In 2021, the American oil pipeline operator Colonial Pipeline Co. was subject to a ransomware attack that halted its operations for five days. The company would go on to pay around a $5 million ransom to the ransomware group.

For many in the cybersecurity industry and for many who follow current events, that incident served as a sort of wake-up call, according to Kris Lamb (pictured), chief product officer of Halcyon Tech Inc. The cybersecurity startup offers a self-described “world’s first cyber resilience platform” designed to defeat ransomware with tools for preventing intrusion while disrupting attacks in progress and then reversing the effects of ransomware should an attack be successful.

Around the time of the Colonial Pipeline incident, “the landscape was changing dramatically with geopolitical events, with economic, macroeconomic events, as well as we saw a very acute problem that was starting to rear its head,” Lamb said. “We also noticed that viewing the ransomware risk through the traditional lens and tools that existed out there in the market was insufficient.”

Lamb spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the complex problems in the cybersecurity landscape and how the company is seeking to help others defeat ransomware in the real world. (* Disclosure below.)

The new normal

It isn’t that there aren’t great cybersecurity tools out there on the market that don’t solve some cybersecurity issues; the big challenge involves ransomware, and the particular context it brings, according to Lamb.

“Because of these macroeconomic events that aren’t transient in nature, that are kind of the new normal as the globe realigns, as the globe digests everything that the world’s gone through the last three years, first with the pandemic and then with coming out of the pandemic, that conditions had changed in the risk landscape,” he said. “Motivations, and the business model underlying ransomware, was a big missing piece that people weren’t thinking and talking about.”

How it’s discussed at Halcyon is that it is like “non-governmental, advanced persistent threats,” according to Lamb. That’s where the outcome and the desire wasn’t to achieve undetected access to a business or organization to steal intellectual property over years or decades.

“It was, ‘Hey, how do I achieve the maximum amount of leverage as quickly as possible so I can drive real demonstrable economic returns as a threat actor?’ That was very different,” he said.

Starting from ‘a failure is inevitable’ mindset

Being in the cybersecurity industry for 30 years, Lamb doesn’t have a lot of empathy for the jobs of chief information security officers. Given the way things were unfolding, Halcyon observed the nature of what was driving this threat category.

“There wasn’t an approach to this particular, crystallizing form of cyber risk that was really taking a resiliency-first mindset, a failure is inevitable mindset,” he said.

It’s important to work backward from a worst-case scenario, where a ransomware event takes place or a company is targeted. That may be the worst days for a CISO or a security team, according to Lamb.

“Working backward from that inevitable failure, that assumptive position that no matter how sophisticated your security program is, no matter how many frameworks you followed or regulations you’re adhering to, you can’t put enough gates in the system,” Lamb said. “The products that existed out there that were designed to try to help mitigate some of what was unique and different about ransomware, whether it’s the business model or whether it’s the technology involved, wasn’t taking that approach.”

When Halcyon was created, it was started with that “failure is inevitable” mindset. The idea was to work backward with the goal that the company would detect and protect as much as possible while being surgically focused on ransomware.

“But we’re also going to go beyond that and have our technology and our solution really assume that recovery mindset so that if and when you have that ransomware event that impacts your organization, that recovery is that first-order goal,” Lamb said. “And doing it safely, doing it efficiently and doing it quickly, because in most of these scenarios, with customers and prospects we’ve helped is, that downtime isn’t, ‘Oh, our employees can’t be productive.’ That downtime is, ‘I’m losing $2 million a day in revenue.’”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: Halcyon Tech Inc. sponsored this segment of theCUBE. Neither Halcyon nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE