Category: Cybersecurity

Podcast: Play in new window | Download (Duration: 15:13 — 20.9MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Trent Cooksley, the co-founder and CEO of Cowbell Cyber about his journey into cybersecurity and how he founded one of the most successful cyber insurance companies to date.

Starting his career as a bond trader on the Chicago Board of Trade, Trent quickly realized that he wasn’t cut out for that type of work and decided to learn the ropes of becoming an entrepreneur. After serving Markel Corporation in a variety of different roles for a decade and gaining experience in international insurance business, property lines, professional lines, and acquisitions, Trent decided to build his own company, something he had been putting off for some time. He watched what was happening in the insurtech space and found an opportunity in cyberspace, and ventured in.

Trent developed proprietary technology that allowed his newly formed company to evaluate the cybersecurity health and hygiene of every business in the United States, which gave it an opportunity to really understand risks when they come in at a much more granular and better level.

Aside from his journey, Trent also talks about the biggest challenge facing the cyber insurance industry: the rapid and continuous evolution of cyber risks, which requires companies to be proactive and reactive at a rapid pace. He shares that this uncertainty also presents opportunities for those who put themselves in a position to take advantage of them. Cowbell, his company, is working towards finding a long-term solution for their policyholders by continuing to be experts in the space and how they’re modeling the risk and understanding the risk.

Listen to this episode to learn more.

 

Highlights:

 

“One of the little things that we do that I think accentuates our culture, we have a really transparent organization. So we like to be transparent. We encourage resiliency, urgency and empowerment.”

 

“We’re continually evaluating the cybersecurity health and hygiene of every business in the United States, the entire market. And that gives us an opportunity to really understand risks when they come in, at a much more granular and better level.”

 

Time-Stamps:

 

[01:43] Trent’s business milestones

[03:42] Challenges with the rapid growth of Trent’s company.

[06:25] Deep market penetration in the cyber insurance marketplace.

[08:14] Taking a cross-disciplinary approach.

[10:18] Understanding risks at a more granular and better level.

[12:39] How it looks like being the CEO of Cowbell Cyber for a day and the process behind it.

 

Connect with Trent:

 

LinkedIn: https://cowbell.insure/team/

 

 

Podcast: Play in new window | Download (Duration: 14:13 — 19.5MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews James Kim, the Vice President and Director of Cybersecurity Strategies and Programs at City National Bank in Florida, about the roles and responsibilities of a cybersecurity professional, leveling up into a CISO (Chief Information Security Officer) role, and managing cybersecurity risks in an organization.

James begins by discussing his path to his current position, attributing his success to luck, ambition, and grit. He started as a help desk technician at a bank and worked his way up over the years, focusing on risk management and developing business acumen. He realized that there was a gap between the technical aspects of cybersecurity and business, which led him to focus on improving the relationship between the two areas. He believes that this focus on developing relationships and maintaining partnerships is critical to his role and cybersecurity more broadly.

James’s day-to-day responsibilities involve incident reviews, working with governance, risk and compliance teams, reviewing policies and controls, managing projects, and tracking various initiatives. He enjoys the variety of tasks and the opportunity to work across the entire spectrum of cybersecurity, including governance, risk and compliance, security architecture, identity and access management, and business continuity and vendor risk management.

James discusses the future of the CISO role and where he sees himself in five years. He believes that the CISO role will continue to expand in prominence, with more emphasis on managing cybersecurity risks for the organization.

He concludes the conversation by advising young professionals interested in cybersecurity to know the many different aspects of the field, including governance, risk and compliance programs, cybersecurity auditing, and security engineering and analysis. He also stresses the importance of work-life balance, given the challenging and stressful nature of the work.

 

Highlights:

 

“We all have similar responsibilities around maintaining a robust information security or cybersecurity program, ensuring that we have proper processes, procedures in place to report incidents; and at the end of the day, having the appropriate safeguards in place to protect client information or patient information.”

 

“If you’ve been kind of following along with current events, I feel that within the next five years, the CISO role will continue to expand and gain more prevalence with management and the board.”

 

Time-Stamps:

 

[00:50] How did James get into cybersecurity?

[02:38] James’s day-to-day responsibilities as a security operations manager.

[04:04] Working across the entire spectrum of cybersecurity.

[06:06] Where do you see the Ceo role in five years?

[08:07] How to promote awareness internally and externally within the organization.

[10:13] Advice for young professionals trying to enter cybersecurity.

[12:14] Challenges in the future of cybersecurity.

