Claire Trimble - The Desensitized Cyber Market in today’s Overheated Breach Reality

Automatic Summary

Understanding the Desensitized Cyber Market in Today's Overheated Breach Reality with Claire Trimble

Welcome to a deep dive into the much-discussed topic of cybersecurity in an increasingly digitized world. Today, our expert voice is Claire Trimble, the Chief Marketing Officer at Elusive, a leading cybersecurity company that focuses on threat detection.

The Overheated Cybersecurity Market

For more than two decades, Claire has worked with B2B tech companies, dedicating the last 10 years to assist cybersecurity enterprises in launching their products. The cybersecurity market, Claire notes, is both highly complex and intensely overheated. From ransomware episodes that are hitting headlines daily to cybercrime expected to cost industries trillions, we are living in precarious times where cyber protection is non-negotiable.

How to Disrupt an Overcrowded Market

In such an intense atmosphere lies the unique challenge of marketing and positioning products in the cybersecurity space. To rise above this noise, sometimes one needs a unique poet-a former hacker, for example. At Elusive, they brought Alyssa Knight into their content creation process. Alyssa, with her background in hacking and subsequent experience with the intelligence community, brings the perspective of an attacker, thus presenting a raw, unfiltered, and painfully honest depiction of the attacker mindset. Her content can be seen at elusive.com.

The Explosive Growth of Cybercrime

Along with the dramatic increase caused by COVID-19 related exploits, cybercrime is projected to cost the global economy t$10.5 trillion by 2025. This astronomical number points to the harsh reality - we are at war against highly sophisticated attackers. Ransomware, an increasingly popular weapon of choice, is growing in sophistication, evolving into Ransomware-as-a-service, a sinister business model that's making billions every year.

Understanding the Role of a Chief Information Security Officer (CISO)

With cybersecurity now a boardroom discussion, it's worth understanding the role of the ever-essential CISO. The CISO, primarily responsible for securing corporate data, software, and systems from breaches, works in an intensely pressured environment. In 2020 alone, about $211 billion was spent on cybersecurity systems. And yet, the increasing incidence of cyber-attacks and data breaches point to reality – more needs to be done.

  • Ransomware episodes have increased by 700% from last year.
  • The recent SolarWinds attack impacted about 18,000 customers.
  • Colonial pipeline, responsible for almost half of the East Coast's fuel supply, faced a significant ransomware attack.

Security Priorities in a Risk-Laden Landscape

Given this security crisis, diversifying security has become crucial – analogous to layering security for a house. But with around 3,000 vendors operating in various categories in cybersecurity, it can be a challenging task to understand which play the most critical role in securing your digital assets.

Cracking Through the Noise with Elusive

At Elusive, they tackle this issue directly by creating a hostile environment for attackers within their clients' network infrastructure, much like a honeypot tactic - but with a twist. The reality of an overheated, desensitized market needs an equally robust and disruptive response. By creating an environment that snares the attackers in their deceptions, Elusive indeed provides an 'elusive' field for these cyber adversaries.

Elusive's value proposition is simple and bold: if something goes off, something is wrong. Special events like the upcoming one on June 30th, where Alyssa will disable EDR and launch a ransomware attack, showcase exactly how Elusive's unique approach works.

Conclusion: The Battle Continues

In the fight against cybercrime, innovative companies such as Elusive are creating unique solutions to engage and protect. With Elusive’s potent blend of cybersecurity expertise and disruptive marketing strategies, stakeholders can begin to feel a glimmer of reassurance in an otherwise chaotic segment. Join the conversation, witness cutting edge cybersecurity in action, and perhaps even be a part of the solution at Elusive’s upcoming event. Indeed, there’s never been a more exciting time to be immersed in the world of cybersecurity.


