Cyber Magazine - October 2021 by cybermagazine

October 2021

cybermagazine.com

Threat Intelligence Tools

Networks and Applications Phising: why zero trust security is the catchall for new threats Technology & AI Are AI and ML driving more cyber security attacks?

DEVELOPING AND HARNESSING SKILLS IN CYBER AND INFORMATION SECURIT Y FEATURING:

CITY UNIVERSITY OF LONDON

CLAROTY

RUBRIK

Never miss an issue!

+ Discover the latest news and insights about Global Cyber...

JOIN THE COMMUNITY

The Cyber Team EDITIOR-IN-CHIEF

VIKKI DAVIES

EDITORIAL DIRECTOR

SCOTT BIRCH

PRODUCTION DIRECTORS

GEORGIA ALLEN DANIELA KIANICKOVÁ PRODUCTION MANAGERS

OWEN MARTIN PHILLINE VICENTE JACK THOMPSON PRODUCTION EDITOR

JANET BRICE

CREATIVE TEAM

OSCAR HATHAWAY SOPHIE-ANN PINNELL HECTOR PENROSE SAM HUBBARD MIMI GUNN JUSTIN SMITH REBEKAH BIRLESON DUKE WEATHERILL JORDAN WOOD VIDEO PRODUCTION MANAGER

KIERAN WAITE

DIGITAL VIDEO PRODUCERS

SAM KEMP EVELYN HUANG HABBIE AMOS JACK NICHOLLS MARTA EUGENIO MOTION DESIGNER

TYLER LIVINGSTONE MARKETING DIRECTOR

ROSS GARRIGAN

MARKETING MANAGER

SAJANA SAMARASINGHE PROJECT DIRECTORS

KRIS PALMER BEN MALTBY

TOM VENTURO SUJAN JESURAJA MANAGING DIRECTOR

LEWIS VAUGHAN

EXECUTIVE ASSISTANT

JORDAN HUBBARD MEDIA SALES DIRECTORS

JASON WESTGATE

CHIEF OPERATIONS OFFICER

STACY NORMAN PRESIDENT & CEO

GLEN WHITE

FOREWORD

Tackling the cyber security skills gap There has been a distinct lack of skills in the cyber security market for many years, but according to research the problem is only getting bigger.

“There has been a distinct lack of skills in the cyber security market for many years”

The Information Systems Security Association (ISSA) and analyst Enterprise Strategy Group (ESG) surveyed 489 cybersecurity employees in their ‘Life and Times of Cybersecurity Professionals 2021’ report. The results found a heavier workload (62%), unfilled positions (38%) and worker burnout (38%) are contributing to the skills gap and nearly all surveyed (95%) believe the gap has not improved in recent years. Nigeria is tackling this gap head on with a fantastic new fellowship called Cybergirls. The CyberSafe charity invests in girls between the ages of 15 and 21 from underserved communities by giving them globally sought-after cybersecurity skills, positioning them to start a career in cybersecurity and seize work opportunities within Nigeria and across the world. It is widely thought that cyber education needs to begin early in schools. Perhaps Nigeria’s innovative programme will start to pave the way for more of these types of initiatives. Only time will tell.

CYBER MAGAZINE IS PUBLISHED BY

VIKKI DAVIES

vikki.davies@bizclikmedia.com

cybermagazine.com

The World’s Biggest Sustainability Event February

23rd - 24th 2022 REGISTER FOR TICKETS

STREAMED LIVE FROM TOBACCO DOCK LONDON A BizClik Media Group Brand

Creating Digital Communities

CONTENTS

Our Regular Upfront Section: 6

Big Picture

The Brief

10 Global News 12 People Moves 14 Timeline: The history of cyber security 16 Legend: Shira Rubinoff 20 Five Mins With: Nat Kausik

26 Chartered Institute of Information Security

Tackling new cyber security threats with the support from CIISEC

Cyber Security

Cybergirls: tackling poverty with cyber security

Network & Application

Phishing: why zero trust security is the catchall for new threats

Real world problems and solving security issues by research

Industrial cyber security: more crucial than data security?

City University of London

Event Review

BizClik Media Group: hosting Technology, AI and Cyber live

Claroty

Start Today

114

Naranja X

A fintech transformation

Rubrik

Securing data, the 21st century strategic asset

104

Technology & AI

Are AI and ML driving more cyber security attacks?

126

Top 10

Threat intelligence tools

BIG PICTURE

October 2021

The Health Service Executive Ireland

The Health Service Executive (HSE), Ireland's healthcare service, is still feeling the direct and indirect effects of a recent ransomware attack. A Russian-based Conti ransomware group reportedly asked the health service for $20mn to restore services in the attack back in May 2021.The HSE says emergency departments remain very busy because of the hack, many x-ray appointments remain cancelled and staff still do not have access to their own emails. cybermagazine.com

THE BRIEF “What if cyber security could bet he poverty alleviation tool?”

BY THE NUMBERS Purplesec’s 2021 Cyber security Trends Report looks at the rise in malware over the last 10 years

Confidence Staveley Founder CyberSafe Foundation  READ MORE

“The last 24 months have seen considerable advancements in AI and ML that influence a variety of areas” Bruce McIndoe

Founder McIndoe Risk Advisory  READ MORE

“Nearly threequarters of organisations have fallen victim to a phising attack in the last year” Daniel Spicer CSO Ivanti 

October 2021

92%

98%

of malware of mobile is delivered malware targets by email android devices

51%

34%

of malware of malware hit is made up businesses took of Trojans weeks to regain data access

Are AI and ML driving more cyber security attacks? Nada Marjanovich and Bruce McIndoe from McIndoe Risk Advisory look at the top five technological advancements to watch in 2022.

Phishing: why zero trust security is the catchall for new threats Is zero trust security the answer for organisations to overcome the sudden increase in phishing security threats and regain the upper hand against bad actors?

CyberGirls: tackling poverty with cyber security We look at the CyberSafe Foundation’s CyberGirls fellowship which invests in girls from underserved communities.

Do you trust your VPN? What is a VPN? A VPN encrypts your internet traffic and routes it through remote servers, protecting your data (like your browsing history, downloads, and chat messages) and masking your location. Pros of a VPN A good VPN will also secure your internet connection, protect your privacy and conceal your identity, keeping you safe from hackers or anyone else who might be trying to keep tabs on your online activity. Cons of a VPN Not all VPNs are created equal. VPN’s can slow your connection speed, some major streaming services try to combat VPN connections with VPN blockers, configuration can be difficult if you don’t know what you are doing and your VPN connection can suddenly drop. Should you get a VPN? While some VPNs have their downsides, it’s safe to say that the pros far outweigh the cons. Not only can you access the content you want whenever you want, you can also count on your private information staying really private.

 FINANCIAL INSTITUTIONS BT has launched ‘BT Cloud Control Financial Services’ for IT teams to address the challenges they face in balancing the risks and rewards of moving their applications and secure data to the cloud.  CYBER SECURITY STARTUPS Momentum Cyber’s latest cyber security market review showed that investors poured $11.5bn in total venture capital financing into cyber security startups in the first half of 2021, up from $4.7bn during the same period a year earlier.

W I N N E R S OCT21

 US GOVERNMENT The US Military’s biometric collection and identification devices have been seized by the Taliban. They contain biometric data such as iris scans and fingerprints, sensitive data and access to large centralised databases.

 FRENCH GOVERNMENT The personal data of visa applicants hoping to visit or emigrate to France has been exposed in a cyber attack targeting the French government’s ‘France-Visas’ website. Nationalities, birth dates, and passport numbers were among the potentially exposed data.

L O S E R S

cybermagazine.com

TIMELINE THE HISTORY OF CYBER SECURIT Y Cyber security is becoming increasingly significant due to the increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of smart devices and the various devices that constitute the ‘Internet of things’. Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world. Where did it all begin? We take a look at the history of cyber security from inception to the present day.

1970

1980

ARAPNET and the Creeper

Birth of the commercial antivirus

Cyber security began in the 1970s when researcher Bob Thomas created a computer programme called Creeper that could move across ARPANET’s network, leaving a breadcrumb trail wherever it went. Ray Tomlinson, the inventor of email, wrote the programme Reaper, which chased and deleted Creeper. Reaper was the very first example of antivirus software and the first self-replicating programme, making it the first-ever computer worm.

1987 was the birth year of commercial antivirus although there were competing claims for the innovator of the first antivirus product. Andreas Lüning and Kai Figge released their first antivirus product for the Atari ST – which also saw the release of Ultimate Virus Killer in 1987. Three Czechoslovakians created the first version of the NOD antivirus in the same year and in the US, John McAfee founded McAfee and released VirusScan.

October 2021

1990

2000

2021

The world goes online

Threats diversify and multiply

The next generation

With the internet becoming available to the public, more people began putting their personal information online. Organised crime entities saw this as a potential source of revenue and started to steal data from people and governments via the web. By the middle of the 1990s, network security threats had increased exponentially and firewalls and antivirus programmes had to be produced on a mass basis to protect the public.

In the early 2000s crime organisations started to heavily fund professional cyberattacks and governments began to clamp down on the criminality of hacking, giving much more serious sentences to those culpable. Information security continued to advance as the internet grew as well but, unfortunately, so did viruses.

The cyber security industry is continuing to grow at the speed of light. The global cyber security market size is forecast to grow to $345.4bn by 2026 according to Statista. Ransomware is one of the most common threats to any organisations data security and is forecast to continue to increase.

cybermagazine.com

TRAILBLAZER

THE HUMAN FACTOR Name: Shira Rubinoff Job Title: Cyber Security Executive Companies: TrueConnect, Mainframe, Pypestream, Prime Tech Partners, HeraSoft

hira Rubinoff is a recognised cyber security executive, cybersecurity and blockchain advisor, global keynote speaker and influencer, who has built two cyber security product companies and led multiple women-in-technology efforts. She currently serves as President of the NYC-based technology incubator, Prime Tech Partners and the social-media-security firm, SecureMySocial. She also serves on the Boards of Pace University Cyber Security Programme, The Executive Women’s Forum for Information Security, Leading Women in Technology, the blockchain company, Mainframe, and the artificial intelligence (AI) companies, TrueConnect & Pypestream. An expert in the human factors of information technology and security, 16

October 2021

Rubinoff was named one of New Jersey’s Best 50 Women in Business, was named by CSO Magazine as a Woman of Influence, was honoured by CSO and the EWF with their “One to Watch” award as well honored as the 2017 "Outstanding Woman in Infosec" by the CyberHub Summit. She has also been calculated by analysts to be the top female cybersecurity influencer globally on social media. Rubinoff also created numerous video series including a series of interviews with the top executives of the most prominent cyber security and technology companies. Rubinoff provides guidance to numerous Fortune 100 companies in areas related to cyber security and company thought leadership, and consults to

“The human is the weakest link in the cyber security chain” various organisations in areas of business development and organisational dynamics. She has published many articles, and lectures, on topics related to the human factors of cybersecurity, blockchain, and related topics and holds several patents/ patents-pending in areas related to the application of psychology to improve information technology and cyber security.

In an excerpt from her book Cyber Minds, Rubinoff says: “Human factors and cyber security go hand-in-hand. First, to be cyber-secure, the elements of security technology must be addressed. While you're executing this monumental task, remember that human factors ought to be a fundamental consideration when creating your security protocols. How humans are approached when implementing security compliance will ultimately determine the level of security within a given organisation. “In the cyber security chain the human is the weakest link. We need to be come part of the solution. In my experience, this is the most powerful sentence to consider when thinking about the overall cyber security of cybermagazine.com

TRAILBLAZER

October 2021

Over 17 years working in cyber security an organisation. I repeat, the human is always the weakest link in the security chain; and that's true on both sides of security. Security is built to protect humans, but it's built by humans and the bad actors attempting to break down security are human too. Humans are the common thread, always the centerpiece of both the security problem and the solution. “Given that there are humans involved in every step of the way, an organisation can decide to take the view that humans are the problem and govern from that perspective. Alternatively, they can flip their vantage point and take the position that humans are the solution.

With that in mind, they can implement proper cyber hygiene in the organisation, while simultaneously unifying their team, as humans take centre-stage as the solution. Needless to say, the latter is a much more compelling and effective way to tackle your greatest security challenges. “Making humans the linchpin of your organisation's security solutions empowers your employees. It also helps to lay the groundwork for a loyal and cohesive workforce, bound together and working in concert, ensuring your company is secure from the inside out. “Following this philosophy, you'll be much more likely to create an environment with proper cyber hygiene, which is crucial in our today's ever-more-dangerous world. Cyber hygiene is pivotal in curtailing both malicious insider threats from disgruntledor opportunistic employees, and non-malicious insider threats from oblivious or negligent employees. “Organisational culture is the tie that binds people together, and that inevitably determines the efficiency of entire organisations. It's important to step back and review how the culture around cybersecurity has evolved substantially in recent times, and how it's become an entirely different process over the years.”

cybermagazine.com

FIVE MINUTES WITH...

NAT KAUSIK CEO AND FOUNDER OF

WE SPOKE TO NAT ABOUT THE CYBER SECURITY LANDSCAPE THIS YEAR AND THE TRENDS SHAPING THE INDUSTRY

WHAT ARE THE BIGGEST CYBERSECURITY THREATS TO BUSINESSES IN 2021? With the COVID-19 pandemic fundamentally changing the way we work for the foreseeable future – possibly forever – businesses have had to adapt accordingly or risk losing ground on competitors. For many, this has meant implementing more appropriate business and security models that empower employees to work efficiently from everywhere while keeping sensitive data secure, wherever it goes. The process doesn’t need to be painful if done appropriately and those who have achieved it are more quickly reaping the benefits of a more flexible, secure and productive working environment. WHAT'S THE NUMBER ONE SOLUTION REQUIREMENT YOU ARE SEEING CURRENTLY FROM YOUR CUSTOMERS? The continued migration to the cloud, the rapid rollout of BYOD initiatives and the unprecedented rise of the remote workforce has accelerated the adoption of Secure Access Service Edge (SASE) and Zero Trust Digital Transformation initiatives. For most companies, the conventional perimeter their security teams once managed has now gone for 18 months – and there won’t be any going back. By uniting SASE and Zero Trust, organisations can establish and maintain an environment that reliably enforces security procedures for any interaction – on or off premises – through one unified platform.

