0:00

Hi there, it's Tucker Legursky, a researcher

0:02

at Masters of Scale. It's

0:04

no secret that changes to the economy

0:07

can greatly impact the future of a

0:09

business, especially for those just beginning their

0:11

entrepreneurial journeys. That's why it's

0:13

essential to have a keen understanding of

0:15

economic events such as recessions, inflation, or

0:18

even fluctuating gas prices. Luckily,

0:20

our friends at the Planet Money podcast have

0:22

you covered. Each week, the

0:24

folks at Planet Money take world events and

0:26

break them down, explaining how it all ties

0:29

back to the economy. So

0:31

to better understand how the economy shapes

0:33

the world and your business, be sure to

0:35

check out NPR's Planet Money wherever you

0:37

get your podcasts. Now, onto

0:39

our show. Let's

0:44

take as knowing that novel

0:47

threats are the new normal. We're

0:49

always going to be facing an

0:52

attack that we don't quite

0:54

anticipate or was unexpected. And

0:57

how do you protect a business?

0:59

And AI is a really powerful

1:01

tool in that. And yes, AI

1:04

can be leveraged by the attackers

1:06

as well. But cybersecurity, it's nuanced

1:08

and it's evolving. It's self-learning. And

1:10

that makes it such a natural

1:13

home to be able to use

1:15

AI. You really get excited

1:17

about this. Like, I'm just... It's mad. I

1:20

love it. Hey,

1:27

everyone. It's Bob Safian. That

1:30

was me with Poppy Gustafson,

1:32

the CEO of cybersecurity firm

1:34

Darktrace out of London. We

1:36

talked about how AI has helped

1:39

both attackers and defenders in an

1:41

escalating cyber war that's

1:43

raging across the dark web. If that

1:45

all sounds mysterious, it

1:47

is. Though cybercrime has also become

1:50

way more professionalized and business-like than

1:52

I'd realized. Poppy is

1:54

both a guide to this world and

1:56

a passionate advocate for how technology

1:58

can help us... get the

2:01

most from technology. We

2:03

also talked about deepfakes, which are

2:05

getting richer and more common, and

2:08

how our biggest cyber risks come

2:10

from human weaknesses, not software. This

2:13

is an area that business people would

2:15

often rather not think about, but they

2:17

should, and it's actually quite

2:19

fascinating. So here's me and Poppy getting

2:21

into it. We'll

2:32

start the show in a moment, afterward

2:34

from our premier brand partner, Capital One

2:36

Business. Georgian

2:40

food is to Russia, like Mexican food

2:42

is to the United States. It's comfort

2:44

food. Georgian wine was also the best

2:46

wine, but the Russians had embargoed it. And so

2:48

I vowed that if I ever did open a

2:51

restaurant, I would sell all the Georgian wine I

2:53

could. That's Rose

2:55

Prevett, owner of the Michelin-starred restaurant Maidan

2:57

and Compass Rose. And she was on

2:59

a trip aboard the Trans-Siberian Railway in

3:01

December 2011 with her husband, former

3:04

NPR journalist, David Green. Snowy

3:07

Siberia is the perfect place to have your

3:09

eat, pray, love moment. Only she was able

3:12

to go around Italy and eat

3:14

pasta. I'm sitting on this sweaty

3:16

train eating stuffed pies. Back

3:18

in Washington, D.C., Rose had a career

3:20

in public policy, but she was contemplating

3:22

a personal pivot into the restaurant business.

3:25

And she had been particularly taken with Georgian food

3:27

and wine. The very

3:29

first smack in the face was trying to get

3:32

my liquor license. But first,

3:34

Rose had to navigate obtaining a liquor

3:36

license. We'll hear about that later in

3:38

the show. It's all part of the

3:40

Refocus Playbook, a special series where Capital

3:42

One Business highlights stories of business owners

3:44

and leaders using one of Reed's theories

3:46

of entrepreneurship. Today's playbook insight,

3:49

every successful leader needs grit. All

3:56

right, so let's jump in. So Dark

3:59

Trace is one of the... fastest growing tech

4:01

firms in Europe. You've got more

4:03

than 9,000 corporate clients around the

4:06

world. Just a few days ago,

4:08

DarkTrace released a report about the

4:10

state of cybersecurity risks

4:12

right now. One of your colleagues said

4:15

to me, threats are evolving at an

4:17

insane pace. That's absolutely the

4:19

case. As you said, we just published our

4:21

threat report. It's a look back on the

4:23

last year. One of the biggest takeaways from

4:25

me is that innovation isn't

4:28

something that's just available to the

4:30

good guys. The bad guys are

4:32

innovating and evolving constantly.

