KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
And good morning. It is an absolute pleasure to be here physically and virtually. So welcome to everybody. A Vodafone. We look after over 300 million users around the world, over a hundred million IOT devices. And in that sort of huge array of single information and data, I think sometimes we lose the individual story and that's something I wanted to just start today's presentation with the story that starts nearly 160 years ago. A gentleman here in, in 1863 called Alfred. It was the day after Valentine's day and he wrote his mom a letter and he said, dear mom, I'd like to buy a brewery. Now.
I'm not sure what happened on Valentine's day to make Alfred really want to buy a brewery. At that time, the beer industry was, was really failing and he, and he thought he saw a gap in the market that gap in the market grew to be Heineken. That chip about 250 bottles of Heineken, every single second around the world. It's a business. That's about two 25 billion euros a year in 1983. Alfred's grandson, Freddy on the 9th of November. So just a couple of days ago was kidnapped. He was kidnapped and held for what was then and still remains.
One of the highest ransoms ever paid 35 million gilders, which is about 60 million euros. Today. Freddy was targeted by a, by a small group of what described as entrepreneurial criminals. They looked through a list of the, the most prominent and richest individuals and along the CEO of Phillips and our hold, they did their research and they realized that Freddy was not only the richest, but the easiest to kidnap. And even then they tried on two or three different occasions to kidnap him.
And you see just at the bottom bottom left that sort of the white building there in the port of Amsterdam, they invested a hundred mil, a hundred thousand guilds of their own money, built a false wall at the back of that and created two cells cuz they realized they couldn't kidnap Freddy without also kidnapping his driver RO over. They held him for three weeks. They communicated with the police using a series of coded messages, coded adverts in newspapers. They masqueraded as a, as a, as a German gang using German type writers and writing in German to the police.
And this was one of the proof of life photos that they sent. Doesn't Not particularly happy at that point. You wouldn't be would you also wouldn't exactly. Be too happy if your family waited three weeks to pay the ransom.
I mean, 20 milliseconds may have been really helpful to him, but the three weeks, if my family waited three weeks to pay for my ransom, I'd have some questions to ask when I got home that's for sure Paying the ransom was part of it. So 35 million guilders it's a lot of cash. Think about the amount of buckets. The original plan was to take that cash and to do a sort of an exchange for the hostage in the port.
And then the, the, they realized actually that that much cash in big barrels dropped off the side of a boat and picked up by another boat was very, very heavy and they didn't think they managed to do that. So they put a series of instructions in cups, buried them in the ground, sent the police on a, on a chase. And eventually they took the money, slipped it down, took what they could carry and then buried the rest.
They, I think they took 18 million and buried the rest in a, in a forest just near his eyes as they were doing this, an anonymous tipoff alerted the police who sent a SWAT team and they found Freddy and his driver and released them, which prompted a huge manhunt for the kidnappers. They didn't get away. Two of them got as far as Paris, the Interpol collected them a couple of weeks later. And this is what I love nearly all the money was recovered. There's still 8 million. Guilders in a big tub, somewhere buried in a forest near Amsterdam.
So if we've got the time after this, event's over, I'm willing to hire a mini bus and we can get some shovels and go and look for it. The kidnappers we're all sentenced to between 10 and 12 years in prison, it's a classic kill chain researcher target understand how to attack and then control an item of Supreme value effect to ransom and then get away every single stage in this kill chain for the, for those kidnappers was somehow flawed. It actually took them three attempts to kidnap Freddy. It only got him on the third attempt. The attack itself was botched.
The control piece was relatively well executed and the ransom and then the evasion clearly didn't work so well. What I find interesting is that this kill chain and this process has not changed at all. It's just been updated. Caston talked yesterday morning about the dual problem. We face of digital transformation and an expanding cyber threat, brutal innovation on the anniversary side has allowed research to happen in much wider, much more quickly without borders attacks can be prosecuted at any point.