October 2021

“ THE EXTENT OF THE SOPHISTICATED INTRUSION WHICH LED TO THE NOW-INFAMOUS SOLARWINDS BREACH WAS BREATHTAKING” WHAT CYBER SECURITY TECHNOLOGY HAS IMPRESSED YOU THIS YEAR? In its latest “Hype Cycle for Network Security, 2021” Gartner introduced Security Service Edge (SSE). Security Service Edge is an integrated, cloud-centric offering that facilitates safe access to websites, SaaS, and private applications. It will typically also combine access control, threat protection, data security, security monitoring, and acceptable use control. This has raised questions around the difference between Security Service Edge (SSE) and Secure Access Service Edge (SASE). The answer is they’re not mutually exclusive. Often SSE is the adopted approach by the security team while SD-WAN services are

separately adopted by the infrastructure team. But they can work together to complete the SASE journey. SINGLE VENDOR SECURITY INFRASTRUCTURE OR DIVERSIFIED TECH STACK? The extent of the sophisticated intrusion which led to the now-infamous SolarWinds breach was breathtaking. The hackers leveraged SolarWinds’ commercial software to infiltrate major firms and top government agencies, exposing sensitive data. Cybercriminals were able to jump from a single compromised laptop to the company’s Active Directory to the Azure Active Directory and Office 365 for complete control. Since then, the big cyber security question has been whether the attack set a precedent for hackers to target companies that rely heavily on a single vendor security infrastructure, such as Microsoft. cybermagazine.com

FIVE MINUTES WITH...

A recent report estimates that the total cost of healthcare breaches has risen by almost 200 percent over the last three years, from around £3.4bn in 2018 to more than £9.5 bn in 2020

Having everything via one vendor has been favoured due to lower complexity. But the clear lesson from the recent attacks shows that relying on a single vendor for both infrastructure and security lays down the equivalent of a red carpet for a hacker. Diversifying your tech stack and deploying SASE and the safeguards it offers, lets you chart the best course – enabling security teams to develop a more resilient IT infrastructure, that can lighten up business stability and minimise the spread of any cyber attack. WHAT TRENDS HAVE YOU SEEN IN THE INDUSTRY THIS YEAR? Security landscapes are ever-changing, and companies need to stay on top of the latest trends. Cloud-based data access and protection should remain a number one priority for every company around the world. But with a new hybrid workforce, how has it changed? 22

October 2021

Particularly with new hybrid working models, IT and security leaders need to understand new and evolving security challenges. For example, traditional security solutions built for well-defined enterprise perimeters are not capable of securing hybrid workforces – because today there are no perimeters! The shift away from traditional perimeter-based security and tools will alleviatemthe shortcomings of VPNs while enabling mobility and access to cloud services. WHAT SECTORS ARE SEEING THE GREATEST THREATS THIS YEAR? Healthcare is one of the fastest-growing sectors for cybercrime, something

which the COVID-19 pandemic has only exacerbated. This is because hospitals and healthcare facilities have a wealth of sensitive data stored on their networks that need to be accessible around-the-clock, to maintain a high quality of patient care. Put simply, they can’t afford to be locked out of their data. When combined with the chaos and resource strain caused by the pandemic,

“ IT AND SECURITY LEADERS NEED TO UNDERSTAND NEW AND EVOLVING SECURITY CHALLENGES”

it has made them the perfect victims for cybercriminals looking to make profits – despite how despicable and unscrupulous it may seem to the rest of us. While it can be difficult to put exact numbers on individual attacks, a recent report estimates that the total cost of healthcare breaches has risen by almost 200 percent over the last three years, from around £3.4 billion in 2018 to more than £9.5 billion in 2020. Additionally, the cost per breached record has grown from roughly £295 to over £360. When you consider that a typical breach involves hundreds of thousands of records, the cost of an attack can quickly reach astronomical levels. cybermagazine.com

Meet the Top 100 Leaders in Technology

OUT NOW A BizClik Media Group Brand

techno

logym

agazine

.com

TOP LEAD ERS 2021

NOMINATE

CELEBRATE

Creating Digital Communities

CIISEC

Tackling new cyber threats with support from

October 2021

CIISEC

WRITTEN BY: CATHERINE GRAY PRODUCED BY: GLEN WHITE

cybermagazine.com

CIISEC

The Chartered Institute of Information Security provides a platform for its members to develop and harness skills in cyber and information security

s the only pure-play information and cyber security institution to have been granted Royal Charter status, the Chartered Institute of Information Security (CIISec) is dedicated to raising the standard of professionalism in information and cyber security. The rapid increase towards digitalisation, information, and cyber security holds greater importance to businesses and organisations as they look to protect themselves from threats. Coupling this with ‘the new normal’ of remote working, cyber and information security professionals have to be adaptive to new challenges as they arise. Understanding and recognising the importance of adaptability and learning in cyber security, CIISec provides many security professionals with the tools and knowledge to respond to new challenges as they present themselves. Amanda Finch is the CEO of the Institute and she explained that CIISec is: “the natural home for cyber professionals throughout their career.” “What we want to do is we want to recognise people for their skills and competency, we want to help them with the development paths and we want them to be successful. We're giving them the tools to either develop the capability within an organisation or to look at their own career and develop it” she continued.

October 2021

CHARTERED INSTITUTE OF INFORMATION SECURITY

cybermagazine.com

CIISEC

About the Chartered Institute of Information Security (CIISec)

“ It's been a labour of love and it’s been a privilege to do it and there's no other job like it in the profession” AMANDA FINCH CEO, CIISEC

Having gained Royal Charter status in 2018, Finch explained: “it was quite a journey” as you can only have one Royal Charter status for a particular area. To prove they were a “particular niche” Finch and CIISec had to provide many examples to show they were the only body operating wholly in this field. The application for Royal Charter status lasted three years, documentation went through the privy council and Finch described it as “a complicated process.” 30

October 2021

Now, CIISec is ready to charter other professionals and organisations that are full members that meet the charter requirements. As well as being able to charter its full members, Finch discussed the Institute’s skills frameworks which also supports members of all knowledge levels to learn about cyber and information security. She explained, “We have a number of development programmes. We've got programmes that take people from being new to the profession up to what we call our associate level. We're starting an apprentice programme in October as well. Everything's built on our skills frameworks.” Programmes taking professionals to the next level These programmes are designed to help businesses and organisations gain full membership to the institute, and cover the whole industry to ensure professionals are prepared for cyber attacks.

CIISEC

AMANDA FINCH TITLE: CEO LOCATION: UNITED KINGDOM

EXECUTIVE BIO

Amanda Finch is the CEO of the Chartered Institute of Information Security (CIISec) and she has specialised in Information Security management since 1991. She has always been an active contributor to the industry and for many years she has been dedicated to gaining recognition for the discipline to be recognised as a profession. Over her career she has been engaged in all aspects of Information Security Management and takes a pragmatic approach to the application of security controls to meet business objectives. Through her work she has developed an extensive understanding of the commercial sector and its particular security needs. In her current role she works with Industry, Government and Academia, assisting all sectors in raising levels of competency and education. Amanda has a Masters degree in Information Security, Full Membership CIISec and is a Fellow of the BCS. In 2007 she was awarded European Chief Information Security Officer of the year by Secure Computing magazine and frequently listed as one of the most influential women within the industry.

cybermagazine.com

CIISEC

Speaking about the programmes, Finch said: “We have programmes to help them to get to the full membership, which we will be aligning with chartered status when we’re able to actually charter people and give them that status. We'll do that through masterclasses. So we take people from across the whole profession and they run webinars that people can latch on to so that they can understand the parts of the profession and soft skills and things like that as well.” Aimed to take professionals in the industry to the next level in terms of knowledge, CIISec recognises the eclectic nature of the profession and are therefore keen for other professionals to share their experiences. In doing so, members and prospective members can learn from each other’s cyber and information security challenges. “A lot of what we do is filling in the gaps that professionals haven't been exposed to as a way to round their experiences and knowledge,” said Finch. To further support its members CIISec helps professionals looking to move into the industry, as well as those looking to progress in cybersecurity, and prepare for exams in an accessible way. Its online exam preparation sessions provide structured revision to help “people with materials, with development programmes and with recognition for their skills and competency,” explained Finch. This is particularly important as a lot of resources and training pieces around information and cybersecurity can be costly. By reducing this cost for its members CIISec hopes to make the industry and training within the industry more accessible. Promoting diversity and inclusion As the cyber and information security industry is largely male-dominated, CIISec 32

October 2021

CIISEC

is keen to tackle this diversity issue, promote women in cyber and make the industry more reflective of society. The Institute’s Women in Cyber have produced a series of webinars on a variety of topics covering diversity and inclusion. Available to members, CIISec adds new webinars regularly to promote women in the industry. Additionally, the institute has its Diversity & Inclusion Steering Committee chaired by Nina Paine. As a member of the committee, Finch explained her dedication to promoting diversity in her industry: “It’s ridiculous that the industry and profession don’t reflect society and I want to change that. I am in a position where I have a voice that I need to use.”

“A lot of what we do is filling in the gaps that professionals haven't been exposed to as a way to round their experiences and knowledge” AMANDA FINCH CEO, CIISEC

In order to address this gender imbalance in information and cyber security, Finch explained professionals need to share what can be gained from a career tackling security challenges. She said: “Something we need to do a lot more is getting out to schools and getting out career advisors, parents, sort of anyone that will listen with us for five seconds to say that this is actually a really interesting career.” Keen to collaborate with others looking to promote different diversity initiatives and challenges, CIISec has been trying to signpost other people’s diversity programmes. cybermagazine.com

CIISEC

This is to celebrate what others have been doing rather than replicating it themselves and avoid reinventing the wheel. Finch explained: “I think the problem we've got at the moment is that there are so many initiatives out there that actually it's a bit of a crowded space. Some are better than others and some target different areas.” Tackling staff shortages to reduce burnout With these diversity issues in information and cyber security comes another issue, staff shortages. Keen to address challenges within the industry, CIISec conducted a survey that showed staff shortages are a big issue, it can lead to burnout and result in more people looking for opportunities in other industries. “The biggest challenge is people,” Finch said. “It’s about having enough people working in the industry. The survey showed we’re getting better at dealing with incidents. But, it’s really about people, that there aren’t enough people and we have to address that shortage. We need to think out of the box about how we do that, it may be upskilling security champions within the business rather than having a big security team,” she added. Not only has the pandemic catalysed the significance of these issues but it has also created new problems for professionals in the cyber and information security industry. With people working remotely, employees are exposed to new risks and cyber professionals have become increasingly busy targetting these. Due to this increase in challenges, Finch explained that CIISec is seeing burnout from professionals working in this space. Finch explained: “The reason that people leave roles and stay in roles is really about being valued and being developed. Although leaving jobs for more money is a big factor, people actually leave if they’re not being 34

October 2021

CIISec started out as the Institute of Information Security Professionals (IISP) when it was founded by leaders of the profession in 2006. CIISec has a growing community of over 10,000 members. In 2007 the Institute’s first Skills Framework was devised to measure skills and competency in cyber security.

developed, they’re not being managed, or given the scope to use their flair.” With staff shortages leading to increased demand for those already working in the industry, there is little time for development leading to dissatisfied employees. Due to this, Finch explained that CIISec is encouraging organisations to look at existing employees and see how they can be utilised to boost their own cyber and information security teams. They encourage this while simultaneously developing employees that may feel like they could do more within their roles.

CIISEC

“We need to keep looking at the new skills needed and develop those skills as the landscape changes” AMANDA FINCH CEO, CIISEC

Looking to the digitalised future When looking to the future, Finch explained the rapid speed of change in technology is going to dramatically change the landscape that cyber and information security professionals operate in. “So what we need to do as professionals, what we've always done, is harness the tools that are out there,” she said. Adding a caveat to this, Finch warned against the wrong use of some technologies to support information and cyber security professionals, such as AI and automation, as this can lead to additional challenges.

As the cyber and information security industry has been constantly evolving, Finch discussed professionals working in this area and highlighted their adaptability as they have had to be reactive to changes as and when they occur. “Information security problems will always change, they won’t get easier. There will be some things that get easier only because we’ve got more experience dealing with them,” said Finch. Looking specifically at what the Institute is aiming to do over the coming years, Finch explained: “We need to keep looking at the new skills needed and develop those skills as the landscape changes. That’s one of the reasons that we put an awful lot of emphasis on continuous learning because it never stops.”

cybermagazine.com

CYBER SECURITY

CYBERGIRLS:

TACKLING POVERTY WITH TACKLING CYBER SECURITY 36

October 2021

CYBER SECURITY

CyberGirls fellowship invests in girls from

underserved communities and empowers them with cybersecurity skills. Founder Confidence Staveley shares her story

WRITTEN BY: VIKKI DAVIES

igeria’s technology industry has brought much wealth to the country, yet the dynamics of the innovative sector are male-centric. According to the Women’s Technology Empowerment Center, Nigeria has a sizable gender gap. The technology sector, in particular, does not employ many women. According to the National Bureau of Statistics, women make up on average just 22 per cent of the total number of engineering and technology university graduates each year. Similarly, just a fifth of the people working in the information and technology sector are women. Nigeria’s cyber security industry has been given a major boost with the launch of a new charity in the country for women. The CyberSafe Foundation has launched a fellowship programme called CyberGirls. cybermagazine.com

Never trust, always verify Okta as the core of Zero Trust Okta is the leading independent identity provider. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time.

