Revisiting the Global Threat Landscape One Year After SolarWinds


In this episode of Cybersecurity (Marketing) Unplugged, Sels also discusses:

  • BlackBerry and how they help organizations secure data;
  • The real cyber threat at hand: What’s China’s next move? What’s Russia’s next move?;
  • Threat actors and capabilities that have been growing since SolarWinds.

Roger Sels is VP Solutions, EMEA at BlackBerry, helping maximize cyber program value and impact. At BlackBerry, they’re focused on two key markets: cybersecurity and IoT. Sels has extensive experience in system and network security administration, information security architecture, design, threat and attack modeling, penetration testing, incident response, risk assessment and risk management, policy development and governance. Since 2016, Sels has been in Dubai in the United Arab Emirates focusing on APAC and EMEA. Sels previously joined us during the uprise of the SolarWinds breach last year.

Today, Sels is back to revisit the digital world of SolarWinds and the global threat landscape, as well as BlackBerry’s point of view.

We introduced and innovated in this area and brought the mobile device management, then later Mobile Application Management suites. We still have these so we still help organizations secure their data, but no longer on our devices. What’s quite exciting is that throughout the years, we’ve done a couple of acquisitions and the best way to describe it is that now we are focused on two key markets. The first one being cybersecurity.

Full Transcript

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors. 

Steve King  00:13

Good day, everyone. I’m Steve King, the director of cyber security advisory services here at CyberTheory. And today’s episode is essentially a one year update since Roger cells and I were last on the air more actually, because we were discussing the immediate Fallout to the SolarWinds disaster disaster of the fourth quarter, 20. Wani I think, yeah, which is still affecting us. But but we have so much to talk about today, I’m not going to go there. Roger now serves as the vice president of cyber solutions at Blackberry, given the state of the global cybersecurity context, I thought, today, in particular, would be a great day to revisit the digital world and the global threat landscape. From your point of view, Roger, and as well as from BlackBerry’s point of view. So first, welcome, and thank you for joining me today.

Roger Sels  01:20

Thank you for having me, Steve. Always a pleasure to catch up. Glad to be here.

Steve King  01:23

Yeah, me too. So let’s start out a little bit by having you help our listeners understand what it is that BlackBerry actually does, because I always think of them as the WellsFargo enterprise communication device, about honor nine years ago.

Roger Sels  01:45

Great question. And I’ll keep this brief. But yet sure, people still associate us to our devices, which we’ve stopped manufacturing, I would say about seven or eight years ago. Now, what essential, essentially, it boils down to is that back then already, at the core, we were known for security, trust and innovation that was expressed to the devices that we created. These then created a challenge that well, now people were roaming around with corporate data on their devices, we need an application to prevent that and to set policies. So we introduced and innovated in this area and brought the mobile device management and then later Mobile Application Management suites. We still have these so we still help organizations secure their data, but no longer on our devices. What’s quite exciting is that throughout the years, we’ve done a couple of acquisitions. And the best way to describe it is that now we are focused on two key markets. The first one being cybersecurity. That’s the business unit I’m representing. And the other one is the IoT market. Let me start by IoT quickly first, today, we have a secure operating system and hypervisor, or IoT, mainly being used today in in cars, over 200 million cars are using that we have a strong partnerships with AWS to bring what we call IV, the intelligence, security for the autonomous vehicle of the future, we will be expanding that likely into smart cities and the like. Then from the cybersecurity business unit point of view, we had that portfolio of BlackBerry products that I just described previously. And but we also in 2019, acquired silence, and silence was a leader in the endpoint protection space, and was the first company to really adopt AI and machine learning for cybersecurity problems in that space, leveraging only AI and machine learning. So there were no signatures of that. And silence also had a strong team that performs Incident Response compromise assessments. Nowadays, we see that we’re experts in preparing for breaches, sorry, preventing them detecting and responding to them. And we can help our clients through all of these phases with either our product portfolio or our services ecosystem around.

