July 2022
cybermagazine.com
Claroty: Simon Chassar, Claroty CRO, on the critical infrastructure required Vodafone Business: Secure growth in digital adoption
DATA BREACHES City of Portland: Changing lives with data insights The University of Kansas Health System: Guardians of a worldclass academic medical centre
SEEING IS NOT BELIEVING – THE RISE OF DEEPFAKES FEATURING:
GUILFORD TECHNICAL COMMUNITY COLLEGE
FIRST BANK
Never miss an issue!
+ Discover the latest news and insights about Global Cyber...
JOIN THE COMMUNITY
The Cyber Team EDITIOR-IN-CHIEF
TILLY KENYON ALEX TUCK
EDITORIAL DIRECTOR
SCOTT BIRCH
PRODUCTION DIRECTORS
GEORGIA ALLEN DANIELA KIANICKOVÁ PRODUCTION MANAGERS
PHILLINE VICENTE JANE ARNETA ELLA CHADNEY
CREATIVE TEAM
OSCAR HATHAWAY SOPHIE-ANN PINNELL HECTOR PENROSE SAM HUBBARD MIMI GUNN JUSTIN SMITH REBEKAH BIRLESON JORDAN WOOD DANILO CARDOSO VIDEO PRODUCTION MANAGER
KIERAN WAITE
DIGITAL VIDEO PRODUCERS
MARTA EUGENIO ERNEST DE NEVE THOMAS EASTERFORD DREW HARDMAN PROJECT DIRECTORS
KRIS PALMER BEN MALTBY TOM VENTURO
MANAGING DIRECTOR
LEWIS VAUGHAN
MEDIA SALES DIRECTORS
JASON WESTGATE
CHIEF OPERATIONS OFFICER
STACY NORMAN CEO
GLEN WHITE
FOREWORD
Are CISOs prepared to tackle and respond to the constantly changing security threats?
“CISOs need to consistently implement more sophisticated defence strategies to mirror the increasingly sophisticated techniques used by attackers”
The CISO’s role is evolving – just like cyber security. It is not limited to only preventing security threats, but it now incorporates effectively managing data security, the risks in infrastructure and brand reputation, among other responsibilities As the security landscape experiences drastic changes, this has resulted in businesses elevating their cyber security strategy, with the role of the CISO becoming increasingly more important. CISOs are tackling a variety of problems such as a rise in automated attacks and how attackers are becoming more motivated and knowledgeable. Are CISOs prepared to face all the challenges thrown at them during this current climate? This was one of the many topics that was explored at our recent Cyber Live event. Tammy Archer, CISO at Inchcape, explained: “There are going to be times when you will face quite difficult circumstances, but I would say when it does come to that, you just need to take a step back and think about how you are going to approach the problem.”
TILLY KENYON CYBER MAGAZINE IS PUBLISHED BY
tilly.kenyon@bizclikmedia.com
© 2022 | ALL RIGHTS RESERVED
cybermagazine.com
3
DIAMOND SPONSOR
SIMON CHASSAR,
CHIEF REVENUE OFFICER AT CLAROTY Simon Chassar, Chief Revenue Officer at Claroty discusses his career journey, what inspires him, and his proudest moments from his career so far
J
oining Claroty 18 months ago, Simon Chassar is currently the Chief Revenue Officer for the global cyber-physical security organisation. Prior to Claroty, Chassar ran the cybersecurity sales business at NTT. “In my time at NTT I observed a rise in the number of attacks on the industrial critical infrastructure environments, so when I was looking at my next career move, I homed in on OT and IOT security as the next step,” says Chassar. “My favourite thing about the industry is the conversations around protecting our lives and society as a whole. Things like fuel, shelter, food, and energy, these are the things that we consume every
day, they are critical to our wellbeing as a society and as human beings. So for me, the business discussion around protecting these critical environments is an interesting sector to be in.”
WHAT INSPIRES CHASSAR?
In his career, Chassar is inspired by the ability to go on journeys with people, to meet new people, and to evolve people and their understanding for the better. “I like to take people on a journey with me. We like to make sure that as an organisation we are enjoying ourselves and making sure that we learn from each other and support each others’ wellbeing. So I take
CLAROTY
Claroty: protecting society with cyber-physical security
“ IF AN ORGANISATION DOESN’T HAVE A POLICY OR PROJECT UNDERWAY, THEN THEY SHOULD START ONE IMMEDIATELY” Simon Chassar CRO, Claroty inspiration out of seeing others develop and enjoy what they do,” says Chassar. He adds: “Aside from my family, my proudest achievement from a career point of view began when I joined VMware in 2007, at the start of the technology virtualisation journey within servers. During my time at VMware the growth and demand in the market really stretched my abilities as an individual to develop myself and learn new skills and new technologies. “That then set me up for when I joined NTT and had the opportunity to integrate five security companies together. I think
seeing people come together as one company, and the success of integrating into one organisation, was another huge milestone in terms of career satisfaction.” Chassar discussed how to achieve unmatched visibility, protection and threat detection across Industrial (OT), Healthcare (IoMT), and Enterprise IoT assets in his TECH LIVE LONDON keynote on ‘XIoT’.
