Q: How would you describe the cyber risk landscape today?
John Bennett: It is changing. The last couple of years we've seen with ransomware -- we've seen this begin to change and now with world events — it is it is accelerated. So it has been changing pretty significantly, pretty quickly.
Q: You were the Special Agent in Charge of the San Francisco FBI office — you've been doing the cyber game for a while. Can you tell us about these threat actors? Who are these folks?
Part of my FBI responsibility was being aware of and in tune to what is going on in the cyber landscape. The cyber threat actors are criminals; they're nation states. Sometimes there is a gray area in between the two -- that criminals operate because they're allowed to within countries that are that are allowing it. They're a group of people that are some of them are old school that have grown up writing code and are really good at it. Some of them are the script kiddies, the new kids on the block.
Q: How is the world’s geopolitical situation impacting where they operate?
I think one of the changes that we're seeing in the threat landscape is that we're seeing exodus of people from countries that they can't operate in, they can't get out to the internet, they can't get a hold of their crypto payments, and they're going to start moving into countries that are easier to operate in. I think you'll see some of the European nations and some of the Asia Pacific nations become really hot and heavy in the coming years.
Q: Do they operate all by cryptocurrencies — is that how they get rewarded for their evil deeds?
Generally speaking, that has been the big change. Crypto has enabled this ecosystem to really explode. In the years past, money would have to have been transferred to a bank —that's easily trackable. Crypto isn't as easily trackable by law enforcement. Although, the FBI did claw back a significant amount of the millions that were paid in the Colonial Pipeline. The safe havens, that crypto was un-trackable — threat actors need to start thinking about the capabilities of law enforcement, their skills are also improving.
Q: What does it mean that the threat actors are on the move? Does that raise the risk to companies?
I think companies have traditionally been comfortable that threat actors are known in certain parts of the world and certain ecosystems, but with the war torn nations and threats around the world, those threat actors are going to start moving into more comfortable places in the world. And so if you're, if you're tuned to certain IP addresses that are not prohibited or are not allowed on your network, that may change a little bit you may have to start thinking about you know how to return things because threat actors are on the move.
