Speaker 3
And it sort of cuts both ways that way, which is these organizations, I think, have taken the paybooks of, like, again, legitimate organizations as far as how they grow themselves as a business. And so when you see them organize themselves to be able to do research and development around things like vulnerabilities for supply chain attacks, as we just previously mentioned, that is, that is, again, something that's disconcerting, but their willingness to reinvest in their business and to sort of innovate more quickly is it's disconcerting, but it's also, great frankly, it's something that we need to look at from a defenders perspective as well, which is doing things just because we've always done them that way, or using services that we've always just used is something that we need to take a very close look at, because they only do what works. And obviously, if they weren't successful at it, they wouldn't be in business. And so from that perspective, it's something that I think they've taken a lesson from, like, other organizations, and we need to take a lesson from them as
Speaker 1
well. That's a really interesting point that, you know, I don't think any of these groups or probably criminals in general feel particularly constrained by, that's the way we've always done it. I don't know, maybe the mob in New Jersey has some of that. I don't even know if they do. But Sean, what do you think? Like if you're running a business, owning a business, like are there things that you're seeing go on with these criminals that you could steal and use to make your own legit business better? And I don't mean get into ransomware for heaven's sake. I just mean, you know, things about the evolution of their tool sets or the rebranding or whatever it is that you see going on. Well, I'm going to go a slightly different angle. I'm going to follow on some of what Sasha said.
Speaker 2
But if you think about innovation in business, right, and you've seen a lot of, you know, of books and academic studies come out about this from the Harvard Business School and from others. Right. So I'm talking stuff from Christiansen, from Drucker, from Porter, from Rees, right? All these books talking about how do you grow and innovate in your enterprise? And what we're seeing in these ransomware groups is them following these playbooks super efficiently. In part, because they don't care about certain laws. They don't care about certain regulations. So it's untamed market forces. I'm low to say that, but it kind of almost feels that way where these groups are innovating in the technology, they're innovating in the business scape. They're trying to find their product market fit, if you will, and trying to determine how they can, you know, get to their outcomes quickly. So from our perspective, then, then number one, I have to give them respect for doing this work that they're doing. But number two, if we know that they're doing this class up startup playbook, then you just to go into this business mode of thinking and say, well, there are avenues for attack here that
Speaker 4
we can run from a business
Speaker 2
perspective and not just from a technology perspective. And the prime example I will give here is when the brand gets too well known and becomes toxic and they have to rebrand, that still takes time and energy away from these groups that they could be spent otherwise attacking people. So there are different avenues we can think of for
Speaker 4
how we deal with these
Speaker 2
various groups in their affiliations. Yeah. Excellent point.
Speaker 1
All right, well, well, thank you both for helping folks understand more about what's changed, what's stayed the same. And I, as I mentioned before, the report itself will be linked in the show notes, so be sure to check that out. And so now we're going to take a short break and then we're going to come back with both our hoodie ratings for ransomware and then our fun game, gold, guidance and grievances. So don't go anywhere. We'll be right back. Hey, oh, security nerds. And obviously that's a compliment we all on the Breaking Badness crew certainly consider ourselves proud security nerds.
Speaker 4
If you're enjoying this
Speaker 1
show, why not take a moment to share it with a friend or 20? And if you have another moment, a review and rating will really help us spread the 10 chocolate chip goody love all over the series of tubes. I'm not sure that sounded right. Well, anyway, we couldn't do this without you, our audience. We're so glad you're here. And now back to the show. All right, welcome back. And usually we do the hoodie rating before we take our break, but I thought let's, let's change it up a little bit this week. So now I come back to our hoodie ratings. And usually we do these on individual stories that are more narrow in scope than the whole ransomware thing.