 

Connect with James:

 

LinkedIn: https://www.linkedin.com/in/james7kim/

 

 

 

 

 

 

 

Podcast: Play in new window | Download (Duration: 12:54 — 17.7MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Nadav Aharon-Nov, VP of Cybersecurity at R-MOR, Israel. He is experienced in Organizational and Regulatory Compliance, Information Security Management, Auditing and Governance, among many other areas of cyber risk management. During the conversation, Nadav shares getting into cybersecurity, leading a cybersecurity firm in Israel, the differences and similarities of the threats observed in Israel and America, the importance of investing in internal systems for any company, and how to mitigate cyber risks by thinking from the point of view of the attacker.

Nadav explains that due to the constant cyber-attacks faced by Israel, the country has learned to be creative on the cybersecurity front. They’re always thinking outside the box to figure out ways to keep their civilian life safe. The majority of the threats faced by the companies in Israel is due to ransomware attacks. Cybersecurity firms like his’ continually level up their attempts to study the attacking group’s moves and intelligence and try to get them from the inside without them knowing.

He also talks about the importance of assessing a business’ infrastructure from the outside – from the viewpoint of the attackers or hackers. While internal assessments are fairly common, external assessments could give a firm a competitive edge. Another critical piece of information shared is about automation. Attacking groups tend to use more manpower and less automation to analyze issues and make decisions quickly.

The present times have highlighted the importance of cybersecurity more than ever. Working from home, with not more than a VPN connection as security, the security offered by office spaces is quashed. Nadav explains that his company offers two unique departments – web analytics and cybersecurity to create a strategic platform that collects information from all three layers of the web to understand the hacker’s perspective, security gaps in the existing technologies and products, and to assess a company’s internal infrastructure thoroughly. A company must invest in their internal systems more than anything else, especially in today’s times.

Tune in to the episode now!

Highlights:

“There’s a big blind spot when it comes to businesses, seeing their infrastructure from the outside in. So they’re usually looking from the inside out, doing internal assessments,  (…) they’re forgetting about the other point of view. And that is the external point of view – how a criminal or a hacker or someone with malicious intent looks from the outside-in.”

“The problem is you have nothing to secure yourself at home other than a VPN connection. And most of the infrastructure at your house is either a simple modem, no firewalls, no true security on your endpoints, and everything is very exposed. So the comfort that you had in your infrastructure back at the office is literally smashed and you have nothing to get home.”

“(Every company) needs to invest in internal systems, because the criminal could be either from the outside (or) from the inside. Everyone could have criminal intentions when it comes to manipulating data, stealing data.”

Time-Stamps:

 

[02:19] – The threats faced by Israel vs. America in cybersecurity

[03:23] – How Nadav got into cybersecurity

[05:24] – How COVID has caused a rise in the need for cybersecurity

[10:19] – Where should a company invest more to mitigate cyber risks (other than cybersecurity teams)? 

Connect with Nadav

Website: https://www.linkedin.com/in/nadav-aharon-nov-62a8b5a/?originalSubdomain=il

 

 

 

 

 

 

 

Podcast: Play in new window | Download (Duration: 10:15 — 14.1MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Greg Edwards, the Founder of Canauri, a well-known cybersecurity firm, to discuss the growing threat of ransomware attacks and how businesses can safeguard against them.

Greg has been involved in the backup and disaster recovery industry since 2007. In 2012, as ransomware attacks rose, he observed that many of his off-site backup clients were affected and needed full recovery. Recognizing that this could escalate into a greater issue, he founded Canauri and decided to address this threat using deception technology.

According to Greg, the rise of ransomware coincides with the increased use of cryptocurrency. He believes that cybercrime, in general, gained momentum in 2012 when Bitcoin became mainstream. He emphasizes the significance of layered security and recommends that businesses configure and manage all layers of defense effectively.

During this discussion, Greg also talked about how MSPs (Managed Service Providers) can fall prey to ransomware, and the devastating impact it can have on their clients. Greg narrated an incident where an MSP’s RMM (Remote Monitoring and Management) was hit by ransomware, causing 80 of their clients to be affected simultaneously.

With the shift towards remote work, Greg suggests that businesses must secure all endpoints, including laptops, desktops, and mobile devices, and ensure that the networks they use are secure. He also stresses the importance of patching systems as the most crucial action people can take to defend themselves against ransomware.

In conclusion, Greg shares valuable insights into the increasing prevalence of ransomware, the importance of layered security, and the measures businesses can take to protect themselves from ransomware attacks.

 

Highlights:

 

“If you look back again to 2012, the rise of ransomware coincides with the use of cryptocurrency. So not (that) I’m a fan of cryptocurrency, personally, but the rise of ransomware and cybercrime in general, all started to take off around that 2012 mark. And that’s when that’s when Bitcoin became really big and started to become mainstream.”

