Are We Prepared?

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors. 

Steve King  00:13

Hello, everyone, this is Steve King, the managing director at CyberTheory. reporting to you today on this podcast with Victoria Beckman, who is the lead for Microsoft digital crimes unit in the Americas. In her prior life, Victoria worked for several law firms and data privacy and security. She has written extensively on data privacy in the law, and is the recipient of numerous awards has been named as one of the top 50 Security influencers of 2022. It sounds like a big deal to me. So welcome, Victoria. I’m glad you could join us today.

Victoria Beckman  00:55

Thank you so much, and thanks for the invitation to be here. Sure. So let’s jump in here. Brad Smith, Microsoft’s president and essentially, your boss has introduced this notion of assessing the impact of the war on on the development and the use of technology

Steve King  01:15

and made some salient points along that line. I’m curious about your perspective on the five elements he talks about. And I’m I wanted to talk today about Russia and Ukraine and, and the whole future of cybercrime landscape because it’s very salient right now. I think we’re we are in a war. We’re in a world where we’ve rapidly weaponized cybersecurity tools and technologies. And so I think it’s important for people to understand at what, you know, the stage at which we find ourselves, and again, you know, who better than than yourself and, and then, you know, Microsoft, of course, who is in the thick of things here. So, first, I guess defense against the military invasion now requires for most countries the ability to disperse and distribute digital operations and data assets, physically across borders and other countries. Why is that necessary? And what are the downstream implications of that

Victoria Beckman  02:24

Well, I think it’s necessary because as we have seen with Ukraine, the war now has gone beyond just the physical, regular, old school war, as we know it to be this hybrid war, that involves cyber attacks, attacks to critical infrastructure, the ability to get information, espionage and information about the systems of the other of the other country, in this case, Ukraine, Russia. Got information way before the actual the first invasion occurred in February of this year. And so it’s obviously a need to prepare as you will prepare any military operation or any defense on the ground. And they implications downstream is that you cannot do that in a vacuum. If you are preparing the critical infrastructure of a country, if you’re preparing your systems, you’re you have a National Cybersecurity strategy. All of that, of course, is going to have an effect downstream in businesses, and how information even in legislation, how information is protected, is share, to be able to stand these attacks to be able to be prepared to be able to not mean one cyber attack due to, for example, a utility company or or a power plant, as we have seen, could be as destructive, and cause as much economic and human damage as an attack on Iran.

Steve King  04:08

Yeah, right. And so you know, what surprises me? Based on what I’ve read anyways, that I didn’t see any evidence, and maybe I missed it of Russia or Putin going after critical infrastructure in a way that would, you know, shut down Ukrainian defenses. Did I miss that or?

Victoria Beckman  04:28

No, but yeah, I mean, fact we, so the cyber attacks, kind of advance hand in hand with the the military attacks. So even before was, say, January of this year, there were already operations for Russia to get information about the security and national security information of Ukraine to do these attacks. And the majority of the attacks, not only in this case, but the majority of nations In the state of tags that we have seen in the last few years, are concentrated in critical infrastructure and governmental entities, NGOs, this kind of this kind of industries. So yes, there was, you know, with with the military strikes, for example, in the, in Ukraine largest nuclear power station in March, there were all kinds of attacks in terms of propaganda, in terms of seeing some attacks to the networks, to the actual networks of their computers.

Steve King  05:38

Yeah, I see. So I’m curious, you know, you’re responsible for the digital crimes unit for the Americas, as Microsoft, or whomsoever it is, decide which components of the cyber attacks, you know, belongs in that bucket versus, versus other buckets, like, you know, misinformation or disinformation or mal information or what have you. For example, I know that it’s been reported widely that Russia has kind of divided their attacks into kind of one in two thirds. And I know a third of that is hidden is in you directly into our country with all of that misinformation campaign. So who decides what ends up in your department? Well,