Learn more

CYBER SECURITY

Watch about the partnership between Okta and Presidio

Okta: identity for the internet

vision is a world where everyone can “ Okta’s Investing in these safely use any technology: its promise, to girlsthewill lift protect identities of all them users, while asking “what more can we make possible?” and their families Today IT leaders cite secure employee access from poverty” as their primary focus, thanks largely to an

explosion in remote working. “One of the scariest parts of the quick switch to remote work is the needCONFIDENCE to move quickly and securely,” STAVELEY CEO Partner AND EXECUTIVE says Brock Dooling, AlliancesDIRECTOR, Engineer CYBERSAFE FOUNDATION at Okta, a trusted platform to secure every identity, from customers to workforce. More than 10,000 organizations trust Okta’s software and The programme will APIsone-year to sign in, fellowship authorize, and manage users.

equip girls between the ages of 15 and 21 Getting identity right is really important – but with globally sought-after cybersecurity complicated. Clients can to usestart Oktaato enablein skills, positioning them career their users to sign in with a username/password cybersecurity and seize work opportunities or with their social accounts like Google or within Nigeria and across the world. Facebook using pre-built sign-in components The project is the brainchild of Confidence from Okta. “After the user has signed in, you Staveley who wanted to improve the can retrieve their user profile, secure your socio-economic wellbeing ofso girls APIs and application backends thatliving only in underserved communities in the authorized users and applications cancountry. call them. “Investing these With Okta in clients cangirls use and theirempowering existing stack to them within, globally build sign protectsought-after their APIs andcybersecurity move on with their lives!” That message is not lost on Okta’s

partners. Recently the CTO of lifecycle managed services provider Presidio Dave Trader told us: “Okta has been a huge help in managing secure user authentication, while allowing developers to build identity controls into applications, website web services and devices.”

skills will lift them and their families Password access is notoriously vulnerable, so from poverty, contribute to combating automationaddress of user authentication is atand the cybercrime, gender disparity top of the developers’ agenda. Okta FastPass skills gaps in cybersecurity and fight youth is already delivering passwordless login using unemployment/underemployment," default authentication implemented through Staveley says. biometric capabilities, rather than only by “I thought to myself, that only4 2021 user-specific certifications. Onwe March look at acquired cybersecurity from the angles of Okta a complementary authorization security measures, protecting enterprises, platform. It will continue to support and expand protecting people use technology, Auth0, with a viewthat to eventual integration. “Together, we will shape thebe future identity what if cybersecurity could the of poverty on the internet,” Brock “Okta alleviation tool, promises or vertical? ItDooling. was that and Auth0 address a broad set of identity moment where I thought about thingsuse cases, and our identity platforms are robust and from a new angle and perspective extensible enough to serve the world’s largest and from here the charity was born,” organizations and most innovative developers.” adds Staveley. Despite setting out on her career path to work in medicine, Staveley says she found a thirst for technology Learn more when she started cybermagazine.com

CYBER SECURITY

programming and typing code. She says she had to “paint the perfect picture of technology” to her parents, explaining how it would provide opportunities for her future, when she told them she no longer wanted to study medicine at university as they didn’t understand it. She went on to study Information Technology and Business systems at the University of Middlesex and achieve a distinction in her masters. Since graduating in 2013 she has worked in various cyber security roles across the country. She has also won countless awards for being a cybersecurity evangelist, cybersecurity woman of the year and a cybersecurity global influencer. The start of the fellowship The first cohort of 150 girls in the fellowship began in June 2021. Staveley says the recruitment process was tough. “We wanted to ensure we could get the message across to as many girls as possible so our recruitment drive focused on both online and offline means. In Nigeria there is a big divide between how many women and how many men have access to technology. For example many more men have access to Facebook in Nigeria than women. Culturally in our country men and women have very different roles, so it’s not just about a technology divide but also a cultural divide,” she says. The charity’s offline drive included flyer drops in towns and villages and a radio campaign. “Radio is a channel that is commonly used by people that don’t have access to digital information in Nigeria and we utilised every opportunity we had,” says Staveley. Over 500 girls applied for a place on the fellowship. “Sadly we could only give 150 places,” adds Staveley. 40

October 2021

During the one-year fellowship, beneficiaries will be progressively exposed to training in digital literacy, cybersecurity fundamentals, soft skills and career specific paths in cybersecurity, etc. Career specific paths will include Networking, Cyber and IT Security Audit, Incident Analysis/Response, Penetration/ Vulnerability Testing, Security Intelligence, Web Application Testing and Cloud security. CyberGirls fellows will also enjoy hands-on training experience, mentorship from female cybersecurity professionals, as well as internship opportunities and entry level job placements during the last three months of the fellowship.

CYBER SECURITY

“ Computers and travel are expensive and many of the girls cannot afford to travel to where they need to be to get their training” CONFIDENCE STAVELEY

CEO AND EXECUTIVE DIRECTOR, CYBERSAFE FOUNDATION

Staveley says the course gives them “globally applicable knowledge that will enable them all to achieve great careers in cybersecurity in the future.” And when asked what the attributes of a successful woman working in cybersecurity are, Staveley says: “Curiosity, curiosity and a hunger for learning. I think if you’re curious you want to learn more and cyber security is all about learning new ways of doing things and seeking out answers to new challenges. Sponsorships and funding support The charity can only survive with help from sponsors and funding and Staveley says cybermagazine.com

CYBER SECURITY

October 2021

CYBER SECURITY

“ What if cybersecurity could be the poverty alleviation tool?” CONFIDENCE STAVELEY

CEO AND EXECUTIVE DIRECTOR, CYBERSAFE FOUNDATION

that so far this has been one of her biggest challenges. Some of the charity’s sponsors include cybersecurity company Cyberunit, Northeast Humanitarian Hub, Mercy Corps and GiTech. “Computers and travel are expensive and many of the girls cannot afford to travel to where they need to be to get their training. We have been working with Nigerians in the public and private sectors as well as other Non- Governmental Organisations to collaborate and provide in-kind and in-cash support needed to ensure these girls have all they need to achieve the task ahead,” says Staveley. She is also inviting prospective employers to support this initiative and signup as job placement partners for the purpose of providing paid internship or job placements for CyberGirls Fellows upon graduation from the fellowship. “Investing in these girls and empowering them with globally sought-after cybersecurity skills will go a long way in changing the lives of our beneficiaries and their families for years to come," she adds. Staveley has high hopes for the future of the charity. “We are looking to expand to other parts of Africa, including Ghana, Egypt, Zambia and one more African country,” she says. “In 10 years I see us playing a major role in shaping global policies around cyber security but also helping the African continent stay safe.” cybermagazine.com

REAL WORLD

PROBLEMS AND SOLVING

SECURITY ISSUES

BY RESEARCH 44

October 2021

CITY UNIVERSITY COMPANY LONDON NAME

WRITTEN BY: LAURA BERRILL PRODUCED BY: GLEN WHITE

cybermagazine.com

CITY UNIVERSITY LONDON

How a University’s cyber security institute solves real world problems from the outside through research and partnerships

he City University Institute of Cybersecurity is described as being a place which takes the real problems from the outside world and solves them, via scientific research, as well as from a commercial angle. The department works with research and government agencies, as well as with industry to try to solve some of the most cutting edge, real-world problems in terms of the exponential growth of cyber security. Its head, Professor Muttukrishnan Rajarajan, says some of its uniqueness lies in the fact that the institute has several ‘spin offs’ which means its research is then taken into the commercial world, something that not many similar institutes do. He adds that another uniqueness is being able to search through big data when it is protected ina privacy preserving manner. This particular centre was established 20 years ago when Prof Rajarajan joined as an academic. Since then, he says, it has evolved into a centre for security in information security and cybersecurity. “Because many of the projects we pick up have multidisciplinary angles, we realised that we needed expertise from right across the University and not solely from a few technical specialists trying to solve problems. We needed expertise from psychologists and lawyers, which was very interesting because when it comes to cyber-attacks we needed to understand

October 2021

Professor Muttukrishnan Rajarajan

CITY UNIVERSITY LONDON

Cyber security issues in the real world and research answers

“I TEND TO TAKE MOST OF THE PROBLEMS FROM INDUSTRY AND THEN TRY TO IDENTIFY HOW WE UNDERSTAND THAT THROUGH FUNDAMENTAL RESEARCH” MUTTUKRISHNAN RAJARAJAN

PROFESSOR OF SECURITY ENGINEERING AND THE DIRECTOR OF INSTITUTE, CITY UNIVERSITY LONDON

October 2021

the behaviours of everyday people who can turn from a decent citizen into a person of concern. We pretty much bring people together from very different backgrounds and expertise. This enables us to come up with more creativity and innovative ideas at the same time,” explains Muttukrishnan. Real aims and objectives Muttukrishnan keeps it simple by pointing out that the main aim of the department is to help fight against the many cyberattacks they encounter, so it continues to build systems and techniques to safeguard the cities and corporates around the UK and counter what he calls cyber terrorism. He offers an example: “We worked on a European Commission project called Red Alert by which we tried to understand via social media how terrorists are radicalised over a period of time. We studied data from

across many European countries, several social media platforms and in ten different languages to see how over a period of time how people’s mindsets are influenced by specific groups. It provided us with insight into attitudes and behaviours.” Prof Rajarajan adds the reasons for the radicalisation was based on political ambitions rather than financial, which is the other main reason for attacks such as ransomware. However, the tendency for hybrid and remote working and employees being given various devices over which employers have no control over is another omnipresent challenge. “These are insider threats, not outsider ones, so another big issue to try to solve,” he says. He mentions a company called Crossword, a cybersecurity company which was formed by a product originating from the Institute for Cybersecurity. Crossword

EXECUTIVE BIO

CITY UNIVERSITY LONDON

MUTTUKRISHNAN RAJARAJAN TITLE: PROFESSOR INDUSTRY: EDUCATION LOCATION: UNITED KINGDOM Muttukrishnan Rajarajan (Raj) is a Professor of Security Engineering and the Director of Institute for Cyber Security at City, University of London. He currently leads the Information Security Group at City and his research interests are in the areas of Intrusion Detection, Cloud Computing security, Internet of Things Security, Network Security and Privacy. He has published well over 300 papers and continues to be involved in the editorial boards and technical programme committees of several international security and privacy conferences and journals. Professor Rajarajan is a visiting research fellow at the British Telecommunication’s Security Research and Innovation laboratory and is an advisory board member of the Institute of Information Security Professionals (IISP), UK. He has worked on several European Union and UK research councils and internal research agencies supported projects. He has also acted as a reviewer for several research agencies evaluating real-life and academic research projects. He co-founded CityDefendTM in 2019 with his PhD students to protect the data stored in the 3rd party Cloud. He is also an advisor to several SMEs in the areas of blockchain, privacy, data science and digital transformation.

cybermagazine.com

CITY UNIVERSITY LONDON

CYBERSECURITY Cybersecurity is a growing concern for businesses of all sizes as cyber criminals’ increasingly sophisticated tactics continue to disrupt organisations. Gartner insight projected that businesses would spend more than $123 billion on security in 2020 and projects that figure to grow to $170.4 billion by 2022. Cyber crime costs organisations $2.9 million every minute, and major businesses lose $25 per minute as a result of data breaches, according to RiskIQ research.

October 2021

CITY UNIVERSITY LONDON

has been involved in the digital verifiable credentials for Covid passports for travel and leisure purposes. The company which has worked with many universities across the UK, translates research into commercial products. Muttukrishnan describes such innovative start-ups as the way to address the very many cyber security challenges in the world today. The evolution of data mining and blockchain. Muttukrishnan says there is a new hot topic in this field of technology, known as federated learning. This is when tech companies, including the giants such as Google, Facebook and Microsoft analyse and mine data without actually ‘getting hold’ of the data. It is about providing the answers to the mining questions without revealing personal data itself and the owner keeps control of it and the data being processed. “The idea behind federated learning is to offer full privacy and preserve data mining at the same time,” he says. Over recent years the evolution of multiple blockchain platforms has presented another challenge in terms of how we work across the platforms and enable them to work together, according to Muttukrishnan. He added this was exacerbated by the way in which the technology was growing. “The number of blocks is increasing,” he says. “Whenwe consider something like green computing, you need to minimise the amount of computing power needed to mine all the blocks. One of the ways it’s being done is minimising the amount of blocks needed in a typical blockchain and therefore reducing the amount of computational power required.” cybermagazine.com

CITY UNIVERSITY LONDON

Security in terms of identity and historical data Muttukrishnan explains that nowadays, tech giants such as Facebook and Google can be asked to delete certain historical data, like mistakes made when through adolescence, so they don’t have as impact on people as they grow older. Which could affect their employability and social recognition in later life. “GDPR has enabled this, as it now allows the owner to make a request for historical information from these types of platforms. It is the same for data being shared with third parties, people can request to see how and with whom it is being shared”. He went on to say that, the major browsing companies change their privacy policies very regularly, such as cookie preferences. This has also been because of GDPR and the number of fines they can receive if there are any breaches. More hefty penalties are now coming in from different bodies, such as the UK’s Information Commissioner’s Office.” Muttukrishnan emphasises the importance of multifactor authentication as a good way forward as new technology in this space removes the need for passwords which people either forget or do not change regularly enough. He says: “The beauty of multifactor authentication is, it allows you to use features such as gait and facial features which are things which are very hard to steal in real time. It can be used alongside biometrics, which we call multimodal modalities, which looks into how people run and even how they use their phones, and what for, as well as the environment they are in, background noise etc. This is an area known as continuous authentication.” But, he says, this goes further. By combining behavioural biometrics together 52

October 2021

with physical biometrics, such as voice and face, he says we can achieve very unique patterns for each individual. And adds even identical twins don’t have the same voice patterns. The power of partnerships Muttukrishnan firstly cites mainstay telco BT as one of the department’s closest partners of more than ten years. The City University department has worked with the company sponsoring their PhD students who are still employed and leading security teams in areas of cloud, IoT and continuous authentication. He says he also has students sponsored through another mainstay, Huawei.