 

“In the pandemic, everyone said, go home, go work from home, here’s your laptop, or even people were carrying desktops in their monitors out of the office to go work from home, and then connecting remotely in any fashion that they could. And so that inherently just opens up lots of additional vulnerabilities and attack surfaces for the attackers. So what has to be done is all of those endpoints, laptops, desktops, even mobile devices, need to be properly locked down, and then also need to make sure that the networks that they’re on got to have the proper security now, across all of those remote workers, and manage them, just like you would if it were in an old corporate network environment.”

 

Time-Stamps:

 

[00:50] Greg’s experience starting an off-site backup company in 2007.

[02:37] The rise of ransomware coincided with the rise of cryptocurrency.

[03:56] Layman’s understanding of layered security.

[06:01] Ransomware attack on remote monitoring and management.

[07:16] Advice on how to better protect yourself.

[08:41] What to do to protect yourself from ransomware?

 

Connect with Greg:

 

LinkedIn: https://www.linkedin.com/in/gedwardswpd/

Podcast: Play in new window | Download (Duration: 16:25 — 22.6MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Joe Weiss, the Managing Partner at Applied Control Solutions LLC, Managing Director at ISA99 ICS Cyber Security Pioneer and keynote speaker. The discussion revolves around cybersecurity challenges in control systems, with a focus on those in critical infrastructure like nuclear plants. Joe was formerly a control system engineer who worked on instrumentation controls, primarily control and safety systems in nuclear plants.

Joe notes the different challenges in implementing effective cybersecurity measures in control systems. The first, he shares, is the cultural gap between engineers and IT personnel. He explains that these two groups have different mindsets and concerns, which makes it challenging to work together. For example, IT personnel might need to upgrade a computer or perform maintenance, but engineers might resist because taking a workstation down could cause the entire plant to shut down. Joe suggests that doughnut diplomacy, which involves getting engineers and IT personnel together to work out their differences over doughnuts and coffee, has not worked in bridging this cultural gap.

Another challenge is the technical gap in control systems. Joe explains that many control systems are older systems that have been upgraded from a very insecure base. Legacy devices lack basic security features like passwords, authentication, and encryption, which makes them highly vulnerable to cyberattacks. He provides an example of how some brand-new digital sensors installed at a petrochemical plant in Abu Dhabi did not have any passwords in their vendor spec sheets. Therefore, there was no way to send calibration data to the cloud securely.

Joe adds that control systems are very different from traditional IT systems, and security measures that work in one domain might not work in the other. For example, while data is the main focus in traditional IT systems, physics is the primary concern in control systems. Control systems are designed to manipulate physical processes, and the closer they get to the edge, the more efficient the processes become. This makes it difficult to implement traditional security measures like zero trust, which assumes that nothing can be trusted until proven otherwise.

Joe concludes the conversation by suggesting that insurance companies and credit rating agencies can play a significant role in driving improved cybersecurity in control systems. These organizations are highly risk-averse and can convince boards to take cybersecurity more seriously. He believes that control system cybersecurity is not going to be solved by the government and requires a concerted effort from all stakeholders involved.

Highlights:

 

“The general rule is that these big control systems are 1980s, 1990s technology that have been in a funny sense upgraded. But they’ve been starting with a very, very insecure base.”

 

“To a sensor controller in real time, this thing is happening in milliseconds, it’s 100% trust. What’s worse, these devices are built in backdoors, directly to the internet. So everything you’re trying to say not to do on the network side is exactly what’s in this most critical of all of our critical devices.”

 

Time-Stamps:

 

[01:53] Joe’s journey into cybersecurity

[04:10] Everything is about data and data processing.

[05:52] The engineers and the network people don’t get along.

[09:04] Calibrating the sensors

[10:39] Zero trust is 100% trust

 

Connect with Joe:

 

LinkedIn: https://www.linkedin.com/in/joew1/

 

Podcast: Play in new window | Download (Duration: 19:31 — 26.8MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Paul Christopher, Senior Social Scientist at the RAND Corporation, where he serves as the principal investigator for various defense and security related research projects. In today’s conversation, Paul talks mainly about AI and the need for introducing/enhancing AI cybersecurity and advancing information technology protection with time.

Paul begins the conversation by discussing cognitive security, or the concept of protecting the safety of ideas and thought processes. From a national perspective, it is about protecting citizens from foreign interference in their right to think and participate in national politics. It is an old concept, rooted in the idea of war being a contest of wills and politics by other means.