Victoria Beckman  06:26

we are my team is one out of seven different teams at Microsoft, they’re dealing with cybersecurity analysts, internal cybersecurity and these kinds of attacks. So for example, we have a separate out my unit is called do your crimes unit DCU. And we have some pillars, you may say, of the kinds of cyber crimes that we concentrate on. So we deal a lot with ransomware, malware, business, email compromise, we have a separate division for this information. And in fact, we just acquire a separate company to handle that. And then there’s a separate team called the Digital Safety Unit D Co. that deals specifically with nation state attacks. So based on on that, different teams monitor different systems, and come up with different information, at the end of the day, if we are seeing certain kinds of patterns, or behavior in our little bucket that we are researching, we work together with other internal teams, to to see all of this and do operations globally, or decide that we’re going to concentrate all our resources in this specific attack this specific country or topic.

Steve King  07:51

How big is your team,

Victoria Beckman  07:53

my team for the Americas is 12 were one region is that a bigger team that covers in year, Europe and the Middle East, and I can’t tell you how many somewhere around maybe 20 something, there is an Asia Pacific region. And then there’s the central team that is based in Seattle. So all I know, is probably around 50 of us.

Steve King  08:19

So you know, Brad Smith’s paying a lot of attention to that this problem, I you know, how much of that is concerned about your own vulnerabilities and, you know, the publicity around Microsoft vulnerabilities being, you know, advantaged by bad guys, or and how much of it is, you know, trying to do a better job of securing your, your software,

Victoria Beckman  08:48

I think is both I think in, in our team, and most of the teams. I mean, our priority is to protect our systems so that we generate trust in our clients to use our our products and services. So we’re here trying to make robust products. The information that we’ll get from monitoring our cloud and our systems is used in real time to improve our own products. However, we also are aware of the importance of working together the importance of partnerships. We have multiple partnerships with different governmental entities, and private and public companies. In fact, we have agreements with some of our competitors to combat disinformation, online child exploitation, these kinds of things. So it is a combination of both. We tried to provide information about threats and vulnerabilities ahead of time to governments. We try to use the information that we that we see from these attacks to provide practices training to law enforcement I, of course, we always use that for our own safety and keeping our products and systems safe.

Steve King  10:07

Yeah, sure. You know, I’m thinking about how handy Russia is at EDD malware and particularly ransomware. And, you know, if you look at black box, then Conte and the rest of the ransomware crowd, you know, they’ve been very successful just in the last couple of months here banging away at companies all over the world, and then you look at the success they’ve had within, within Ukraine, and and here we are in the middle of a war, and it doesn’t look like they’re doing that. Well. You know, I mean, there’s no, there’s not a lot of evidence of success, at least as it’s reported in the media. And that’s the only unfortunately, it’s the only visibility I have into this is that go to, like, you know, where we are from a threat intelligence and Endpoint Protection point of view? Do you think that’s what’s helping Ukraine withstand? You know, a higher percentage of these destructive Russian cyber attacks? Or, you know, given what we know about these guys, the Russians, how long do you think it’ll be before they’ll figure out or work around all that? Well,

Victoria Beckman  11:19

I can tell you because they are indeed pretty good. And they’re always evolving and the treads, it seems like we can never keep up with with how they multiplied and they improve, I guess, their their attacks. But it is definitely, um, we we definitely seen it in this particular case, that they ability they they migration that Ukraine did to the cloud, right when the war started. And all the preparation that they did ahead of time has been key in them being able to be successful and kind of withstand some of the attacks that they are being subjected to that, hopefully will be a lesson for other countries were obviously seen, after the worst started, we’ve seen attacks and Russian espionage, going to countries outside of to Ukraine. So hopefully, all of that will just be learned lessons. For everyone else. Preparation has been key in this war, and fate were a few of Ukraine.

Steve King  12:33

Does your battlefield intelligence give you insight into other countries that Russia is engaged with, like Poland, for example? Or do you are you pretty much focused on Ukraine

Victoria Beckman  12:46

were concentrated in Ukraine, but we have seen anything. Actually, in our report, we have seen this pie operations expanding to pretty much all of Western Europe, Australia, the United States, Canada, even within Latin America to Mexico and Brazil. So we are keeping track of that. There’s hasn’t been really much going into into Africa yet. But yes, it is expanding everywhere. Except for for Russia and adjacent countries. Yeah.