CITY UNIVERSITY LONDON

“WE AS A TEAM HAVE VERY VARIED BACKGROUNDS AND TAKE A 360 DEGREE VIEW, RATHER THAN IT JUST BEING A PURELY TECHNICAL SUBJECT” MUTTUKRISHNAN RAJARAJAN

PROFESSOR OF SECURITY ENGINEERING AND THE DIRECTOR OF INSTITUTE, CITY UNIVERSITY LONDON

But, he says, the department also works with innovative start-ups, helping them to build their products so they can then scale them up when they start to get better revenues. He describes building such varied relationships as an artform which comes through good networking skills and maintaining credibility. “It’s a combination of people recognising you as someone who has specific skills and how to approach you, say in industry forums and also through interactions and collaborations going forward. The relationships you already have can be used to create new and extended ones. It can be at a slow, organic pace but it is the best way. cybermagazine.com

CITY UNIVERSITY LONDON

October 2021

CITY UNIVERSITY LONDON

“MANY OF THE TOPICS WE COVER ARE VERY NEW, WHICH MEANS WE HAVE TO LEARN QUICKLY AND CHANGE WITH THE NATURE OF THE PROBLEM WHICH IS BEING IDENTIFIED AND RESOLVED” MUTTUKRISHNAN RAJARAJAN

PROFESSOR OF SECURITY ENGINEERING AND THE DIRECTOR OF INSTITUTE, CITY UNIVERSITY LONDON

That’s because especially in the cyber security industry there is a lot of snake oil.” He sees the future of partnerships being long term with organisations like the National Cyber Security Centre (NCSC), as well as the innovative newcomers involved in such technology as facial recognition systems, and place the department’s Masters and PhD students into them to help them grow. The future of the cybersecurity industry, both near term and further afield Apart from ransomware, a cyber skills shortage in schools is a growing issue, according to Muttukrishna. He believes says there are not enough students at school level taking up subjects such as maths and physics, which are fundamental for translating into good cybersecurity. He says this is something he is promoting across schools around the country. “We have a huge shortage in terms of machine learning, data science and cybersecurity and are still depending a lot on foreign players to back this up. Especially in cyber, if you don’t have the internal skills then there is going to be a big challenge going

forward, because other countries around the world have made big investments and the UK is not able to keep up.” He concludes that he believes the cyber security skills gap is probably the biggest challenge of our times and as a country we need to do more to address this. He referred to the apprenticeship programme, training people up while they are on the job, then fast tracking the candidates into the industry. “One way is going back to having strategic partnerships with industry, something that I am trying to do. We are trying to build relationships with big consultancies, security providers and also SMEs and train graduates then make it more attractive by offering internships, placement and projects sponsored through industry. Then we will have more skillsets that will be able to fill the gaps that are out there now and not just in the UK, it’s a global issue and has been for quite some time.”

cybermagazine.com

NETWORKS & APPLICATIONS

why zero trust security is the catchall for new threats

October 2021

NETWORKS & APPLICATIONS

Is zero trust security the answer for organisations to overcome the sudden increase in phishing security threats and regain the upper hand against bad actors? WRITTEN BY: VIKKI DAVIES

cammers launch thousands of phishing attacks every day and they’re often successful. The FBI’s Internet Crime Complaint Centre reported that people lost $57 million to phishing schemes in one year in 2020. This is a persistent, costly and escalating issue. Nearly three-quarters of organisations have fallen victim to a phishing attack in the last year and more than half have suffered from IT talent shortages according to Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge. It says its recent phishing survey found the global shift to remote work has exacerbated the onslaught, sophistication and impact of phishing attacks. Ivanti surveyed over 1,000 enterprise IT professionals across the US, UK, France, Germany, Australia and Japan. Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85 per cent said those attempts are getting more sophisticated. In fact, 73 per cent of respondents said that their IT staff had been targeted by phishing attempts, and 47 per cent of those attempts were successful. cybermagazine.com

Discover Your Security Maturity Score Is your organization on the right path as you navigate today's cybersecurity landscape? Find out in just a few minutes by taking our Security Operaaons Maturity Assessment.

LEARN MORE

NETWORKS & APPLICATIONS

“ Nearly three-quarters of organisations have fallen victim to a phishing attack in the last year” DANIEL SPICER CS0, IVANTI

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen Research and Strategy company, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically. Meanwhile, the annualised risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7mn, and a long tail of value of about $90mn.

Spear fishing has also gained popularity in recent years according to cyber security company Kaspersky. Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer. Fashion retailer Ted Baker says it receives 4,000 cyber security threats every week. Ted Baker's Chief Information Officer says over 200 of these threats are targeted attacks and include spear phishing emails devised to reach high-level executives, and cyber campaigns that seek to steal competitive insights or intellectual property. cybermagazine.com

NETWORKS & APPLICATIONS

Antigena: Attack Scenario

Ted Baker has partnered with AI cyber security company, Darktrace to identify and interrupt cyber threats before they escalate into full-blown compromises, including Darktrace Antigena, Darktrace’s Autonomous Response product, which is able to respond to ransomware within one second of suspicious behaviour emerging. Leon Shepherd, Ted Baker's Chief Information Officer, says: “Within seconds of out-of-the-ordinary behaviour emerging, Darktrace AI forms an understanding of whether an attack is underway or not, and can interrupt that activity before our security teams are able to. “With Autonomous Response, I know the AI is always ready to jump in on our behalf at machine speed, giving my team more time to focus on higher-value tasks.” Powered by Self-Learning AI, Darktrace technology works by developing an understanding of what is normal behaviour for each user and device 60

October 2021

NETWORKS & APPLICATIONS

within an organisation, and neutralises malicious behaviour by enforcing this normal ‘pattern of life’. Crucially, this means that dayto-day business is not disrupted. Zero trust security Ivanti believes zero trust security is the answer for organisations to overcome the sudden increase in security threats and regain the upper hand against bad actors. Ivanti’s Chief Security Officer Daniel Spicer says: “As organisations across all industries have shifted to distributed work environments, it is no longer the task of security teams to manage access to data and systems from a specific location. Rather, employees are accessing work-related information on their personal devices from locations all over the globe, making it significantly more challenging for IT personnel to track and verify each and every connected device. Because of this shift, bad actors have evolved their phishing attacks and are now focusing their efforts on employees’ personal mobile devices and as our survey results showed, are finding great success with this approach. Hackers have also been leveraging botnet infections to harvest legitimate email to create more convincing phishing attacks that are highly effective. This is concerning, as phishing attacks often evolve into ransomware attacks. “Your company’s security lies in the cyber hygiene of employees, he adds. “That’s why user experience should be a core focus of any security strategy. As remote work establishes itself as the new normal, ensuring that best practices are as simple as possible to complete will make or break your security efforts. And a zero trust approach can provide organisations with the best of both worlds.” cybermagazine.com

NETWORKS & APPLICATIONS

Zero trust security requires organisations to continually verify any and all devices that are connected to its network every single time with zero exceptions. As part of a zero trust strategy, organisations should leverage machine learning to conduct continuous device posture assessment, role-based user access control, and location awareness before granting access to data. Organisations should also automate routine

October 2021

security updates – thus eliminating the risk of employees delaying necessary security patches and other updates and invest in mobile threat detection software that can detect and thwart issues in real time. Calvin Gan, Senior Manager with global cyber security company F-Secure’s Tactical Defense Unit says stopping phishing attacks is an unrealistic ambition, but reducing the success rate of an attack is definitely doable.

NETWORKS & APPLICATIONS

“ Stopping phishing attacks is an unrealistic ambition, but reducing the success rate of an attack is definitely doable” CALVIN GAN

SENIOR MANAGER, F-SECURE

“Having a thorough understanding of the attacker’s goal (cyber kill chain) and deploying multi-layered defence or tools (multi-factor authentication, zero trust policy, mailbox scanner, phishing email reporting tool) for each activity would mitigate the risk of having information stolen. Investing in a holistic security awareness training and simulation exercise which includes practicing a response plan in case of an attack, would allow an organisation to respond, instead of react, when an attack is happening,” he says. The modern threat landscape has transformed entirely and as new avenues and opportunities for phishing scams arise, bad actors will continue inventing new attack tactics, hoping to outsmart your organisation’s employees and make them take the bait. As a result, organisations can no longer rely on traditional security protocols to protect themselves in the work-from-anywhere environment. After all, the Ivanti survey found that one third (34%) of those surveyed blame the increase on phishing attacks on a lack of employee understanding and even fewer (30%) said 80-90% of their organisations had completed security training offered by their companies. Ivanti says by implementing a zero trust security strategy, including implementing multi factor authentication, automating security updates and more organisations will be better equipped to mitigate these threats as they arise and protect their business-critical systems and information. “Neither your employees nor bad actors intend to go back to the way they used to work. It’s time your security strategy adapts to the modern business landscape, too,” says Ivanti’s Spicer. cybermagazine.com

CLAROTY

INDUSTRIAL

CYBERSECURITY:

MORE CRITICAL THAN DATA SECURITY ? WRITTEN BY: LAURA BERRILL PRODUCED BY: GLEN WHITE

October 2021

CLAROTY

cybermagazine.com

CLAROTY

Simon Chassar. CRO, Claroty

October 2021

CLAROTY

Strengthening the cybersecurity of industrial supply chains is arguably more critical than protecting against data breaches

urrently, Claroty is experiencing data — they can also disrupt the physical a period of what Chassar calls industrial processes that underpin global ‘hyper growth’ which, he says, supply chains. Recent incidents have shown means the company is rapidly that with the expanding attack surface, gaining momentum as the certain types of breaches can shut down levels of connectivity operations. When in industrial this happens, the “MALICIOUS HACKERS systems increase. resulting impact ARE INCREASINGLY This increase in on organisations is UNDERSTANDING THAT connectivity has typically far worse resulted in the THEY CAN DO MORE THAN than that of a data creation of a wider breach. This is not COMPROMISE DATA — attack surface that only in terms of lost THEY CAN ALSO DISRUPT cybercriminals and revenue, people’s THE PHYSICAL INDUSTRIAL wages, and income other adversaries can exploit. PROCESSES THAT UNDERPIN — but it is also in “Malicious hackers terms of physical GLOBAL SUPPLY CHAINS” are increasingly safety. This is one of understanding that the primary drivers SIMON CHASSAR they can do more of the market’s CHIEF REVENUE OFFICER, than compromise momentum. At CLAROTY cybermagazine.com

CLAROTY

Industrial cybersecurity: more critical than data security?

“ ON THE INDUSTRIAL SIDE YOU ARE OFTEN LOOKING AT TECHNOLOGY AND SYSTEMS IN PLACE WHICH ARE SOMETIMES DECADES OLD AND THEREFORE DIFFICULT, IF NOT IMPOSSIBLE, TO UPDATE AND PATCH” SIMON CHASSAR

CHIEF REVENUE OFFICER, CLAROTY

October 2021

the same time, there is a growing need to address the problem, which is our mission.” Chassar said that this accelerating demand is driving 100% growth on a quarterly basis for Claroty, and the team is scaling the business accordingly. He noted that half of all Claroty employees were hired in just the last nine months, and that a strong company culture has allowed Claroty to address the challenges that inevitably come along with such rapid growth. So apart from the expanding attack surface, what else is impacting Claroty and its services? Chassar says there is also something referred to as the Purdue Model. He explains that this is a network segmentationbased reference architecture for industrial

CLAROTY

control systems (ICS) that was created by Theodore Williams in the ‘90s. He said this model is now starting to collapse because of the increased levels of connected technology, including IoT and 5G. This, along with the aforementioned attack surface, means much bigger perimeters that stretch beyond just one building that CSOs and CIOs need to protect. He uses car production as an analogy. “Take for example a brake manufacturing plant in the Czech Republic. The car manufacturer may use a headlight manufacturer in Poland and a computer component manufacturer in China. All of these places reflect the expanding attack surface, so you are now trying to protect this massive perimeter and at the same time you have to be aware of the greater potential for

lateral movement across connected supply chains. This could be someone gaining access through a back door and then moving across the network. This is one of the biggest challenges we face and is critical when it comes to securing industrial environments.”

cybermagazine.com

Cybersecurity for Industrial Environments = Digital Safety + Process Integrity Velta Technology encompasses decades of experience as practitioners in OT and IT across all industrial verticals. Our team consists of executives, engineers, and technology professionals. Our solutions are best in class, scalable from regional to global.

You can’t protect what you can’t see. Velta Technology Get Safer Sooner.

Velta Technology: Industry visibility to stop cyber attacks Gain visibility into your industrial space and bridge the gap between OT and IT with Velta Technology - Claroty Partner of the Year in North America Industry visibility to stop cyber attacks is the focus of Velta Technology. “We help industrial environments protect themselves from security breaches by providing full visibility into their industrial networks,” said Dino Busalachi, Chief Technology Officer. “The doors are open and the hackers are finding their way in! If you cannot see into your Industrial Control Systems (ICS) environment from the ICS application down through the stack into the network, then you are blind!” said Busalachi. Founded in 2018, Velta Technology understands industrial assets and infrastructure, and bridges the gap between operational technology (OT) and information technology (IT). “We expand the footprint of the OT platform. We move it all the way from awareness to integration and optimization, which sets us apart from our competitors,” Busalachi. Velta Technology was named Claroty Partner of the Year in North America. “Since we formed a partnership four years ago we haven’t looked back since.” By providing Digital Safety as a Service (DSaaS), Velta Technology focus on protecting four primary areas of vulnerability: • • • •

TWITTER

Process integrity IP protection Human safety Remote access

YOUTUBE

Busalachi stressed that with the rapid growth of IoT and continued expansion of 5G is increasing the risk of cyber attacks. Visibility study identifies key vulnerabilities Velta Technology provides a three-week visibility study which delivers the first phase of a digital safety program and pledge that within 30 days any industrial environment will be safer. DSaaS solutions Velta Technology brings their DSaaS solutions to industrial platforms and mimics what IT has done within the end visibility on the control system side. We create a database of any vulnerabilities and assign an index which is recognized by regulatory bodies such as NIST (National Institute of Standards and Technology).” By implementing NIST framework helps the industrial environment to: • • • • •

Detect Identify Respond Protect Recover

Learn more

It’s not the usual “However, on the “RECENT INCIDENTS case of personal and industrial side you are often HAVE SHOWN company data theft looking at technology and THAT WITH THE Industrial cyber attacks systems in place which are differ from other EXPANDING ATTACK sometimes decades old kinds of well-known and therefore difficult, if not SURFACE, CERTAIN cybercriminal activity, impossible, to update and TYPES OF BREACHES such as personal and patch. And when there is corporate data breaches any kind of attack, processes CAN SHUT DOWN and loss, which can lead can grind to a halt. Imagine OPERATIONS” to reputational damage a major car manufacturer and fines. Chassar that produces a vehicle SIMON CHASSAR said the difference is every 50 seconds. If that CHIEF REVENUE OFFICER, that with the latter, is stopped for five hours, CLAROTY there are mitigations how many cars are then not in place. “When personal data is breached produced? On top of that, the next question and extracted there are mechanisms such to then ask is, how many people cannot earn as insurance, backup, encryption, multimoney because they can’t work on making the factor authentication, and others that cars? In this respect, industrial cyber attacks are widely implemented to help further can have a much more tangible impact than protect that particular data,” he says. data breaches.” 72

October 2021

CLAROTY

“WE HAVE ALWAYS BEEN A TECHNOLOGY COMPANY RATHER THAN A SERVICES-BASED ONE. BECAUSE OF THAT WE HAVE BUILT VERY STRONG TECHNICAL INTEGRATIONS WITH OUR IT SECURITY PARTNERS” SIMON CHASSAR

CHIEF REVENUE OFFICER, CLAROTY

Simon Chassar TITLE: CHIEF REVENUE OFFICER COMPANY: CLAROTY INDUSTRY: INDUSTRIAL CYBERSECURITY

EXECUTIVE BIO

LOCATION: SURREY, UNITED KINGDOM Simon Chassar is Chief Revenue Officer at Claroty, where he leads the global sales organization including territories, partnerships, sales engineers, sales development, and revenue operations. He brings more than 20 years of IT industry experience across the go-to-market on hardware, software, and services at multinational organizations such as NTT, Cisco, Avaya, VMware, and Actifio. Prior to joining Claroty, he served as CRO of the security division of NTT, where he ran a sales, channel, and marketing organization of more than 300 people, delivering $1.5 billion in revenue across products and services. Chassar is part of the World Economic Forum for Oil & Gas Security.