I think 11 cyber attacks happen every single day and control is easy unless you're using deep learning to stop that right at the start Ransom is then enabled and paid anonymously. And the evasion also happens because nobody ever has to escape to anywhere.
Now, what we've seen is a degree of evasion starting to really come to the fore and authorities are starting. We saw this in the last few days to take down ransomware gangs.
However, they always tend to pop up again. The us treasury identified what they believe across the 10 major malware groups, 5.3 billion worth of Bitcoin transactions. In the first half of 2021, they've identified a hundred million per month of ransom. That's been paid across those 10 major ransomware elements. The key piece here. And this is one of the things that we also touched on yesterday for me and for Vodafone in particular, is that the industrialization has changed the economic model on the side of the attackers.
It's no longer important or actually the payoff isn't as direct to go after a few very difficult, very well protected, very well funded organizations. The cost to prosecute a ransomware attack is now way, way below what we could ever imagine. We've all seen the ransomware kits that you can get ransomware as a service kits available for. I think the prices now come down to about $39 for a full ransomware kit. You can extend that and buy a full graduated service from bronze all the way through to platinum for an unlimited license, but $389.
Yes, there's an element of profit share. Typically about 30% profit given to the ransomware provider and 70% remains with you as a cyber criminal, you do get online tech support. You do get very well and very beautifully prepared instruction manuals. There's even videos on YouTube that you can go through. And all of that has meant that actually we are in a true industrial age for ransomware and the payoff allows you to prosecute hundreds of thousands or millions of these attacks at any one moment.
You trade that against what's happened to all of us in the last, in the last two years, we've accelerated our digital adoption hugely. So that systems and organizations that weren't actually supremely digitally reliant to anymore are now I think very carefully about what that means to organizations of all sizes. And that actually does mean, and we should feel this.
And I think we do feel this, that we are living in a, an age where we are sort of sitting on that cybersecurity digital fault line where it's not any longer the extent to which we can be individually targeted, But will be taken out by aftershocks by pre shocks, by large seismic events that happen across our entire supply chain. And we talked about supply chain vulnerabilities in the number of different aspects that relate to this. And the critical aspect is that the cyber criminals are not discriminating. What they are is hugely and supremely motivated by profit.
Now we've seen some of these, whether it's a hospital in Ireland where the disruption caused means that children can't get operations. And seeing a doctor we've seen that in, in, in one pretty disastrous week in the us not only did the two and a half million barrels of oil that go down that colonial pipeline get turned off so that our American cousins couldn't fill up their cars and drive to their cars.
But there was a moment where when, when JBS was taken down and the massive amount of meat processing was also taken offline, that potentially they couldn't then drive to a burger joint to eat a burger. Now some of us might think that's not such a bad thing, occasionally.
However, what it highlights to us all is that the supply chains and the organizations that give us very simple things like filling out car full of gasoline or petrol and going out and having a meal, as well as the things that we deem much more critical, like digital processing and healthcare are supremely at risk and being targeted every single day. And at the same point, a lot of us and a lot of the people watching this are working from home. So we are protecting still, I believe we're still protecting empty officers.
And whilst we've extended elements of zero trust into the home and into people's hybrid workspace, we're not really thinking carefully about everything. That, that means. How do you manage and support your organization when they're working, not from boardrooms, but from kitchen tables. We've talked a little bit about employees and users being the single point of failure. And yet there's no patch for people. A patch for people is actually trusting them, empowering them, giving them training awareness and allowing them to understand how they operate in that hybrid context.
I think a lot of us haven't quite worked that through yet the critical bit here for me, isn't that they're the weakest link, but they're your first line of defense. And then the biggest question is how do you respond in real time when your organization is distributed? When people are working remotely, when you can't necessarily trust a mobile phone, a tablet or a laptop or somebody's home wifi network. And we've seen the attacks increase, ransomware tax are going through the roof. Our researcher, our intelligence tells us that since March, 2020 cyber attacks are increased by 31%.