Steve King  13:23

So if you look inside to his mind, you know, he’s kind of publicly Well, I’m not sure. I invite you into Putin’s mind is, is very publicly committed, you know, to whatever it is he’s doing with Ukraine, and he can’t hardly back away. So if push came to shove there, what is your expectation about, you know, pushing the cyber, the, the cyber security button harder, if you will, or are using more cybersecurity offensive attacks than he’s shown so far?

Victoria Beckman  14:07

I think the answer to that goes beyond my paygrade. I think that obviously, a lot of the national strategy of of the US has to, you know, we have to decide what to do if there was a case of attacking the US and the same for for Ukraine. I think Microsoft has been there to support and has been public about the support that we’re giving to Ukraine and trying to provide as much expertise and human power to combat what we’ve seen. I wouldn’t be able to tell you,

Steve King  14:43

what’s next. Okay, that’s fair, that we were talking about the five different elements. I think the third is you know, it looks like there’s a coalition of countries is coming together to defend Ukraine and you know, Rush and intelligence agencies have certainly stepped up their network penetration and espionage activities and targeting allied governments outside Ukraine, do you think it will be enough to help Ukraine hold off the offensive efforts of the Russians? Or what was your assessment of the battlefield? I hope so. You have. So

Victoria Beckman  15:24

it is hard to predict, you know how evil minds may work. But I hope so I definitely think that there is the interest and genuine genuine interest in supporting not only democracy, free expression, collaboration, and I think a lot of countries see that they may be the next target. And so, so in terms of action, and willingness to come to the table and try to help and try to work as a group, I think all of that is there now, what their results in at the end of the day, in terms of keeping a score of the attacks that I don’t know, but I definitely think that’s the idea. And there is the willingness and the and the necessity or rush to to get things done.

Steve King  16:21

Yeah. Who do you think has more to lose there? From a reputation point of view? Do you think it’s Microsoft? Or do you think it’s the United States?

Victoria Beckman  16:35

kind of bummed that? I don’t know, I don’t I don’t think I can answer that.

Steve King  16:41

Okay, that’s fair. So the Russian agencies are also conducting. You know, as we’ve mentioned earlier, global cyber influence operations to support these war efforts. I mean, both internally and externally as well. I mean, God knows what, you know, you look at the media coverage here of any given a bad and it is so hard to discern how much of that is nonsense from Russia? Or how much of it is real? A real factual reporting, you know, do you think that this is important enough to, I mean, you can only spread yourself so thin, right? I mean, I think, right, and you’ve got all this Miss and Mal and this information that you need to spread, some of that is to go back to Russia to keep the troops sort of in line. And some of it has to go to other nation states in the region, you know, to relax their anti Russian sentiments. And maybe some of it has to go to Ukraine to say, hey, you know, you used to belong to us. And all we’re trying to do is recapture NASA. Life ain’t so bad. You’re in Russia give it a chance. You know, I mean, how important do you think all that is to the war effort?

Victoria Beckman  18:02

I think it’s very important in terms of combating disinformation, I think is critical. And it has been saved by Brad Smith. It’s been saved by Microsoft and everything we have been doing lately. As far as hiring more experts, as far as providing resources to us this information issue tells me that it that it is pretty calm, that is going to be more critical going forward. We so anyways, in the latest report that we posted, and called Lessons Learned from the war in Ukraine, that Russian propaganda consumption increase significantly, after they were well, around January, of this year, even before the war started in the New Zealand and Canada and the United States. And that’s a big issue is a big deal. When, you know, there is more at stake than just an invasion, which is which is bad in itself. But when democracies and when freedom of speech, and when you’re eliminating people I think, I think that’s a huge, huge deal. And something that has to be there has to be fun. However, we can just like with everything, you know, in terms of responsibility, just like with everything, one company or one country cannot do everything on their own, the same way that we cannot fight ransomware in our own and we have partnerships and we have collaborations, the same has to be said for something like this information has got to be a communal effort to combat this, this huge organizations that are out there to to improve that and you know, to improve their attacks to make it more complex and ransomware. For example, we’re seeing that is going from conventional ransomware to human operated ransomware ransomware, as a service is cheaper, they get a lot of money out of it. So for all of this, it has to be an air for for different countries, different organizations,

Steve King  20:15

different experts. Yeah, sure. Microsoft works with a lot of different companies. On this particular front, however, is there one or two partner companies that you guys work more closely with than normal in terms of other software tools or technologies for Intel? Or, or detection or

Victoria Beckman  20:38

the rest of it? Have this information? You mean?

Steve King  20:41

Yeah, both information? And you know, that attack vector? For example, I mean, you’re trying to you trying to protect critical infrastructure on the credit side, I assume. So you’ve got a bunch of OT exposed, I assume? Do you work with industrial automation companies as a partner in that regard? Or are you even involved in that?

Victoria Beckman  21:06

Yes, we do have partnerships with different companies, different agencies. Recently, last month, we acquired the bureau, that is disinformation, specialist company, and the whole team is coming over to Microsoft. And for attacks, we have different programs that we work on, for example, my team has something called a CTF, which is cyber threat intelligence program, where we, we normally sign this with the ministers of technology or search of different countries. And we provide access to try to intelligence vulnerabilities that we see in our systems, we provide best practices and an information about patches. So yes, we definitely work in association with a lot of different companies, and law enforcement to try to, to help with this. I mean, in our team, for example, if we were to discover some kind of network of malware, normally, we have to work with governmental agencies or law enforcement in different countries to help with the takedowns to help with solve issues of jurisdiction and, you know, reporting in powers that we don’t have.

Steve King  22:27

Sure. And speaking briefly, of ransomware, you know, we now say no, and I guess the real question here is, back to the partnership question, you know, do you partner with Sisa, or any government agency who, you know, we’ve been ever since the Biden, you know, executive orders of what, a year ago now, I guess, from something may have was that just May of this year, I don’t know. But it seemed as though one of the big trusts was, you know, working, you know, sharing data and working in partnership with the private sector. I haven’t seen a lot of that happen, as you see much of that happening from here we are in a global, almost conventional war, right. And we’re underneath that there’s, you know, there’s cyber warfare going on, but the surface and it is a kinetic conventional war, people are shooting, you know, kinetic weaponry at each other. So what do you see from a partnership point of view with the federal government?

Victoria Beckman  23:31

We have a lot of partnerships. And that’s not necessarily my team, because in in North America, we have a separate team that deals with with government affairs and partnerships with the public sector. For example, the Institute for security and technology has a ransomware Task Force, member of that task force where we provide we actually issue last year, it’s been a year since we issue a report, the report with recommendations based on that executive order and recommendations for the for the private sector two months ago, I think Jen is certainly the director of cinza announced that they are going to kind of merge with a ransomware taskforce and we’re going to work in collaboration for that. There’s a lot of partnerships and a lot of information that is exchanged within the terms of what we can legally exchange or or provide. Because obviously, we also have legal obligations and privacy laws and privacy promises to keep with our customers.

Steve King  24:44

And I say All’s fair in love and war, except when you have privacy regulations in the way right.

Victoria Beckman  24:52

Yeah, there is not necessarily as easy but when there’s information in general threads or information that is not personal information or information that can be exchanged to fight cybercrime. We’ve certainly had those those partnerships. Sure, recently seeing the federal government being very adamant about not paying ransom for ransomware. You know, it’s, that’s easy for them to say, but when, you know, companies are going out of business six months later, or three months later, whatever or immediately, maybe, you know, they can’t come up with $13 million, or whatever the maximum or demand is, then, you know, or they can just stay in business rather after, after not paying as per the FBIs instructions, then they’ll, they’ll be out of business. So, you know, it’s, there seems to be, you know, do as as say, but we’re, we have no, we have no collateral liability. And this somehow, we’re not going to help you stay in business, it seems odd to me. And the debate about whether to pay or not ransomware is a complicated one, because in an ideal world, you wouldn’t pay ransomware, because you have a prayer with some sort of incident response plan, and you have backups, and you can restore your systems and I knew mitigate the loss of information and loss of business opportunity and time. But in reality, is not doesn’t always work like that. And there are situations where, yes, you have to, the only option is to pay. And not only that, but kind of sit and cross your fingers that that good one somewhere, attacker is going to be ethical enough to give you back your information or give you back the keys to the encrypt your information. So it is a difficult answer that can be saved, well pay or not pay that, you know, there are different factors why a company ultimately has to make that decision, and then sometimes has to, unfortunately, with the consequences of that decision? Yeah, I’m sure.