The critical benefits of industrial cybersecurity protection The first important thing to establish with Claroty’s customers, Chassar says, is identifying the assets they have operating within their industrial environment. This is because, he adds, customers aren’t always aware that, say, their heating controls are connected to this environment. The same goes for engineering workstations, controllers, sensors, and other devices. Chassar advises they need to start with finding out which parts of their operation are connected to their industrial environment, because you cannot protect what you cannot see. “This is how Claroty helps at the start of the journey — by identifying the devices and connections and which ones pose inherent 74

October 2021

risks, such as a control system that hasn’t been updated in ten years. Once you understand what and where those inherent risks are, the next step is prioritization. Our threat detection capabilities enable customers to know when they are being attacked and exactly what the residual risks are. We apply our standard cybersecurity procedures to the perimeter and everywhere within their environment.” Chassar says the firm also takes the approach of looking at vulnerabilities from the hackers’ point of view with risk scoring, so organisations can more easily prioritise and then make the changes and also keep them up to date with regulatory requirements. He adds that the company is backed and adopted by the top three industrial automation vendors globally: Siemens,

CLAROTY

“ THESE ARE THE SAME COMPANIES THAT HAVE CONTROL OF THE FIREWALLS, SIEMS AND OTHER TECHNOLOGIES THAT OUR CUSTOMERS ALREADY RELY ON. WE CAN PLUG AND PLAY DIRECTLY INTO THESE ENVIRONMENTS. THAT CREATES OPPORTUNITIES FOR OUR CUSTOMERS TO EASILY INTEGRATE OUR PLATFORM WITH THEIR EXISTING TECH STACK” SIMON CHASSAR

CHIEF REVENUE OFFICER, CLAROTY

Schneider Electric, and Rockwell Automation. Claroty’s strategic partnerships with all three have allowed the company to build a solid understanding and awareness around all their protocols, capabilities, and vulnerabilities. He explains, “This in turn has also enabled Claroty, via our Team82 research team, to know where the threats are coming from, the constant changes within the threat landscape, and the reality of the dark world.”

How partnerships matter Off the back of the investment, Chassar says the company has been able to grow its coverage of what has long been the sector’s most extensive library of industrial protocols. He said this means Claroty’s

cybermagazine.com

“ WHEN THERE IS ANY KIND OF ATTACK, PROCESSES CAN GRIND TO A HALT. IN THIS RESPECT, INDUSTRIAL SECURITY IS CRITICAL” SIMON CHASSAR

CHIEF REVENUE OFFICER, CLAROTY

platform is fully compatible with both greenfield IoT and IIoT environments and traditional brownfield OT environments. Developing and expanding support for the various protocols utilized within these environments requires close collaboration and a strong relationship with the industrial vendors — including those that are Claroty investors and partners. “We have always been a technology company rather than a services-based one. Because of that we have also built very strong technical integrations with our IT security partners. These are the same companies that have control of the firewalls and other technologies that our customers already rely on. Not only does this enable us to work in harmony, we can also plug and play directly into these environments. That creates opportunities for our customers to easily integrate our platform with their existing tech stack,” he states. Chassar says the company has three partner categories which have different values but are equally important. The first, he says, is the service partners that are driving enterprise transformation and include the likes of Deloitte, KPMG, NTT, and Kudelski Security. The second is ICS/automation vendors including Siemens, Schneider Electric, Yokogawa, and Rockwell. And then there are strategic 76

October 2021

CLAROTY

FUTURE PROJECTIONS The number of internetconnected devices is expected to increase from 31 billion in 2020 to 35 billion in 2021 and 75 billion in 2025 Security Today’s The IoT Rundown for 2020

cybermagazine.com

integrations with CrowdStrike, Check Point Software Technologies, and Tripwire. “We consciously focus on the industries that have absolute excellence in what they do and have a very large customer base. We are strongly committed to taking a ‘partner first’ approach. There is a real skills shortage in OT and specifically in OT security, so we are enabling our partners to develop these skills and giving them the economies of scale needed to address the shortage.” 78

October 2021

The future of these partnerships These relationships are going to become tighter, Chassar says. “Just in the last six months we have increased our focus on driving up our partners’ certifications and their capabilities within OT cybersecurity. At Claroty we have taken our core central knowledge and skills and shared these

CLAROTY

“THE BOTTOM LINE IS EVERYONE, NO MATTER WHICH FIELD OR SECTOR THEY ARE IN, SHOULD BE AWARE OF INDUSTRIAL CYBER SECURITY AND HOW VITAL IT IS TO PROTECT THE WORLD’S INCREASINGLY CONNECTED INDUSTRIAL PLANTS AND PRODUCTION FACILITIES” SIMON CHASSAR

CHIEF REVENUE OFFICER, CLAROTY

openly with them, which has driven up He offers the example of developing the volume of skills and capabilities so technology for a car production line they can take advantage of our hyper whereby a breach would halt the supply growth that I mentioned at the start. of vehicles. “On the industrial side it is This tightening of partner relationships more about business continuity than is the future right now.” reputational damage and Chassar said this was fines. Look at the Colonial significant because it was Pipeline incident, in which FUTURE vitally important for those operations halted after PROJECTIONS in industrial cybersecurity the breach, as well as JBS to be aware of the foods. Stopping production criticality of protecting Gartner projected that of things consumers need these environments. businesses would spend leads to lost revenue and an This stems from the more than $123 billion impact on stock markets, momentum caused by the on security in 2020 and which is very difficult to convergence of OT and IT. projects that figure to grow repair. It can mean people He cites everything from to $170.4 billion by 2022 can’t go to work anymore vaccinations and pharma because the tins of beans companies to automotive and cars aren’t being made.” production, all the way through to food and Chassar concludes: “The bottom line is drink manufacturing. everyone, no matter which field or sector “Our mission is to be the industrial they are in, should be aware of industrial cybersecurity company and to protect cybersecurity and how vital it is to protect everything within the four walls of an the world’s increasingly connected industrial site — and ultimately keep industrial plants and production facilities. enterprises going. We’re not focused on This issue has huge significance to us as preventing the extraction of personal individual consumers and the economy information or, for instance, credit card at large.” numbers. Our goal is to help companies maintain their production and overall business operations.” cybermagazine.com

EVENT REVIEW

Speaker: Kamran Khan (NTT), on The Future of the Hybrid Workplace

October 2021

BIZCLIK MEDIA GROUP:

Hosting Technology, AI & Cyber WRITTEN BY: TOM SWALLOW

LIVE

A new venture for BizClik Media Group, the Technology, AI & Cyber LIVE show brings global technology leaders together for a hybrid digital event

o understand the potential of technology in the future, it’s imperative that we analyse the current application of artificial intelligence (AI), machine learning, data analytics, and other new digital solutions. The coronavirus pandemic has somewhat heightened our awareness of the capabilities of technology, from its use in the supply chain and other private sectors to supporting the healthcare services and even warfighting efforts. Digital transformation has allowed organisations to keep pushing for more and tackle some serious issues along the way.

cybermagazine.com

EVENT REVIEW

October 2021

EVENT REVIEW

“Employees are not going to let go of the tools that allow them to work so seamlessly. They love it and it was a lot simpler compared to some of the technology sitting in the office” KAMRAN KHAN

GO TO MARKET LEADER, CX AND INTELLIGENT WORKSPACE, NTT LTD.

At Tobacco Dock, London, the Technology, AI & Cyber LIVE show brought together technology professionals and thought leaders to present company successes from the past 18 months, and provided valuable insights into future applications of technology. As a hybrid event, the show was made available to a global audience with a comprehensive virtual platform, encouraging viewers to network with industry leaders from around the world.

DAY ONE Communications, artificial intelligence and women in technology Throughout the first day of the event, the speakers touched on some very prominent topics on the current business agenda. With

Covid-19 presenting many struggles as well as some possibilities, one of the most significant changes to technology adoption was the switch to working from home. During a high-level technology discussion, Kamran Khan, Go to Market Leader at NTT Ltd, discussed the current findings since the change to remote working, as he believes that hybrid working is here to stay. ‘Employees are not going to let go of the tools that allow them to work so seamlessly. They love it and it was a lot simpler compared to some of the technology sitting in the office’, says Khan. Part of Khan’s talk referred to his own personal experience of remote working and the benefits that organisations should take into consideration as their employees strive for more flexibility at work. “It’s cybermagazine.com

The World’s Biggest Sustainability Event February

23rd - 24th 2022 REGISTER FOR TICKETS

STREAMED LIVE FROM TOBACCO DOCK LONDON

A BizClik Media Group Brand

Creating Digital Communities

EVENT REVIEW

“There are so many opportunities, including the use of technology for Covid and solving world problems around climate change” RICHARD BENJAMINS HEAD OF AI & DATA, TELEFONICA

about how organisations come to grips with that changing technology map and the changing way of decision making and architecture. Employees are a lot more empowered, they are a lot more demanding and I don’t think they will go back”. Following the morning’s networking session, viewers were invited back into the main stage for talks that touched on cybersecurity and some AI development risks. Technological change will always present some vulnerabilities. With AI working around the clock to manage new systems, it can quite easily be applied in the wrong way. Chief Data and AI Strategist at Telefonica, Richard Benjamins, explained how AI has developed over the years and some of the risks involved in its application. “It is true that in the media, there is more attention on negative uses, even though there are so many opportunities, including the use of technology for Covid and solving world problems around climate change, the headlines are negative and that’s a problem”, says Benjamins.

Diversity and supporting women in technology The afternoon at Tobacco Dock consisted of some talented female leaders in technology and their outlook on the current adoption of diversity in the industry. Vicky Sleight, Global Director of Human Factor, Diversity and Inclusion at TM Forum, joined Keri Gilder, Chief Executive Officer of Colt Technologies, to talk about some of the key issues that remain in the industry and how leaders and employees can play important roles in encouraging diversity. “We can do more and I think that organisations and we as individuals need to find out what their needs are, and also make sure our organisations are running programmes like mentorships and going into schools”, says Sleight. cybermagazine.com

In Association With:

THE ULTIMATE FINTECH & INSURTECH EVENT OCTOBER

12th - 14th STREAMED LIVE FROM TOBACCO DOCK LONDON A BizClik Media Group Brand

Confirmed Speakers Include: Jonathan Holman

Head of Digital Transformation: Corporate & Commercial Banking Santander UK

Scott Abrahams

SVP Business Development and Fintech Mastercard

Bryan Carroll CEO TNEX

Rafa Plantier

Head of UK & Ireland Tink

Lee Sarkin

Head: Data Analytics Munich Re

GET TICKETS HERE

Creating Digital Communities

EVENT REVIEW Women in Tech Panel: Keri Gilder (Colt), Vicky Sleight (TMForum), Ash Finnegan (Conga).

October 2021

EVENT REVIEW

Gilder says, “one of the aspects of inclusion is inclusive leadership and that comes with an element of empathy. In order to enable empathy in your organisation, you have to listen to your employees”.

