Akamai sees doubling in malicious internet traffic as remote world's bad actors boom, too
- Akamai Technologies has tracked a doubling in cyberattacks quarter over quarter and an "enormous increase" in online extortion attempts.
- CEO Tom Leighton says "zero trust and security in the cloud" is the price for moving so much of the world online so quickly as a result of Covid-19.
Akamai Technologies' CEO Tom Leighton is impressed by the amazing traffic levels on the internet during the coronavirus pandemic, and the world technology infrastructure's ability to handle it. But during the stay-at-home boom, the web and cybersecurity expert also has been closely watching a boom in bad actors.
With so many people working from home, hackers are taking advantage, and massively increasing the number of attacks as daily routine changes caused by the pandemic are prolonged, and become potentially permanent.
"I think the threat actors are trying to take advantage of the pandemic, and of course, the prize is greater now that so much business has moved online," Leighton told CNBC's "Squawk Box" on Wednesday.
Quarter-over-quarter — Akamai reported its Q3 results this week — the cybersecurity and cloud computing company has tracked a doubling of what Leighton called "malicious traffic" as telecommuting makes for easier targets.
"People are working remotely, and are less secure, and lots of enterprises still haven't totally caught up with security," he said. "The threat actors are working very hard," said the Akamai Technologies CEO, who will speak on cybersecurity challenges for the digital economy at the CNBC Technology Executive Council virtual summit on Thursday.
Companies have figured out how to enable employees to work remotely, but not how to be secure.Tom LeightonAkamai Technologies CEO
Leighton also said that in the last couple of months, Akamai Technologies has seen an "enormous increase" in DDoS extortion attacks, mostly threatening financial institutions and national stock markets. One recent example was New Zealand's stock market, which was targeted in September.
DDoS stands for distributed denial-of-service. According to the Department of Homeland Security, these attacks are designed to target multiple machines and are used to render key resources unavailable. A classic DDoS attack, for example, disrupts a financial institution's website and temporarily blocks the ability of consumers to bank online. But it doesn't have to be a bank. It can be an attack that targets any network or servers within an enterprise and sends so much traffic that services are slowed or taken offline.
While a DDoS attack is not a new approach, and is one of the least sophisticated categories of cyber threat, it has the potential to be one of the most disruptive and most powerful by taking websites and digital services offline for significant periods of time that can range from seconds to even weeks at a time.
Overall, denial-of-service attacks are considered preventable, and Leighton said that Akamai is making enormous investments in terms of security to be able to stay ahead. He also said that over 95% of Akamai's employees are working remotely.
The Akamai CEO said various forms of cyberattack beyond DDoS are occuring, from "application layer attacks" where a hacker tries to corrupt content on websites; to inserting malware on employee devices as a way to facilitate a data breach at a major enterprise; and even top-tier websites hacked with "magecart" attacks, which can start by compromising a third-party site that partners with a larger web business and access their users as a result.
Leighton said companies operating in the new remote world of work need to keep the threat in mind at all times.
"Zero trust and security in the cloud. Your employees are no longer 'on prem,'" he said, referencing the term for being physically located at a worksite that has its IT infrastructure on-premises as well. "You can't secure with on-prem anymore, and that's why we're seeing data breaches. ... Companies have figured out how to enable employees to work remotely, but not how to be secure."
Beyond the pandemic, the challenges of securing technology will grow as new innovations, such as 5G network technology, come to market. Leighton said 5G will lead to more devices being connected and a true internet of things (IoT) revolution, but this will come with new security factors as well.
"Billions of devices will get connected and there will be very low latency at the last mile, and higher throughput, and lower cost, and new applications, much like when broadband was first deployed," he said.
But figuring out how to support those new applications with computing at the edge — bringing computing and data storage closer to the actual location of devices — will be a challenge tied to making 5G network use secure. "A lot of devices are not secure," Leighton said.
The CNBC Technology Executive Council virtual summit is taking place on Thursday and features speakers including Leighton on "Securing the Digital Economy"; former Facebook security chief Alex Stamos on election security and online misinformation; and Frank Slootman, CEO of Snowflake, the hottest tech IPO of 2020.