E15 Innovations in Cybersecurity

E15 Innovations in Cybersecurity

Cybersecurity expert Max Heinemeyer defines the threats to our cybersecurity and explores how the cyber field is changing as more devices are tied into the Internet of Things. He also discusses how hackers have evolved, solutions for protecting yourself from cyber-attacks, and how companies can safeguard against apathetic or malicious employees. Finally, Max provides tips for how you can better protect your personal data and identity.

Max is a cybersecurity expert specializing in network monitoring and offensive security. At Darktrace, Max works with strategic customers to help them investigate and respond to threats, as well as overseeing the cybersecurity analyst team in their Cambridge headquarters in the United Kingdom. Max has extensive experience as a white hat hacker in addition to his membership to the German Chaos Computer Club.


Max Heinemeyer: 

So, if I think back 10, 15 years, most cyberattacks were happening just on the keyboard, like somebody in their basement with a funny haircut, maybe hacking through firewalls, and stuff like that, like from the movies, right? But these days, it's all about organized crime and exploiting the vulnerable and trying to make money out of it. 

Don MacPherson: 

Today, we are far less likely to be a victim of a violent crime or even a home invasion than we were a quarter century ago. It's one of the ways in which the world is better than ever. We are far safer today, but one area where we are vulnerable is our identity. Cyber thieves are scheming 24/7 to tap into your computers and devices, steal your credit card numbers, and even manipulate your thoughts. As the internet of things continues to grow and more devices connect to the internet, our vulnerability grows. 

Today's guest is cybersecurity expert, Max Heinemeyer. He is here to talk about how the innovative artificial intelligence solutions his company, Darktrace, has developed, and how they can keep you and your organization safe from these intrusions. 

Max, welcome to 12 Geniuses. 

Max Heinemeyer: 

Thanks very much, Don. 

Don MacPherson: 

Your title is Director of Threat Hunting for Darktrace. What do you actually do? 

Max Heinemeyer: 

Well, I love my title. I picked it myself, and it's always a good icebreaker. So, what I actually do at Darktrace is I’m mentoring a team of 30 threat analysts in Cambridge, here in the UK when I'm in the office. But I'm traveling quite a bit talking to all our big and strategic clients, having the technical teams and hunting threats. You can imagine it like me sitting in front of a computer and hunting the bad guys, trying to find the hackers in networks. Not just in our network, of course, but in networks of customers to make powerplants, water treatment facilities, huge global banks, internet service providers. You name it, we’re there. 

Don MacPherson: 

So, you are very important to their continuity, their business continuity. How did you get started in this industry? 

Max Heinemeyer: 

I got started by computer gaming. I've always been an avid gamer. I love computer games. Just grew up with it. I'm from rural Germany. So, there's not much to do except for playing computer games and being out with your friends. And I don't know if you remember, but there used to be a thing called land parties. When you grab your computer, you meet your friends physically, you connected all up, and you play computer games together. And, of course, you need somebody who can do the connecting it up and making the network work. And at some point, I realized, well, this is kind of fun and interesting. We want to play together. You have to make it work. 

But then it's not just about playing together, but you realize at a certain point you can get into your friends' computers and see what kind of emails they're writing and maybe crash their computer when they're winning a game against you. So, I dabbled into that a bit and reversed engineering computer games and cheat software. Discovered on the internet there's forums, like user groups for that kind of stuff, and got really interested. And when I get curious about something, I develop a passion for it. So, I did this for reverse engineering computer games and cheat software and these kind of things. And that's how I dabbled into the whole security scene. 

Don MacPherson: 

The term hacker has a negative connotation, but it sounds like you can use it for good or for bad. 

Max Heinemeyer: 

The term hacker really just means that somebody's using technology in a creative way. But these days, when we hear hacker, we think about people with hoodies and black masks, and gloves in front of a computer. And that's absolutely not what a hacker is all about if we think about the terminology. It's just somebody likes tinkering with things, getting innovations going. And this is the kind of mindset I like to apply to security as well. There are great biohackers who implant chips into their fingers to get a new sense for feeling electromagnetic waves, for example. So, hacking is just a very general word, really. And I agree, it's been connotated quite negatively in the recent years because cybersecurity has become such a big thing, and cybercrimes are happening everywhere. But the original term ‘hacker’ just means using tech in a creative way. 