Steve King  04:31

Yeah. Okay. Thanks for the update. Roger, one of the things I wanted to clarify, going forward here it is, I think the context matters for conversation is your current location and operating base that you that you manage and are responsible for the whole cyber world there for BlackBerry a little bit. Sure.

Roger Sels  04:55

So I am based in the United Arab Emirates in Dubai. More precisely, I’ve been in this region since 2016, fusee was living in Abu Dhabi and capital, but moved to Dubai, the region that I mostly am involved with with is Imia. Though I have some some dealings with with clients and partners in other regions, namely the US and US federal government entities, or some enterprises in in APEC, but the main focus is is EMEA.

Steve King  05:35

I think that’s important, because at least folks in my side of the planet, if you will, are always looking at things from a western point of view. And even over there quite some time now, you see things that are only seen from, if you will, the Middle Eastern point of view, in the world, I’m sure it looks very different from your lens than it does from from ours, or mine over here. And so in that context, you know, how about we the first question for me is, you know, what’s next here? It looks like on the, on the current global stage, we’re sort of playing right into Putin’s strategy, you know, so my question is kind of like and I, we just saw, in today’s news reporting that, you know, savers are being rattled, I essentially tempting the US to response to a threat that only exists, but apparently in the US is mine. So what’s China’s next move? And what’s Russia’s next move? And from your point of view, how to use what is this all kabuki theater? Or is there a real cyber threat here? And do we have it? And is it now time to be very, very serious about this?

Roger Sels  07:02

That’s a great question. And, yeah, I’ll gladly share my opinion. But I’ll make the caveat that I’m not an expert on on geopolitics and diplomacy, and all of these things. But what does worry me personally, is that, while the response to the sad and shocking situation is necessary, I’m not 100% sure that crashing the Russian economy is not going to lead to a strengthening of bonds with China, I think we can already see that with China, buying some of the quote, unquote, abandoned assets, for cents on the dollar. So that that’s going to be between quotes, again, interesting to see how that will play out in the future. With regards to an area of expertise of mine, namely that the cyber war, I would say that it has been ongoing quite successfully for the past few years already. And there was this great quote by NSA Director of the cybersecurity directorate, Rob Joyce, we said, well, almost every nation in the world today has a cyber exploitation capability, so has offensive capabilities. So look at it through this lens. I guess, for most organizations, the attribution of the threat actor doesn’t really matter. I mean, whether you’re being targeted by a Russian trakpactor, Chinese, let’s say, North Korean, Iranian, and so on, and so forth, will likely lead to the same outcomes, maybe with different goals, of course. And as this situation continues to heat up, we might see something that we haven’t seen before, not at least on a widespread scale, is that we move from espionage and IP theft into really disruption or destruction of critical national infrastructure. But then I also kind of wonder if that were to happen, if this would, in fact, lead to triggering of article five of NATO. So Article Five is the collective defense doctrine that essentially says, Well, if one of the member states is attacked, all of us are attacked. They have clarified in the past that Article Five could be invoked for cyber war. So far, it hasn’t happened and what we’ve seen plenty of cyber attacks and even attacks that have been attributed to foreign governments. I feel that they’re triggering that response. We’ll probably require the threshold to move up to of destruction or disruption of critical infrastructure.

Steve King  09:58

At least You know, it’s certainly gotten complicated. And it looks to me like, you know, with if you look at the sanctions that NATO and Ukraine have participated in almost without their knowledge, in a weird way, the banking sanctions against Russia, throughout the Middle Eastern European states and countries, it’s almost like food and managed to place the entire emphasis for the bad guy routine, away from Russia and onto Ukraine, because they’re not the bonds after all, that are sanctioned in Russia. With all that going on, and it gets more sort of psychologically complex. As you know, we seen Biden’s response, I think, this week to somebody’s interpretation of Putin this latest move, I don’t know what all this activity is going to lead up to, but it sure it sure predates a some sort of response there. Do you think there’s going to be a single event that may spark their entry into cyber with a with an attack? Or do you have any insight as to how that might appear?

