“An Inflection Point for Cybersecurity” — Kraken CSO on the Rise of AI

Nick Percoco, Chief Security Officer at cryptocurrency exchange Kraken, tells OPTO Sessions why he believes that artificial intelligence (AI) can play a pivotal role in the future of the cybersecurity industry, and explains how his team is set up to both learn from and respond to new threats.

Nick Percoco is Chief Security Officer at Kraken, one of the world’s longest-running cryptocurrency exchanges. According to CoinMarketCap data, it is the world’s sixth-largest crypto exchange, with a daily trading volume of $1.3bn as of 1 May.

Kraken’s mission, Percoco explains to OPTO Sessions, is to “drive and accelerate the global adoption of crypto so everybody in the world can achieve financial freedom and inclusion”.

Over 200 different digital assets can be traded on the exchange, using six different fiat currencies (US dollar, British pound, euro, Canadian dollar, Swiss franc and Australian dollar).

Security is one of Kraken’s paramount concerns, and this is the focus of Percoco’s role.

“We’ve won awards for some of the innovations we’ve done within our security,” he says.

With over 27 years’ experience in the cybersecurity industry, including working across a diverse range of sectors, Percoco is familiar with a wide array of potential threats and defences.

“We’re at an inflection point for the cybersecurity industry”

He explains that the challenge involved in cybersecurity is that there is a very wide range of possible entry points into a protected system, and cybersecurity professionals need to protect every single one of them.

“From an attacker’s point of view, you just have to find one issue — one way in,” he says. “As a defender, you have to defend all the things that you have in your environment.”

Kraken Wakes

“For us,” says Percoco, “security has to do with one thing: giving the tools to our clients to protect themselves in the best way.”

For example, Kraken enables its clients to set up to five different pass keys via which they can access their accounts.

“We want to make it as seamless and easy to enrol as possible, so that clients, on one hand, can easily just turn it on, and it’s a no brainer for them; but they can also make sure they don't shoot themselves in the foot and get locked out of their account.”

Percoco’s team includes ‘white hat’ hackers that are employed to attempt to hack into Kraken’s systems and find weak points. Percoco says that they fall into one of three groups.

What he calls the ‘red team’ operates on a ‘campaign cadence’, and effectively roleplays the approaches they have researched from certain key attacker groups. They then launch attacks against Kraken based on these strategies, and assess their success.

“We see how our employees react, we see how our detections react” to these attacks, says Percoco. Kraken’s ‘blue team’ — a 24/7 globally distributed cyber threat detection team — then also responds to the simulated attack, and this response is monitored too.

Application security (‘app sec’) engineers also have an element of white hat hacking among their duties.

Finally, Percoco has a team of security researchers in a team called Kraken Security Labs.

Continuous Learning

Denial-of-service, and the related distributed denial-of-service (DDoS) attacks are one form of attack that cybercriminals often deploy.

Percoco estimates that Kraken receives DDoS attacks at least daily, and often multiple times per day.

However, despite the number of these attacks, “very rarely does it impact us”. He attributes this to Kraken’s application of the lessons it has learned over the years.

“How we’ve come to that place is by studying the attackers,” says Percoco. He and his team ask questions like: “What are they doing? What tools are they using? How are they representing themselves to us? Are there ways that we can detect when they’re starting?

“Then, we can do things so that we waste their time and raise the cost of an attack.”

Percoco and his team monitor any given incident for the lessons they can take from it. Sometimes, improvements to their security systems are implemented on the same day that an attack happens.

The Future of Cybersecurity

“We’re at an inflection point for the cybersecurity industry,” Percoco says. “The industry has grown tremendously since I started in it.

“The problem that it has faced over the last six years is that there are so many products, tools and technologies out there that it’s really difficult for security programmes or security organisations to decide what's going to be the most effective tool in their tool belt.”

Sometimes, he adds, new systems aren’t properly maintained over time, and can fall into disuse.

Percoco also believes AI can play a key role in the future of the industry.

“Maybe you only have four security analysts available to your organisation,” he says, each of whom might be monitoring inputs from dozens of systems. “Those four analysts just can’t keep up with what’s going on in their world.

“The AI helps them have mechanised arms, and do more with less.” For example, AI can automate triage for the analysts in response to a threat.

“Maybe you need 15 analysts, but you don’t have the budget for that. [With AI], you can raise the bar to a point where you have 15 analysts, with four humans.”