On Wednesday, Akamai, the Boston headquartered global tech firm, held its annual Cyber Security Summit in Sydney. Co-founder and CEO Dr Tom Leighton (pictured) attended the event in person. Leighton, a maths professor, is regarded as a world authority on algorithms for network applications and cyber security – and something of a tech celebrity.
“It’s really nice to be back here in Australia,” said Leighton as he took the podium. “It’s the first time I’ve been on a stage in person for over two years,” he added.
What can the insurance industry learn from Akamai’s cyber summit?
After his speech, Insurance Business asked Leighton: What’s one important thing the Australian insurance industry could do better to protect itself from cyber threats?
“I think the financial world, broadly construed, is pretty savvy when it comes to security,” said Leighton.
He said these companies have firewalls in place, are looking out for cyberattack threats like DDoS (Distributed Denial of Service) and are becoming more aware of the growing importance of zero trust policies.
“Probably the one recent big change there is micro-segmentation,” he said.
Micro-segementation, he explained during his speech, has become one of the best ways to combat cyberattacks from malware and ransomware. He said Akamai is putting “a lot of effort” into this technology and recently acquired the Israeli cloud security company Guardicore, a specialist in the area.
“It [micro-segmentation] had the reputation for being where CISOs (chief information security officer) go to die because it was not a viable solution. It was hard, inflexible and didn’t really give you the security you need and that what’s changing now,” he said.
Today, micro-segmentation can isolate and segment network applications and their components which helps protect them from cyberattacks.
“I think it’s probably the most important thing after the firewall, to have micro-segmentation,” said Leighton.
This technology is becoming mandatory under new cyber security regulations overseas.
“In the US, regulations are being adopted for the financial industry [and] for the government that you have to have it. In Europe, we’re starting to see the same thing,” he said.
“I think people are scrambling to understand it and catch up,” he added.
However, Leighton did also say it’s currently impossible to keep all malware out.
“I think, to be honest, you could buy all our products that do that. You could buy everybody else’s products that do that. I think malware is probably still getting in somewhere, to some device and then it spreads,” he said.
“I think the key really is to identify it quickly and to stop the spread,” said Leighton.
Slides during Leighton’s speech showed that, in Australia, financial services is the main industry sector targeted by cyber-attackers.
The CEO said the overall threat from cyberattacks is “a very challenging situation” that has “gotten a lot worse.” He also said web app attacks on Akamai customers had seen a “huge increase” since Russia’s invasion of Ukraine.
Since 2020, he said, attacks of this kind, like DDoS, can throw far larger amounts of data at their victims. These attacks aim to cripple a company’s IT systems by flooding them with traffic.
“Now we’re seeing them at over a terabit per second which of course is more than any individual company can defend against. It’s more than any cloud data centre really can defend against,” he said.
Leighton said an attack on this scale is a threat to a country the size of Australia.
“It wouldn’t take much more than that to flood all the pipes coming into Australia. Just to put this in perspective,” said Leighton.
Attacks on media and gaming sites are also becoming more common. He said that was a reflection of people living more of their lives online.
Interestingly, these days, he said, the deadliest bot armies - large groups of malicious software – are masses of individual human attackers rather than remotely controlled software.
“It’s got to the point now where because the tools for stopping bots are so good the most sophisticated attackers actually have human armies. Humans are actually perpetrating what used to be done by the bots,” said Leighton.
Leighton, a Massachusetts Institute of Technology (MIT) professor, was Akamai’s chief scientist before becoming CEO. The company’s co-founder, Daniel Lewin, also an MIT alumnus, was regarded as a maths genius. Tragically, he died at the age of 31 in the September 11, 2001, attacks.