Steve Stone | Source | Head of Rubrik Zero Labs at Rubrik

SS

Steve Stone

Head of Rubrik Zero Labs at Rubrik and 3 other companies
On the record
Represented by:
Share profile 
Link:
Bio
Edit

Steven Stone leads Rubrik’s data threat research unit to uncover real-world intrusions from a range of threats including espionage-based data breaches to ransomware attacks, and to inform customers and partners of the best ways to proactively address risk in their business operations. He has over 15 years of experience in threat intelligence with roles in the U.S. military, intelligence community, and private sector, including Mandiant/FireEye and IBM. Most recently, he was Vice President of Adversary Operations at Mandiant, leading global teams who were responsible for adversary hunting, attribution, and data collection efforts.

Employment
Sign up to view all
Media
Sign up to view all
Recent Quotes
Sign up to view all

  • Rubrik Zero Labs Head Steve Stone told IT Brew that cyberattacks increasingly require responses from the VP level to the C-suite. In the survey, 98% reported becoming aware of at least one attack in the year prior, with the average number of attacks within the year being 47. The consequences are “pretty profound,” Stone said, such as 96% of respondents reporting significant emotional or psychological impact, over one-third saying an incident resulted in leadership change, and 41% reporting their organizations suffered a loss of customers. “If you put any other business metric and said this happened to 98% of organizations last year, and of those 98%, 41% had reputational damage, we would be talking about that nonstop,” Stone said.

  • Steve Stone wanted his team at Rubrik Zero Labs to focus on how cyberthreats affect IT and cybersecurity leaders. The resulting State of Data Security Report found that 98% of the 1,600 surveyed IT and cybersecurity leaders said they dealt with a cyberattack in the last year.

    "What jumps out," Stone says, "is the seniority level. This is a topic that this seniority level was not dealing with that long ago, or at least not in this kind of fashion." About half of the individuals the company surveyed with were at the level of CIOs or CISOs.

    About one-third of the organizations that experienced a cyberattacks subsequently underwent a change in leadership, according to Stone. "At the macro level, that's a big impact," he says.

    In terms of ransomware, Stone says, organizations "are still struggling with the reality between what they need to run their operations and the cyber and IT requirements for that."

  • The cyber poverty line is a threshold dividing all organizations into two distinct categories: Those that are able to implement essential cybersecurity measures and those that are unable to meet those same measures. This concept was first coined by Wendy Nather, head of advisory CISOs at Cisco, and is often used when discussing budgets, security architectures and institutional capabilities.

    As multiple new government regulations and policies roll out globally, the number of requirements on every organization is growing at a rate requiring significant resources and capabilities. As one example, the new US Strengthening American Cybersecurity Act signed in 2022 creates reporting requirements and coordination with government institutions. As another example, Gartner estimates that by the end of 2024, more than 75% of the global population will be covered by some form of digital privacy regulations.

    While these regulatory efforts will undoubtedly produce positive results, a large number of organizations will struggle to implement, comply with, or even understand these same cybersecurity efforts. This is sure to increase the gap between organizations above and below the cyber poverty line instead of reducing the difference. This same growing distance is likely to also carry over into cyber insurance and related areas.

Headshots