Crowdstrike Co-Founder & CEO George Kurtz joins Yahoo Finance Live’s Daniel Howley from the CES 2023 tech conference in Las Vegas, Nevada, to discuss improved cybersecurity, e-crime, consumer electronics, and the outlook for cybersecurity in the new year.
BRIAN SOZZI: It was a big week for tech. And Yahoo Finance’s tech editor Dan Howley had a front row seat to all the new announcements from CES. He had a chance to speak with CrowdStrike CEO George Kurtz and got his thoughts on the conference and key cybersecurity risks.
GEORGE KURTZ: You’ve got to look at what the constant is. And for me, just walking around the show, there’s really two constants. And that is everything has an IP address, and everything has an app that goes with it. And then, obviously, what that means is there’s always security risks that are associated with being connected like this. So I think just everything from crazy health gadgets to car innovations, it’s all here. And it all needs to be secured.
DAN HOWLEY: I guess when you look at what companies need to be doing better as far as cybersecurity, right, you know, we talked earlier with Jen Easterly, the director of CISA. She basically discussed how they need to make their software more secure from the jump. I guess, where do you see the need for improved cybersecurity? Where do you think we need to see bigger investments?
GEORGE KURTZ: Well, it’s a great question. And I just finished up a panel with Jen. And part of what we talked about is when we think about consumer electronics and the security problems, number one, it starts with we should put the burden back on the consumer. These devices should be secure out of the box. And they should be maintained secure for their lifetime.
And part of the challenge that we’ve seen is that over the lifetime of a product, some of these products are around 10, 12 years. Take an IP camera, right? These are things that are not changed easily. And really, security becomes an economics problem, which means that the camera manufacturers are onto the 10th generation. But people are still using the old technology. And there isn’t a financial incentive to keep things updated, right? There isn’t– they just go out and decay, and they become orphaned. And this is really where you see risk.
So I think part of what we’re looking at here and what we do at CrowdStrike is how do we secure some of these devices. But I think in general, from an electronics industry perspective, they’ve got to think about how long they want to support these devices and building them secure out of the box.
DAN HOWLEY: I guess, just in light of the current economic climate, we’re seeing some people pull back on spending. What do you kind of advise companies to do? You know, cybersecurity isn’t something that stops just because you don’t want to make the investment. You can’t make the investments. So what do you say to companies when they might want to pull back on spending on cybersecurity?
GEORGE KURTZ: Well, I just have to look at my own experiences. I’ve been through several recessions. I’ve been at security for a long time. And I’ve been through many recessions, right? Not just this one, or we’ll call it a recession in probably six months. But what tends to happen is that the adversaries and particularly the e-crime actors become more active. Now, why is that?
Well, there’s less people, right? We saw the layoffs. There’s layoffs, tech going all over the place, right? Less people to actually mind the store. Identity-based attacks, which are really, really important to guard against, are up, right? So you’ve got people who are gone, access that’s generally not terminated all of the time, and you don’t have enough people minding the store. It really is the perfect storm for cybercrime actors. And that– it doesn’t mean your risk is going to go down, even though the stock market does.
DAN HOWLEY: Right. I guess, when you talk about the current state of cybersecurity, is there anything in particular, you know, 2023 going forward, that you at CrowdStrike are keeping a focus on? I know we had had hacks of municipalities in the US hospitals. What, going forward, is kind of the big, I guess, canary in the coal mine for cybersecurity?
GEORGE KURTZ: Well, when we think about where we are today in these electronics, a lot of this plays into critical infrastructure. It’s not just about your iPhone, right? It’s about many of these systems that are in critical infrastructure. A lot of these companies create technologies that are used there, right? So we’ve got to make sure that we safeguard our critical infrastructure.
So we’re always keeping tabs there. And then really, the focus doesn’t change from what it’s been for many years. It’s to stop breaches, right? And that could be in a consumer electronics device. It could be in a Windows operating system or anything in between. Even now cars, they’re all computer– I mean, there’s computers, hundreds of computers, right? And we think about autonomous driving.
So it’s really about doing the basics, right, making sure that the right hygiene is there, and the software and systems are kept up to date, and that they’ve got technologies like Crowdstrike to protect those systems using advanced AI so that they can’t be breached. And, you know, I started the company in 2011. It’s our same focus, stopping breaches. Whether it’s today or tomorrow, that’s really what we’re going to be focused on for our customers.
DAN HOWLEY: And then just for our viewers and our readers, for the average person, how do you protect yourself, right? I mean, I just got yesterday an attempted phishing attack through text message.
GEORGE KURTZ: Right.
DAN HOWLEY: Right? You know, my dad fell for a phishing attack– sorry, Dad. So I guess, what do you say to the average person to kind of make them feel safer?
GEORGE KURTZ: Well, what can the average person do? I think in their daily lives, it’s really a matter of safeguarding their credentials. That’s probably the number one thing they can do. Keeping their systems up to date, just turning on the switch. Let Microsoft or Apple or whatever or Android update when they have to– start there. And protecting those passwords, we see so many times that people just reuse passwords.
And if one site is compromised by no fault of that user, it means that their credentials can be exposed across multiple sites. And that’s typically where you see these data breaches. Use things like these various password keepers that can create more secure passwords. And make sure that you’re not going to a text email that says, hey, you’ve been fished, or your Amazon package has been delivered. Log in here or what have you. If you have any–
DAN HOWLEY: That almost got me, yeah.
GEORGE KURTZ: Right? OK, right if you have any questions and you want to be sure– PayPal– don’t click the link. Just go to the PayPal website, log in, and see if it’s for real.
BRAD SMITH: That was Crowdstrike CEO George Kurtz with our own Dan Howley out there at CES in Las Vegas.