Don MacPherson: 

When you think about individual vulnerability, in your experience, where are people most exposed to have their data hacked or identity stolen? 

Max Heinemeyer: 

It's a really good question. And these days I would say almost anywhere because cybercriminals are very innovative and they just target any weakness they can find. These days it's probably mostly, when I think about individuals, via phishing and social engineering, call it. So, if I think back 10, 15 years, most cyber-attacks were happening just on the keyboard, like somebody in their basement with the funny haircut, maybe hacking through firewalls and stuff like that, like from the movies, right? But these days it's all about organized crime and exploiting the vulnerable and trying to make money out of it. So, it's very often banking Trojans. So, I infect your computer with a phishing email. So, you think it's an invoice from Amazon or any other company. 

You click on it and that's it. At that moment in time, there's something running on your computer, trying to get your banking details, or more recently since 2017, we’re not just seeing banking Trojans trying to stay your banking details, but also cryptocurrency menace. So, your computer gets infected and a tiny bit of your energy that you use when you’re running your computer is converted to new cryptocurrencies like Bitcoin, narrow Ethereum, going straight into the criminal's wallet. He can just exchange it for digital goods or just back into real value, real money. 

Don MacPherson: 

Who are these bad guys? You described the bad haircut in the basement. Well, that's not the case anymore. Who are they now? 

Max Heinemeyer: 

Anybody and everybody. It's really interesting. It has very much diversified. So, the attackers have spread out. It's not just the cliché hacker in the basement with a mohawk, but the barriers to entry to become a hacker have been lowered tremendously because of various things. If you want to dabble into ethical hacking, or hacking in general, you can just go to the internet and start Googling. And within a week, if you spend a bit of time and have a tiny amount of tech understanding, you can become very pro in starting attacks. I don't recommend this to anybody, of course. Not going to jail is a big deterrent, obviously, but it's very easy to get into it these days. And it can be extremely profitable because there's a lot of opportunities out there to do this. 

So, you're asking, who's the attackers these days? And we see a lot of financially motivated crime groups. We see more and more nation state attackers who look into espionage, for example, or have very geopolitically driven agendas. But there's also cyber mercenaries. So, companies who are thinly veiled, let’s say we provide surveillance software, but really they're selling hacking towards, and anybody can buy these. So, if you're a government, a very poor government maybe, maybe a Third World government, and you don't have the cyber muscle to attack your neighboring countries, you can just purchase the services. 

Don MacPherson: 

What are two or three things that individuals should be doing to protect themselves? 

Max Heinemeyer: 

There are a few things, and it's not difficult. One that always comes up, I suppose, is choose the passwords. And that's a very generic indite, but I've got a succinct tip for your listeners. And that is, don't try to choose a password that's very complex and you can't remember because then you’d just forget it and you have to set it, whatever. What you want do is length beats complexity. So, what you want to do is pick a bunch of words and add in a few numbers. So, when I'm sitting here and see you, I would pick, as a good strong password phrase, I would pick headphones 33 light window 21. And I would maybe put a typo in light and drop the H in there, and this password could not be broken by anybody in years and years to come. And it's not going to be in any dictionary list that the hackers are going to use. 

And it's kind easy to remember because it's not completely random, but still long enough. So, passphrases are a really good thing. That's tip number one for strong passwords. Tip number two is use multifactor authentications. Passwords can still be stolen. Maybe you choose a passphrase that's repeated, or somebody finds it written down somewhere. So, what you want to do is get the second factor authentication, which means when you log in somewhere, you want to get a second notification onto your smartphone saying, “Do you really want to log in?” Or you get a code by SMS on your phone saying, “Enter this code in the website.” And, of course, you don't need to do this everywhere. The more you do it, the better, but certainly for your important things, like your Gmail account, where you reset everything else to, or your corporate account, or your online banking account, for example. 

So, one or two more quick takeaways besides strong passwords, and might affect authentication, one is keeping up-to-date. I know everybody's annoyed by the popups appearing on windows and anything else saying you need to update the software, but it's really important to just click on it, take the five minutes a week, grab coffee or water and go through the update process to be fine. And the last thing I have for everybody out there is just be aware. The cyber world, a scary place these days out there. There's a lot of attackers as we've just established. If you’ve got the slightest doubt about an email that's coming in and you hadn’t requested it, or maybe an invoice that you are not expecting, or a text message from a friend that hasn't contacted you in years and looks like a douche, just as somebody who's unfamiliar with cybersecurity, or just ignore it, or be on the lookout. Just be aware, is what I'm saying basically. 