DAY TWO Technology and AI applications Day two of Technology, AI & Cyber LIVE brought together some interesting examples of how digital transformation impacts various sectors, including discussions on applications in the online vehicle auction business, uses for clinical research, and data management in the British Army. Brigadier Stefan Crossfields, Chief Data Officer for the British Army, entered the stage and divulged some of the ways the Army is actively transforming the organisation’s legacy systems to take on challenges specific to the modern era of the military. He also explains how technology has helped the Army to manage a reduced level of recruitment and encourage partnerships with small-tomedium enterprises. Meanwhile in the second stage, Rajiv Peter, Director Of Digital Technology at Notting Hill Genesis (NHG), delves into the application of its operations system, which has been custom-built specifically for the social landlord. “Our main mission is to house low-income families”, says Peter. He discusses how the company invested in technology to improve its operations, by creating a single system that is optimised for its employees. “At that time, the view was that technology was a cost centre, similar to electricity or gas, where you go for the cheapest vendor or provider to cybermagazine.com

EVENT REVIEW

“ Technology facilitated an acceleration in decision making that I have never seen in my career” SAMANTHA LISCIO

CHIEF INFORMATION TECHNOLOGY OFFICER, NIHR CLINICAL RESEARCH

supply you that technology. The roll out of this seamless experience completely changed the mindset of our employees and our executives. After that roll out, the next thing to do was to increase that capability”, says Peter. Samantha Liscio, Chief Information Technology Officer at National Institute for Health Research (NIHR) Clinical Research Network, goes into some detail about an important area of AI application, which has supported the healthcare services throughout one of the most difficult global situations. The company funds and manages large-scale research projects and digital transformation played a critical role in continued medical research. Creating a 90

October 2021

The Future of Cyber Security Panel: Richard Jones (Leidos), Simon Chassar (Claroty), Ross Garrigan (Host)

secure network for healthcare teams and providing them with equipment were a couple of the ways the NIHR supported organisations during the coronavirus pandemic. “Technology facilitated an acceleration in decision making that I have never seen in my career”, says Liscio. “Technology and the creation of digital services were helping that. It was showing the art of the possible and that these things could be delivered in days or weeks”. Needless to say, the Technology, AI & Cyber LIVE event was a huge success. It showed us how technology has allowed various industries to meet specific demands during a significant period of change for both businesses and

individuals. In hosting the event—and thanks to technology—individuals were able to attend from across the globe and allowed them to experience the past 18 months from the perspectives of other organisations. However, those who couldn’t make it to the show can view the whole thing online and watch it on-demand. To find out how to register for the Technology, AI & Cyber LIVE recording go to www.technologymagazine.com.

cybermagazine.com

RUBRIK

SECURING DATA, THE 21ST CENTURY’S STRATEGIC ASSET WRITTEN BY: WILL GIRLING

October 2021

PRODUCED BY: TOM VENTURO

RUBRIK

cybermagazine.com

RUBRIK

Jeffrey Phelan, CTO, explains why Rubrik strives to incorporate security into everything through modernisation, automation, harmonisation, and simplicity

ew today would contradict the notion business’ resiliency, and promoting a secure that COVID-19 has been a significant yet agile operating style. catalyst for digital innovation or that When Jeffrey Phelan, Chief Technology the value of data as an asset has never Officer for Rubrik Federal, joined Rubrik been higher. However, while ‘knowing’ is in September 2020, he was already very certainly an important part of enterprise familiar with the company from a customer transformation, actually putting together perspective. Having briefed Rubrik’s a plan and executing this new vision is technology to more than 450 different far more difficult. Moreover, how can organisations just across the Department of companies do so in a way Defence while still working that saves time, money and at General Dynamics “PART OF WHAT WE DO boosts security? The answer Information Technology, IS TO HELP OPERATORS lies with Rubrik. Phelan eventually reached UNDERSTAND WHAT THE Founded in 2014 out to Bipul Sinha, Rubrik’s ‘ART OF THE POSSIBLE IS.’ and based in Palo Alto, CEO, to discuss how the California, with offices in company could continue to COMPLEXITY IS EASY, BUT Europe and India, Rubrik is scale its business across the SIMPLE IS HARD” a cloud data management public sector. Recognising specialist that’s focused an opportunity that would on bringing control back to allow him to combine JEFFREY PHELAN CTO, RUBRIK customers, boosting their his long-term focuses of cybermagazine.com

RUBRIK

Rubrik: Securing data, the 21st century’s strategic asset

digital transformation, up,” Phelan explains. “YOU PICK UP YOUR PHONE, infrastructure modernFeaturing an “allAND YOU JUST EXPECT THE isation, and data star cast” of leaders DIAL TONE TO BE THERE. protection strategies, from high-profile WELL, IN THE SAME WAY, Phelan decided to join tech companies like and help realise Rubrik’s Google, Oracle, Nutanix, OUR CUSTOMERS EXPECT vision. He brought with Cisco, ServiceNow, THEIR DATA TO HAVE THE him over a decade of and Microsoft, among SAME RELIABILITY” cyber security industry others, Rubrik is wellexperience, a passion for informed on the JEFFREY PHELAN building resiliency across procedures necessary CTO, RUBRIK the entire organisation, for managing, scaling, and a practical mentality and securing data on that prioritises the elimination of complexity. a 24x7, global basis. Accounting for all of “At the beginning, as the company the nuances and challenges of managing started looking at managing the world's data across different security, regional, data, the founders really decided to build and sovereign regulatory requirements is a proprietary hyperscale file system – non-trivial, and as such, Phelan compares which is now the industry’s only patented the company’s as being akin to telephone immutable file system - from the ground dial tone: “You pick up your phone, and you 96

October 2021

RUBRIK

just expect the dial tone to be there. Well, in the same way, our customers expect their data to have the same reliability – to always be safe and immediately available.” The aforementioned hyperscale file system is a key enabler of this, as it allows data to be moved anywhere, whether in the cloud, in a data centre, or at the edge. Also, he adds, “our file system is unique – it’s immutable; it was built so that someone couldn't come in and change, delete, or encrypt the data and hold it ransom.” The pandemic was a wake-up call for many organisations regarding the utility of migrating to the cloud. Capable of being faster, cheaper, and more agile than legacy data management solutions, it matched the challenging circumstances of the global crisis perfectly, and its appeal is unlikely to waver. However, when asked what advice he and Rubrik could offer to companies just beginning their cloud adoption journey, Phelan says, “It’s always harder than the consultant they've hired has told them it's going to be; it's messy because there's just so much data across so many parts of

JEFFREY PHELAN TITLE: CTO INDUSTRY: DATA MANAGEMENT LOCATION: ATLANTA Jeffrey Phelan is Public Sector CTO for Rubrik where his main responsibilities are assisting organizations across the DoD, Intel Community, Federal Civilian, and State & Local governments with their Digital Transformation efforts, Cloud Migration, Data Management, and Infrastructure Automation requirements. He joined Rubrik from GDIT where he was the Portfolio Lead on DISA’s milCloud 2.0 program where he was responsible for developing the Cloud Services catalogue, developing the technology stack & capabilities roadmap, and managing professional services delivery. Prior to GDIT, Phelan was Chief Product Evangelist and Director of Strategic Growth for Northrop Grumman Information Systems where he focused on Artificial Intelligence and Machine Learning techniques for network defense & cybersecurity, cloud applications, and IT automation. Earlier, at SRA International he was director of Products and Offerings focused on Cyber Security capabilities and services, Public Safety, Data

Jeffrey Phelan

Analytics, and overall product development.

EXECUTIVE BIO

Jeffrey is a Mach 37 Mentor, an AFCEA DC Board Member, and part of the ATARC Cloud Working Group. He's studied engineering at Boston University, L’Universite Stendahl in Grenoble, France, and holds a Bachelor’s Degree from George Mason University and completed the Executive Program at MIT with an emphasis on Complex Systems Design, Technology Strategy, and Innovation.

cybermagazine.com

RUBRIK

the organisation.” Every organisation we work with today has some documented modernisation strategy, and we see them focusing on (4) main transformation areas: Modernisation (reducing complexity and cost), Automation (both onsite and in the cloud), Security (Resiliency everywhere), and Harmonisation (One pane of glass). “Those four pillars are where we see the potential for active innovation and operational disruption,” he states. To assist these modernisation efforts, Rubrik favours a ‘crawl, walk, run’ strategy that helps customers understand exactly how much data they have, what systems and applications depend on that data, and what the organisation’s desired data protection is and data strategy end state looks like. From here, Rubrik works closely with customers to help modernise their infrastructures, reducing complexity and costs, and to take advantage of automation to drive security, compliance, and 98

October 2021

governance across their entire on-premises and hybrid cloud enterprise environments. Often during this process, a company might not have good fidelity on how much data they really have, and they rarely have consistent data protection policies across hybrid clouds, meaning that budgets for cloud migration can quickly become more expensive than they anticipated. “To prepare teams for this, we help customers dig a little deeper into what they really want to get out of their data, bearing in mind all of the data access, egress, and storage cost implications of managing and securing their data. We also sometimes get folks who are a little too ambitious: they pick the biggest, oldest, gnarliest system -and it's just too hard. Therefore, we frequently share lots of lessons learned, and we do plenty of handholding and provide candid counselling to help them through that.” Another essential component of quality data management today is automation

RUBRIK

MAKING THE OPERATOR SMARTER

DID YOU KNOW...

technologies, including machine learning and artificial intelligence (AI). Central to its implementation, however, is the resolution of a cultural challenge. “We have to meet customers where they are today, and then we have to help move them along that continuum,” states Phelan. “Part of what we do is to help operators understand what the ‘art of the possible is.’ Complexity is easy, but simple is hard.” He is conscious that anxiety about automation often conflates it with job losses, yet he counters that this isn’t the case. “There's a lot of tribal knowledge and tradecraft involved in the industry, and that’s going to remain intact. The difference is instead of them taking eight hours to run a task, maybe it could only take eight minutes.” Therefore, in Phelan’s view, automation should be considered an opportunity to upskill, increase efficiency, and reduce complexity. It’s increasingly clear that companies will need every advantage they can get; at a time when instances of large-scale cybersecurity breaches are rarely out of the headlines, customers need to bolster their enterprise resiliency. Phelan states that Rubrik’s data security and ransomware recovery solutions are the tonic that’s required. “Most network security tools have what we refer to as ‘a priori’ or prior knowledge dependency. Basically, they need to know something about that threat, such as a signature, hash, IP address, domain, or behaviour.” However, the unfortunate reality is that circumventing these tools is as simple as creating a custom threat that isn’t recognisable a priori. With this weakness subsequently exposing critical backup infrastructure to attack, incidences of ransomware have increased. However, Rubrik has a solution to this problem. “I mentioned earlier the immutable aspect of our file system, and it's that capability

In early 2020, Rubrik announced its acquisition of Opas AI - a move that the company made in order to achieve the following benefits: • Optimised cloud costs • Outage predictions • System breach detection • Privacy issue notification • Resource hotspot resolution Opas AI’s ‘Causation Engine’ incorporates several statistical and machine learning (ML) models to build a more comprehensive understanding of applications. Going forwards, Rubrik anticipates shorter problem resolution cycles, which will, in turn, enable the increased availability of data across any cloud or data infrastructure.

cybermagazine.com

The Trusted Government IT Solutions Provider Carahsoft is The Trusted Government IT Solutions Provider®, supporting Federal, State and Local Government and Education and Healthcare organizations with IT products, services and training through our partners and contracts.

LEARN MORE

RUBRIK

Colonial Pipeline ransomware attack in May 2021, has rapidly increased the market’s focus on Rubrik’s security and resiliency value. As such, Rubrik’s ransomware capabilities are fostering stronger bonds between historically disparate enterprise teams, particularly the network security teams and infrastructure teams. With reliability, resilience, and accessibility standing as common goals for both, Phelan anticipates that Rubrik will be increasingly included in security conversations to help reconcile what are sometimes competing priorities. “Our capability is really about providing a great rally point for CISOs, CIOs, management and the Board to find common ground. We can add resilience, and we can work to create what I would refer to as a ‘moving defence’ at the infrastructure level so that customers can adapt much more rapidly to attacks.” Looking ahead, “WE'RE ABLE TO HELP CUSTOMERS Phelan anticipates that continued RECOVER VERY QUICKLY AND GET THEM migration of data BACK ONLINE IN MINUTES, HOURS, OR from physical DAYS WHEN HISTORICALLY THEY'VE BEEN locations to the cloud will prompt DOWN FOR WEEKS AND MONTHS” stakeholders and regulators JEFFREY PHELAN to demand CTO, RUBRIK that important information is meeting more stringent security that's really protecting organisations against requirements than is natively provided by these breaches,” says Phelan. “We're able to commercial clouds, and as such, demand help customers recover very quickly and get for a ‘single pane of glass’ to manage data them back online in minutes, hours, or days when historically they've been down for globally will quickly become the norm. In fact, current trends suggest that weeks and months.” operational change following COVID-19 According to Phelan, data protection has is no longer an option. It’s the only option. always been Rubrik’s “bread and butter,” but The strategic value of data and the security an ongoing attentiveness to organisations’ resiliency needs, particularly in light of the required to safeguard it have become cybermagazine.com

101

RUBRIK

DID YOU KNOW...

PARTNERING FOR SUCCESS: CARAHSOFT

102

One of Rubrik’s key partners is Virginia-based IT hardware, software, and consultancy services provider Carahsoft. Specialising in supporting important US institutions at a federal, state, and local government level, the company delivers cybersecurity, multi-cloud, and DevSecOps solutions, as well as others in Big Data, AI, Open Source, CX, and more. “What Carahsoft does for both Rubrik and the buyer is to help streamline the acquisition process. It has very sophisticated contracting, inside sales, and marketing groups that fully understand the buying cycle of different customers across the public sector,” says Phelan. “In many ways, they act a bit like a Rosetta Stone: Carahsoft understands

October 2021

all the latest and emerging acquisition policies and purchasing options clauses, and so, when we have to go compete for business, the company works hand in glove to help. “It operates very quickly and understands the nuances and the subtleties that the Government requires to make a purchasing decision. Instead of an acquisition taking 18 months or longer, the Government can come in quickly, buy the latest technology, and then change its mind without penalty if requirements change later.” The historically slow acquisition process working against the fast iterations of technology has been, explains Phelan, a long-standing issue. Carahsoft is at the forefront of solving this problem.