Further into the conversation, he discusses AI and how it is affecting propaganda by allowing for automated amplification through the use of bots. As AI becomes more sophisticated, there is a greater danger of it being used for propagandistic purposes. One example is using a Gann, a generative adversarial network, where one AI generates messages and the other detects and prevents them, but in an unethical manner, the second AI could be removed and the messages could be directed at real people. Countries are spending more money on propaganda, but it is still cheaper than traditional military capabilities. The effectiveness of propaganda is difficult to measure, but the power of an integrated physical and informational campaign, as seen in the 2014 Russian annexation of Crimea, is highly effective.

Paul and Marc also discuss deep fakes and shallow fakes—methods of creating fake videos using AI technology and how both these types of fakes can be effective in deceiving people. They also discuss counter propaganda—a method of countering the effects of propaganda by providing counter messaging or a counter narrative to counteract it.

Towards the close of the conversation, Paul highlights the human vulnerability to misinformation and disinformation and how it’s important for everyone to remember that we are challenged cognitively. Humans often think fast and use heuristics, which make them more susceptible to being tricked, manipulated, or deceived. He also mentions the cognitive bias called Blind Spot bias, where people are willing to see vulnerabilities in others but not in themselves. He advises people to be aware of these vulnerabilities, not to believe everything they see and to find ways to improve their media literacy and to use tools to screen disinformation or at least pop up warnings when there’s an uncredible source.

Highlights:

“If you’re countering propaganda, either your counter messaging or doing a counter narrative, where you’re trying to claim the opposite of whatever the propaganda is, or overwhelm it with the truth or counteract it. Which unfortunately, the research in social psychology suggests isn’t very effective, because the first mover advantage is hugely important.”

“There are things that the government can do to pass laws and regulations to make foreign propaganda, either require labels or to be illegal so that you can then indict foreign propagandists and affect them.”

“There’s this thing called Blind Spot bias, where we’re willing to see these vulnerabilities in others but we imagine that we ourselves are special or magical or invulnerable.”

Time-Stamps:

[00:14] – How Paul ended up becoming a senior social scientist at the Rand Corporation

[01:35] – What is cognitive security?

[04:15] – Are countries spending money on propaganda campaigns?

[06:26] – Distinguishing deep fakes and shallow fakes

[12:21] – Understanding counter propaganda and the ways to curb it

[17:24] – Final thoughts

Connect with Paul:

Website: https://www.rand.org/about/people/p/paul_christopher.html

https://2018.cybersecforum.eu/en/speakers/christopher-paul/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Podcast: Play in new window | Download (Duration: 16:03 — 22.0MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Max Buchan, founder and CEO of Worldr. The conversation gets into cybersecurity for communication platforms, hybrid and in-person communication channels, and the factors that might change the way we communicate in the future.

Max tells us how he got into cybersecurity while growing up in a small town in the United Kingdom (Canterbury), and how he revolutionized communication encryption around the world. He also worked as one of Coinshare’s first employees, which helped him learn about data jurisdictional issues and encryption keys. Max has spent the last three years building his own company, Worldr, and has been offering security for communication platforms through it.

Now, this might make you wonder: why is there a need for a company like Worldr for additional security services when most popular communication platforms have built-in encryption and security? Max explains that his company’s products are not for every other user on the internet, but rather for those who do not want to change their communication platform and want to communicate in a more scalable and secure environment with no third-party inference. Worldr works with large corporations having a significant employee strength who want all of their data to be secure.

Max also shared his thoughts on the best way to communicate in the future, saying that he believes it will be a hybrid style because some people prefer in-person communication while others prefer online communication for time efficiency.

Max also addresses the current challenges that the CISO community is facing, as well as how they approached this application. He stated that the CISO community is currently very small and needs to scale and that people and governments all over the world are taking small but progressive steps in this space. He later mentions the concept of zero trust and how it influences product development.

The conversation winds up with Max discussing the ever-changing and shifting cybersecurity space.

Listen to the conversation for more details!

Highlights:

“We’re not building these products for every single user on these platforms. I mean, these are great products, I believe, you know, for instance, Microsoft Teams, I think is approaching 300 million users, which is an incredible number. I mean, we don’t build these solutions for the broad base, we build them for specific industry verticals that have needs that go a little bit beyond a one-size-fits for certain products.”

“I want to caveat this by saying there are no zero-trust products, right? Because I feel like, you know, you go to one of these conferences, I was lucky enough to speak at InfoSec Europe, a month or whenever it was ago. And I mean, just everyone’s got zero trust everywhere. And you know, it’s an important concept. But it’s not a product And again, it all comes down to essentially, least privileged access and building in controls and governance every step of the way, right into your entire policy outlook.”