Don MacPherson: 

The internet has changed quite a bit in the last several years. What has increased individual vulnerability? 

Max Heinemeyer: 

What has increased is that the internet has become a much broader and bigger space. I remember I talked about computer gaming a bit ago, and the early 2000s, when we played online was all about meeting friends from the UK, I was still living in Germany back then, or people from Western Europe and the occasional American. And then, end of the 2000s, 2010, 2011, all of a sudden, Russians came into the online gaming market and a lot of Chinese people, and Indian people. So, now it's truly a global internet. Everybody's got access, which means we're in a barnacle fight, if we think about cybercrime, with anybody and everybody out there. So, the internet becoming more connected out there and more people getting access also means anybody can start attacking. So, the individual vulnerability has increased because there's many, many more threat actors out there. 

They're using similar tactics, phishing emails, trying to get credit card details, but just the amount of text has grown tremendously because we've seen an influx of players, not just criminals, but in general, from all countries all over the world. 

Don MacPherson: 

Billions of devices as well. And that will increase with the internet of things. Can you talk about the potential vulnerability there, what you're thinking about three years from now, five years from now when we hit the tens of billions of devices that are connected to the internet? 

Max Heinemeyer: 

Absolutely. There’s one big word that's going to overshadow all of this, which is complexity. So, what more devices are introducing is more complexity. And just to take one step back from this, if I look at the challenges we face currently in cybersecurity, it's our own complexity. The attackers have to find one way in and get into your system once and exfiltrate the data once. But on the defending side, we have to go through hundreds of alerts every day, we install all these systems we have never seen before. We see attacks we have never seen before. Just the organizational complexity is incredible. So, we are fighting ourselves anyway. And that is now we got quite good at defending maybe corporate networks, so laptops, servers, workstations. Now we're in a world where you are looking at me and you're facing your convertible there. I think it's maybe a tablet you’re using. 

I've got my smartphone here connected to the local Wi-Fi at home. I've got two raspberry pies and their CCTV camera I can see here, which is also connected to our internal system. So, I just named a few things on top of what I'm seeing, right? And we haven't even touched on the cloud software as a service. So, all of these things increase complexity in manic fold. And we just figured out how to secure basic things like laptops and service. And now all these things flex in. What we did in the past is always try to define what bad looks like. This is what in the tech looks like, you start looking for it. This doesn’t work anymore because of complexity. So, what we have to do is what we adapt first actually, turn this on its head. We say, “We have to use AI, for example, machine learning, to understand what normal means, how my computer behaves, how your laptop behaves, how the CCTV camera behaves, because we cannot redefine this anymore. It's just too complex and too much.” 

So, we use AI to do this, to understand these patterns live. And as soon as somewhere there's a big deviation from the norm, your convertible sends a lot of data to a server in Germany you've never touched before. That's going to ring some alarms bells, right? Even if I don't predefine this, we're going to see this because it's out of the norm of what normally happens. And it doesn’t matter if it's a convertible, or a CCTV camera, or water treatment plant, or billions of the IoT devices that's out there in a few years. As soon as we see that, we can react to. And this is really where I see artificial intelligence and machine learning help us cover this and overcome this complexity issue. 

Don MacPherson: 

How quickly is the artificial intelligence stopping that activity? 

Max Heinemeyer: 

Incredibly quickly. 

Don MacPherson: 

Less than a second? 

Max Heinemeyer: 

Less than seconds. Yeah. So, I've been a hacker most of my life. So, I think I understand the text very well. During a free trial in a hospital here in the UK, we saw that one computer got hit by a piece of banking Trojan. So, one computer got hit. A nurse clicked on a link phishing email and she got infected by a banking Trojan. No big deal. But we saw immediately that banking Trojan tried to spread around in the whole network, infecting four other computers. And that's a nightmare, right? We're talking about people trying to save lives. They're being stolen, scammed out of the credit card details and their money, and whatever else could happen there. And we saw artificial intelligence, who had never seen this attack before, stop it within two seconds. 

