Increasingly over the past few years, we have seen the worlds of cyber and physical collide. This is creating new risk for organizations everywhere—especially as cyber threats rise at an exponential pace and ramifications from physical events continue.
One company at the forefront of this trend is Dataminr, the leading real-time information discovery platform. Via its cutting-edge AI platform, it delivers the earliest indications of high-impact events, emerging risks and other business critical information far in advance of other sources. The result is faster response, more effective risk mitigation and stronger crisis management for public and private sector organizations.
NightDragon recently sat down with Dataminr CEO Ted Bailey to talk about what he is seeing around the evolution of cyber-physical convergence as a major industry trend, as well as how chief information security officers (CISOs) and chief security officers (CSOs) are using real-time data to enable their teams to respond to threats more effectively and efficiently. Here is an excerpt of that conversation, which has been edited for clarity and length.
At NightDragon, we talk a lot about this concept of cyber-physical convergence. How have you watched that trend evolve?
For me, it started with Jen Easterly, now the Cybersecurity & Infrastructure Security Agency (CISA) Director. At the time, she was at Morgan Stanley and had stood up a center that brought together cyber and physical risk and then brought Dataminr’s detection system into that environment. That opened my eyes to the potential for taking detection of the physical world at large and integrating it into complex cyber issues and questions.
We’re seeing that same trend across more and more leading organizations whose CISOs and CSOs are recognizing that threats happening in the digital and cyber realm call for real-time information and warnings about what’s happening in the physical realm in order to get a cohesive view of the broader threat landscape. This could be geo-localized events, like a fire or flood that could affect a data center or OT infrastructure, or it could be signs of a large-scale geopolitical development like the Russian invasion of Ukraine. Early warning in the latter case allowed Dataminr cyber customers to raise their shields from a defensive perspective, knowing that Russia might be more active in the cyber space during the conflict.
Those are just a few examples of what is possible. We have the capabilities now to alert on cyber and/or physical events earlier than ever before—24 hours a day, 7 days a week, 365 days a year. What that provides to a CISO or CSO is essentially an early warning to an event that could pose a number of different cyber or physical risks.
Can you share an example of an area where you’re seeing cyber and physical threats converge?
One trend that we’ve seen rising in the last few years is ransomware attacks and their effect on physical systems, which in many cases has had a catastrophic impact on economies and essential utilities. The Colonial Pipeline attack is a perfect example of this. By integrating data sources across areas like global social media platforms, internet forums, the deep and dark web, cyber infrastructure signals, vulnerabilities feeds and more, we can accelerate the time to detection and notification about a potential event. At a time when just seconds or minutes matter, this early detection can help prevent an attack from causing wide-scale outages or other negative effects.
How do you prevent this early detection from being another data feed that a CISO must look at? Can it enable a CISO to better manage the vulnerabilities they receive?
Many CISOs and CSOs we talk to are overwhelmed by the number of Common Vulnerabilities and Exposures (CVEs) they receive. It can be very hard for them to prioritize which ones to patch, especially if that requires bringing down mission critical systems. With additional data, provided as soon as the CVEs are detected, we help security leaders track emerging risks, contextualize them and prioritize which ones may pose the most risk to their organization based on data feeds from the deep and dark web, infrastructure signals and other areas. That’s been of critical value.
Talk about how these trends fit into your vision for Dataminr.
Dataminr has been around for approximately 12 years. We started in the public sector focused on the physical threat side, leveraging hundreds of thousands of data sources to detect events across the physical landscape when they first happen. What we found was that corporations really needed these types of indications and warnings as well. So, in the last few years, we brought our capabilities to a number of use cases across corporate environments.
Now, two thirds of the Fortune 50 and more than half of the Fortune 100 are leveraging our AI platform and our capabilities to detect events and risks across the world when they happen—for employee safety, executive protection, physical security, asset protection, and more. As cyber-physical convergence continues to grow as a trend, we are expanding those same capabilities to CISOs and other cybersecurity leaders for a single view across cyber and physical risk.