Our panel is entitled from threat to opportunity cybersecurity in times of crisis. And Barry is also with us. We cannot see him, but he is via audio connected to us so we can, can discuss the, the four of us and to start out with, I, I would really like to start with a question, what cybersecurity challenges are business facing in times of this crisis? And I'm talking about the real life scenario. What have you seen in the real life scenario when it comes to the new or unchanged, cybersecurity challenges that you've seen, and maybe we do it in the order, Matthias Barry and burner.
Yes.
Yes, absolutely. I mean, there are some pretty banal things, like, I mean, people using, working, working from an untrusted home local network, right. With having kids jumping over the keyboard with using personal, personal laptops and all this kind of, kind of, kind of stuff.
And, and as I said, initially, I mean, half of my zoom sessions I did, and I did thousands of them in the last couple of months I did with a doc coming in with kids coming in and, and stuff like this. And on a, on a more security based piece, a very uncontrolled usage of software tools and services is one piece, oh, let me quickly open up an AWSs three because I need to move something from my laptop towards somebody else. And especially, and that's my last point.
I mean, you see a lot of hackers that are COVID specific, right? Fishing campaigns that have for the Corona as a topic, you see it on a daily base. And due to the fact that the text driven conversation has been moved more, dramatically, more emails and so on, it's more easy to hide and lead with a topic like Corona. And these are just a few observations from the last couple of months.
Okay, great. Thank you, Barry. What would you like to add to the real scenario right now?
Yeah, thanks very much. Is I just follow on, on customers and prospects. We're seeing insider threat and social engineering having significantly ramped up over the past couple of months, but none of these are new. Right.
But, you know, I think the unique thing about, about culture is that it's, it's, it's a global epidemic, but epidemic, but it's, it's also a trust at a scale, certainly in my, in my lifetime I, where there was potential exposure of a trust with global in nature, in terms of cybersecurity, people are still picking on links that they shouldn't click on, but even more so now with the, with the topic of COVID in the headline, everybody wants to be up to date and everybody wants to know what's happen.
I think that's the biggest security challenge that, that we're certainly seeing fishing inside of up there still.
Okay. Thank you very much. Thanks for that addition, your thoughts on, on how cyber security has changed.
So, so one step to, to go back to what Matthias said is obviously the fact that the first element was for us at R say the remote access, because, you know, certainly, you know, from 10%, 15% of, you know, an organization which was remote in the past and suddenly hundred percent went to remote, I don't wanna even mention the fact sometimes they did, they didn't have any VPN, they didn't have any lap laptop. I have a story to tell about one customer that said they, they used to have desktop. And so the question was, Hey, should I grab my desktop and the screen back home?
So that that's very extreme. It's not really security related, but no more seriously. The business continuity management is, was something in a paper or something, you know, in a tool, but never pressed a button.
You know, it was like, Hey, we're testing it twice per year, but a lot of organization never used it. And then suddenly they had to, so I think one of the stuff was okay, fine, is it correct? Not correct. And the last two elements was something that Matthias and Barry mentioned. The endpoint is really now the attacks are face and fishing attacks have increased. And we've seen that as well at R say with our anti command center. We've seen a lot of fishing attacks, targeting customers. Yeah.
Right. Okay.
Just one, one short question, just to that, that you confirm or, or contradict, we executed a poll this morning, and one of the key functionalities that the participants mentioned that needed to be added, or that they are planning to add right now is, is MFA multifactor authentication. Is this something that you confirmed that you've seen in, in, in, in, in your business and in your practice as well? Maybe very not to start with.
Oh, oh yeah. I mean, obviously yes, because again, you know, they, some of it, some of the customer didn't have anything for part of the population. So instead of doing nothing and just a user name and password, they went to MFA globally during the past, during the first three weeks of the containment, we worked days and nights to help customers to find a way, you know, and MFA was the top one priority.
Right. Okay.
Barry, you can confirm as well also with your unified platform there.
Yeah, absolutely.
You know, I think when, when, when pretty much overnight, you know, your workforce comes from the office to working at home the next day, and I'm not sure, not sure what tools they have to remind, figure out if they're doing stuff security, we've seen a significant increase in customers contacting us about MFA and also a lot of education happening around MFA and the benefits actually that it can bring.