Our AI said, “Wait a minute, this nurse's computer is never talking to this service in Iran, in Russia, in China and Germany, and certainly she never tries to install software on her colleagues' computers.” That's what malware try to do. So, our artificial intelligence said, within two seconds, “This is unusual. We better contain this.” She could still continue doing her normal business operations, of course, we know what's normal, right? So, that's not going to be impeded. And that was a great case of showing how quickly it can react. 

Don MacPherson: 

Where are most organizations vulnerable? 

Max Heinemeyer: 

Most organizations are vulnerable because they don't spend enough time on the basics. What I like to call cyber hygiene like doing patching, which I mentioned earlier, or being aware of what's going on. So, how are organizations vulnerable? They often don't follow the basics. And again, they get overwhelmed. Just too much, too many attacks, too many alerts, and too many vulnerabilities left and right. And again, we've been playing catch up, and we see a big vulnerability hit the news, we try to patch it quickly, but then another one comes the after, then another way of infecting companies are new spam campaign comes around. So, we've always trying to catch the bad guys. And turning this around again is what really makes a difference instead of always trying to be reactive and sitting there and being afraid with the ostrich approach of the next attack that might hit you. 

Turning this around saying, “Let's use the AI to do the heavy lifting to watch you 24/7.” Of course, humans also are prone to errors, right? So, AI isn't — always does its job. It's always thinking. 

Don MacPherson: 

Can you talk about apathy or maybe ignorance on the employee side and how that poses a danger to organizations? 

Max Heinemeyer: 

I've seen a lot of apathy and even malicious insiders in organizations. So, there's definitely responsibility on this, but it's been very hard in the past, right? If you're not fully trained, how can you, as a normal employee, distinguish a phishing email, a very well-made phishing email from normal email. So, I think what we need to do here is yes, there's always gonna be empathy in the workforce, there's always going to be a plateau of people who are never going to learn, or they can't, or they're not IT savvy enough. So, we have to assume that people will fail, make errors. So, we, as the people designing systems and software and security, need to take them into account and make tools easier to use and make systems more secure by design. 

So, yes, it's true. We don't have enough people. We need to do more in terms of educating and getting pupils in touch with security and stuff like that. But again, I think there's a big responsibility on security companies and tool makers to flip it around and say, let's make the software, the security software easier to use. And we do this at Darktrace actually. I'm appreciative that they haven't seen our interface and stuff like that, but it's incredibly visual. We've got 3D visualizations, 2D graphs, and you can pivot around the data really quickly. So, it's not just table among table, among table. And you got to stop me if I’m- 

Don MacPherson: 

No, keep going. Keep going. 

Max Heinemeyer: 

So, it's very visual what we do and it reflects on how we recruit people. I know your background is in HR, so you might find this interesting. So, we have a few quite senior people in my team in Cambridge. I'm hanging out with 30 people. As I sit there, 30 threat hunters there, few quite senior people like myself, people with ex-intel backgrounds. So, really knowledgeable ethical hackers, but the vast majority of our juniors are in their early 20s and don't have it backgrounds at all. And this is interesting because normally when you hire somebody for a security job, they should have 15 years of security background and are cyber ninjas, but that's not going to scale, right. Again, complexity is a big thing here. So, we hire these very smart young people who have a PhD in astrophysics, a master's in data science, a bachelor in chemistry. 

So, they are very bright, very quick and adapting to big data being moved around and pivoting around data. And because our solution, and many of the other new solutions out there are really visual and easy to understand, we don't need 15-years-experience to decipher [inaudible 0:17:15] 2, 3, they can have tremendous success. And my juniors, after two or three months working for us, they find their own advanced attackers, the zero-day malware for your more tech savvy listeners here. So, they're attacks, but nobody has ever seen before. They find the old nation state hackers. They might not know exactly every single bit of bite that has been shifted around and done, but they see it, and they say, “This is really weird. We need to escalate it.” And they can flag it to the people responsible to do the cleanup top. This is, for me, amazing. I'm still stunned every day. 

Don MacPherson: 

What does the diversity of your team? As you were describing, their backgrounds are not necessarily traditional IT or cybersecurity backgrounds. What does that diversity do to enhance your creativity or innovation as a team? 

