Biggest Threats
CF: What’s your take on the current threat landscape?
Sloderbeck: From an impact standpoint, ransomware is still the most impactful end game for most attackers, non-nation state attackers. And it’s all about how people are getting in. Malware is a big channel. Email is still a big channel with phishing. We also see identity as another important vector, misconfiguration, misprovisioning, access controls; some of these kind of age-old problems are still persistent.
And then I think cloud security is the other weak link in the chain for a lot of organizations. That’s just a brand-new field, that interaction between InfoSec teams and DevOps engineering teams, and firewall rules are now a configuration file that get pushed out of a code repository. It’s a big shift for a lot of organizations. And we see that as an area that people are still really struggling to shore up fully and integrate it into their systems. And then I think the other one is fraud; it continues to get closer to infosec where we see a lot of organizations, the way you extract revenue from them could be by holding them ransom, and it could also be by very sophisticated fraudulent schemes that do often depend on these same things like vulnerabilities and cloud security, or issues with identity and provisioning.
