Cyberattacks – the cost of doing business: Ning Wang

For those who prefer to read, below is a transcript of the video.

My name is Ning Wang. I'm CEO of Offensive Security, which is a cybersecurity training and certifications company. I worked at McKinsey many years ago in the L.A. office.

Takeaways from McKinsey

I learned a lot from McKinsey, and I always tell people I cannot believe how much I benefited from the years of working at McKinsey. Two things were really important to me. Firstly, McKinsey really taught me how to think strategically, and secondly, how to problem-solve. In business, we solve problems. It could be a marketing problem, a sales problem, an operational problem. McKinsey is really big on teaching you how to do a hypothesis-driven, 80/20 approach in problem-solving and it becomes second nature. I use those skills all the time.

Moving into cybersecurity

I worked with a really good mentor and friend, and at the end of our work together, we were trying to figure out what to do next. At the time, I really wanted to do something that would be meaningful, not just as a career, but something that would have impact in the world, in the community. I picked two areas of interest. One was fintech, the other one was cybersecurity. And then a cybersecurity opportunity came up, which was at HackerOne. My mentor was (and still is) the CEO, and I followed him there. We were at HackerOne for three years together. I was CFO and COO, and that was my entry into cybersecurity.

The evolution of cyber threats

In the last five years, there has been a significant increase in digitization in the workplace. And also in the last couple of years, because of the pandemic, remote work has been so much more prevalent. What that means is that attack surfaces are so much bigger. There are more systems, more devices, and more end point for the “black hackers”, the bad guys, to attack. So in terms of the type of vulnerabilities, it hasn't changed that much. So in terms of volume, there's a significant increase. But in terms of the nature of the attacks, in terms of what has been happening, that hasn't changed that much. Hackers exploit human weakness through phishing or social engineering, and through that they escalate their privilege, and they get their payload into sensitive areas and then take either the data or take control over the system. So the type of things that you see hasn't changed that much, but the volume has changed, and the attack surface is much bigger now.

Mitigating risk

You know, with the way we live and the way we work, our lives are filled with digital technologies. It's no longer just phones, it’s also basic infrastructure. So I'm sure people heard about the Colonial Pipeline. That's our basic everyday living infrastructure. So what happens is that the way to solve cybersecurity problems is to make sure you design systems with security in mind. But the fact is, we're living with so much technology in everyday life and everyday work. And those systems are old, and it's not possible to replace all of them. So there will be vulnerabilities in our systems. However, if we are mindful and intentional, if we actually acknowledge that cybersecurity is important, we can protect these key infrastructures, key systems, and key networks that will help improve the overall security of our society.