully one of those two, get the championship this year. Yeah.
[10:27.3]
Is somebody that comes, from Italian descent. Unfortunately, the, Italians weren't able to qualify this year, but, we'll be pulling for the United States States, over here in this household. But Ignacio, it was really great to have you here and get some of your expert, analysis on some of the threats.
[10:43.2]
Approaching the World cup this year from a cybersecurity perspective. You know, please stay tuned to Everbridge. We have the World cup covered from every angle, whether it's cyber weather, violent extremism, cartel activity in Mexico. We'll be producing and alerting and monitoring on all threats surrounding the event.
[11:00.2]
If you have any questions or concerns, please contact us. We're happy to collaborate, Ignacio. Thanks again. Thanks, Adam.