Max Heinemeyer: 

It's incredible. I love my job, partially because I've been doing this forever, but partially because of the great team I've got on to work with my 30 juniors plus everybody involved. And we have a 50/50 male female ratio as well in my team in Cambridge. And for your listeners, we also have two female CEOs at Darktrace. So, very big on diversity. And it's incredible. It's a reflecting in the culture. Just having diversity itself doesn't do anything for us. It reflects on the culture, which means we're all sit in a big open-spaced office, several monitors in front. And if anybody sees anything, there's no barrier to raise your hand and say, “Oh, have you seen this?” Or everybody's moving over to the neighbors and say, “Hey, Rob, can I grab you? Have you seen this before?” “Oh no, but I know what to do with this kind of data because I looked at this in my PhD in astrophysics.” 

Then linguist comes around and says, “Oh, that's interesting. This is phishing email because you can read out of it that it's written by a non-native speaker.” It's not just the diverse skill sets and the gender diversity, but the open culture around it. And we have few Trados-Darktrace in my team who just ask questions, ask questions, ask questions. There's no stupid question. You can ask the same question 20 times, even to the same person, but even better, ask the same question to five different people. Because you get different perspectives on it. And this culture, young, bright people without any entrenched knowledge and fear and anxiety to lose their job, anything like that is doing amazing work for us. 

Don MacPherson: 

That's so great. As a leader, it sounds like you take your hands off the wheel and just let them go. Is that hard to do? Or how did you learn to do that? 

Max Heinemeyer: 

I don't want to push the cultural stereotypes, but for me it was hard to do as a German to lose control. But it's certainly the way to go. It's amazing if you see how your team grows, how they go above and beyond what they can do normally, and just become more than some of the individual parts. And we've hit a place, Darktrace, I've been here for three and a half years, when I joined, I was employee number 110 or so, now waiting close to 1,000 employees. When I joined, I had my fingers in all the big customers and all the big deals and that just doesn't anymore. So, I had to learn to take a step back. Instead of going out myself every day, now I've got a team of core consultants, which I'm also mentoring to do the work for me, and they've got a team under them, which they're training, mentoring. So, you have to work on these scalability effects and structures. 

Don MacPherson: 

Let's talk about governments for a minute. What should governments be doing to protect their citizens, their organizations, protect their infrastructure as well? 

Max Heinemeyer: 

It's very interesting, as somebody who's lived in Germany most of his life, and now has been living in the UK for three and a half years, but is also working internationally. So, I see a lot of different governments and their responses to the cybersecurity landscape and threat. And I think the first thing government should acknowledge is that it is a big topic. It's not just something for geeks anymore. It's something that's shaping geopolitics these days. The U.S. president is spending a tremendous amount of time on social media. So, the impact of his account being hacked or every one of his tweets can have tremendous outreach and effects out there. And we see that drone strikes are sometimes announced or commented on, on social media. 

So, the cyber realm is a thing to stay and really important. And what governments can do is acknowledge this thing that they have to invest time and money and resources, but also provide guidance, best practices, and regulations, to a certain extent. 

Don MacPherson: 

You're alluding to this a little bit, but I want to talk about the threat of a cyber war and, of course, it's possible. Are we in one right now? 

Max Heinemeyer: 

Are we in one right now? I would absolutely say so. What is cyber war? Does it mean a war being fought in cyberspace? Does it mean the mingling between the cyber and the physical realm? Doesn't matter how we look at it. We've seen both, in fact, out there. Cyber war between countries is something that's been happening for ages. I don't want to go into specific definitions and stuff like that, but we see a lot of attacks which originate from nation states against other nation states to attack the critical infrastructure of countries to undermine them. We've seen attempts by hacking groups to attack national infrastructure and do physical damage there. There's been a case called Stuxnet, which happened 2012, which is a… Stuxnet, it's the name of the operation, which was a cyber-attack against the Iranian nuclear program, the facilities, which set it back for cyber years. 

And that's a cyber-physical operation from nation state against another nation state. I would call that cyber war. We've recently seen Israel order a drone strike against the hacking HQ of Hamas, like a physical operation against hackers basically. It's been hotly debated in the cyber realm and amongst security folks, and there's other examples where the U.S. has put out policies years ago saying, “If we become the victim of a cyber-attack, we will retaliate in physical operations, sending rockets, missile out, and bombs if we get hacked.” They hope it’s optional. So, are we going to face a cyber war? I think we’re in the middle of it. It's just extension of everything else we've seen in the world going on for the last 20 years. 