Video Transcription

My name is Claire Trimble and I am the chief marketing officer um at a company called Elusive. We are a cybersecurity company and um we are focused on threat detection. I'm thrilled to be here today with all of you.Um There's been some amazing, uh amazing women that are on the panel are that have been presenting uh this week so far. Super impressive. So my topic is the desensitized cyber market in today's overheated breach reality. Um Some of you might be wondering, you know, what exactly that means. Um And I, I realize that some of you might have, um you vary in terms of what your knowledge is on cybersecurity. Some of you may dive pretty deep and, and some of you may not have any knowledge at all. Um What I will tell you is that this is a very complicated market and it's extremely overheated. Um I've been in, in uh B to B tech now for over 20 years. Um And the last 10 years I've spent focused on helping cyber companies bring their products to market and position um their products um to their various audiences. It couldn't be more challenging to nail the market, the buyer and the message in this space. Um And one of the reasons for that is that it's overheated.

So, um I'm gonna take you on this journey today that talks, you talks to you a bit about the very unique, a unique aspect of marketing in cybersecurity. And um one of those reasons it's so unique is that it's, it, it's overheated. Um You know, you're, you're hearing about cybersecurity in the news all the time. Um Ransomware is really our new global data pandemic, right? Um We're not vaccinated and um we are seeing a new ransomware attack hit the news almost daily at this point. Cybercrime is expected to cost the industry in the trillions of dollars and our persona, the chief information security officer is highly desensitized. Um They've been promised um that they uh the products they purchased will work. Uh And there's lots of failed promises on their plate.

The other thing is that it's a really crowded market. So coming up with a disruptive message that rises above the noise in this space couldn't be more difficult. Um And so, you know what I, what I'd like to talk to you a little bit about today is how we at um at elusive our um are rising above that noise and I actually was gonna share a really exciting video with you. Um Unfortunately, you can't see my side. So I'm gonna share with you. Um you know, what it is. Um What was in the video? What we did at elusive to rise above the noise was we hired a former hacker, her name is Alyssa Knight and we hired her to really create content with us and give us that view from the attacker. So we believe at elusive that if you're not, you know, really thinking like the attacker and understanding what is going on in their heads and what they're capable of, we can't beat them as a society. And so we brought Alyssa into our con our content uh creation process. Alyssa is a former hacker. She was uh arrested at 18 for hacking into the US government. She um then went on to work for the intelligence community and now sh uh law enforcement hires her to do pen testing and hack into their automobiles.

So she's got a really fascinating, interesting background and what she does with us is, is create content and give us this character of what, what, what's going on inside their minds. And if you'd like to see some of the content that she creates with us, um, you can see that on elusive.com, um or you can also reach out to me at C Trimble at elusive.com and I'm, I'm happy to share that content with you, but you'll, you'll, uh when you do look at our videos, um she's swearing and she's smoking and she's calling these products shit and she's doing things that it's kind of shocking, but that is how we are disrupting the market is, is bringing someone in that's a bit controversial who is being painfully honest with our customer.

And to understand why we made the decision to do that. This view from the attacker. You've got it, we've got to put it in context. This is, this is global warfare at this point. Um, cybercrime is expected to cost the world $10.5 trillion annually by 2025. That is an austro astronomical number. And the new normal of COVID-19 has amplified cybercrime. When people went home to work, it increased the attack surface companies weren't ready for it. And if you're thinking that, you know, the attacker is like some guy, you know, that's in a hoodie in a garage trying to hack into an enterprise that is no longer the case. These are highly sophisticated Attackers. They are nation state Attackers who are looking to, um get into your infrastructure and your environment and steal IP data and um and just information they want to stay there as long as they're, they can, they want persistent access and then there's organized crime. That's the other type of attacker that we're dealing with organized crime, then takes the money that they make from ransomware and they funnel it into things like um human trafficking and drug trafficking. Ever heard of software as a service. Well, ransomware as a service. That's a thing and it's making billions every year. So we know we're at war. I am marketing, we are all marketing. Anyone in this space is they're marketing products um, in a, in a warfare zone. And to, to, uh, a persona that is so des desensitized.

