Aviva Zacks of Safety Detectives recently interviewed Alex Fleiss, CEO and Co-Founder of Rebellion. She asked him how his company is providing research for cybersecurity.
Safety Detectives: What was your motivation for starting Rebellion Research?
Alex Fleiss: When we founded the company, machine learning was still not really a respected technology. And so just the simple act of using machine learning for our business was a Rebellion—if you will.
SD: Was cybersecurity something you were interested in from a young age or was it something that came to you as you got older?
AF: I have been interested in cybersecurity for about 20 years. I’d say when I was a young adult, I started getting excited about it.
SD: Did you major in computer science or was it just a hobby at the time?
AF: In college, I focused on mathematics, politics, and history. I had the benefit of going to a liberal arts college, Amherst College, which is not as popular these days because people want to do business, business, business. But liberal arts colleges have such a wide array of educational offerings. It is really a wonderful experience.
SD: Can you tell me about your company’s services?
AF: We do a number of things. At the heart of what we do is build and develop machine learning, but we also review and create research on a host of topics. In the cybersecurity world, we worked with a number of famous hackers, plus people at high levels of government. We actually had a partnership with the Air Force Office of Scientific Research, which was a lot of fun and very interesting.
However, government work is not comparable to the private sector in that it’s much more painful, and everything’s very slow. You can make significant profits and contracts, but it’s a whole different ball of wax for the private sector and takes a lot of patience and a lot of hand-holding. So no, I’m not a huge fan of the private sector.
SD: What makes your company unique in a world filled with cybersecurity companies?
AF: We provide great research on all different types of cybersecurity and the cutting edge of cybersecurity. Our experts write and research on cybersecurity and encompass both the private and public sectors. We’ve got government agencies, professors, and cybersecurity CEOs.
We develop a comprehensive understanding of where the cybersecurity world is at any given time and where it’s going. And after that, we look at the failings of a lot of our peers. And so, whether we’re looking at an iron net or a gigantic cybersecurity company, we’re pretty good at understanding.
Rebellion develops our machine learning. We have our clients, but we also have about 3 million readers a year. Our cybersecurity research has become extremely intensive. There’s really no kind of area in cybersecurity that we’re not trying to understand and cover, move forward. And so, much of my life is immersed in the cybersecurity world.
SD: What types of clients does your company service?
AF: Mostly, we’ll service individual needs, but institutional, larger companies, is our preferred route. We can create a bespoke machine learning solution for almost any need. So, it’s a question of how much time and money you want to put into a deployment, what you’re looking for, whether it’s something we have on our shelf, whether it’s something we have to build and structure you, and whether it requires architecture from scratch.
SD: What do you think are the worst cyberthreats out there today?
AF: If you’re looking at a total quantity, it would have to be email hacking. I mean, that’s the easiest way for businesses, big and small to get hacked through employees. At the end of the day, clicking on emails is the number one threat is to businesses. It is the easiest way for hackers to get into a company and it’s almost impossible to guard against. Hackers can go on and find all these different emails. And certainly, if they get one of your people to click on it, you’re in for a world of hurt.
I think that the future of cybersecurity is going to be ransoming, it’s going to range from individuals to large corporations. They might try to turn off your pacemaker unless you send $2,000. They might threaten to turn off your Tesla unless you send $4,000. They might threaten to turn off your house’s electronics for 48 hours unless you send $800. That’s a personal threat.
Of course, every business can find themselves in the same situation, with threats to have their electricity shut down or files deleted. It’s going to be hacking, and people are going to want to get paid. Hacking is much more of a business where there is no kind of moral high ground. People go into it to get paid so they just want to get their loot.
I think the most prevalent cybersecurity threat over the next 20 years will be people having their pacemakers starting to shut down. I mean, you can see a public registry for everyone who has a pacemaker in the US. Then, you have your software call each one of them, one by one for him to turn off all their pacemakers unless you get 500 to $5,000, depending on the value of their zip code.
Because these are smart hackers, they just want to get paid. They’re not trying to overcharge a poor person. So, they’ll do it by zip code. This is very intelligent. Very intelligent, evil, if you will now, so we all know that.
Am I worried about public aviation? Yes. Of course, we’ve only seen commercial aviation flight that was hacked. I don’t want to name the hacker, but a friend of mine actually did take control of a United Airlines Flight apparently. So, everything’s imbalanced but the most prevalent form of cybersecurity in the next 20 years versus going to be individual hacks requesting ransoms. Hacks won’t be for very much money because the hacker just wants to get paid and move on. They’re not in the for the drama.
SD: How do you think the cybersecurity industry is working towards eliminating that?
AF: There’s only so much you can do. It’s a kind of building a sandcastle at the sea. The sea is going come and wash it away no matter how fantastic the castle you build. And so, you just have to keep building that castle up. I really think about this situation as it’s not going to go away, it’s going to get more prevalent and from a 30,000-foot theoretical standpoint, all the industry can do is keep evolving and doing what it’s doing getting smarter and stronger. But this is not a war they can win.
It’s like the US drug war. The US could never win the drug war, they could only slow it down and mildly affect it. When you have so many and when it’s almost like osmosis, the water is going to get through.
People will buy great cybersecurity, but even the best cybersecurity defenses. One wrong email click, it’s goodbye Seattle. So, there’s not that much you could do, you could do the 15 code encryption switching every 15 minutes on your phone, but there are always going to be weak spots.
SD: How do you think the pandemic has affected cybersecurity for the future?
AF: I don’t really think cybersecurity was honestly affected by the pandemic at all. I mean, it’s just that the world was fast-forwarded a little bit, people got a little more pushed in the directions they would have gone otherwise. But I don’t think the pandemic really had an effect on cybersecurity, but the future of cybersecurity is going to be this health threat. Coming off pacemakers.
That is what I’m most worried about. There are so many devices that are out there. What if you have a breathing machine and they say, “Hey, I want to turn off your breathing machine for two hours unless you send me $500.” That’s what I’m worried about.