Don MacPherson: 

The 2016 election in the United States was front and center regarding manipulation, foreign manipulation, and using data in a way that could switch opinions. How can the U.S. protect itself from having a foreign entity potentially manipulate an election? 

Max Heinemeyer: 

I would even open the question up, how can any country protect themselves from trust attacks? I call these things ‘trust attacks’, where the trust in data is undermined. Can I still trust the election results? Can I still trust the election not to be meddled with? And of course, there’s no general answer to this. It always comes down to what we talked about before, governments being diligent, trying to have this trickle down. And I think the U.S. has been very forward thinking recently, and there's been different stages of cyber operations and proactive defense as well. So, when the us says, “We're not just going to sit there and wait for attacks to happen, but we are going to actively reach out and disrupt threat actors out there before they can start attacks against ourselves.” I think it's a major thing we see reflected in geopolitics these days. We see a right-wing populist rise left, right and center. 

Just in the recent EU elections, we've seen interesting trends there, here in the UK with Brexit party, and a lot of that is about fake news, is about propaganda, about… Fake news doesn't just mean lying about things, but it could be omitting parts of the truth, or just phrasing things in a certain way so it gives it a different spin. And again, these are trust attacks because it undermines the basic trust in democracy, in media, and journalism, for example. So, the problem in trust attack is a big one. And again, I think it all comes back to complexity, right? How can we try to build trust in systems and nation states and democracy, if everything is good on IT, and we can't even properly secure a CCTV camera? 

Don MacPherson: 

What innovative solutions are you introducing to the marketplace to either secure individual, secure organization, secure governments? Talk about those innovations 

Max Heinemeyer: 

Instead of trying to predefine attacks, what everybody else is doing out there saying, “We've seen this attack before, we have to defend against it.” But if a new attack comes around, you've not seen it before, you can't defend yourself against it. So, we turn this on its head by something which we've created, which we call the Enterprise Immune System. It's our artificial intelligence using unsupervised machine learning to understand what normal means. Like the human immune system spot deviations. So, instead of predefining that, identifying weird anomalous so we can jump onto it and stop things before they go bad. So, we identify things before they go bad based on the anomalous behavior. And the beautiful thing is, again, it reduces complexity and it's not contributing to the complexity problem, but it's killing it basically. Because instead of sitting in every computer and every network, and mainly trying to understand, with human operator, what does this device do? 

How can we understand what Don's laptop does every day, what’s constituting normal? Let all of that be done by the machine learning and the artificial intelligence, and let the attacks be stopped autonomously, even if we've never seen them before. And it's working because it's reducing the complexity needed. And it works even in very complex words in any industry vertical. That's part of our success. We're not just a solution that works for big banks or for what treatment plans or for internet service providers. Because Darktrace relearns every time it goes into a network. It starts to understand, what does this device do? What are similar devices? What do the servers normally do? What does the laptop here do? It always relearns based on what we see locally. So, no talking to the cloud, no need for big overarching architecture and the cloud for customer to customer. It’s all locally done. 

Darktrace understands what's specific to a satellite network, for example, or to a smart grid, or to a hedge fund in New York, or to a journalism institution in another country. And this is again, the complexity issue, right? It's very difficult to, with a traditional approach, to try to secure two very different companies. Because every network is individual and unique, and that's where Darktrace shines because you just put it in there. It learns for five to seven business days. So, it doesn't need months and months to get set up. Just plug it in. It learns for like a week. Then it shows you the initial value. It's going to say immediately, “There's a botnet that's going to exfiltrate data. There's a leaky firewall. There's some malicious traffic coming in. And look at your sales manager here. He's downloading a lot of internal data from the customer database. And wait a minute, didn't you say he's leaving in two weeks?” 

So, we spot insider threat quite a lot, which is another very interesting use case for customers. Because we talked about empathy in the workforce, we talked about no security awareness, but of course, that's also the opposite where people deliberately try to damage companies. And trying to spot that with IT systems, with security systems can be very tough. 

Don MacPherson: 

Would Darktrace have caught Edward Snowden before he had walked away with all of those documents? 

Max Heinemeyer: 

Edward Snowden was one of many use cases, but our founders from the cyber side of things had in mind what they wanted to find and identify. 

