Cybersecurity: A game with changing rules

Image courtesy of Barracuda Networks.

Formed in 2003, Barracuda Networks was originally established to fight spam and viruses through a firewall. Nearly 20 years later, the Campbell, California-based company is still about security, but they have expanded to other technology solutions. This includes network security (e.g. SD-WAN, zero-trust access), cloud-to-cloud backup, web application firewall as a service, and ransomware protection.

One of the minds behind these technologies is Fleming Shi, Chief Technology Officer (CTO) at Barracuda. Shi joined Barracuda in 2004 as the founding engineer of its web security products. As CTO, he leads the organisation’s threat research and innovation engineering teams to create future technology platforms.

With Shi at the helm of Barracuda’s development efforts, the company’s email protection alone has contributed over $200 million to the business. Today, Barracuda has more than 200,000 customers worldwide. Frontier Enterprise talked to Shi about cybersecurity, dealing with ransomware threats, risks of cryptocurrency, and more.

What have been the highlights of your time at Barracuda, and what are the most significant changes you’ve seen over the years?

“Time flies when you are having fun,” is how I would describe the past 16 years plus with Barracuda. During my time here, I’ve continued to concentrate on improving our solutions in order to stay in lockstep with our customers’ cybersecurity needs.

At Barracuda we always think in terms of ‘customer zero’ – with the idea that we are no different from customers, dealing with the same pain points they face every day.

I still remember the day that I put our first web security into action months before we sent it to production, and the adjustments we had to make to ensure it will not only work, but work well. After 16 years, the same concept applies to everything we build. From the early days of fighting spam to responding to cyberattacks, we put ourselves in the customers’ shoes and ask: “How do I solve this problem? Do I have the time and resources to use the product successfully?”

The most significant change I have seen over the years in the market is migration from on-premises IT infrastructure to highly distributed cloud-native hybrid IT infrastructure. This has driven us to keep evolving our solutions.

How do you think the Asia-Pacific market is faring vis-a-vis the United States market in terms of security and data protection? 

The gap between the markets of Asia-Pacific and the United States is closing fast given the proliferation of infrastructure-as-a-service and software-as-a-service (SaaS) adoption. 16 years ago, there were at least a couple of years of gap between the US and APAC region for similar cyberthreats, but today, attacks are far more similar and pervasive across both continents.

Both regions deal with a growing number of ransomware attacks, partly due to the same cryptocurrency being sought after. Since cryptocurrency is available globally regardless of borders, it’s a great equaliser that will revolutionise how wealth is distributed worldwide, but it’s also fuelling a rise in cryptocurrency-related attacks.

How does the pandemic influence Barracuda’s technology offering moving forwards?

The pandemic really showed us how the workforce of the future will be digital first and likely hybrid. In response, we launched solutions in Gartner’s Secure Access Service Edge category. In 2020, we launched an SD-WAN offering backed by Microsoft Azure’s network backbone.

We also acquired a company specialising in zero-trust access, which continuously measures security postures at the end point, to protect network and SaaS access when users are working remotely.

Given the complexity of the new attack surfaces – from home offices to on-the-go remote offices – we acquired a cybersecurity-as-a-service company backed by XDR (extended detection and response) technology.

What are some of the long-term security risks that cryptocurrency adoption carries with it, broadly speaking?

There is no doubt that cryptocurrency is revolutionary and here to stay. We need to find ways to protect it from being destroyed by cybercriminals. Traceability and anonymity are reasons for criminals to keep using cryptocurrency for financial transactions.

Also, as I mentioned earlier, there are no borders in cryptocurrency, therefore its affiliation with criminal activities remains strong, and our response to these attacks will only be as strong as the weakest link.

For enterprises, what is the best way forward if they’ve already been attacked by a ransomware intrusion? How do you see the ransomware threat evolve in the long term?

Victims of ransomware attacks should ideally work with authorities and companies specialising in ransomware negotiation. They will first need to get “proof-of-life” and identify the severity of the damage, from the victim’s recovery capabilities to the sensitivity of the breached data.

Ransomware threats will continue to fuel future attacks because the lost data will seed the next wave of attacks. We have to assume everyone will be victimised at some point, but refusing to pay the ransom can go a long way in slowing down the spread by making such attacks less attractive for cybercriminals.

These days, governments across the world are taking a much more serious stance against these attacks – which are now being used to target critical infrastructure, which for the leaders of targeted nations, are seen as acts of war.

Considering the prevailing geopolitical situation, how do you see the potential for a full-blown “cyberwar” in the future?

If we can have healthy dialogue and world leaders agree to keep the attackers away from critical infrastructure, government, and healthcare organisations, the chance of a full-blown “cyberwar” is slim. It’s encouraging to see world leaders starting to have conversations around ways to respond to this growing global threat, from taking legal action, along with ways that nations can avoid harbouring cybercriminals, even when nation-states are adversarial in ideology.

The real threat however is that cybercriminals can impersonate a nation-state without physically residing in the place they launch the attack, which underlines the need to protect digital infrastructure from being weaponised against other nations.