Advertisement

Arqit CEO on combating ransomware attacks, launching encryption satellites

Tech firm Kaseya had obtained a key to unlock files of businesses and public organizations crippled by a recent hack. David Williams, Arqit Ltd. Founder and CEO, joins Yahoo Finance Live to discuss why cyberattacks are on the rise now more than ever.

Video transcript

[MUSIC PLAYING]

ZACK GUZMAN: Welcome back to "Yahoo Finance Live." There's been an interesting twist in the cybersecurity breach that ensnared software company Kaseya and hundreds of its customers that fell victim to a ransomware attack over the 4th of July weekend. Kaseya now says it obtained a key from a third party that was effective at unlocking the accounts of impacted customers. The company did not elaborate on how it received that key.

The attack, of course, allegedly launched by Russian hacker group R Evil, prompted a call from President Biden to Russian President Vladimir Putin to pressure him to address hacks coming from within Russia's borders. R Evil has since mostly vanished, its blog and payment platform both going dark since then.

And for more on that and the state of cyber crime, I want to bring in David Williams, CEO and founder of cybersecurity company Arqit Limited, which recently announced a SPAC deal to go public at a $1.4 billion valuation. And David, a lot of speculation here among how Kaseya's been able to obtain this key. I know you guys specialize in cryptography at the highest level. But what do you make of the latest turns of events here?

DAVID WILLIAMS: Hi, Zack. Well, it's fairly obvious that lots of people in the industry know how that compromise happened. There was a compromise to a certificate. And there were a number of office-based devices that were then used to gain access to the network. And that resulted from the compromised certificate, which is a different form of a key.

So when your keys are held or created by third parties, there's a place the bad guys can go to get the keys. And that's why Arqit has invented a software system where there is never a version of the key anywhere that it shouldn't be. So our software creates keys only in the place where they're needed in the moment that they needed. The keys are unbreakable. And because there doesn't exist a copy of the key anywhere else, there's nowhere to go get it. So we're pretty confident that our software would have prevented this particular cyber attack.

AKIKO FUJITA: David, I am curious to talk about where this company is going though. Obviously, the cyber threat evolving on a daily basis. But you've also been pushing ahead with helping or supporting the launch of satellites and talking about how that adds an extra level of security. I wonder, in the most layman's terms that you can use, how does that and the technology being developed on that front help tackle the problems we're seeing today?

DAVID WILLIAMS: Yeah, you're right. So our technology is in two parts. So there's a piece of software that sits on the devices, your phones, for example. And that software talks to the cloud. And it borrows some keys that are in the cloud. And it uses the keys that it borrows to create new keys locally. So all keys are created locally.

At the moment, the way those keys get into the cloud is that they are created by random number generators, which are in data centers. And that's regarded as a very secure way to do it. It's not fully quantum safe.

In two years' time, we're launching two satellites which are called quantum encryption satellites. And the very special properties of those satellites which we invented means that, whereas the keys that we're selling today can't be stolen or hacked, the keys that we'll be selling in future are also provably safe against quantum computers.

As no doubt you've covered many times, quantum computers are coming pretty fast. And they will have so much power that they will be able to break all of the keys that are currently used in the world. Arqit's keys will be safe against quantum attacks.

So when we sell to our customers today, we say, the keys are safe today. They can't be hacked. They can't be stolen. And we've got your back covered when quantum computers arrive.

ZACK GUZMAN: Yeah, it's pretty fascinating to watch that. And I guess kind of backing up and thinking about the increasing power of some of the hackers out there and why we're seeing ransomware attacks on the rise and just general cyber security threats on the rise is just because the cost of these attacks have come down so much as computing power has taken off.

I mean, what are you expecting to see on that front in regards to those threats not necessarily moving in the right direction and what the future the next few years looks like as, to your point, that technology comes online?

DAVID WILLIAMS: Well, I think we've got to be moderate about this. There are techniques that most companies could be applying today that would make their networks a bit more resilient. So most governments advise that everyone uses the best practices. And not everyone does.

But you're right. The massive increase in computing power and sophistication that's available to attackers means that they are able to perpetrate large-scale attacks. And the real problem is that we're using encryption that was invented in the 1980s. It's called PKI. One of the prime movers in its invention is a gentleman called to Tahir el-Gamel, who is in fact on my board and has helped us to invent our technology.

That tech was great for a couple of decades. But it was never designed for a hyper-connected world. It was designed to encrypt a couple of computers talking to each other over analog modems in the beginning. It wasn't designed to protect vast numbers of hyper-connected devices. Just in the average office, there are thousands of devices that all need to talk to each other. And PKI encryption was never designed to protect those kinds of networks.

So the encryption that's grown around PKI has become so complicated. It's as though great chunks of software have been bolted on top of each other. And it's become very unstable and very inefficient. And that's why attackers are able to find gaps in defenses.

Arqit's system is incredibly simple, a tiny piece of code that goes on to your endpoint device. There is no other computer that it needs to talk to to get the keys. So there's nowhere else that attackers can go. And that's really the secret of our success.

ZACK GUZMAN: Yeah, the strategies having to get more looked at, a closer look from all these companies out there who may have never thought about cybersecurity, as it continues to be an issue. But Arqit founder and CEO David Williams, appreciate you coming on. You're going to have to keep us posted as that deal progresses, the SPAC deal. Be well. We'll chat again soon.