Our persona is the chief information Security officer. The chief information Security officer is responsible for se for, for securing corporate data, their software, their systems, um, from a breach. Um, the first Chief Information Security Officer uh was Steve Katz and he was hired by City Corp in 1998 today. About 62% of companies have AC O. And what's really interesting about the co is that about 40% of them now have been elevated to the CEO. This has become so critical that they've bypassed the CIO they're reporting directly into the CEO. We are now even seeing chief information security officers report directly to the board. Ransomware is now a boardroom discussion, couldn't be more of a stressful job than to be ac so, um they're defenders and they need to be right every single time, right? The Attackers only need to be right once. They just need to get in once. And so think about what's going on through a ciso s mind as they're making their investments um in terms of spend the investments they make, they're spending about 211 billion. Um or they spent about 211 billion in 2020 56% of it leaders will allocate more than 40% of their budget to cybersecurity. And on average, you see, um an enterprise have anywhere from 75 to 200 security tools or solutions deployed in their sock.

Interesting fact about this, many of those tools get turned off and the reason they get turned off or even ignored is because so many alerts are going off all the time. Um They call them false positives that they can't keep up with all of the alerts. And so think about being in this, in this world of, of trying to secure this infrastructure and then you've got these vendors that um are trying to sell you more products. All of that being said 202 111 million has been spent. There are two truths. The US just fell victim to the largest cyber attack in history. Nation state Attackers made their way into our global sta our global supply chain and ransomware is at an all time high. How can that be? Investments are being made? We're diversifying products and yet we have not won this war. The reality is ransomware is up 700% from last year. Uh Nation state Attackers, the most recent nation state attack which is most often referred to as solar winds got into the solar winds product orient, which is a it monitoring uh it's it monitoring software. So it made its way, they made their way into about 18,000 customers.

So think about that 18,000 customers are impacted. Um The one that you've probably seen on the news most recently is Colonial pipeline. So that's being seen as probably one of the most significant attacks. Um in history, they made our way, they made their way into our fuel supply.

They were hit with a ransomware attack. Um Colonial pipeline is responsible for something like 45% of the East coast, east coast fuel and they got ransomed. So we know this is impacting our critical infrastructure, our fuel um and our food supply J BS meat got hit and 1/5 of the of the meat supply got wiped out. So what does all this mean? So Biden just uh issued an executive order that said we have to have stronger security. 211 billion has been sent and Biden saying we gotta have stronger security. What does that mean? Um One of the things that's outlined in that executive order is that we've got to have more endpoint detection. So all the assets that are connecting to your infrastructure, we we've gotta make sure they can't get in through the perimeter um in the case of solar winds, um the very very sophisticated Attackers bypassed those tools, they disabled and bypassed end point detection and response.

And so that being said, how does the Chief security officer know what to do in this situation? Um It could not be more complex. And you know, one of the things that we talk to our, our customers about is diversifying your security. Think of a house. Right. You, you've got your home or your apartment, wherever you live, you've got locks on the door, you've got, uh, an alarm system, you might have security cameras to give you visibility if anyone's creeping around your home, um, you might even have a safe in your house or you're locking up jewelry and money or what have you, you're layering on your security making it very, very difficult for them to get in.

But at the end of the day, if a burglar wants to get into your home and they're super persistent about it, they probably can't. And that's the way that we look at it in cybersecurity today. You know, we talk about this journey of marketing and positioning products in this space today. There's about 3000 vendors in all the various categories in cybersecurity, whether they're securing your mail, your, your um your email, your um your network, the cloud. Um some products are making sure you can't get in and some products are making sure once you, you get in you, you can't get access to anything. 3000 vendors, we spent about 200 billion, as I mentioned in 2020 all those products deployed. Um uh One study just said um of large enterprises that 20% of employees would sell their credentials for less than $5000 rendering all of those tools and solutions useless. So I'm, I'm, I'm painting a picture of the magnitude of this problem. The Attackers are getting their way.

Um And they're doing things like bypassing the perimeter. Um They, we have this saying in um in cybersecurity, they're living off the land, they get inside your infrastructure, they either move low and slow so they can steal information and data or they get in and out and hit, hit you with a ransomware attack. But either way they're moving laterally in your infrastructure to escalate privileges and reach the things they want. And so what we talk about in, um, in cyber security and what we're doing at elusive is, is looking at how we fit into the security ta uh stack. So you've got your traditional threat detection uh solutions which you're focusing on keeping those um, those Attackers out. They put you on the defensive. And um, there's, there's two different types. So they're looking at known threats, which we look at which we call signature, right?