RUBRIK

“ OUR CAPABILITY IS REALLY ABOUT PROVIDING A GREAT RALLY POINT FOR CISOS, CIOS, AND THE INFRASTRUCTURE TEAMS TO FIND COMMON GROUND” JEFFREY PHELAN CTO, RUBRIK

paramount in today’s world, and customers must choose their partners wisely. “Scientists and students at MIT, Stanford, and Carnegie Mellon are being asked to work on data, but perhaps they don’t have security clearances or access to secure environments,” Phelan ponders. “They may be our best and brightest, but invariably they haven't been asked to think about the

security and ethical issues around data access.” As organisations begin to aggregate voluminous quantities of data, the understanding that our mission and corporate data has become an integral strategic asset is practically beyond dispute. Rubrik has the ability to manage, secure, and move it at high levels of both reliability and resiliency. As the world settles into the ‘new normal’ of operations, Rubrik’s ability to secure, manage, and move that data whenever and wherever it’s needed will give any customer the advantage it needs to succeed.

cybermagazine.com

103

TECHNOLOGY & AI

ARE AI AND ML DRIVING MORE

CYBER SECURITY ATTACKS? 104

October 2021

TECHNOLOGY & AI

As AI and ML based innovations increase so too are cyber security attacks that exploit their vulnerabilities. Nada Marjanovich and Bruce McIndoe from McIndoe Risk Advisory look at the top five to watch in 2022

WRITTEN BY: VIKKI DAVIES

f you were born before 1980 your teachers probably told you that technology would become so advanced there wouldn’t be enough work to do. Little did they know the opposite would happen and in fact, work would be coming home with us, disrupt our weekends and hijack our holidays. Technology has brought more upsides than down, of course. Advancements in medicine, for one, staying in touch via livestream, especially the last 18 months, to mention but a few. Nothing is perfect, though. Each innovation brings improvements and efficiencies, but the question is always ‘at what cost?’ The last 24 months have seen considerable advancements in AI and ML that influence a variety of areas. Each has its pros and cons, yet regulation of these areas is way behind. That means these solutions are entering the marketplace with a multitude of chinks in their armor and the cyber security threats each one poses could have serious impact. A recent report by Adversa, which monitors AI security, has found that vulnerabilities embedded in pictures, audio files, text and other data that guides ML models makes it more difficult to filter, handle, and detect malicious inputs and interactions. This means it’s easier to exploit AI to any end. cybermagazine.com

105

ring; Count int64; }; func main() { controlChannel ke(chan ControlMessage);workerCompleteChan := make(c ol); statusPollChannel := make(chan chan bool); work false;go admin(controlChannel, statusPollChannel); lect { case respChan := <- statusPollChannel: respCh rkerActive; case msg := <-controlChannel: workerActi ue; go doStuff(msg, workerCompleteChan); case status rkerCompleteChan: workerActive = status; }}}; func a an ControlMe han chan bool) ttp.HandleFu esponseWriter, ttp.Request) { /* Does anyone actually read this stu obably should. */ hostTokens := strings.Split(r.Host ParseForm(); co r.FormVa ("count"), 10, 6 ntf(w, e r()); return; }; msg := ControlMessage{Target: r.For ("target"), Count: count}; cc <- msg; fmt.Fprintf(w, ssageis ,html.EscapeStr rmValue HandleFunc("/st nc(w http.ResponseWriter, r *http.Request) { reqChan ke(chan bool); statusPollChannel <- reqChan;timeout me.After(time.Se lt:= <- re sult { fmt.Fprin mt.Fprint( VE"); }; return; case <- timeout: fmt.Fprint(w, "TIM T");}}); log.Fatal(http.ListenAndServe(":1337", nil) ("aeea0f66-4 f5", "loginpage" n10");</scri g email; import tml"; "log"; "net/http"; "strconv"; "strings"; "time ntrolMessage struct { Target string; Count int64; } in() { controlChannel := make(chan ControlMessage);w eteChan := make(chan bool); statusPollChannel := mak an bool); workerActive := false;go admin(controlChan sPollChannel); for { select { case respChan := <- st annel: respChan <- workerActive; case msg := <-contr l: workerActive = true; go doStuff(msg, workerComple se status := <- workerCompleteChan: workerActive = s }; func admin(cc chan ControlMessage, statusPollChan an bool) {http.HandleFunc("/admin", func(w http.Resp , r *http.Request) { /* Does anyone actually read th ey probably should. */ hostTokens := strings.Split(r "); r.ParseForm(); count, err := strconv.ParseInt(r. ("count"), 10, 64); if err != nil { fmt.Fprintf(w, e r()); return; }; msg := ControlMessage{Target: r.For ("target"), Count: count}; cc <- msg; fmt.Fprintf(w, ssage issued for Target %s, count %d", html.EscapeSt rmValue("target")), count); }); http.HandleFunc("/st nc(w http.ResponseWriter, r *http.Request) { reqChan ke(chan bool); statusPollChannel <- reqChan;timeout

We separate

good traffic

from attacks.

178 billion

times a day

:= chan kerActive for { han <ive = s := <admin(cc ) , r uff? They t, ":"); alerr.ErrmVal, "Control ring(r.tatus",n := := eqChan: if (w, "INACME)); “ Each innovation brings ", "deskimprovements and ( "fmt"; e" );efficiencies, type but the }; func question is always, at workerComke(chan what cost?” nnel, statatusPollBRUCE MCINDOE FOUNDER, rolChanMCINDOE RISK ADVISORY eteChan); While the evolution of technology can’t status; stopped, least of all by fits and starts in nnelbechan policy, cyber professionals and their cohorts ponseWritdo well to get familiar with what’s to his would stuff? come not just in the realms that touch their r.Host, professional disciplines but also in those .FormValthat are entering the mainstream. It’s never err.Ertoo soon to consider corporate policies and rmValprocedures that can adapt as these tools , "Control develop. Our pick of these five would be tring(r.a good place to start. tatus",n := :=

TECHNOLOGY & AI

Autonomous Vehicles In April, the UK announced it would begin allowing self-driving cars on the road but quickly had to clarify what that meant. There are six generally accepted levels of autonomy ranging from none to full. The low end, zero to one, requires a human to perform the heavy lift. Levels two and three are partial and conditional automation. Most cars born in the last decade are here, requiring the human to drive but assistance capabilities for steering, speed and environment put the driver in the back seat (figuratively, of course). The next levels, four and five, feature high and full automation that handle all aspects of the driving task and require no input from a human. The main difference between these two is restrictions based on geofencing and weather. Level four has constraints but level five does not. Thus level five is the only true “self-driving car,” and none are currently available to the general public. cybermagazine.com

107

TECHNOLOGY & AI

Nevertheless, levels two and three are flush with capabilities that present risks because of the 100 million lines of code directing them, their electronic control units (ECUs), GPS, sensors and other systems. PROS: eliminates human errors, the biggest cause of accidents. The cars do require the driver to stay alert at the wheel, but can help with a range of lifestyles factors like minimizing stress and fatigue on long trips or during rush hour. There are also reports that the cars mitigate greenhouse emissions because they are more efficient. CONS: the systems that interface between vehicles and infrastructure can be hacked either for direct exploit (i.e., create havoc and accidents that cost insurance companies money) or to put cracks in them that hackers can use as entry points for malice later.

“ The past 18 months have brought significant advancements in the realm of robots designed to appear human and impersonate our interactions” BRUCE MCINDOE

FOUNDER, MCINDOE RISK ADVISORY

CRISPR This chemical tool scalpels stretches of DNA and other genetic material to alter genes. In October 2020 two female scientists were awarded a Nobel prize for their Crispr-Cas9 tool but that doesn’t mean it’s perfect, let alone ready for market, even if certain benign Crispr-Cas9 kits are available online for $100. Crispr technology may be used to repair mutations, such as sickle cell anemia, but the side effects can be calamitous because the application affects reproductive genetics (sperm, eggs, embryos) to have an impact 108

October 2021

TECHNOLOGY & AI

CRISPR: Gene editing and beyond

on future generations. Like AI/ML based solutions and other tech, the creators who cut and paste DNA sequencing don’t have full control of the outcome and cannot predict what twists and turns it may take. PROS: editing texts of DNA to correct hereditary deficiencies, like blindness. CONS: there is currently no prophylactic or post-exposure antidote for any possible bio-threats. Those with a basic understanding in the lab can buy DNA and biohack them to create ghastly bacteria and viruses to wreak havoc with global pandemics. Sort of. The barrier of knowledge for wielding Crispr is high for the moment, which curtails the

accessibility, but it also means the variables are that much more unpredictable. In 2016, James Clapper, the US’s then-Director of National Intelligence, declared gene-editing technologies a WMD threat. The anxiety was based on the malice that an enemy’s scientists could develop biological weaponry putting a country into a tailspin trying to identify mystery pathogens, develop vaccines and implement effective public health measures, to say nothing of the economic, political and other dangers. Now downsize that to imagine what effect this would have if deployed within a corporate campus or at a conference gathering hundreds of leaders from a single industry. cybermagazine.com

109

TECHNOLOGY & AI

Deepfakes Deepfakes are convincing because they hijack existing audio and video files and employ tech to manipulate those units into fresh knock-offs that look real. Where there may not be sufficient native material to work with, ML can create new. This means a video of your CFO singing happy birthday to a grandchild on FaceBook coupled with other clips at speaking engagements are enough to appropriate and clone into an audio file that can be called into an assistant to ask for passwords. Add in the technology used for chatbots and that file can maintain a dialogue with the assistant and respond to questions. PROS: avatars create familiarity in some environments and especially in the realms of media and entertainment. Also, executives can dispatch video avatars to present to foreign clients in the language of their choice. CONS: scant legislation specific to deepfakes exists, let alone any worldwide effort. Also, detection technology is limited and soon enough the deepfakes will get too good to catch. There was a story in the April 2019 Wall Street Journal in which the CEO of a UK energy company received a call from his ‘parent company’ requesting an urgent transfer of €220,000 to a Hungarian supplier. Humanoids Similar to Crispr, the past 18 months have brought significant advancements in the realm of robots designed to appear human and impersonate our interactions. Unlike Crispr, producers have been scaling up their manufacturing and availability is within reach. According to NowThis News, global sales of professional-grade robots jumped 32% from 2018 to 2019. David Hanson, whose eponymous Hong Kong-based 110

October 2021

robotics firm is a forerunner of delivering mass-production to the market said, they can become our friends, our true friends, they might become alive. PROS: humanoids can be deployed to accomplish dangerous or otherwise risky tasks. For instance, during the next pandemic humanoids may support hospital efforts such as testing, intake and other necessary functions to minimise exposure and hours of frontline workers. CONS: also similar to Crispr, the ‘Dr. Frankensteins’ employing the technology don’t really know how it works or why it

TECHNOLOGY & AI

“ Deepfakes are convincing because they hijack existing audio and video files and employ tech to manipulate those units into fresh knock-offs that look real” BRUCE MCINDOE

FOUNDER, MCINDOE RISK ADVISORY

works so well, meaning the threats are endless and their impact will be hard to manage, especially if the AI/ML outpaces the counter-measures of the humans trying to stop it. Virtual Reality The basis of VR is to trick the mind into believing something by presenting the senses with convincing information simultaneously. The Virtual Reality Society defines VR as an experience that is totally immersive but not necessarily interactive and cites many VR-adjacent developments cybermagazine.com

111

TECHNOLOGY & AI

“ It’s never too soon to consider corporate policies and procedures that can adapt as AI and ML tools develop?” BRUCE MCINDOE

FOUNDER, MCINDOE RISK ADVISORY

112

October 2021

TECHNOLOGY & AI

as significant to the VR timeline, but the real shift came in the 1990s through the gaming industry. In the immediate future, gaming will be the chief driver and beneficiary of consumer VR, but smart phones, entertainment, education and other areas will benefit from users having a complete sensory experience. Military and other sectors will also achieve training and functional improvements through the use of VR and ultimately AR. The difference between the two being the former is completely virtual and the latter uses real life settings. Another way to look at it is AR users control their presence, like through a smartphone, whereas VR users are controlled by the system, like through a headset. PROS: wellness apps such as those that help calm and relax users or present stroke rehabilitation, teleconferencing, training for skills improvement, particularly with first responders and in areas such as telecomm, construction and telemedicine. CONS: addiction to the immersion, cybersickness (nausea associated with extended use) and the fact that its motive is to trick the mind into believing whatever the system presents. This opens the door to bad actors hacking a company’s training program to imbed “learnings” for employees to unwittingly act out nefarious agendas. Many other AI and ML advancements warrant review but these five areas are seeing significant development and growth in mass market readiness. Whether a company is adopting any of these solutions directly is irrelevant. The fact remains that each bears threats to cyber security born to and from people. cybermagazine.com

113

NARANJA X

A FINTECH TRANSFORMATION WRITTEN BY: JOANNA ENGLAND

114

October 2021

PRODUCED BY: JAKE MEGEARY

NARANJA X

cybermagazine.com

115

NARANJA X

116

October 2021

NARANJA X

Naranja X CISO Santiago Fernández tells us about the fintech transformation of one of Argentina’s best-known financial services companies

Santi Fernández, CISO

lthough fintech is a relatively new industry, it is also a sector that is transforming established companies globally. Naranja X is one of the latest ‘fintech transformations’ to emerge from South America’s financial sector. From humble beginnings as a sports shop store card launched in 1985, Naranja X has now become one of the most dynamic fintechs in Argentina. Headquartered in Buenos Aires and Córdoba, the distinctive orange card, which gained its name Naranja X because it translates as ‘orange’ in Spanish, is already a household name. The company re-modelled itself and relaunched as a fintech in 2019, just prior to the start of the pandemic. Since then, Naranja X has moved from strength to strength and provides its customers with a range of services and products that assist them with daily financial management. Santiago Fernández, Chief Information Security Officer at Naranja X, explains, “It’s a 35-year-old company that has developed into a fintech company in order to support customers in their daily money management.” So far, Naranja X has established two corporate buildings in the cities of Córdoba and Buenos Aires, and there are 180 branches throughout the country that operate with a workforce of more than 3,000 employees. As an established and trusted brand, Naranja X boasts a user base of more than five million cybermagazine.com

117

Naranja X: a fintech transformation

customers, who, according to Fernández, “access their pesos accounts, transfer money, pay bills, use their credit cards, obtain loans, take out insurance, deal with e-commerce, buy trips, enjoy promotions, and more.” Bringing a multitude of skills to the role of CISO, Fernández is also a Professor of Cybersecurity at the University of Palermo. The position, he says, gives him valuable insights into the space, which is becoming increasingly important in fintech, where protection of data and financial information is paramount. “The university environment gives me the opportunity to share a space of constant challenge, not only with my colleagues but also with the students. Many of my colleagues work for the most important Argentine companies and, in many cases, international companies. They tell me their strategies, how they plan to approach them, what objective they pursue. That is nourishing for both parties, particularly for me.” 118

October 2021

Fernández says the opportunity to view new perspectives and become familiar with the latest technologies being used in the market benefits the Naranja X Information Security team. Indeed, the company’s security strategy is multi-pronged and relies on the latest technologies to secure data and customer information against cyber attacks. “Our mission in the area of Information Security is to protect user and company data, ensuring data availability, confidentiality, and integrity,” he says. “We work proactively and synergistically with all the areas so that we can have a comprehensive vision of all the processes, thus reducing exposure levels, mitigating vulnerabilities and improving data protection. To achieve these objectives, we have designed a strategy built on three main pillars: “The first involves security awareness campaigns for employees, users, and the

NARANJA X

“ For us, people come first, and they are at the centre of our decisions. We strive to offer them products, benefits, and services that make their daily life easier” SANTIAGO FERNÁNDEZ CISO, NARANJA X

general public. We know security education is essential. “The second pillar implies reducing threat exposure levels by using a proactive approach. Process automation and attack area reduction are key. “The third and last is about the adequate protection of sensitive corporate data by adding further protective layers around our most critical asset: information.”