4:34

We're seeing a huge rise

4:37

in the number of what we

4:39

call as-a-service tools. So

4:41

ransomware is a service, malware is

4:43

a service. All the tools of the

4:46

attackers are now available to rent.

4:49

It's like a commercial

4:51

ecosystem around cyberattacks? There

4:54

are helplines for the criminals to use to

4:56

help them say, I'm trying to do this

4:58

malware as a service. I'm having a little

5:00

problem. So I press button A or press

5:02

button B. This is big business that's operating

5:05

on the other side of the dark web.

5:07

That's both fascinating and terrifying all at

5:10

the same time. It's

5:12

very much a business.

5:14

There was a big breach last

5:16

year on the pipeline attack across the

5:19

US, which saw people queuing for gas

5:21

stations. There was a huge uproar

5:23

as people were getting very frustrated not being

5:25

able to fill their cars. I

5:28

remember at the time, the attackers sent

5:30

out a statement saying, I'm

5:32

so sorry that we caused

5:35

so much harm and disruption

5:37

to society. In the future,

5:39

we're going to do better diligence as to

5:41

the types of organizations that we hack into.

5:43

You think, wait a

5:46

minute, this is a business

5:48

or this is a legal business. They're

5:50

basically signaling their principles in a way

5:53

that any legitimate business would do. It was

5:55

a real moment of this is big business that's

5:57

happening on the other side of these attacks. Recently

6:00

the Director of sister the U

6:02

S Security Infrastructure Agency testify before

6:04

Congress about the risks of like

6:06

this societal panic and next talk

6:09

about state actors and China and

6:11

why can't to U S or

6:13

the Uk government just take care

6:15

of all this is just too

6:17

hard. it's too big. One

6:20

of the biggest misconceptions I think about.

6:23

Side. That. He said it's.

6:25

A Binary. Problem say you have

6:27

like bad things or good things.

6:29

And that it's a specific trains. And

6:32

if only it were because then you could just say that he's

6:34

It was a. Bad. Actors hero, the

6:36

threats. That

6:38

matches against As and you're done.

6:41

But the reality is, it's much

6:43

more analog than that. It's things

6:45

are. A bit bad or

6:47

something that sought sauces and nine

6:49

but can become Miss S or

6:51

something. it's malicious to become been

6:53

nine but it's constantly changing and

6:55

evolving and transit tree which means

6:58

it's very hard to keep up

7:00

with which is why it's become

7:02

such a large scale problem staff

7:04

or seen it was can omit

7:06

for and third of the businesses

7:08

that with saying that they have

7:10

suffered financial impact and significant cyberthreats

7:12

in the last twelve months. I

7:16

mean the Hollywood version of cyber

7:18

attacks is like you know, some

7:20

evil tech genius rights who, his

7:22

findings software gaps or something to

7:25

sneak into systems. It sounds like

7:27

the range of threat actors and

7:29

kind of threats is even more

7:31

complicated. math. I would think

7:34

that the level of threat as a

7:36

sort of that are and the road

7:38

map as he lied to us attacking

7:40

have a sense and the top hands.

7:42

there's a lot of expertise in the

7:44

Nation States attacks and shouted the taxes.

7:47

Court. For infrastructure, from sorry targeted

7:49

attacks to get to a specific.

7:51

Thing that could be in water infrastructure for

7:54

example. But once you've

7:56

created that technology like the

7:58

Kitsap. The bag. Then

8:00

move into these and surprises that role

8:02

these attack thousand scale and mimic a

8:04

lot of the business practice sets we

8:07

see in this summit. Businesses such as

8:09

Safe as a services model that recite

8:11

see earlier and then at the other

8:13

and you've got your bedroom hackers who

8:16

are just there to sort of say

8:18

case. That. Skills and expertise

8:20

and just the coolest that disrupts

8:22

and all the way to receive

8:25

menaces. Insider said people who are

8:27

legitimate employees of an organization for

8:29

a ceiling disgruntled and they want

8:32

set upon is that organizations such

8:34

as such a broad spectrum of

8:36

understanding where that attacked may come

8:39

from. it becomes very. Challenging

8:41

Security Professionals twenty.

8:43

Six hate where it's gonna come

8:45

from By whom, for what benefit.

8:47

A Dark Traces Sort of predicated on

8:50

the idea that a I could be

8:52

a tool to sort of stay ahead

8:54

of that, but it seems like. As.

8:56

You talk about these things that

8:58

serve. The solution becomes the problem.

