Interview: Crowdstrike’s Zeki Turedi on Covid-19’s long-term impact
Wed 29 Apr 2020 | Zeki Turedi
Crowdstrike has been preparing for the remote workforce for over eight years
At the time of writing, the majority of the world’s governments have effected stay-at-home measures, mass confinements which would be unnavigable for businesses without cloud software and infrastructure. If we didn’t appreciate it before, the sheer power, necessity, even, of cloud computing has been keenly felt in recent weeks.
A persistent narrative since the onset of these corona-induced dynamics has been cyber security. Companies at the beginning of cloud journeys before Covid-19 have compressed cloud adoption strategies from months to days. Big bang approaches by their very nature cause security teams to sweat. Combine that with the fact that more attackers than ever are mobilising to take advantage of security holes, solutions that can secure data travelling across these new environments quickly and effectively are in high demand.
“Attackers, criminal organisations, nation-state and targeted hackers understand we are taking this higher risk, and that we’re very susceptible and vulnerable,” says Zeki Turedi, technology strategist at cyber security company Crowdstrike.
You could argue that Crowdstrike has been preparing for a redistribution of the workforce since it was founded in 2011. Based in California, the company was conceived on the notion that companies are steadily ramping up remote operations. Its cloud-based SaaS security offering protects all the endpoints that facilitate remote working, like employee computers and smartphones, cloud workloads, servers, and other network-connected equipment.
Long before Covid-19, Crowdstrike’s bet on remote working was paying off and the company was on a sharp upwards trajectory (in the first quarter of 2019, subscription revenue totalled $86 million, representing a 116 percent growth year over year). The pandemic has simply accelerated the number of businesses in need of cloud-based security platforms that guard company data across cloud and on-premises environments. “People are realising they need to expedite adoption of security solutions that can protect them during the pandemic, but also for what happens next,” explains Turedi.
Stay at home restrictions are not ideal for a company that’s phones are ringing off the hook with new customer enquiries. But these measures haven’t really affected the company, says Turedi. In keeping with its vision of the future of work, 70 percent of Crowdstrike’s workforce was remotely connected to the company’s internal infrastructure before lockdown measures were rolled out.
“Remote working is at the core of our ethos, and we make sure we hire accordingly. Of course, we have offices, but commuting to them was more out of choice. The way we communicated before is very much the way we’re communicating today.”
Accordingly, Crowdstrike was well-positioned to quickly assist those organisations looking to quickly implement new endpoint protection capabilities. “We can go as fast as the customer wants us to,” says Turedi. In some cases, the company has had large organisations with hundreds of thousands of endpoints up and running within a few hours. “We can make sure they get to their end goal as quickly as possible.”
Crowdstrike’s existing customers haven’t really been phased by recent events, either. Turedi says there was an initial “panic”, prompted by many having to quickly respond to new changes rapidly. But this quickly cooled once Crowdstrike reassured them they had everything in place. “A lot of our customers are in the middle of their digital transformation journeys, so even though some projects have been expedited, the infrastructure is supported,” he says, adding that most have only had to deal with minor inconveniences like extending VPN licenses.
A large part of Crowdstrike’s appeal is that it caters to the “hybrid workforce”. That means it can handle the eventual transition back to offices from homes just as easily. “We don’t mind where the employee is. If it’s a laptop or desktop or mobile device or in a cloud environment or a physical data centre, our job is to protect the business assets, no matter what type of threat it is,” Turedi says.
Cyber attackers thrive on fears running through society. As we have seen in recent weeks, the Covid-19 “hook” has provided a global theme that hackers have eagerly latched on to.
According to Barracuda Network researchers, there was a 667 percent rise in Covid-19 related phishing incidents in March compared to February, taking the total related to the pandemic to 9116. Attackers are ditching fake email inviting victims to conferences, say, with emails that falsely allege they have been caught in breach of lockdown measures. Additionally, groups deploying Ryuk ransomware have targeted ten healthcare organisations in the last month, according to SentinelOne.
Looking to the future, Turedi says that – positively – the pandemic has served to publicise the efficiency with which hackers mobilise around an opportunity and underscored their preferred tactics. “We’ve always known that actors are very quick to change their modus operandi depending on geopolitical changes,” Turedi says. “The reality is they will do anything possible to try and target you while your guard is down.”
Turedi adds he hopes the pandemic will also eliminate misconceptions held by some organisations about the insecurity of the cloud, and bring cyber security even further to the forefront of business considerations. “We hope businesses realise that cyber security is a necessity and the threats are real. It usually takes something like a pandemic to make people appreciate important truths. I hope we’re able to gather enough information today during this situation to make sure we treat cyber security seriously in all areas of business.”