Roger Sels  11:12

I have a couple of folds there. I think first and foremost, and we’re already seeing this today, is that because of the war that’s ongoing, there’s less policing, if you will. And it had already been claimed internationally to be quite weak, that policing of cybercrime gangs in in Russia themselves, and a number of them actually publicly came out and said, we support our government, we are against the sanctions, you will retaliate. So this is a first direct consequence of things heating up in sorry, first consequence, leading to a heat up in a cyber war. The second one is that international travel actors may also feel that they can mimic some of the tactics of these other groups conduct false flag operations, as as it were, that might become a very slippery slope very quickly. Another element, of course, on the other side, is that Ukraine had asked volunteers to try and hack Russian targets. I think at some point, I read reports that over 100, well, hundreds of 1000s, or more than at least 100,000 volunteers had signed up for that, that attacks were happening from multiple Western countries. So you could see that, at some point, if these attacks continue the section, sanctions continue. And especially if the campaign, if you want to call it this war in Russia, I’m sorry. And then Ukraine remains at a standstill, like it pretty much appears to have reached now. We could see some deflection into cyberspace and Russia trying to get some, some success there. But that’s all at this stage still. So quite speculative. Right?

Steve King  13:17

How does all of us affect you guys in Dubai and in the UAE? Who do you trust these days? Do you just go along and assume it’s going to be like it was before? Or is there a new layer of sort of zero trust outlook on everything, just because the players that you’re now engaged with have maybe larger ambitions revealed?

Roger Sels  13:44

So here in the country, to politics are quite sensitive. I mean, if you look it up, just a few months ago, and even days ago, for Saudi Arabia, there were drone and missile attacks that got intercepted, that’s been more on people’s minds, then, unfortunately, what’s happening in a number of countries away for very clear reasons. The UAE itself abstained from the UN council votes, and as a country seems to enjoy relatively good relations with Russia, Russians that may find it harder to conduct business elsewhere, seem to consider active relocation degree and to come here. So what that is going to mean on the long term remains to be seen. Now, for us as a company, we conduct some business here, but most of the business that also I’m conducting is actually outside of the country. And we clearly see concern with a number of parties, governments mid sized organizations SMBs enterprise, mainly in Europe, especially if you or further to Eastern Europe, can in Scandinavia, although of those, there is there is more active concern. When you look at how the invasion started, there were wiper malware, software solutions being deployed, and real damage being inflicted. That also knocked a number of satellites offline from a number of European based companies. And that seems to have been a collateral damage in the ingest the invasion. So there is increased concern, we are getting more requests to put up or to put in place, incident response retainers. So in case an organization has a concern, notices something is off, they immediately have is on standby can pick up the phone and investigation, an incident response can can happen immediately. We have a number of other parties that say, Well, yes, we, we want to become more resilient, we want to adopt some of the zero trust network principles. Can you help us with that? What’s the path forward to definitely there’s a large uptick in discussions, then we’ve had some other interesting situations where when you look at it, the German and Italian governments have actually warned that Kaspersky as an organization might at some point, be forced into providing or be abused by the Russian government into providing access into victim organizations. And well, I know in the US, the government has already cautioned about this a number of years ago, UK did as well. But that’s now more an issue that’s at play in in, in some states in Europe. And as such, we get quite a few concerns. Kaspersky customers coming to us and say, Well, this is my situation. Can Can you help? Whereas ultimately, I also say, Well, look, the issue doesn’t really seem to be the Kaspersky people. But yeah, if they were to get certain requests between quotes, again, from from their government, they can only collaborate and yeah, it’s up to each organization to conduct a risk assessment and see if this is something that is of concern to them.