9:00

The problem becomes the solutions that

9:02

now A and with Gen Vi

9:04

the it's being used by threat

9:06

actors to make it more complicated

9:08

Again, We. Set out ten

9:10

years ago, Let's take his

9:13

nine. Set. Novel threats

9:15

or the new normal we always

9:17

gonna be say saying and it's

9:19

hat set we don't anticipate a

9:21

was unexpected and how d didn't

9:23

mean institute to business and I

9:25

certainly don't know what it is

9:27

going to be. An Ai isn't

9:29

really powerful tool in that And

9:31

yes, A I can be leveraged

9:33

by the attack as as well.

9:35

Not such a mess in a

9:37

moment. That cyber. Security.

9:40

It's nuance and it's evolving and

9:42

it requires an ability to reassess

9:44

decisions being made. A pass it's

9:46

is to take itself learning and

9:49

that makes such a natural same

9:51

to be able to use a

9:53

Ice to put the defenders on

9:55

the front set because ultimately to

9:58

defend the has the things. The

10:00

advantage they are the people that

10:02

know the thesis and it's culture

10:04

and it gets sly density better

10:06

than anyone else And by leveraging

10:08

ai they're able to on. They

10:10

descend as we sat knowledge and

10:12

stay one step ahead of the

10:14

attacker. I saw this

10:16

recent report about. Deep.

10:18

Sakes a finance for in Hong

10:20

Kong who was stamped out of

10:23

like twenty five million dollars by

10:25

a video call. With will.

10:27

Who they thought was there See a fall?

10:30

But. Turned out to be someone else

10:32

masquerading as they say fuck It doesn't

10:34

surprise me. It's something that. We see

10:36

all the time. the absence nice

10:39

to such as set C B

10:41

T that use a I and

10:43

center says a Isis pray conversational

10:45

praise. Be. The to set a

10:48

lot of us benefits mother's day nice

10:50

but susan it's could benefit from that.

10:52

We seeing. Phishing. Emails Being

10:54

crossed. it's easy need to send a

10:56

linguistic complexity of those emails has got

10:59

fall through their as it becomes much

11:01

easier for people to communicate in a

11:03

way that feels much more natural and

11:05

human. It might not be the first

11:08

language, but suddenly they're able to talk

11:10

in a much more convincing way. That

11:12

means you're more likely to pick on

11:14

that lane for do that. Saying that

11:17

that that and sixty to even do

11:19

otherwise said extrapolating that serve as we

11:21

think about. Enough. Seats renovations make

11:23

it much easier pretty steep sakes.

11:25

whether it's in order audiovisual with

11:28

access to your team's are you're

11:30

testing Is this? whatever it is

11:32

all of which broaden that the

11:34

footprint. The and it's have kids

11:36

but since she signed that way

11:38

infant organization, five sets of really

11:41

complicated and expanding tannins. And.

11:43

Like even of us call. How

11:45

do I know that You are

11:47

really You. And. How do you

11:50

know that you're actually talking to me

11:52

and not someone who's pretending to be

11:54

be? One of the things that we

11:56

try and look for is. the out

11:58

from other the mates is so Often what attackers

12:00

are trying to do is to create

12:03

a quick response that if

12:05

you had time to think about it,

12:07

perhaps you wouldn't do. But if you're

12:09

under pressure, they're trying to create an

12:11

urgency, so you respond before you've had

12:13

the chance to think. So

12:15

it's not about saying, how do I

12:17

authenticate this image that I'm receiving necessary?

12:20

But what is the behavior that has been

12:22

trying to be driven out of this communication?

12:24

Are they trying to create a sense of

12:26

urgency? Are they steering you to a behavior

12:29

that is unusual for your organization

12:31

or you and your behavior? So what

12:33

we tend to look for is not

12:35

saying, is this a threat? But what

12:37

is the outcome of this? And could

12:40

that be threatening to the organization or

12:42

something that's indicative of a behavior that

12:44

you'd want to control? And

12:47

when you find yourself that it maybe is that to

12:49

sort of pause and

12:51

try to find the right way to

12:53

confirm that this is actually something that...

12:56

This business does move at a much

12:58

faster pace than it ever

13:00

has. And so we are being put

13:02

under pressure to act quickly

13:04

in ambiguous situations in a different

13:06

way. Let's take a step back.

13:09

Cyber threats comes wherever

13:11

we mix people and

13:14

technologies. And the gap between

13:16

those two is what an attacker is

13:18

trying to exploit. And if

13:20

we had businesses that had

13:22

no technology, there'd be no cyber threats.