Don MacPherson: 

I'm assuming that the hackers, when they see Darktrace, or other companies similar, aren't just packing up their bags and retiring. I'm assuming that they're working on innovative solutions too, so what does that innovation look like on the hacker end or the malicious hacker end? 

Max Heinemeyer: 

There's various ways how they can do it, or the way they do it, and there's prototypes out there. I don't want to give you listeners any ideas, but basically all the building block is out there, the opportunity is there because we know AI can give you these benefits; scalability, staying undercover, and all these things, if you apply it. There's open-source research out there, code ready to use, open-source research projects by academia, universities. And there's the bad guys in the triangle who are just looking for new ways to attack people and get more profitable, so all the building blocks out. It’s just a matter of time [inaudible 0:28:57]. And that’s why I'm always advising organizations to don't be reactive, don't for the next big paradigm shift to hit, or the next big tech wave or next huge attack to cripple your company. But think about how to improve your security today. 

That could be adopting AI defenses like Darktrace, for example, instead of sitting there and waiting for the big account to come and crush your enterprise. Now, if I think about the next paradigm shift, we don't want to wait for it to happen and crush people, right? I think it's gonna be AI driven cyber-attacks. I don't want to do any scam mongering here. I just want to get people thinking about what's going to be the next big thing. And I think just having antivirus, static rules and signatures, it's not going to be enough to work around the next paradigm shift. 

Don MacPherson: 

When you think out five years, or ideally 10 years, what does cybercrime and cybersecurity look like? 

Max Heinemeyer: 

I think we're still going to see the same kind of attacks we're seeing these days: credit card fraud, phishing waves, but the attack surface would change. If you think about things like 5G, when 5g hits, it's not just going to be humans and machines interacting with each other, but mainly machine to machine communication, interconnected vehicles. I saw a case at Darktrace here, last week where we saw one of the very big account name, the brand, a very big autonomous car companies connecting their car randomly to a corporate Wi-Fi, uploading a lot of data. And that was a smart car sending data through corporate Wi-Fi to God knows where. And I have immediately 20 different attack scenarios in mind to how this autonomous car could have been attacked, the update being intercepted, poisoned, and all that kind of stuff. 

So, if I think I had five, 10, 15  years, there's going to be much more complexity, much more diversity in terms of devices, almost like cyber pollution. If I think about a good analogy, right? I look at our oceans, and I see all the plastic crap out there and all the bad stuff, and the following space, where there's so much rubbish out there, so much garbage, just floating around. It's polluted. So, if you think about IoT and billions and billions of devices being out there, it's going to be a lot of cyber pollution. Badly secured devices, stuff that's been installed 10 years ago, never been touched again, never been updated, can't be updated, and opportunities to attack us, could attack us, are going to make use of that, right? 

So, getting ahold of this again, all our discussion today revolves around complexity, I suppose. It's going to be very complex, very diverse environment, and there's more to it because we see a trend that hopefully is not going to get bigger, which is called the balkanization of the internet, which means the internet, as we know today, shows signs of splitting up into smaller internets. So, Russia is doing exercise to themselves off from the global internet in case there's proper, fully cyber war, like more than we see today. Brazil had similar initiatives before. China’s spread Firewall of China, which is already restricting traffic in and out of China. So, it's going to become a more complex, more diverse, and more split up world, so to speak. 

Don MacPherson: 

Where do you see data privacy going over the next five to 10 years? 

Max Heinemeyer: 

There's different models of how privacies being used and/or abused globally. We brought the Chinese example where privacy is not very high valued. It's all about innovation and control, and it's different scales there, right? China tries to govern over a billion people, and they have to use different tools. Not endorsing what they're doing at all. I’m just saying there's reasoning behind it. Then we've got the different complete opposite on the scale in Europe and Germany, which is extremely privacy conscious to the point where it's sometimes slowing down technological innovations because it's very important to follow all the regulations, all the privacy regulations, and do every on paper and everything by the books, which can slow down adoption of new technologies and processes, sometimes for good things. Sometimes there's disadvantages. Sometimes there's advantages. Sometimes there's disadvantages. 

Another example I'm seeing is that the U.S. is much more trigger-happy to adopt the cloud, send data to some nebulous third party, somewhere in the cloud, whereas Europe is much more reluctant to do so, and they much prefer on-prem solutions or data centers in Europe, things like that. So, where's previously going in the next five to 10 years. I don't think there's going to be an agreement or international law on this at all, ever, but different regions will find different regulations that work best for them, as we've seen the past as well. 