That's a threat I've seen before. I'm not gonna let it throw and we look at behavior. We look at anomaly behavior. So John's logging in at midnight, um, it might be, he's downloading files that might be an anomaly. It might be an odd behavior. But is it malicious? It could just be that John is working late that night. So those are the traditional types of security tools there's also the tools that assume compromise. And this is where Lua fits in where we work. Um They're deterministic. So they focus on pre, pre uh preventing that lateral movement that I just described. Um we put the attacker on the offensive. So if an alert goes off with us, something really, really naughty is happening because we are um deploying deception and creating this synthetic, synthetic environment.

If that attacker takes the bait, something's wrong. And so when you look at the two different types of threat detection in all the various categories, what one is the most important and rising above the noise again, I'll, you know, I'll say it's overheated. We're losing the war are buyers desensitized and you have to come up with a disruptive message. Our disruptive message is that we are creating this very hostile environment for, for Attackers. We are going after the top the attacker directly and it's probably a, a good time um to talk to you about what our company does. And, and one of the most fun things um that I love to do is is tell a corporate story and talk about why the company that I work for is unique. It's the most fun part about being in marketing at elusive. We have a great story to tell. Um We were actually uh founded by Nation state Attackers. So uh our chairman of the board is a gentleman by the name of Nadav Sari. He was Israel's uh commander of their 8200 unit, which is um their version of the NSA. And then um we've got uh a gentleman by the name of Mike Rogers, who is our head of our uh NSA, who's also affiliated with our investor and is an advisor to the company.

And so the DNA that's in our company understands Attackers and understands how to build a product to go after the hackers and the Attackers. And so we tell that um in our story, and we talk about um the fact that we assume compromise and we create a very hostile environment for the attacker once they're in um by deploying agent list deceptions. So the cool part about what we do, we send uh an executable file to the endpoint that deploys deceptions and it dissolves immediately. So it's completely undetectable by the attacker, the attacker. So once the attacker is in, if they're fooling around with deceptive credentials, they're caught, there's absolutely zero reason for you to be doing that. And so that's why we talk about the fact that our um our technology is deterministic. If something goes off, something is wrong.

Um And, and our customers love us, you know, one of the um one of the things that uh we do very, very well and it was not by design, um about 50% of what we catch today are insider threats. So if you look at ransomware and nation state attacks, they typically start with an insider. And so, um, we certainly have that front and center in this great story that we tell as well. And there's no better solution when, when you're, once you're inside that environment to stop ransomware, because today it's, this isn't the normal commoditized ransomware. The ransomware attacks that are happening today are targeted ransomware attacks with a vicious human being behind them.

And so, um, and that is part of our story and it's a, it's an overheated story, you know, we, uh, and it's, it's a, um, it's a controversial story. We, um, we built a campaign called View From the Attacker. And as I mentioned, Alyssa is the star of that campaign. Um, we hired a former hacker and we built her Cyber range and we brought her into our cyber range to go up against our technology and we record it and we share it with our customers. And it's interesting when we first did it, we wondered, wow, are we, you know, are we gonna offend people? She's very, um, in your face she's using, using language one weekend, she texted me and she said, if, and hate elusive, I can't get by you. And so I'm like, I'm putting that in our messaging. And so, uh, we came up with something, um, pretty edgy and experiential. And, um, and that's the approach that we're taking on elusive and the result of that has been fantastic. Um, uh, we have seen our, our leads, go up our engagement with our customers. Uh go up, we now have a following um for Alyssa's content. And, um, I'd like to encourage you all to join us at our next next event which is going to be on June 30th at um, at 830. You can register for it at www.elusive.com.

Um And, uh, you can see her go into the Cyber range, she's gonna disable EDR and she's gonna launch a ransomware attack. And so, um, with that, I'd like to thank you for your time and, um, thank you, hopefully you'll join us at our next event.