13:25

And likewise, if we had businesses that

13:27

were just technology and had no humans

13:29

in it, they'd be much, much, much

13:31

easier to protect. So it's that combination

13:33

that attackers are constantly trying to push

13:36

their way between. But

13:38

technology is a huge enabler for

13:40

so many businesses. And cybersecurity is

13:43

the thing that allows people to

13:45

embrace that technology. If

13:48

we really do our jobs properly, they

13:50

shouldn't be having to see that through

13:52

a cybersecurity lens. It's

13:54

not really having to have a conversation with me thinking,

13:56

oh, can I trust Poppy? Technology

13:59

has... The Power to be able to

14:01

take care of that and do a

14:03

lot of our understanding and dissemination itself.

14:06

The way you describe it, it's like

14:08

the people are the problem. Like if

14:10

it were just machines talking to me,

14:12

seems we wouldn't have the same risks.

14:14

Without people that would be far

14:16

less. Cyber. Attacks I

14:18

think that says to say. But it's also

14:21

safe to say that people are an essential

14:23

part of what makes our businesses brilliance and

14:25

it.say. see wanna let the people in the

14:27

business focused some what it is that they

14:29

do best. I mention

14:32

the congressional testimony from the

14:34

security folks earlier in one

14:36

of the things that was

14:38

brought up with almost an

14:40

admonition to business that in

14:42

the. Push. To get

14:44

things to market quickly that security

14:46

is sometimes B D emphasized almost

14:48

like there's an underlying vulnerability thread

14:50

the tech business because people are

14:53

rushing to fast My my colleague

14:55

Reid Hoffman or talks about the

14:57

need for blitz scaling that it's

14:59

important to go faster than you

15:01

think you can and less some

15:03

fires burn and you know, put

15:05

products out that may not be

15:07

perfect yet in the lens of

15:10

cyber security such as like a

15:12

bad idea. This. Is the

15:14

idea that software sits be

15:16

secure by design. Whereas.

15:18

A possible people should

15:20

be building products. That

15:23

sense in doubt. Security

15:25

sucks. That it makes. It's just

15:27

his job. Father. And

15:29

I agree with. Let's. Make the

15:31

attack. his job saw that whereas a

15:33

we can as a fast food to

15:35

school but a lot of this is

15:37

based on the idea is it. Gets.

15:40

Sacked will be nine a have. Somewhat

15:43

predictable or repeatable.

15:46

And. The reality is the vast majority

15:48

of these attacks on novel an unpredictable

15:50

and so you can never eradicate all

15:52

risk by building in that secure by

15:55

design that press it's have been

15:57

products. Out quickly is very rare.

15:59

Listen. very real benefit to people

16:01

bringing out things out to market and

16:03

in accelerated fashion. So the

16:06

reality is, is a compromise between those two.

16:08

But the idea that we could eradicate all

16:10

risk, I think, is unrealistic. And

16:13

for you in running your business

16:15

and running DarkTrace, like you are having

16:18

to respond to new threats, novel threats.

16:20

So there's a certain pressure on you

16:22

guys to get products out quickly

16:24

that can do that. And

16:26

at the same time, how do

16:29

you manage that sort of push to get there quickly

16:31

with the need to make your

16:33

own products secure and safe in that

16:35

way? This is the

16:38

brilliance of what we do at DarkTrace.

16:41

So cyber can be

16:43

viewed through two lenses. And

16:46

the first is just as you described.

16:48

So what's happening outside there in

16:50

that big bad world? And who are the

16:52

attackers? And what are all of the known

16:54

attacks? And what do we think that the

16:56

threats of tomorrow are going to be? And

16:59

then lock all the doors and fasten

17:01

all the windows against all of that

17:03

known threat. But the

17:05

reality is something's always forgotten or missed or the

17:07

human whose job it was to lock the doors

17:09

and windows had a bit of an off day

17:11

and didn't quite do it. There's always something that

17:13

goes wrong with that plan. And that's where DarkTrace

17:15

comes in. And we see the

17:18

problem through the opposite lens. So

17:20

instead of saying what's happening out there in

17:23

the threat landscape and what are the baddies

17:25

up to, we say, let's look at you

17:28

and your business and your

17:30

organization and just observe

17:32

the daily ebb and flow

17:34

of digital activity to learn

17:36

your unique digital culture, your

17:38

unique digital fingerprint, if you

17:41

like. And once you

17:43

know that, you can

17:45

always spot when it changes. You

17:48

can find the aberration that says this

17:51

could be a big alarm bell. Or there's something

17:53

very different that doesn't normally happen for your organization

17:55

is happening over here, or it could

17:57

be lots of small crumbs of evidence.

