Former Cybersecurity and Infrastructure Agency (CISA) director Chris Krebs says when it comes to cybercrime, things are going to get a lot worse before they get better.

Krebs was the keynote speaker on the first day of Black Hat USA 2022. The event, which marks the 25th year for Black Hat USA, has drawn attendees from 111 countries. The event is back to pre-pandemic levels with tens of thousands of attendees.

In his keynote, Krebs focused on three questions when it comes to cybercrime: “Why is it so bad right now? What do you mean it’s going to get worse? And what are we able to do to contribute to solve the problems in front of us?”

“There are four main reasons why it’s so bad,” he said “That’s the technology, bad actors, the government and us as people.”

Regarding technology, the business benefits of insecure products outweighs those of secure products, the former CISA director said.

“Businesses are focused on efficiency,” he said. “They see us as slowing them down. Security is seen as a friction.”

In addition to the ever-proliferation of insecure products is increasing complexity, particularly in the cloud, Krebs said.

Some Good News

Krebs said there is some good news. “We have a vibrant, robust ecosystem, and vendors are addressing some of the underlying vulnerabilities,” he said. But it’s not enough.

In terms of attack surface, there are opportunities for the bad guys to come in and get what they want, he said.

“Over the last couple of years, the biggest falling down of government and industry is ransomware,” Krebs said. “The bad guys figured out how to monetize vulnerabilities.”

If you’re on the internet or email, you’re “on the playing field” for cybercriminals, he said.

“The threat actors at the top understand the shifts in our business,” Krebs said. “They understand we’re making things more complex, relying on software updates. Companies that are shipping products are the target. If you’re hosting, you’re the target.”

And adversaries are targeting the supply chain because that’s where the access is, he said.

Scroll through our slideshow above for more from Krebs and more from Black Hat.