Sean Forkan has worked in cyber security since the early 2000s. He is the first to admit he hasn’t seen everything in his field.
“It was really shocking to us, at the end of Q1 that we had seen attacks increase by 100% quarter on quarter,” said VMWare’s VP of Sales for the America. “Sure, we’d seen 100% increases year over year, but quarter on quarter? That was unprecedented.”
During a summer that has seen the largest ransom ware attack on record, Forkan has joined the ranks of cyber security professionals calling for drastic changes to how everyone approaches the safety of their networks.
“Can we think of things with a concept of zero trust?” Forkan asked during a recent telephone interview. “It certainly seems like time to consider people, processes and the digital environment as a whole to ensure that only healthy transactions are happening.”
The concept of zero trust requires every user on a network to be verified on every device that they may use and for that validation to be on-going.
“We are talking about an environment where, beyond professional criminals and state actors, hacking tools are essentially available as a SAAS product on the dark web,” Forkan explained. “Victims are no longer just large companies who can call their cyber security insurance company and let someone figure it out. Small businesses, not-for-profits and even school districts are being targeted. What’s worse, if negotiations with these actors go too smoothly and the ransom is paid too quickly, then these actors start to believe they haven’t asked for a large enough ransom and just try again with the same victim a short time later.”
Forkan has noticed several trends that coincide with the rise in the number of cyber security attacks.
“Everyone is spending more, but feeling less secure as the number of breaches is increasing,” he said. “The way IT shops have been set up, there are too many silos that don’t necessarily communicate and get on the same page when it comes to security. We really need to have security built in to all the tools we use rather than bolted in later as almost an afterthought.”
The second trend at work is related to the COVID-19 pandemic and working from home.
“The remote work force became more difficult to defend,” Forkan said. “The world of cyber security requires a fundamental re-think in terms of how we protect individual workers and how they access their various networks for different purposes.”
Forkan believes the very public nature of some of the security breaches In the US, has forced them to be a lot more invested in cyber security.
“There has been nothing that has caused Canadians to wake up and say, ‘this is real, this happening,’” Forkan said, “but they really shouldn’t be complacent given how quickly that can change. Traditional protections have disappeared and we cannot assume security is just there.”
Moving forward, Forkan would like to see more meaningful partnerships between government and industry to strengthen cyber security development and implementation with legislation.
“Ultimately, when we find our way through these attacks, it really will be a mix of technology, of people and education, and government driven innovation.”