18:00

that come together. It could be a number

18:02

of different things, but we spend our time

18:04

learning and studying the business

18:06

rather than the threat, which

18:09

means when there's a

18:11

big new ransomware attack such as the

18:13

ones that US water facilities

18:15

are currently suffering from, when there is

18:17

a bigger event like that, we don't

18:19

have to come scrambling through and say,

18:21

quick, now let's update the dark trace

18:23

9,000 customers that we're protecting

18:25

for this new form of ransomware. It

18:28

will just find it. By virtue of

18:30

the fact it's not the business that

18:32

it's studying, there's no update or push

18:34

required. The AI learns on the job

18:37

that by virtue of the fact it's

18:39

not normal for that organization. It knows

18:41

that it's a threat that needs to

18:43

be intercepted and controlled. And of course,

18:46

all of this done entirely autonomously, entirely

18:48

by the software and without human intervention.

18:51

And so each installation of

18:53

dark trace for each business is

18:55

effectively different because it's learning from

18:58

that business and understanding that business

19:00

separately. With the passage

19:02

of time, each of those

19:05

installations becomes entirely unique and

19:07

completely bespoke to that organization.

19:10

But when it comes out the box, on day

19:12

one, when that license key is

19:14

typed in, it's exactly the same software.

19:16

Whether you're protecting a global

19:19

financial bank that's got

19:22

offices all over the world, or whether it's

19:25

one of my favorite customers as a small

19:28

hospice down the road from near

19:30

where I live or anything in

19:32

between. It's exactly the same thing,

19:35

which is artificial intelligence that goes

19:37

into that organization and learns unique

19:39

digital DNA. The

19:42

unique digital DNA of an organization.

19:44

That's pretty cool. What

19:46

surprised me most listening to Poppy

19:48

though was her description of cyber

19:50

attacks enabled by software as a

19:52

service providers. I never realized that

19:55

dark web was so business like.

19:57

Next up, Poppy is going to

19:59

explain the of running a

20:01

business where best case for

20:03

your clients, nothing happens. We'll

20:05

be right back. We'll be back

20:08

in a moment after a word from our

20:10

premier brand partner, Capital One Business. They

20:15

saw a very young woman who had never owned a

20:17

business before and thought the fight they were

20:19

going to fight was going to be the one against

20:21

me because there were a bunch of other

20:23

restaurants opening, but no one went after

20:25

them as hard as they would after me. These guys

20:28

wouldn't give up. We're back

20:30

with Washington, D.C. restaurant owner Rose Preffitt.

20:32

A decade ago, she was

20:34

opening her first restaurant, Compass Rose, in

20:36

the rapidly gentrifying 14th Street corridor.

20:39

But some disapproving members of the community were

20:41

determined to stop her, so Rose pounded the

20:43

pavement in search of support. We

20:46

knocked on doors and got hundreds of

20:48

petitions signed by our neighbors, and

20:50

eventually we did win. And

20:52

what ended up happening is those people felt

20:54

very invested in our cause. So when Compass

20:57

Rose opened, all those people came. Rose

21:00

was dedicated to her vision, and that grit would

21:02

prove essential as she faced the challenges of

21:04

being a first-time business owner, says Lauren Tresco,

21:07

head of brand partnerships and insights at Capital One

21:09

Business. When you're starting

21:11

out as a business owner, it's really easy to get

21:13

discouraged. The challenges you

21:15

have to face are daunting and constant.

21:17

In order to succeed, you really have

21:19

to be your own biggest advocate. But

21:23

getting a liquor license would only be the

21:25

first hurdle Rose faced, because in the middle

21:27

of D.C., she wanted to serve food, cook

21:29

outdoors, over an open fire. We'll

21:32

hear about that later in the show. It's

21:34

all part of Capital One Business' Spotlight

21:36

on Entrepreneurs, following Reed's Refocus Playbook at

21:38

all levels of scale. She

21:42

wanted to serve food, cook outdoors, over

21:44

an open fire. We'll hear

21:47

about that later in the show. It's all

21:49

part of Capital One Business' Spotlight on Entrepreneurs,

21:51

following Reed's Refocus Playbook at all levels of

21:53

scale. The

22:00

Break: We heard Dark Tracy, a

22:02

Poppy Gustafsson talk about the rapid

22:04

evolution of cyber threats and how

22:07

Ai is both an accelerant and

22:09

a tool for defenders. Now we

22:11

go into the odds psychology of

22:14

running a cyber security business plus

22:16

cyber impacts on elections handling problems

22:18

the don't have answers and more.

22:21

Let's get to it. You

22:23

mentioned serve the traditional way that

22:25

cyber security works desert an organization

22:27

needs that along with dark Price

22:30

like is Dark Trace a supplement.