I think a lot of people are very aware of tofa et cetera, but I think really selling the benefits of MFA has, has, has become conversation that a lot of our market face teams are, are caught up in, on a, on a, on a daily basis. And you know, the one thing about MFA is, is it gives you that, you know, second level of security, if you like, that's, that's quick to deploy and, and, and very easy to adopt,
Right?
The, the easy to maybe for materials, just to add on, on that. Have you heard of any cases to that where, where the introduction of two F a MFA has at least gone wrong, or at least was, was a bit bumpy that, that people were locked out or something like that?
No, I, I, I don't, I don't have a concrete example, but I would like to add one other thing. And when, when considering the fact, like I said, also that in the last Deutche bank report on COVID and, and what will be the outcome or what will be the results that pretty much the, the move towards cloud workloads towards cloud application and stuff like this is launched. That means that at the end, I, the user credentials becoming even more important, right? Because you don't even need a, a certain device to access something.
And that makes also multifactor authentication everything around identity, a super critical piece, as for example, with micro 365. I mean, once you have the credentials you are in, right. And that's, that's, to me is extremely critical and important looking forward. Right.
Okay, great. Thank you. I I'm in my opening keynote this morning, I said that as a statement, more or less, I did not even even ask the question that I said that organizations need to reprioritize their cybersecurity spendings. Absolutely.
And, and if so, where, so the question it would be when you want to give recommendations for organizations where really, to focus on apart from that, what I said, what would be your starting point there again, maybe starting with,
So, I mean, we, we have defined, you know, this, I think terminology, which a lot of people are using today, which is dynamic workforce, you know, the dynamic workforce, which was one of the use case is now becoming the use case because, and within the dynamic process, you mentioned MFA, but there is many other aspect of, of security on the prioritization.
The fact that on the endpoint part, now we need to have much more monitoring and EDR is on another element, which is very important because, you know, we, we are providing with network, for example, platform logs and network and point monitoring. We've seen some network, which was suddenly completely silent because you, no one were there in the office. And so all the traffic was in fact, going through the endpoint only, and the VPN instead of, of the network placed where, you know, monitoring there was, we don't see anything.
Okay.
So it has moved to the dynamic workforce use case with within the dynamic workforce, we have plenty of elements, the cloud, the MFA, and also the monitoring of the endpoint itself, which is clearly as, as much as mentioned, you know, you know, the, the children's, and it's not only that, you know, we, so how many people are using VPN because, you know, VPN is, is very secured, but sometimes we just open it and then go. So, which is very important to mention. So the dynamic workforce for us has been design.
And, and that's what I want you to say from prioritization perspective.
Right. Okay.
Matthias, you want to add to that?
Yeah.
I mean, I'm obviously in the endpoint security industry and I, I sure. And, and, and the point is what we see sometimes we see let's, let's say in the, in the, in the legacy, the legacy environments sometimes pretty, pretty unflexible and DY to use these, these, these words, solutions that are pretty land based and, and, and, and heavy, heavy to drive.
And I guess it, it really moves towards having a thin, a thin kind of parameter securing piece on any end point that also, and this is, and that's, what's the reason why I like the, the presentation of Christoff, because I mean, we, we mostly talk about the, the top 100 and that's super important, but they can afford running a, so they can afford all of these, these different items and having the specialists and can pay them. But especially in Germany, we are talking about, let's say 95% of mid-size business.
And that means also the level of optimization, machine learning, all that stuff that allows us to, to solve a digital problem also in a digital manner, I guess, that that will help us. And we see, we are gonna see a lot of spendings moving towards really securing the end point, making sure I have historical data, making sure I have forensics that is nicely connected into the existing environment. I guess that's, that's, that's what we're gonna see as well.
Right.
And, and, and Barry, maybe when you, you're looking at things from a centralized identity platform basis, is this something where you, where you can relate to that this plays together? Well,
Yeah, I think, I don't know if it's hard to say, right?
Whether, whether organizations need to re priorities, their cybersecurity spend one of the, one of the trends that we seen pre COVID. If we can remember back that far was that mobility was certainly a growing and increasingly growing trend across organizations across Europe. I'm talking about now it was global trend, but particularly across Europe. And so the trend, I guess, of managing the remote workforce. So the work working from home workforce, the demands that are required, there are, are very similar to the growing and, and the mobility workforce trend that was in play beforehand.