Don MacPherson: 

How are we going to protect ourselves from the use of deep fakes? And maybe you could talk about what deep fakes are before you answer the question. 

Max Heinemeyer: 

Sure. So, fake news and deep fakes is a big topic. Fake news is what everybody knows about the omission of facts or putting facts in a different light that spin on it propagandas, right? New technological needs. Deep fakes is applying a really advanced technology like deep learning on neural networks to change, for example, video streaming, as it happens. And instead of displaying Trump's head in a press conference, they could put Kim Jong-un’s on that body saying the same words, and you could barely, if even, discern the difference. So, it looks like Kim Jong-un’s giving press conference in the United States, talking about cyber war with Iran, but it's actually President Trump in the States who is doing that. So, deep fakes are a way of using technology to alter truth, alter facts, and in a real-time way. So, it's happening as we see it. 

Now, I would go five steps back and say, this is really what we need to worry about here in, at least Western Europe or the Western world. Or if we think about fake news, we don't need deep fakes or fake news to spread around. It's enough to post a picture on Twitter with one or two captions to get a big discussion going that's going to ignite people. One great example about fake news is why I think we don't need deep fakes, or even think about the impact of deep fakes, is the case where a few months ago, there was a picture on social media of a Native American at a rally facing off a young white teenager wearing a MAGA, Make America Great Again cap. And it looked like the Native American was being threatened by the crowd of youngsters, and there was a very smart grin on the face of the youngster. 

And people went berserk on social media and said, “Oh my God, it's white supremacy, and this poor guy.” And that was deliberately pushed by actors on the internet, this kind of echo chamber to ignite this discussion and divide the population even further. If you looked at it from different perspectives, it was just this one shot that was being pushed, but there were different angles to the story. I'm not saying this was right or wrong or what's the facts here. I'm just saying that pushing a simple picture, which was taken, not fake at all, from a certain angle is enough to ignite huge discussions and shape public opinion. So, before we try to break our hats about deeps and how to counter that, I think we need to get much bigger with truth for journalism, discerning fake news from proper news, educating kids on not taking any fact at face value, but always trying to look at different of the facts, different opinions. 

I think this ground education is much more important than trying to flabbergast round deep fakes and these things. I'm not saying it's not important to think about these things, but I think about other more basic problems. 

Don MacPherson: 

A lot of what we talked about here paints a really kind of pessimistic view of the world, but are you optimistic about the future or what are your feelings on the future? 

Max Heinemeyer: 

I'm incredibly optimistic. I think we live in an amazing world, not just technology, but there's so much reason for optimism, and many things that are just pushed to negative echo chambers or just tech news as we discussed, but technology help and support our lives everywhere: be it about cancer research, be it about cybersecurity, like what Darktrace does, preventing security operators from burning out because the software is very interactive, and great to use, and fun, and very [inaudible 0:36:34], or be it sepsis research where we got machine learning algorithms to early detect sepsis and save people's lives. And there's so many great things. And yes, our discussion was revolving a lot around cybersecurity and the threat actors. But I think it's easy to overlook that we have such a great time ahead of us with the internet sharing knowledge left and right, all the research going on. I'm getting very excited thinking about the next five to 50 years. 

Don MacPherson: 

Yeah. I'm very happy to hear you say that because I feel the same way. I feel very, very optimistic about what the future holds for us. The world is better than ever and it will continue to improve. 

Max Heinemeyer: 

I fully agree. 

Don MacPherson: 

Thank you for having this conversation. I've really enjoyed it. I've learned a lot. And Max, thank you for being a genius. 

Max Heinemeyer: 

Thanks a lot, Don. I appreciate it. 

Don MacPherson: 

Thank you for listening to 12 Geniuses. Thanks also to the amazing team that makes this show possible: Devon McGrath is our production assistant; Brian Bierbaum is our research and historical consultant; Toby, Tony, Jay, and the rest of the team at GL Productions in London make sure the sound and editing are top-notch. To learn how 12 Geniuses can prepare leaders for a rapidly changing business world influenced by shifting demographics, new technologies, and innovative business models, please go to 12geniuses.com