22:32

You. Need a combination? The Princess. Sit.

22:35

Separately and organize a sin well.

22:37

Six. Zero bucks. Last line defense will

22:39

be on s threat face. You know

22:42

who the attacks at the past? You've

22:44

got that maria de mer of what

22:46

has happened historically. Let's

22:49

not suffered a same attacks against

22:51

the perimeter Aggie whoop seat states

22:53

out unless you're anti viruses that

22:55

you fireballs. But the

22:57

moment that something gets through, that's your

22:59

next line of defense By definition, can't

23:01

be relying on the same approach each.

23:03

It's to see the problem from it's

23:05

different sectors and that's what we do

23:07

here. It outright. And

23:10

then once. Your. Group may

23:12

be identifies that. The firewall's

23:14

technology will then be adjusted to try

23:16

to block those kinds of attacks right

23:18

then you're looking for the next. Exactly

23:21

says it's evolution. Avast as a

23:23

business has gone really sucks through

23:26

three chances and the sources say

23:28

this to say. We've. Identified

23:30

an attack and alarm bell would ring and

23:32

will say yes who and we think yes

23:34

groups of that. But. Very quick

23:37

even realize it at some react to

23:39

the plates wasn't enough that you can't

23:41

simply be another alarm bell ringing. And

23:43

so he moved into what I think

23:46

of is like the Axis say the

23:48

Middle period as of.faces lies to date

23:50

it's not enough. For me simply

23:52

telling Bold that he's been attacked.

23:55

We need to so both by stopping

23:57

at talking, taking it out. So d.

24:00

you autonomously make changes within that organization to

24:02

stop the attack within its tracks. And that

24:04

is done by the software itself. It's done

24:06

by the way it integrates with the rest

24:08

of the technology stack. But it's about saying,

24:10

you have been breached, but we're going to

24:13

stop it right now. So you might have

24:15

lost a few files, but you're not losing

24:17

a whole bunch of data. And

24:19

then the most recent phase is what

24:21

we call the proactive phase. So

24:24

given we have this unique understanding

24:26

of your organization, you very quickly

24:28

gain an understanding of how this

24:31

organization is uniquely vulnerable,

24:33

where its crown jewels are.

24:36

There's a window that's been left that we

24:38

can identify that window slightly ajar, but it

24:40

only goes to the stationary room. That's probably

24:43

not high risk. Whereas

24:45

over here, this door is unbolted

24:47

and that takes you to the

24:49

crown jewels. How do we proactively

24:52

wrap a blanket around that risk

24:54

and actively harden against those? So

24:57

you end up with this wonderful

24:59

virtuous circle where each phase feeds

25:01

into the next. And only

25:03

because you have that really rich understanding of

25:06

how best to respond to an in-progress

25:08

threat, would you then think, oh, we

25:10

now know how to proactively harden against

25:13

that in a way that's unique to

25:15

that organization, which then means you're more

25:17

uniquely to able to understand when that

25:20

business is breached and so

25:22

on and so forth. So you end up with this lovely

25:25

virtuous circle where each part informs

25:27

and enforces the other. You

25:29

really get excited about this. I love it. I

25:33

love it. You

25:35

just, you light up about the

25:38

sort of, the structure of all this. I

25:40

think it's because I'm a mathematician.

25:42

I studied maths at university and

25:44

I loved my maths lecture, but

25:46

in those days, it was a

25:48

big overhead projector and people were

25:50

writing formulas and then algorithms and

25:52

projecting it onto this big white

25:54

board and it felt very serial

25:56

and filled with people with leather

25:58

patches on their back. elbows and

26:00

now I am here running a

26:03

business where that mass, that

26:05

very same mass that we studied

26:07

all those years ago is solving

26:09

real life problems on real data

26:11

for like real organizations that all

26:13

of us benefit from and seeing

26:15

that mass in action is just

26:18

very exciting. It's kind of a

26:20

strange business that DarkTrace is in because in some

26:22

ways and you mentioned the new threat

26:24

report that came out like bad

26:26

news in the industry is

26:29

kind of good news for you

26:31

right because the more trouble there

26:33

is out there the more people

26:35

need what you have. No

26:37

I think very quickly want to avoid any of

26:39

that sort of ambivalent chasing behavior but I think

26:41

for me it's cyber security's

26:44

got such a pessimistic view. Whenever

26:46

you talk about cyber security people

26:48

imagine that person in IT that's writing their

26:50

finger and saying don't forget to update your passport

26:52

or else and you feel like it's you know

26:55

oh god I don't get this right and the

26:57

world's gonna it always feels like that you're

27:00

being told off and you have to

27:02

do this or else but it's a

27:04

very sort of critical or negative perception.

