00:00Wendy Whitmore is the Chief Security Intelligence Officer at Palo Alto Networks,
00:05and she is joining us here on the trading floor of the New York Stock Exchange.
00:09It is great to have you. The theme of cybersecurity, the evolving threats, the landscape.
00:13Crucial time for a conversation like this. Really grateful for your time.
00:16I'm happy to be here.
00:17So let's start. I'm really curious how you sort of diagnose right now the landscape.
00:21What do you see as being the balance of power between hackers and defenders in 2025?
00:26What do you see you think we should pay more attention to?
00:28You know, it's a great question. I've been in this field for 25 years at this point,
00:34and it has never been more. Today, what we're seeing is the wild, wild west.
00:38And I don't think that I would have thought I would have told you that previously,
00:41because it's always seemed like that. And so what are we seeing?
00:45You know, we have a unique vantage point. We're the largest cybersecurity company in the world.
00:49We're protecting 95 of the top 100 companies in the world.
00:52And what we see is that more and more attackers are interested in disruption.
00:56So intentional business disruption, taking systems offline, and that becomes a problem
01:02because it relates to national security. When you see economic innovation and growth being disrupted
01:07because you have health care systems or financial institutions impacted.
01:12Has that balance shifted? And are there more pernicious threats that you see evolve here so far
01:18in 2025 than maybe had you and I been having this conversation September of last year?
01:24So what I would say is really different, and I think these numbers really paint a picture that might be a bit staggering for some of your viewers.
01:32What we see is 31 billion attacks per day. And this is coming into just our company alone.
01:38And nine million of those are new. So net new attacks that we've seen every day.
01:43So the reality is that with the advent of AI, that's fueling this growth and scale, and then the ability to create these new attacks.
01:52The great news is, though, that because we're leveraging AI in our defenses,
01:57we're now able to dwindle that to one attack per day that our teams are actually reviewing.
02:03Human in real time saying, OK, how do we prevent this?
02:06Are there particular critical sectors, things like health care, financials, I wonder,
02:10that you think may be inherently a bit more vulnerable than others?
02:15Well, not necessarily more vulnerable. That's a great question.
02:19But more, you know, subject to being attacked? Yes, absolutely.
02:23And you identified some of the key ones being health care, financial services, critical infrastructure.
02:29You know, I mentioned national security. That's a big concern.
02:31Making sure that we keep telecom, water supply, electrical grid safe from these types of attacks.
02:39What is the landscape of disinformation and deep fakes look like?
02:43I got to imagine that is really something that could trip up a lot of businesses,
02:46because ultimately, oftentimes you're trying to trip up an individual who works at that business to expose a larger vulnerability.
02:52I think what you're really getting at is that humans are still, you know, behind the core of every business we run.
02:58Right. And so we are definitely seeing attackers who are focused on the human, the social engineering impacts, phishing, for example.
03:07So sending emails that look very legitimate, but cause a user to click on a link that then may cause their business to be susceptible to an attack.
03:14So that's still happening more than ever. And AI is certainly helping fuel that moving forward.
03:19Yeah. What most excites you about where AI is right now to help the so-called good guys?
03:25And what are the biggest challenges you see about that same technology falling into the wrong hands?
03:30I think that's probably the most pivotal question we get asked on a daily basis.
03:34And we're all struggling with it right on the defense side.
03:37The reality is AI is a double-edged sword.
03:39So it has enabled attackers to move faster.
03:43In our labs, we've done research that shows attacks that used to take months.
03:47So a ransomware attack, for example, that can exfiltrate data and command payment on the back end used to take months to execute.
03:54That can now happen in as little as 25 minutes.
03:57That said, I am an optimist and I will continue to be despite being, you know, responding to breaches for so long.
04:03And that's because we see at this point 60% of our customers are now able to respond, not just detect an attack, but respond to it in under one minute.
04:14That's incredible.
04:16That type of time transaction now really enables our organizations to be more successful and it causes defense to be much more powerful.
04:24Yeah.
04:24I think the general conversation of defense, Wendy, it's picked up a lot more in the corridors of Washington, D.C.
04:30We've heard lawmakers in Congress, both parties, really address to the forefront how crucial they feel this issue is.
04:36We've heard that from various administrations as well.
04:38Do you feel as if the conversation from the regulators and the policymakers in a place like Washington are where they should be to adequately address the current threat landscape and the nature of those threats?
04:50Well, I think the good thing is that this discussion is on, you know, the tips of tongues of everyone around the world, right, including everyone you mentioned, regulators, policymakers.
04:59We're engaged in those conversations so often.
05:02And what we are most passionate about is ensuring that we're doing everything as a nation and with our allies across the world to make our systems as safe as they can be.
05:12What new metrics do you think businesses should use if they're not already to better track real-time cyber resilience simply beyond compliance?
05:21I have no doubt there's cool tools in the tool belt that companies can be and probably should be introduced to pretty regularly.
05:28I love your question because you highlighted resilience.
05:32That is the win, right?
05:33It's not – the win isn't that we never get attacked.
05:36That's unrealistic in today's day and age.
05:38The win is how quickly can we detect the attack, how quickly can we respond, and how quickly can we contain it?
05:44And if you can respond to an attack in under 10 minutes, you are then decreasing the time window for an attacker to be successful
05:51and ensuring that your organization is going to be successful at containing the damage, and that's really the win.
05:57If you had any advice for viewers to better protect their digital lives, maybe this is a bit more anecdotal for the personal viewer who's watching at home,
06:05but any kind of tips of the trade, best tricks to keep in mind here for 2025?
06:10Absolutely.
06:11So I think applying some of the same things that we apply proactively in how do we secure businesses.
06:15So thinking about making your accounts more difficult for an attacker to get into with multi-factor authentication.
06:22What is that?
06:22That's oftentimes a text message or maybe the use of another app to authenticate a code that enables you to have a digital deadbolt
06:30for your banking applications or email, your social media accounts.
06:34That is going to make you exponentially more secure than people who aren't using that.
06:40Yeah, and I'd assume password123 is not the most secure password you could possibly have.
06:44Before I let you go, talk to me a bit about Palo Alto's current predictions that you see for the rest of this year,
06:50maybe into next year, top trends in the general cybersecurity or cyber defense realm that you're paying attention to
06:56that you think we may want to pay a bit more attention to also.
06:59Well, I know AI is already top of mind for everyone, so that's great.
07:02Let's keep it there because we need to secure those systems, and we need to secure them from the beginning, right?
07:07Secure by design, not security as an afterthought.
07:10But one thing that maybe not everyone's talking about yet is quantum computing.
07:14And we think that although we're a few years off from having quantum computers ready and available,
07:20we certainly need to be thinking about how we protect our data from them moving forward.
07:23There's a concern that attackers are stealing data so that they can decrypt it later.
07:29So we need to make sure that quantum readiness technology is being built into all of the tooling.
07:34And if you're a business out there, make sure you're talking to your computer security providers about it.
07:38They should be providing those solutions.
07:40What a crucial time to talk about these really important solutions.
07:43Wendy Whitmore of Palo Alto Networks, I am very grateful for your time.
Be the first to comment