Steve King  17:34

Yeah, and it’s very ironic in the case of Kaspersky, because, you know, from my point of view, they’re probably the smartest and most capable intelligence company on the planet regarding cybersecurity. And yet, you know, the US government, through purely political gestures generally banned all input from Kaspersky into cyber security companies a while ago, too bad. And that brings me in, it’s kind of hard to imagine how you just keep on with business as usual. You know, Huawei, for example, is, you know, running around putting on seminars around the world around the web, you know, how they approach this and then the other thing, you’re welcome to come in and rattle cages and, you know, open up operating systems, internals, etc, etc. It’s like, No, we’re not gonna do that. But, you know, there’s just we, instead we’d say, we meaning, you know, most of the consuming public here says, we don’t trust anything Huawei does, why would we? It’s a Chinese company, they have no controls over the Chinese controls. There are no barriers to pass to get to market. Why would you buy a communication device based upon a proprietary technology developed by a country who’s clearly our adversary? So so how does that affect business?

Roger Sels  19:01

I think it again, depends a bit on the geopolitical setting that you find yourself in just while you are seeing that and to share a perspective. So I’m a I’m a Belgian national. And when the Snowden documents were released, is when we found out that the NSA and GCHQ at some point had hacked Belgacom or Balcombe international carrier services be ICs to allegedly spy on terrorist targets in the Middle East, because they control satellites and a lot of that, when you really think about that, my national telecom operator was hacked by allies. So then you start having this different perspective, okay, but essentially, it seems that it’s a bit of a free for all, in many ways. So that depiction of certain states as adversaries is I think that will will change from from region to region. What I noticed, for instance, specifically in the UAE is that because of a number of things that happened in the past, and because partnerships and relations can be tenuous at times, they sometimes have a stronger bond to, for instance, China to, for instance, Russia, or they just hedge their bets and have strong partnerships with all three. So the US, China and Russia, and it’s very interesting, as you talk to more people with a more global outlook, you get their different perspectives and, and whose adversary becomes a bit more murky in many ways. So yeah, but coming back to your question, is it business as usual? Look, I I think for the moment it, it definitely looks like it. But for cyber, there have been a number of really good initiatives that have finally been been pushed through Siza just made a number of good recommendations, the SEC updated its risk management framework and proposal where we are seeing more mandatory cyber breach reporting, even the knowledge of the board of directors has to be disclosed. So by law, they have experience in cybersecurity. I’ve said to a colleague and a friend that if COVID was the digital accelerator, then both the events that transpired with solar winds, and now the actual war with Russia, in Ukraine, are the accelerators from a cyber perspective, really a call to action. So in this regard, I think many people are looking at this landscape and saying, Okay, we need to bolster our defenses, we need to act now, because we are in a very volatile situation.

Steve King  22:14

Yeah. Which also leads me to wondering about your competitive situation. Just, you know, aside from all the geopolitics is, how are you guys positioned in the in the market space that you’re targeting? What do you think the next six to 12 months is going to look like there?

Roger Sels  22:37

Look, I think, given that our expertise is in planning, for preventing of detecting and responding to incidents, and that there is widespread concern in the markets, I would be lying if I didn’t say that. This is keeping us well busy. So demand is pretty strong, across the board, for new services and products. We have, of course, also, as a company made certain public statements. So you can find the statement by my CEO that we we pulled back out of Russia, and with immediate effect terminated any services, any products that would be would have been running there. Yeah, I guess that puts us on the list of potential targets just as much as any other company that has abandoned or pulled back out of the Russian market. In terms of the next six to 12 months. Yeah, we’ll we’ll just continue helping organizations bolster their cyber defenses and handle more tracks. Well, one other capability that has been growing had been growing since SolarWinds, but has been picking up a lot of steam in the past year, and continues to do so is our managed detection and response service, where we essentially hunt for advanced threat actors that say presence in systems of clients. The demand for that has been has been really strong. And that’s definitely an area of focus for us.

Steve King  24:20

Yeah, no question about the demand there. What is your what is your primary differentiation in that space?

Roger Sels  24:27

Well, I think the fact that we can add we can do leverage our own products, which utilize AI and machine learning, help us to provide a swifter onboarding process, swifter, shorter time to value we are able to reduce the number of alerts quite significantly, and then focus our capability only on attacks of note. I can give you Example. Recently, the products were tested by sC labs, somewhat. I don’t want to say fortunately because it sounds so wrong, but let’s say somewhat luckily pincodes still the three a PTS, they tested the product and also competitive product, some all happened to be Russia linked adversaries. And we had 100% detection and prevention score. So that’s Yes, something that’s been picked up by the market that we can demonstrate in the services that gives our clients have confidence that the team has the experience necessary to detect these top of the pyramid nation state adversary attacks, and deal with them swiftly before they can they can cause any harm or damage.