27:06

For me cyber security is such

27:08

a huge enabler like we all

27:10

love tech and we all love

27:13

seeing innovation that's happening throughout society

27:15

and cyber security is

27:17

the tool that enables you

27:19

to embrace that technology into your business

27:21

and explore it in a way that

27:24

if the worst were to happen you'll

27:26

still be okay. But

27:28

is this strange to be operating a business

27:31

where like in the best-case

27:33

scenario like nothing happens like

27:35

you prove your value by

27:37

by nothing happening? I

27:40

mean if we wanted a round of applause it would all go

27:42

and work for the circus wouldn't me. I do think it's if

27:46

we do our job right no one knows that

27:48

you've ever been there. We've got

27:50

customers we've got a wonderful neonatal

27:52

unit where those doctors and nurses

27:54

are doing a real job of

27:57

caring for babies

27:59

and they're relying on a lot of tech in

28:02

order to be able to do that

28:04

properly. And if DARTO

28:06

does its job right, they can just

28:08

take that tech for granted. There's

28:11

a lot of discussion in the

28:13

US about the integrity of

28:15

elections and whether results

28:17

can be trusted and whether bad

28:20

actors from Russia or other places

28:22

can influence things. From

28:24

your perspective, how much of that

28:26

is sort of conspiracy theory and

28:29

how much of it is real?

28:33

I can't comment specifically on terms of the

28:35

election, but when it comes to cyber

28:38

threats, attackers

28:40

are intentionally exploiting

28:43

human vulnerability to their own

28:45

advantage, trying to shape their

28:47

behaviors in a way that

28:50

is advantageous to them. I can

28:52

see how that translates to another

28:55

world when it's changing perceptions or

28:58

influence. I can absolutely see

29:00

that people will be driving to those ends.

29:02

And the idea about sort of hacking

29:04

into voting machines and

29:07

tabulation data and things like that,

29:09

that if that's happening, that is

29:11

probably more happening through

29:14

a human interface than a

29:16

technical one. Again,

29:18

it's always that interface between the

29:20

humans and the technology. And

29:24

attackers will be leveraging

29:26

their influence to change human

29:29

actions, to gain an entrance

29:31

into technology that they wouldn't

29:33

otherwise have that access to.

29:36

As a business leader, aside

29:39

from the specifics of cybersecurity,

29:41

is it getting harder

29:44

to run a business

29:46

and the role of what business

29:48

plays beyond its

29:51

shareholders? Running a business is always

29:53

hard because you're dealing

29:55

with stakeholders that are changing and

29:57

they're once a niece. Hunt

30:00

for a change a sort. Of Balance

30:02

says like coat sir' and

30:04

principles but business leaders fries

30:06

in that change and. If.

30:09

It was easy we wouldn't

30:11

need sea ice. I

30:13

mean only the hard questions should reach

30:15

your desk, right? But I guess if

30:17

you're a mathematicians, you like hard math

30:19

problems. Wow that. but the thing

30:21

about math problems is there is always an

30:24

answer as have with business problems is as

30:26

not always an obvious answer. He.

30:28

Has so have you decide. And.

30:32

Quit. See. Wins. And lot

30:34

is. Good. Advice some people that you

30:36

trust. Around see and with

30:38

and understand a seat. get it

30:41

wrong with sometimes you will. He.

30:43

Time. Change. Your mind

30:45

and forth correct and it's ha. Well

30:48

puppy this has great! Thank you so

30:50

much for spending time with us! Really

30:53

prescience. Alice of Brooks I said something to

30:55

me Thank you both. I. Could

30:57

have talked to Poppy for hours.

30:59

The window she offers into the

31:01

whole ecosystem of cyberthreats fascinates me.

31:04

The idea of it, say I

31:06

can keep us head of the

31:08

baddies as she calls them is

31:10

pretty compelling. But then there's the

31:12

reality that bad these are putting

31:14

those tools to work to and

31:16

you just have to come away

31:19

recognizing that like every other area

31:21

of business today, it's cyber security

31:23

is moving faster with more unknowns

31:25

requiring more attention than favour. whenever.

31:28

The promise of a I and technology

31:30

and I really believe in both. Our

31:32

world certainly isn't getting simpler. About.

31:35

Sassy And thanks for listening! And

31:38

now a final word from our

31:40

brand partner, Capital One Business. There's.