Time-Stamps:

[00:42] – How did Max, while growing up in the UK, revolutionize communication encryption in not only the US but abroad?

[02:07] – Why is there an additional need for security in various communication platforms when they are already highly encrypted?

[05:29] – The communication styles of the future

[09:12] – Challenges CISOs are facing today?

[12:10] – What is zero trust?

[13:34] – How cybersecurity space is ever-changing and shifting

[15:11] – How to reach out to Max Buchan

Connect with Max Buchan:

LinkedIn: https://www.linkedin.com/in/maxbuchan/?originalSubdomain=uk

Website: https://worldr.com/

 

 

 

Podcast: Play in new window | Download (Duration: 29:26 — 40.4MB)

Subscribe: RSS

In this episode of CHATTIN CYBER, Marc Schein interviews Sherri Davidoff and Michael Kleinman about the rising ransomware attacks in cyberspace and the legal and operational ways to confront them. Sherri Davidoff is the CEO of LMG Security, and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” Michael Kleinman is Special Counsel in the Data Strategy, Security, and Privacy Practice at Fried, Frank, Harris, Shriver & Jacobson LLP.

The Russian-Ukrainian war has given us an open window into ransomware gang operations, thanks to some gangs facing internal discord, like the Conte ransomware gang, which became known for putting a pro-Russia statement and having a gang affiliate steal their internal information and put it out online. If sources are to be believed, the Conte ransomware gang has made at least $2.7 billion in Bitcoin over the past three years – a number drastically higher than any previous ones we’ve seen. The result of the explosive growth of such ransomware gangs is also that law enforcement is getting better at following the money and busting cybercriminals. However, the fight gets tougher as criminals move to more privacy-oriented cryptocurrencies.

With the current geopolitical state with Russia and Ukraine in the way, cyber attacks are focused on more than economic gains, as our guests share. Vulnerabilities and attacks on critical infrastructure are predicted to rise. An interesting point to note is the OFAC advisory on ransomware from September 2021, which tends to assuage the risks towards individuals considering making a ransomware payment and avoid being hit with sanctions violation and the reputational and financial risks associated with that. This new advisory helps you if you implement cybersecurity practices, including those highlighted by Cisco, like having an offline backup, incident response plan, cyber training, and authentication protocols, and cooperating with law enforcement during and after an attack. You might never get a full sign-off, but these would certainly help your company’s image significantly.

The FTC is on the watch, and you need to look for a lock for vulnerabilities and repair or remediate them. If not, you’d land in hot water.

The Ukraine-Russian war has also seen the introduction of new kinds of malware like wiper ransomware that wipe out the complete information from a system. These are known to have been distributed through software vendors like tax software. Though Ukraine is on the receiving end of these attacks at the moment, fears are the attack could extend to more countries.

In situations like this which jeopardize our cyber health, early detection is critical. Also important is the need to have a coordinated industry-wide response to reduce

the damage. As attackers get better at sneaking in and damaging our systems, our defense style also needs to grow from reactive to proactive. Prevention methodologies must also go hand-in-hand with government regulations. For more on this, listen to this episode!

Please note that this podcast was recorded on February 25,2022  prior to the passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Highlights:

“One of the points from the White House is to bolster resilience to withstand ransomware attacks. And for the past two decades, we’ve seen almost a reticence to push our businesses and organizations too much. Because we recognize cybersecurity as a cost.”

“The new banking law was designed not to be overly burdensome to banks, but to give regulators an early heads up about issues. And that is super important, especially if you’re concerned about large scale operational impact on our financial sector.”

“Now is the time to deploy proactive measures, things like multi factor authentication, endpoint detection and response security training, we have to figure out what is blocking organizations and just jump over those hurdles and make it happen.”

“At an organizational level, we need visibility by installing appropriate detection systems and response systems monitoring. Because the earlier you detect an incident, the better able you will be to prevent it from metastasizing into a bigger problem like ransomware.”

Time-Stamps:

[01:05] – Hot topics in cybersecurity today
[03:55] – How is the US government responding to the increased supply chain kind of cyber attacks?
[09:47] – How to reach out to Sherri Davidoff and Michael Kleinman
[13:03] – About the FTC providing notice about patching up their systems to companies
[15:31] What is meant by wiper malware?
[24:30] Key takeaways from today’s conversation

Connect with Michael and Sherri:

Michael Kleinman: https://www.friedfrank.com/professionals/michael-kleinman

Sherri Davidoff: https://www.lmgsecurity.com/about/sherri-davidoff/