In this edited interview excerpt from a Nasdaq TradeTalk, Check Point CEO Gil Shwed discusses artificial intelligence, the cyber pandemic, ransomware and so much more. Don’t miss this!
What is the big security concern around AI chat technologies, such as ChatGPT?
GS: Oh, there are so many. I think that these technologies are producing a lot of great opportunities for the world, but they are also creating a lot of security threats.
For example, ChatGPT can write malware. You no longer have to be an expert in order to write malware. You can simply use ChatGPT to write malware.
And even when it comes to simple things like writing a phishing email, ChatGPT does an amazing job. We’ve already seen some of these examples in the wild…
How did we enter a cyber pandemic?
GS: I think that when the coronavirus pandemic started and we were forced to work remotely, a lot of things moved to the digital world. In many respects, this is good, but the attack surface also expanded at the same time…
The attack surface is no longer just an enterprise’s network. It’s every home desktop or employee laptop, each of which could potentially be used as a launch point for an attack. If these devices are exploited, attacks can occur fairly quickly and can get out of control.
Why are cyber attackers interested in going after cloud-based networks?
GS: A lot of the computing environment is expanding or even moving to the cloud. And the cloud creates an unbelievable opportunity for attackers. Motives include anything from bitcoin mining (which is simple, but a financial risk), all the way to migrating data out of the cloud and stealing it.
And it’s not only that – When you think about the traditional IT environment, it’s protected by so many layers of security that make it difficult to penetrate. On the cloud, if there is a small breach, it can go directly to the heart of things…
What are the top industry sectors that cyber criminals find most attractive?
GS: First of all, cyber attackers are trying to access almost every attack surface, and they’ll succeed wherever it’s easiest. I don’t think that we should say that if you’re in one sector, you’re not at risk, while if you’re in another sector, you are at risk. Instead, we should say that if you’re not protected with adequate cyber security, you’re at a higher risk of a cyber attack.
However, we have found that certain sectors, like healthcare and government, are more susceptible to cyber attacks. Sometimes, this is because the aforementioned sectors are less protected. And when I’m talking about the government, I’m not talking about the national defense forces – I’m talking about schools (which fall under the government sector umbrella)…or local governments, like city councils and so on…These organizations, in many cases, are not big enough to develop the right security policies or the right security tools.
Can you frame the ransomware problem? Why is it getting worse when there are so many cyber security companies out there?
GS: That’s a very very good question. So first, ransomware hackers have found a very effective means of monetizing their attacks. In the past, people did hacking for ideological reasons, for government-to-government espionage…etc. Some pursued hacking in order to steal money, but it was a difficult undertaking.
With ransomware, hackers found an amazing opportunity to create an attack type and to translate it into ‘big money’. And by the way, when you look at the evolution of ransomware attacks, five or six years ago, a ransomware attack brought in $300-$600. Today, a ransomware attack can bring in hundreds of thousands of dollars. We’ve even seen ransomware attacks that have resulted in companies paying more than $10 million. It’s become a big business.
The problem with security today is that there are so many solutions, there’s so much complexity, and these solutions don’t work together. So, something that would have been blocked on your PC yesterday, could come through your remote access network tomorrow, and it won’t be identified.
It’s our job to work together collaboratively to block these attacks and to build architectures that are far more consolidated and complete in order to block attacks on all attack fronts. At Check Point, we are trying to do just that, and we are investing all of our resources in it.
This article content is an edited excerpt from an interview that was originally broadcast as a Nasdaq TradeTalk. Please watch the entire video clip – here.
If your organization needs to strengthen its security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register now.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.