31:44

a road some tbilisi to western

31:46

georgia lines with women have burns

31:49

up and down their arms and

31:51

they're all making a sin and

31:53

mean it's honey raisin bread they're

31:55

all competing and they're holding a

31:57

piece of the bread and waving

31:59

it at you in the hopes that you'll

32:01

stop at their hut. We're

32:04

back one more time with restaurant owner Rose

32:06

Previtt and those women who bake bread in

32:08

backyard ovens had given her an idea. I

32:11

really, really wanted to have a fire outside,

32:16

but the health department shot me down hard.

32:19

But Rose had the fortitude to pursue her goal and

32:22

that meant rethinking how she'd get there. What

32:24

if she opened a second restaurant, one

32:27

that could accommodate an indoor fire? I

32:30

walked into this 140 year old warehouse, I

32:33

saw super high ceilings and this steam shaft that

32:35

was very rusted, but I had a feeling went

32:37

through the roof. I was like, I think I

32:39

can put the fire there. Midon's

32:42

charred eggplant and scorched flatbread have won

32:44

the restaurant its first Michelin star. Rose

32:47

has since added a third restaurant and a

32:49

wine importing business to her portfolio. And

32:52

she wouldn't have been able to do it without

32:54

grit, says Lauren Tresco of Capital One Business. Rose's

32:57

story is such an inspiring example of how

33:00

important it is to have tenacity when it

33:02

comes to building a business. So

33:04

many elements need to align in order to

33:06

scale your company and navigating that journey takes

33:09

fortitude. Capital

33:11

One Business is proud to support entrepreneurs

33:13

and leaders working to scale their impact

33:15

from Fortune 500s to first-time business owners.

33:18

For more resources to help

33:20

drive your business forward, visit

33:22

capitalone.com/Business Hub. Again,

33:24

that's capitalone.com/Business Hub.

33:27

As with every ad on Masters of Scale,

33:29

the entrepreneurs you just heard from were real

33:31

and unscripted. Because Capital One is

33:33

a financial institution, it's important to them

33:35

to be transparent about their relationship with

33:37

the entrepreneurs we interview. Some of

33:39

these entrepreneurs are Capital One customers and some

33:41

aren't. Capital One did compensate all

33:43

of them for participating in this campaign. Masters

33:48

of Scale Rapid Response is a Wait

33:50

What original. I'm Bob Safian,

33:52

your host and Masters of Scale's editor

33:54

at large. Our executive producer

33:57

is Chris McLeod. Our producers

33:59

are. Chris Gautier, Adam

34:01

Skusz, Alex Morris, Tucker

34:03

Legersky, and Masha Makotonina.

34:06

Our music director is Ryan Holiday.

34:09

Original music and sound design

34:11

by Eduardo Rivera, Ryan Holiday,

34:13

Hayes Holiday, and Nate Kinsella.

34:17

Audio editing by Keith J.

34:19

Nelson, Stephen Davies, Stephen Wells,

34:22

Andrew Nault, Liam Jenkins, and

34:24

Timothy Lu Lee. Mixing

34:26

and mastering by Aaron Bastinelli and

34:28

Brian Pugh. Our CEO

34:31

and Chairman of the Board is Jeff

34:33

Furman. Wait what was co-founded

34:35

by June Cohen and Darren Tripp. Special

34:38

thanks to Jodine Dorsay,

34:41

Alfonso Bravo, Tim Cronin,

34:43

Erica Flynn, Sarah Tartar,

34:46

Katie Blasing, Mary Elterrecker,

34:48

Chineme Ozuquena, Colin Howard,

34:51

Brandon Klein, Sami Aputa,

34:54

Kelsey Saison, Luisa Velez,

34:56

Nikki Williams, and Justin

34:59

Winslow. Visit Masters of

35:01

scale.com to find the transcript for

35:03

this episode and to subscribe to

35:05

our email newsletter. I'm

35:19

looking for a way to get listeners

35:21

to leave us a five-star

35:23

review on Apple Podcasts. Do

35:25

you have any suggestions? Absolutely.

35:29

One effective way is to engage with

35:31

your listeners directly during your episodes. Remind

35:35

them how much a five-star review can support

35:37

your show. What about

35:39

to try to convince listeners to

35:41

share one of their favorite episodes

35:43

with somebody in their life? Do

35:46

you have any suggestions for that? Certainly.

35:49

People love to share content that has made an impact

35:51

on them. So, remind your

35:53

listeners how sharing an episode can

35:55

start meaningful conversations with friends or

35:57

help others discover insights they've had.

35:59

benefited from. Would it

36:02

be okay if I use maybe our conversation

36:04

as a segment on the show? That

36:06

sounds like a creative approach. Using

36:09

a meta-conversation about engaging

36:11

your audience as a segment could

36:13

be