Secure and agile teams Naranga X also employs specific tactics in terms of its business modelling. Currently, the fintech utilises an element called ‘Security Champions’ and a work style it describes as ‘Tribal Squad’. These systems are employed to improve efficiency as well as security within the company. In May 2020, Naranja X announced its evolution into a fintech company. Interdisciplinary work has been crucial to this success, as has the creation of “Squads” or teams, with different specialists from areas such as IT, analytics, customer experience, and business. Fernández explains, “At Naranja X, products and business opportunities are created and developed with different technologies by interdisciplinary teams called Squads or Tribes. We believe in empowering teams to achieve the aims we have set. Creating an agile mindset erases physical barriers and allows us to work virtually, building true teams and focusing on results. “To accompany the time to market each product, it is necessary to perform a ”Shift to the left” in terms of security. That is, Information Security must work from the very beginning at each of the stages in the product life cycle. So, we are part of each of our pipelines (CI/CD) of development and infrastructure (IaaC) as their security support,” explains. He says that as resources are finite, to achieve scalability, the role of Security Champion was created in each Squad. The Security Champion is a member of the interdisciplinary team (Product Squad) who is in charge of overseeing security stories in the team’s backlog. The Security Champion is also well trained in cyber security and liaises with Cyber Security CoE. cybermagazine.com

119

NARANJA X

“ Our indicators show an 800% increase in scams, phishing, and vishing – a trend also seen in many other financial companies in Argentina” SANTIAGO FERNÁNDEZ CISO, NARANJA X

“Our aim is to ensure that Security tasks advance at the same pace as the Product or Business tasks. In the past, it was common to hear comments such as “ this risk is not relevant”, “we do not want so much formal

See how Naranja

work”, “it is only an MVP, a pilot”. The Security Champion role helps us to participate from the beginning of the product life cycle, thus enhancing efficiency.” A Cybersecurity Centre of Excellence “The Information Security CoE counts on specialists in different fields to deliver services to the whole company,” Fernández tells us. “There are three main teams within the CoE at present: Information Security, Cyber Security and Digital Information Security. The first is the most traditional one where we deal with GRC, IAM, and Brand Protection.” He points out that Naranja X’s cyber security focuses on monitoring, end-point and I&R as well as Digital Information Security (DIS). “In this team, we have DevSecOps and NetSecOps

Are external threats targeting your company?

uses IntSights for brand protection Read The Case Study

120

October 2021

Find Out Now

NARANJA X

Santiago Fernández TITLE: CISO INDUSTRY: FINANCIAL SERVICES

EXECUTIVE BIO

cybermagazine.com

121

NARANJA X

specialists, Cloud Security Engineers and red and blue Team members. In the near future, we are going to create a Product Security team to support and further reach customers with the solutions we develop.” A customer-centric approach But perhaps one of the most defining features about Naranja X is its customer-centric approach. The company places customers - and its people, squarely at the centre of its philosophy - both in terms of management and service experience. It was this aspect that drew Fernández to the role - and stokes his enthusiasm for the job. He explains, “What attracted me to Naranja X? Many things! First and foremost, the focus we have: "People are key", not only the customers, but also the employees.” 122

October 2021

Technological innovation is a driving force behind this, and he describes the working environment as one of ‘learning and satisfaction. “Naranja X provides an environment that has a multi-cloud and on-premise infrastructure, where you can find an offline business and an online business, cutting-edge technologies that we use, and a focus on employee development.” Market differentiators But in a sector as competitive as the fintech market, staying competitive is key to survival. Latin America is one of the globe’s fastest emerging markets when it comes to technology and finance - so how difficult is it to maintain an edge over other growing services? Fernández says it comes down, once again, to looking after people.

NARANJA X

FINTECH IN LATIN AMERICA According to reports, in 2020, fintech represented 40% of all regional venture capital invested in Latin American fintech startups. The study was conducted by LAVCA, an organisation that tracks private investment in Latin America. Crunchbase data also indicates fintech momentum has continued in 2021, led by big rounds for Brazil-based payment tech provider EBANX and digital bank Neon, as well as Nubank.

“ Naranja X provides an environment that has a multi-cloud and on-premise infrastructure” SANTIAGO FERNÁNDEZ CISO, NARANJA X

“For us, people come first, and they are at the centre of our decisions. We strive to offer them products, benefits, and services that make their daily life easier. To achieve that, we implement technologies that make their interaction with our app or in-person service in any of our 180 branches a fully efficient, personalised, and positive experience.”

In-house DevSecOps In a world where connectivity and being part of an ecosystem is often central to scalability, Naranja X is playing things slightly differently by using an in-house DevSecOps. But is this something that works better specifically in the Argentine market? Fernández believes so. He says, “To have a good product and a good business case is as important as outsmarting our competitors. However, security has often been perceived as a hand brake that slows down the product development process. Instead, we aim to become a safety belt, an airbag cushion that can safeguard the business health, not hinder its development and pace.” Fernández explains that the DevSecOps specialist enables the pace by automating security in each of the pipelines Naranja X uses to make its products available. The developer, then, is well aware that the product has complied with the security steps before its deployment. He says, “Launching a product before the competition is not the only factor that gives us a market advantage. We need to provide reliable default security characteristics because customers and users have become more demanding. “To pick up from the analogy we used earlier, in the 80’s, nobody paid attention to safety belts and other security features when buying a car. Today, it would be inconceivable. The same is happening in the world of technology. That is why we have stopped being security auditors to become product co-creators.” Strategic partnerships Although developing in-house systems has its advantages, forming connections that can drive innovation forward is also critical to Naranja X. Currently, IntSights is one of the company’s key partners that played an essential role in cybermagazine.com

123

NARANJA X

124

October 2021

NARANJA X

managing the digital processes required to service customers during Covid-related restrictions. Fernández explains, “During the lockdown, digitalisation of processes and tasks increased considerably – not only in the case of our company but in the business world in general. This increase attracted cybercriminals. Therefore, we decided to monitor Naranja X's brand health in the Dark Web or Deep Web, and we chose IntSights as our strategic partner in Brand Protection.” He continues, “Our indicators show an 800% increase in scams, phishing, and vishing – a trend also seen in many other financial companies in Argentina. IntSights offers visibility of BIN data, email addresses or domains, user lists, and passwords in a proactive way so that we can detect and remedy wrongful activities by site takedowns and other contention and preparation actions.” Naranja X also partners with IntSights to manage their external threat intelligence, which has resulted in the fintech company having a 360° view that exceeds its current, in-house possibilities. Fernández says, “The platform operates on different webs and can identify potential threats, collect and analyse content from different open sources such as social networks, blogs, chat boards, etc… IntSight's early threat detection makes it possible for us to answer effectively.” IntSights also carries out early identification of potential phishing activity and classifies these threats, which in turn leads to screening any “false positive” cases. The platform’s open integration API, with its easy access and sound documentation, assists

Naranja X to mitigate damaging events early and assist in automation. “IntSights is used not only by Information Security but also by Fraud Prevention. This type of tool has become a commodity for other teams in the company as well,” says Fernández. A people-centric future In an industry that increasingly places technology and customers at the heart of its operations, Naranja X is ahead of the game and emphasises its employees’ welfare and development. Fernández surmises, “On the other hand, we are committed to our staff’s constant development. In 2020, over 13,300 training hours were delivered by our Data and Analytics Academy to focus our employees’ attention on data-driven culture. We also have a framework and collaborative tools for data search which democratises practices.” In terms of the next 18 months, money management as well as technology-based products, services, and functionality will be a main focus for the company, as well as a number of new product launches. “Soon, the Naranja X account will render interest on funds deposited, a new dollar account will be offered to our customers, and the prepaid card will become a debit card. These new products will provide solutions to our customers’ personal and business financial needs.” He adds, “To meet these challenges and the planned business growth, we will continue recruiting talented professionals in the field of technology for our engineering, architecture and data and analytics teams.”

cybermagazine.com

125

TOP 10

THREAT INTELLIGENCE TOOLS Cyber threat intelligence tools not only reduce the risk of costly security breaches, but also help organisations align security spending with their requirements. We’ve put together our list of the top 10 on the market

126

October 2021

TOP 10

WRITTEN BY: VIKKI DAVIES

hreat intelligence plays a crucial role in today's cybersecurity defence apparatus. In fact research by Anomali found that 78 per cent of organisations believe that threat intelligence is critical for achieving a strong security posture. As cyber attacks continue to increase and evolve at a phenomenal rate there has never been a more important time to invest in threat intelligence tools to prepare organisations for possible attack and ultimately to identify and stop cyber attacks in their tracks. We’ve compiled a list of the best threat intelligence tools on the market. Here’s our top 10.

cybermagazine.com

127

TOP 10

BitDefender BitDefender Promises contextual, real-time insights into the global threat environment. Fuelled by the Global Protective Network that supports over 500 million systems, this advanced system collects data from sensors worldwide to give you a real-time view of the potential risks that could be coming for your business. With BitDefender, companies can benefit from accelerated incident response with contextual and actionable threat indicators. You’ll also get a unique insight into the latest threats and how they’re trying to attack your business with quality resources that provide accurate insights.

128

October 2021

LookingGlass The LookingGlass threat intelligence platform gives security teams the freedom to better detect, understand, and overcome cybersecurity threats instantly. Among its offerings is ScoutPRIME, a global attack surface management solution that constantly assesses your environment and highlights vulnerabilities. There’s also ScoutTHREAT for companies who need help identifying and prioritising gaps in their defences with 24/7 managed threat intelligence.

TOP 10

08 Imperva

Imperva provides its threat intelligence platform through ThreatRadar, a web application system. This threat intelligence platform gives businesses the tools they need to collect data and transform it into actionable insights about cyber threats. There’s a reputation service that lets you filter traffic with information based on real-time information, and a community defence system for constant updates. You’ll also have access to bot protection with automatic DDoS detection and account takeover protection too. An emergency feed delivers all the latest signatures instantly to help mitigate zero-day vulnerability.

ThreatConnect ThreatConnect helps companies to defend their operations with a complete suite of features. This is the only solution available today that combines threat intelligence with cyber threat quantification, orchestration, automation, templated workflows, and analytics all in one place. You can even access dedicated incident response teams. The ThreatConnect platform offers security and support relevant to your industry, role, product, or need. You can get dedicated tools specifically for healthcare and government brands, or explore solutions for specific issues, like threat hunting and vulnerability management. cybermagazine.com

129

Enabling educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience. EXPLORE THE 3D EXPERIENCE

TOP 10

05 Anomali

Recorded Future Fusion Recorded Future Fusion is a complete threat intelligence platform, offering business leaders everything they need to centralise their data, collaborate on business analytics, and create in-depth reports. Companies can add proprietary data and feeds to their Recorded Future system, including data from security vendors, industry bodies, independent research, and more. You can also access a centralised environment ideal for collaborating on business analytics. The Recorded Future system is fully customisable, so that every business can adjust their intelligence to suit their needs.

The Anomali threat platform is a unique solution for businesses that need next-level protection. Offering threat visibility and detection at incredible speed, Anomali combines intelligence with turnkey integrations. Anomali’s intelligence-driven security suite optimises threat intelligence in a single platform to increase the speed of threat detection and proactive measures. You can set up automations within your network and access in-depth knowledge about potential breaches instantly. Anomali’s platform is also excellent for growing businesses, with the ability to scale at will.

cybermagazine.com

131

TOP 10

SolarWinds

Helping companies to make better decisions in real-time, the SolarWinds threat intelligence platform includes real-time logging feeds. What's more, this platform comes as part of a complete security event management system. You can use the convenient user interface to track malware, botnet, and DDoS attacks as they happen, and implement tools to defend your data from infiltration. The threat intelligence system flags events with cyber intelligence frameworks, letting you know how dangerous potential issues can be.

132

October 2021

Proofpoint Proofpoint ET Intelligence delivers timely and accurate threat intelligence. Its fully verified intel provides deeper context and integrates seamlessly with security tools to enhance decision-making. Business leaders can access ET intelligence dashboards that provide all the context needed to understand where an issue came from. You’ll get condemnation evidence, reputation intel from each attack, and detection information too. The portal is intuitive, searchable, and great for creating personalised reports.

TOP 10

CrowdStrike's Falcon X Intelligence CrowdStrike’s Falcon X Intelligence tool combines automated analysis with human intelligence, enabling security teams, regardless of size or skill, to get ahead of the attacker's next move. The intelligence has three levels, starting with a tool that automatically investigates incidents and accelerates responses leading to threat intelligence reporting and research from CrowdStrike experts and access to an intelligence analyst to help defend against specific threats targeting your organisation.

cybermagazine.com

133

Meet the Top 100 Leaders in Technology

OUT NOW A BizClik Media Group Brand

techno

logym

agazine

.com

TOP LEAD ERS 2021

NOMINATE

CELEBRATE

Creating Digital Communities

TOP 10

Kaspersky Threat Intelligence Portal

TOP 10

Kaspersky Threat Intelligence Kaspersky Lab offers the latest data from different parts of the world to provide in-depth insights on the cyber threats targeting your business. It uses intelligence reporting to deliver insights and tactics to enhance your security controls. The solution is particularly well suited to addressing the security requirements, concerns and constraints of the Government, Financial Services, Managed Security Service Providers and Critical Infrastructure sectors.

cybermagazine.com

137

Fusionex Augmented Analytics

GROW YOUR BUSINESS BY HARNESSING THE NEXT DISRUPTOR IN ANALYTICS Explore all the ways digital transformation can help you make future-proof decisions based on existing data. Fusionex Augmented Analytics generates insights using the power of machine learning to accelerate the discovery of new growth areas and revenue streams for your business.

Learn more

Cyber Magazine - October 2021

Articles inside

Legend Shira Rubinoff

Timeline The history of cyber security

People Moves

Global News