Twenty-year cybersecurity veteran Derek Manky has explored the digital threat landscape from just about every angle.
As the Global Security Strategist for cybersecurity software provider and industry leader Fortinet, Manky collaborates with business leaders, government authorities, international security networks, Fortune 500 CSOs and CISOs, plus other stakeholders to create innovative cybersecurity solutions and advance collaborative global threat mitigation efforts.
On April 25, Manky will deliver a keynote address at the 2018 Epic Technology Expo, Manitoba’s premier ICT event, to discuss the current and emerging threat landscape, the growing influence of global cybersecurity networks, and why he’s optimistic about the future of cybersecurity.
We recently caught up with Manky to get a preview of his upcoming keynote presentation.
The following interview has been condensed and edited for clarity.
You’ve been in the cybersecurity industry for over 20 years. How would you characterize its evolution during that time?
Prior to joining FortiGuard I was doing a lot of reverse engineering — studying computer code at a bits and bite level. I joined Fortinet’s FortiGuard Labs 14 years ago as a threat analyst, and at the time we had about 25 people in our security operations centre, which was fairly large at the time for a network security company.
Now we have over 215, which is very large. In fact, for a network security vendor we’re the largest security operations centre out there. Fourteen years ago we were focused on spam and botnets — that was the threat landscape back then. Today we have experts just looking at mobile security, Internet of things (IoT) security, internet of medical things (IoMT) security and operational technology. We have a dark research team going on the underground following the tracks of cybercriminals.
There are so many areas to look at, and each team has to work together to push out updates to our customers.
What are some of the emerging areas in the threat landscape that will become increasingly significant in the coming years?
Cybercrime is a business, and they need to make their operation as profitable and efficient as possible, so they follow the path of least resistance. Traditionally, cybercrime used to be bank trojans — stealing bank accounts and doing wire transfers. That still happens but it was the main thing 10 to 15 years ago.
The most current attack we’re seeing is crypto-jacking — using the processing power of infected devices to do crypto-mining, often using IoT. In addition, we’re seeing more targeted ransomware attacks.
It used to be about numbers — if you infect five million people with a five per cent conversion rate, that’s a big paycheque. Targeted ransomware is more about going after critical services of businesses — potentially millions in revenue that can be ransomed. That’s another trend we’re looking it.
But probably the most current are swarm networks, which you can think of as black hat artificial intelligence (AI). The idea behind swarm networks is having different infected components of the network that are able to collaborate on their own in pursuit of a common goal.
How is the industry evolving to mitigate these risks?
The defence strategy to a swarm is what I call a hive. A hive is a group that contains multiple components that can work together in a strengthened defence.
If you look at what the industry is doing, we used to have point solutions — for example, a mail appliance, software on your endpoint device, a gateway appliance, a data centre and things like that. The hive defence model is about using those various solutions to work together to be aware of an active attack, and in real time, form the appropriate defence. That’s where AI is going in the security industry.
Our hive defence solution is the Fortinet Security Fabric, which protects the whole network with a single management interface — from IoT to the cloud.
The theme of the defence strategy seems to be collaboration, though it goes well beyond collaboration between software applications. How is the industry working together in new ways to guard against cyber threats?
Cyber Threat Alliance began in 2014, and Fortinet is a founding member — we’ve been there since day one. It’s been really refreshing because it’s completely unprecedented. Our members include an array of different players in the space, led by founding members from security vendors. We all work together to help each other, and I can tell you from firsthand experience that it’s a very positive environment.
One of the things we’re trying to do is make it more expensive for cybercrime to operate by levelling the playing field. If one Cyber Threat Alliance member discovers an attack, they can share it through the alliance in real time — then we can deploy a solution to our security software, shortening the response time.
How is the industry becoming more proactive in general?
Most security is reactive. It’s the patient zero problem. After patient zero everyone is aware of the threat and can defend against it, but we need to be proactive to prevent the first attack.
One proactive effort is responsible disclosure, or ethical hacking. In a nutshell, it’s an elite team that works closely with Microsoft, Adobe, IoT vendors and others to discover cyber weapons or security holes before the attackers do. That’s how we’re winning the arms race — by creating the defence before patient zero.
With the Cyber Threat Alliance, we are also proactively researching these cybercriminal playbooks, sharing that intelligence before it becomes public, and adding defence before the cat is out of the bag.
We also work closely with law enforcement. I’m on an expert working group with Interpol, which includes about 100 people, mostly from law enforcement but also from the private sector. The idea is looking at how we can be proactive on the law enforcement side and be proactive with information sharing — stopping those attacks and arresting the people behind the scenes or freezing their assets and ideally returning proceeds of crime.
Overall, what advice do you have for Canadian businesses looking to become more secure?
Keep it simple — complexity is the enemy of security.
Start by identifying your digital assets — the things that will hurt the most if they’re attacked — and start building a defence model around those crown jewels.
Too often people build a fortress against an invisible enemy, but from a strategic perspective it’s simpler to figure out what your assets are, who your enemies are, and start building a solution around that.