Steve King  27:11

Well, I’m conscious of the fact that we’re about right out of time at this point, Victoria, but let’s close this out with one question about sort of lessons learned, if you will find that I know you guys have published the sort of whatever you want to call them learning sort of takeaways, or what have you. What do you consider the top the top lessons that we’ve learned so far, that we can apply? This is very easily transportable to our current situation, here where, you know, we’ve got lots of exposed critical infrastructure. And, you know, if it’s not the Russians, or the Chinese, North Koreans, Iranians wherever the adversary is, they’ll be using leveraging the cyber attacks on that CI, in order to try to influence outcomes. What do you have in the way of sort of findings from what we’ve done? So far?

Victoria Beckman  28:08

I think the lesson in everything, at least, I always said to whenever someone asked me or whenever customers ask for anyone, is that preparation is key. It is it is, I think, I have heard this somewhere that it is not if I’m gonna get attacked by when which I normally don’t really like that. But it is kind of assume that we’re being attacked, that the attacks and there is no end in sight, and the attacks are going to be more sophisticated and more complex every day. So it is a matter of how you respond to those things. And being prepared, knowing number one, that there is an issue that is something that has to be taken seriously, that has to there has to be an investment plan. And sometimes some national strategy in the case of countries, so that you can follow that response plan mitigation plan, when something happens is the biggest lesson learn. Because at the end of the day, when there was preparation, when there was migration to the cloud in Ukraine’s case, then we saw that the attacks were not as I guess, big as they could have been. So I think in a nutshell, that would be my advice, or the lessons that we have learned. And obviously the lesson that that we cannot go ahead on our own. It cannot be an issue of just praying just Microsoft is something that there has to be an air for from different stakeholders in different industries in different sectors to be to be able to respond to this

Steve King  30:00

Yeah, sure. And then, you know, as you already have a business to run as it is, and now, and now you got a war to fight on top of it. So, yeah, I imagine you would need partnership with other folks and security, you recognize that, of course, sometime. I mean, so that that the preparedness lesson, I guess the question, the follow on question would be, are we prepared?

Victoria Beckman  30:29

No, I don’t think so.

Steve King  30:30

Yeah. No? Good answer.

Victoria Beckman  30:34

No, there is a lot, much more to be done a lot more wareness. That has to happen in planning and agreement from different sides. So, no, I think I think we have ways to go. We’re on a good path. But there’s always room for improvement.

Steve King  30:55

Well said, Alright, Victoria vagamon has been an absolute pleasure. Again, the Victoria is the lead for the Microsoft digital crimes unit for the Americas. I’m sure glad you could join us today. It’s been illuminating, and, and a lot of fun talking with you. And, and it’s all of this is sensitive material. I understand that. So thanks for stretching a little bit and giving us a little, a little bit more than, you know, Danny, you went slightly beyond the published version. And I really do appreciate that. So hopefully, you know, if you’re up for it, I’d love to have you back and save for five, six months and see where we stand over there. Because I’m sure we’ll be there. And we’ll probably have, you know, a lot more to talk about. Sure.

Victoria Beckman  31:41

Sure. I’ll be happy to come back. Thanks for the invitation. It’s been a pleasure as well.

Steve King  31:46

Great. Okay. Thank you. And thank you, and thanks to our listeners for spending another 30 minutes with us on the podcast and hope you enjoyed it and learn something out of a takeaway here today. And until next time, I’m your host Steve King, signing off