And the critical thing is how do you respond from home when you can't necessarily trust or use the devices that your employees have been given? How do you manage a global crisis? How do you understand and do that entire process in a distributed way without allowing organizations and individuals to know what's safe. If the fire alarm went off in this room today, I think we'd all know what to do. We'd get up. We'd pick up our most beloved items, probably a coat, cuz it's a cold outside and a mobile phone. We'd go down the stairs. We'd be guided.
There, there would be lights, there's little green lights to tell us where to go. We would also understand if we smell smoke, how to raise the alarm And we'd stand outside in the cold until somebody in a fluorescent jacket normally told us it was safe to go back into the building or the fibroid turned up to put the flames out. Almost none of this muscle memory exists in a cyber attack. How do you know when you can sound the alarm? Where should you go? We know that we really shouldn't use the elevators and the lifts.
Should you use email in the, in, in the event of cyber attack, is that just gonna propagate further Mauer and lateral movement? This Security teams will probably know the users and employees probably won't and that's just for large organizations. And the average time to respond is about 21 days, Which Would take us into December. Imagine turning your organization off until December. That might be quite nice for some of those. Give us a little bit of a break. Tangentially.
That was the same time that Freddie Heineken was locked up in a little cupboard whilst he was held capture Heineken continued to operate. The difference here is that whilst your organization is held ransom, large portions of it, aren't able to operate. And that brings us, I think, to the next big question, which is when or how should you pay a ransom now, some really good news nested within this good news from last year to this year, we've got much better at stopping ransomware attacks. Ransomware attacks have gone from being successful.
73% of the time in 2020 to 50% of the time in 2021, the bad news is that actually we are paying the ransom more often, even though Europe, Interpol, FBI, everybody tells us that what you are doing is funding criminal activity and that paying a ransom does not mean that you won't be attacked. Again. I think 80% of organizations that pay a ransom are then subject to another ransomware attack. Only 65% of people get their data back. Very few organizations get all of their data back.
And we've talked about the double or triple extortion techniques also paying the ransom is only a tiny bit of the recovery costs. That's the really key bit. I remember talking to friends of mine at me, the ransomware attack, the bricking of the technology was only part of the cost reputational damage. And the fact you have to turn off all of your trade systems and for them hundreds and hundreds and millions of tons of shipping that was literally left or drift ports that couldn't work. So what do we suggest you do?
Well, there's a rule of thumb and I do start with predict, predict, protect, and then prepare particularly predict where the threats are, what your risk will be and your digital footprint in a hybrid world. That's massively critical. I think a couple of years ago, we probably knew where our major assets were. We knew where our networks started and ended, and we had a good sense for the devices and the partners we worked with. But that digital footprint to some extent is a large unknown.
Now the second big step is focus on the people, not as your weakest link, but as your first line of defense, because when the technology gets turned off, all your left Ws are empty buildings and people in their kitchens. And if you internalize that thought process, then there's a really interesting thing that comes out, which says focus on your people, not just behavior and awareness training, but in the moment support. And that comes onto my final point about resilience.
In the last two years, we have become ever more reliant on technology even to come into this room and into this event, a lot of us here in person had to show our proof of vaccination. That's all digitally enabled, enabled a lot of us to fly around the world. Now only because we can share that information digitally. We are digitally reliant and yet at the same time, decreasingly resilient and resilience doesn't mean stopping the attack. Resilience means continuing to operate under constant threat under constant risk, but also under constant disruption.
And that's where I wanted this support to stop because we genuinely believe that cybersecurity, no matter your size is a right, that you should be able to expect. And it shouldn't just be for the largest, most well funded, most complex organizations, but it should be for all of us. And if there's anything we've learned about ransomware in the last few years, that it only takes a single person, it takes a single device or a single click. And in that event, the individuals really do matter amongst the millions. So thank you.
