Nvidia CEO says Lapsus$ hack was a ‘wake-up call’

Yahoo Finance's Dan Howley joins the Live show to discuss the concerns sorrounding the leaking of Nvidia's code signing certificates by Lapsus$.

Video Transcript

BRIAN SOZZI: Nvidia has revealed its latest and greatest chips. And our very own Julie Hyman and Dan Howley got to speak with Nvidia CEO Jensen Huang. Dan, let me bring you in here. A compelling new lineup from Nvidia, but I understand you also talked with Jensen on the Lapsus$ hacking gang.

DAN HOWLEY: That's right, Brian. We talked to him about Lapsus$, which has broken into not just Nvidia, but Samsung, Microsoft, and apparently, Okta as well. And this is something that is incredibly concerning, obviously. And Jensen Huang basically said to us, look, this is something of a wake-up call. And they want to move their entire business structure to what's called a zero trust structure. Now just to give you an understanding of what that means, essentially, it means that nobody in the company can be trusted.

Now you automatically assume that whoever is trying to access any files within the company itself or any of the company's networks is a potential threat. And so you make them go through these different types of login processes to ensure that they aren't. And one of the main things that he discussed is, obviously, how this is perceived.

They said that they are moving forward. They have everybody in the company moving to multifactor authentication and ensuring that they're using it, but just to see the fact that a company like Nvidia could be hit like this, as well as Microsoft and Samsung, just speaks to the power of some of these hacking groups.

And as Jensen pointed out to us, rightfully so, a lot of this comes from just simple problems with actual employees, not necessarily a company hacking in, brute forcing attacking. Just an email phishing attack and then an employee clicks a malicious link, and that ends up taking them to a site where they enter their username and password, and that's it.

So he went on to discuss a number of things beyond that with regards to the hack, but, you know, this is really a larger issue, I think, that the tech industry is trying to grapple with at an especially perilous time, as we see the cyber attacks coming from Russia as well as China.

JULIE HYMAN: Yeah, it was really interesting, Dan, to hear him because he clearly was perturbed by the fact that this hack was able to happen. Let's play for the viewers what Jensen had to say.

JENSEN HUANG: It was a wake up call for us. And it accelerated and intensified some areas of vulnerability that, quite frankly, every company has. And I'll talk about that, the path forward, in just a second. But fortunately, we didn't lose any customer information and any sensitive information. They got access to source code, which, of course, we don't like, but I think that nothing that is harmful to us.

But the thing that it highlighted is that-- and this is something that I know well and that we're building technology for. It's just that we need to finish building the technology. The industry needs to adopt it so that third party cybersecurity technology and solutions can come back to us that we can buy to make our company fundamentally what is called a zero trust architecture.

The fact of the matter is, is the intrusion tends to be internal. It tends to be somebody wandering around your hallway, somebody who has access to a fair amount of privileges. And so we need to all be what is called a zero trust architecture company. And so we're accelerating our path to do that. In the meantime, there's all kinds of things that we could do.

I think that multifactor authentication is important, so long as we don't-- so long as nobody gets fatigued by it. It takes a couple of authentications to get in. And so people can get tired of that. And so during-- now this has happened to us, the discipline around it, the rigor around it, has gone through the roof, which is fantastic.

But long-term, we have to make it possible for our data center to literally be completely wide open, completely exposed, and yet, be completely secure. And so the path to a zero trust data center starts with the technologies that we're building.

And so I've got to go build that technology faster, all the way from BlueField, the DPUs that does security, to the switching architectures that we have, the software stacks that we're creating, as well as this new AI framework we call Morpheus to do real-time, exhaustive inspections of anomalies on the network in your data center. And so we have to bring-- we have to really bring accelerated computing into the enterprise traffic. And we know how to do that. And I just got to go do it.

JULIE HYMAN: So, again, that was Jensen Huang, the CEO of Nvidia. You'll be able to see Dan and I's entire interview with Jensen coming up on the yahoofinance.com website shortly. And we'll be bringing you some other piece of that interview throughout the day.