Steve King  25:56

Yeah, now, I haven’t heard that story or read it anywhere. So you know, it’s interesting, you guys have have so many advantages. I mean, you’re, you come from a huge heritage, you’re a big company, you’re well known in a lot of spaces, you took advantage of prior expertise and ratcheted it up multiple times. In the past, you should be, you know, in my estimation thought of as one of the market leaders in the space yet. I don’t get that sense at all, from what I read what I see any promotional material at any promotional events, any any brand story that ties, who it is that BlackBerry is to this huge defense and protect opportunity that we all see on the S spin on the horizon for a long time here.

Roger Sels  26:52

I understand that feedback. I think, internally, we recognize that there have been some, let’s say challenges. We’ve we’ve been busy with the integration of silence, not only into our business, but into our product portfolio. We did a rebranding of certain products that might have appeared somewhat confusing to the market. I know that in the next few weeks, we’re going to, to announce a couple of changes there that are going to bring back more clarity. We definitely strengthened our leadership team. In the past few months, we now have a president of the cyber cyber business, John Giamatti, who was the president and CEO of McAfee, we brought on some other former McAfee executives, and we just today had our first day of sales kickoff. Yeah, I have a sense that a number of these problems that you elicit are going to be overcome this year. I’m very excited about that.

Steve King  28:04

Oh, great. I hope that’s true. And I hope at some point we have we we also get a shot at getting our hands around your brand story, because with silence and with your history and what’s going on in the on the market opportunity side. There’s just so much so much of a ripe field here to plow.

Roger Sels  28:29

Definitely, definitely. I think there are many opportunities in in in this regard. And I’ll connect you to the relevant

Steve King  28:38

people. Yeah, sure. Why you, you, you and I know each other quite well, you know, what we do and who we do it for, and all the rest of that. So, you know, if it shows up as the right thing for you guys to do, then by all means, but I just love a great story. And you guys have a great story. It’s totally untapped. And so you can almost be guaranteed that you’re not going to screw anything up there. Roger, listen, I realized we’re like 10 minutes or so over. It was another cool conversation a year later. And I hope that in the next six months or, or so we can have a you know, maybe a little more optimistic conversation about the future here and be done with all of this kind of, you know, Emperor nonsense that we wandered into appears it appears like, here we were, you know, going about our daily business, and then all of a sudden we got a couple of clowns that are trying to yank the world’s chains and is so far doing a pretty good job of it. So that’s very concerning. And I want to get done with us as quickly as possible.

Roger Sels  29:46

I fully echo that sentiment and I hope in a way cooler heads will prevail. I think everybody wants to see this come to an end to some diplomatic or peaceful resolution. As soon as possible in terms of the cyberspace, I am more optimistic than I was a year ago, because we’re seeing some great international reform. We’re finally seeing organizations as well as governments take concrete action. I’m reminded of our chat, we had about SolarWinds. And you asked me, well, what are a number of measures that can be taken? And we discussed breach reporting, we discussed the as Bob, we discussed the compromised assessment. And most of these things are finally coming to fruition. So I think, yeah, while while we may be less optimistic about world events, let’s at least end on an optimistic note for our cyber domain, and then hope that rest blows over soon.

Steve King  30:55

Yeah, well, I’m eternally optimistic. So no problem from my side. I’m always hoping for the better. So anyway, thanks for taking the time out. I’m sure audiences enjoyed this, as it did the last time, and we’ll continue on. I’m sure. So thanks again for joining me. And thanks again, for your schedule.

Roger Sels  31:18

Thank you, Steve. Thank you again for having me. Have a great day. Stay safe.

Steve King  31:22

Take care. Take care, you too.