Navigating Cybersecurity Risks in Modern Communication Platforms With Max Buchan

In this episode of CHATTINN CYBER, Marc Schein interviews Max Buchan, founder and CEO of Worldr. The conversation gets into cybersecurity for communication platforms, hybrid and in-person communication channels, and the factors that might change the way we communicate in the future.

Max tells us how he got into cybersecurity while growing up in a small town in the United Kingdom (Canterbury), and how he revolutionized communication encryption around the world. He also worked as one of Coinshare’s first employees, which helped him learn about data jurisdictional issues and encryption keys. Max has spent the last three years building his own company, Worldr, and has been offering security for communication platforms through it.

Now, this might make you wonder: why is there a need for a company like Worldr for additional security services when most popular communication platforms have built-in encryption and security? Max explains that his company’s products are not for every other user on the internet, but rather for those who do not want to change their communication platform and want to communicate in a more scalable and secure environment with no third-party inference. Worldr works with large corporations having a significant employee strength who want all of their data to be secure.

Max also shared his thoughts on the best way to communicate in the future, saying that he believes it will be a hybrid style because some people prefer in-person communication while others prefer online communication for time efficiency.

Max also addresses the current challenges that the CISO community is facing, as well as how they approached this application. He stated that the CISO community is currently very small and needs to scale and that people and governments all over the world are taking small but progressive steps in this space. He later mentions the concept of zero trust and how it influences product development.

The conversation winds up with Max discussing the ever-changing and shifting cybersecurity space.

Listen to the conversation for more details!

Highlights:

“We’re not building these products for every single user on these platforms. I mean, these are great products, I believe, you know, for instance, Microsoft Teams, I think is approaching 300 million users, which is an incredible number. I mean, we don’t build these solutions for the broad base, we build them for specific industry verticals that have needs that go a little bit beyond a one-size-fits for certain products.”

“I want to caveat this by saying there are no zero-trust products, right? Because I feel like, you know, you go to one of these conferences, I was lucky enough to speak at InfoSec Europe, a month or whenever it was ago. And I mean, just everyone’s got zero trust everywhere. And you know, it’s an important concept. But it’s not a product And again, it all comes down to essentially, least privileged access and building in controls and governance every step of the way, right into your entire policy outlook.”

Time-Stamps:

[00:42] – How did Max, while growing up in the UK, revolutionize communication encryption in not only the US but abroad?

[02:07] – Why is there an additional need for security in various communication platforms when they are already highly encrypted?

[05:29] – The communication styles of the future

[09:12] – Challenges CISOs are facing today?

[12:10] – What is zero trust?

[13:34] – How cybersecurity space is ever-changing and shifting

[15:11] – How to reach out to Max Buchan

Connect with Max Buchan:

LinkedIn: https://www.linkedin.com/in/maxbuchan/?originalSubdomain=uk

Website: https://worldr.com/

 

 

 

How The Russia-Ukraine War Is Bolstering Ransomware Gang Attacks With Sherri Davidoff and Michael Kleinman

In this episode of CHATTIN CYBER, Marc Schein interviews Sherri Davidoff and Michael Kleinman about the rising ransomware attacks in cyberspace and the legal and operational ways to confront them. Sherri Davidoff is the CEO of LMG Security, and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” Michael Kleinman is Special Counsel in the Data Strategy, Security, and Privacy Practice at Fried, Frank, Harris, Shriver & Jacobson LLP.

The Russian-Ukrainian war has given us an open window into ransomware gang operations, thanks to some gangs facing internal discord, like the Conte ransomware gang, which became known for putting a pro-Russia statement and having a gang affiliate steal their internal information and put it out online. If sources are to be believed, the Conte ransomware gang has made at least $2.7 billion in Bitcoin over the past three years – a number drastically higher than any previous ones we’ve seen. The result of the explosive growth of such ransomware gangs is also that law enforcement is getting better at following the money and busting cybercriminals. However, the fight gets tougher as criminals move to more privacy-oriented cryptocurrencies.

With the current geopolitical state with Russia and Ukraine in the way, cyber attacks are focused on more than economic gains, as our guests share. Vulnerabilities and attacks on critical infrastructure are predicted to rise. An interesting point to note is the OFAC advisory on ransomware from September 2021, which tends to assuage the risks towards individuals considering making a ransomware payment and avoid being hit with sanctions violation and the reputational and financial risks associated with that. This new advisory helps you if you implement cybersecurity practices, including those highlighted by Cisco, like having an offline backup, incident response plan, cyber training, and authentication protocols, and cooperating with law enforcement during and after an attack. You might never get a full sign-off, but these would certainly help your company’s image significantly.

The FTC is on the watch, and you need to look for a lock for vulnerabilities and repair or remediate them. If not, you’d land in hot water.

The Ukraine-Russian war has also seen the introduction of new kinds of malware like wiper ransomware that wipe out the complete information from a system. These are known to have been distributed through software vendors like tax software. Though Ukraine is on the receiving end of these attacks at the moment, fears are the attack could extend to more countries.

In situations like this which jeopardize our cyber health, early detection is critical. Also important is the need to have a coordinated industry-wide response to reduce

the damage. As attackers get better at sneaking in and damaging our systems, our defense style also needs to grow from reactive to proactive. Prevention methodologies must also go hand-in-hand with government regulations. For more on this, listen to this episode!

Please note that this podcast was recorded on February 25,2022  prior to the passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Highlights:

“One of the points from the White House is to bolster resilience to withstand ransomware attacks. And for the past two decades, we’ve seen almost a reticence to push our businesses and organizations too much. Because we recognize cybersecurity as a cost.”

“The new banking law was designed not to be overly burdensome to banks, but to give regulators an early heads up about issues. And that is super important, especially if you’re concerned about large scale operational impact on our financial sector.”

“Now is the time to deploy proactive measures, things like multi factor authentication, endpoint detection and response security training, we have to figure out what is blocking organizations and just jump over those hurdles and make it happen.”

“At an organizational level, we need visibility by installing appropriate detection systems and response systems monitoring. Because the earlier you detect an incident, the better able you will be to prevent it from metastasizing into a bigger problem like ransomware.”

Time-Stamps:

[01:05] – Hot topics in cybersecurity today
[03:55] – How is the US government responding to the increased supply chain kind of cyber attacks?
[09:47] – How to reach out to Sherri Davidoff and Michael Kleinman
[13:03] – About the FTC providing notice about patching up their systems to companies
[15:31] What is meant by wiper malware?
[24:30] Key takeaways from today’s conversation

Connect with Michael and Sherri:

Michael Kleinman: https://www.friedfrank.com/professionals/michael-kleinman

Sherri Davidoff: https://www.lmgsecurity.com/about/sherri-davidoff/