And the common denominator there is, is managing the identity. And so if you look at management of the identity, you also see, and you look across the risk of the business. People are typically seen as the weak point, right?
So, you know, everybody tends to point to the problem between the, the keyboard and the chair. That's the weak point. But as I like to say, well, if people are the weak point security, isn't doing enough to, to enable them. And so if we look at Verizon's quotes and whatever else that they have for their, for their global report, they say 80% of breaches are typically down to credentials. And so if you manage somebody's identity and make it very easy for them, then what they don't know can't be stolen.
So I'm not so sure about the need to reprioritize reprioritize for cybersecurity spending is I think it may be a case of it needs to be doubled down and the business needs to really get behind it to, to drive it true so that people are gonna be secure and that the business can better manage its risk.
Okay. Got it. Thank you very much for your contribution. We already getting close to the end of our session. This is surprising, but, but, but maybe one more question, as we said, this is from threat to opportunity. What do you think?
What are the benefits that organizations that were thrown in this situation can take away from this situation? I, I have learned from myself to start with that. I think we, we had to do work from home, but when we do it correctly, we are capable to work from everywhere. And that is a business enabler in my opinion. So that is really an opportunity. What other aspects can you think of, or do you contradict, or can you confirm that maybe again, starting yeah. With Matthias this time.
Okay. Yes.
I mean, I, I can absolutely agree to that. I mean, one thing is embrace cloud. I think the movement towards cloud will increase and will be accelerated. And the exception rate of, of cloud workloads, I would say will, will move north. And that's a chance we're gonna see less traveling. This can also regard it as something of as, as a security piece or a productivity piece. I guess we gonna make some gains here.
I, I, I had this story of the CEO who, who will very likely go down from 200 days of traveling 200. This is also a, a, a cost piece.
I mean, it, it, there's a lot of gain in that. And, and I think we are gonna see a, a faster, and that's also a gain a faster, I, I would call it the next wave of virtualization with Kubernetes, with, with stocker moving workloads, being able to spin them up on in milliseconds and, and gaining to that dynamic workforce as, as Bernard is saying, I guess there's a lot of that. There's a tremendous amount of opportunity that has been accelerated through. COVID
Great.
Thank you, Barry. Again, maybe to add to that, where are you seeing the actual business opportunities that can come from this situation?
Yeah, I think, I think as, I think as Matthias just said, you know, one, one of the words that he used there was trust, and I think that's gonna become key across all business levels and across all teams going forward post COVID definitely think travel's gonna fall off quite a bit. Workforces are gonna become more decentralized. And so therefore solutions and, and, and solutions and services that are put in place need to be able to adapt to that.
Again, back to the trusting from a security perspective, I think that security leaders right now have a, have a huge opportunity to position themselves centrally with business leaders to, to really lead on how to secure the business going forward. Cause this is totally unprecedented and key to that will be speaking in the language that the board understands. So I think trust across the board, both from an employee perspective, but also from a business and a security perspective is gonna be key.
Okay. Great. Final question to you.
Be Bernard before we close down, what, what do you think are the benefits on top of that? What we've already heard?
So at we have defined four phases in that big S that we've never seen before contain that was the step one sustain access and adapt. I wanna go back to the business continuity part. I think customer would sit down and try to find out, Hey, how did we manage the crisis? How did we manage the bridge? Because not a lot of people are talking about it today, but definitely when, when they will go back a little bit, they say, okay, fine, we've been bridge.
So I think the business continuity management and the bridge management or crisis management are something they need to sit down and understand how they did because some of them did very well, but some of them, it was very, very, very difficult for them just to sustain. It was not only putting the people at home, but Hey, how can we make a real business continuity management in a proper way? And how can my sock still be alive? Because suddenly, you know, 15 people or 20 people were not working together. So that's my, my thought.
Okay, great. Thank you very much.
I have, I actually have to, and I don't want to close down this session. Thank you very much, Matthias. Thank you very much, Barry. Thank you very lot for participating. That was a really nice discussion and I learned a lot and I'm looking forward to talking to all of you again and the next time face to face.