Claroty CEO: YANIV VARDI INDUSTRY: CYBERSECURITY HQ: NEW YORK, USA
CONTENTS
Our Regular Upfront Section: 12 Big Picture 14 The Brief 16 Timeline 18 Trailblazer: Jesper Trolle 22 Five Minutes With: Ariel Parnes
42
Event review
Shaping the future of technology
28
56
Protecting society with cyber-physical security
Vodafone Business enables secure growth in digital adoption
Claroty
Vodafone Business
68
98
Enterprise-wide cybersecurity in the age of the multicloud
Seeking viable avenues to improve educational access
Networks & Applications
Guilford Technical Community College
76
First Bank
Securing a familyowned business with St Louis’s First Bank
90
Technology
The Ongoing Threat of Ransomware in Business
110
Top 10
Cyber Data Breaches
In Association with:
Meet who runs the world.
TOP 100
Women
in
TECHNOLOGY
NEW ISSUE OUT NOW Read now
A BizClik Media Group Brand
Creating Digital Communities
122
City of Portland Transforming lives with data insights
134
The University of Kansas Health System Guardians of a world-class academic medical centre
PLATINUM SPONSOR
TRUSTWORTHY TECHNOLOGY IS SUSTAINABLE TECHNOLOGY
T
ortoise and Kainos spoke to a range of experts throughout the field of artificial intelligence; from executives and technicians, to researchers and government officials. Those insights are revealed in the form of three hypotheses about how the domain of trust in artificial intelligence is changing: ‘The future of trust in artificial intelligence: responsibility, understandability and sustainability’. To coincide with the report, Jane Fletcher, Experience Design Principal at Kainos, discussed 'Sustainability: A path to trust for Data & AI' in a virtual keynote at TECH LIVE LONDON. Trust in the AI ecosystem is largely dependent on data, the conclusions and predictions reached, and the sensitivity of the system to bias and other influences. As governments and corporations 10
July 2022
consider ways of enforcing technologies that are lawful, ethical and robust, Fletcher discussed the increase in regulation around data over the last few years due to GDPR, the growing importance of cybersecurity and the role of AI ethics on the imminent EU AI act.
Language, automation and trust
Fletcher elaborated on the move towards sustainability that has seen professionalisation, standardisation and mechanisms for disclosure – all to create confidence that the world economy can decarbonise, be governed fairly and embrace an inclusive society. Much like the major drivers that propelled the original Industrial Revolution: language, automation and trust, the latter in particular is vital to tempering AI for widespread use today, lowering the barrier of entry in order to accelerate adoption.
KAINOS
Ethics vital to wider AI adoption
Kainos suggests that if we don't act today in a responsible and ethical way, in terms of how we develop and deploy AI to help users understand its capabilities, then this lack of trust will limit or prevent the adoption of artificial intelligence over the next few years. Acting early can mitigate and prevent some of those issues from arising, and Kainos will share tips on these first steps.
Data Governance unlocks success Also at TECH LIVE LONDON was, Karim Jessani., Principal: Data & AI Practice / CSO, who discussed ‘Data Governance / With Great Power, Comes Great Responsibility’. Jessani said: “If an organisation recognises data as a true and valuable asset and treats it as such through a comprehensive data governance policy, it will be able to use data more wisely to empower its business for success”.
KAINOS: DIGITAL TRANSFORMATION SERVICES Belfast-headquartered IT provider Kainos has developed a unique mindset that embraces any digital challenge. With 98% customer satisfaction rating, their key technology partners are AWS, Microsoft, and Workday, with notable clients like the NHS, UK Government, and Netflix.
Kainos CEO: BRENDAN MOONEY INDUSTRY: SOFTWARE & TECHNOLOGY HQ: BELFAST, UNITED KINGDOM
cybermagazine.com
11
BIG PICTURE
THE RISE OF DEEPFAKES Scammers are now using deepfakes of celebrities, journalists, and NFT projects to convince people to send over various cryptocurrencies. One of note was a video online showing Elon Musk promoting an apparent cryptocurrency scam called BitVex. To combat the rise of this technology as a means of scamming 12
July 2022
people, companies across the globe have greeted solutions to ensure deepfake technology cannot be used as a tactic in a cyber attack. Twitter and Facebook have officially banned the use of malicious deepfakes, while Google has been working on text-to-speech conversion tools to verify speakers.
cybermagazine.com
13
THE BRIEF “With greater connectivity of machines comes greater exposure to new kinds of cyber threats – which the machines are often not equipped to withstand” Simon Chassar
Chief Revenue Officer, Claroty
BY THE NUMBERS Cause of ransomware infections
33%
66%
READ MORE
“We’ve seen a cybercrime shift from covert shadow groups into these cybercrime cartels, now providing ransomware-asa-service and executing multistage campaigns” Tom Kellermann
Head of Cybersecurity Strategy, VMware READ MORE
“It doesn’t help that the salaries on offer are relatively low when compared to the wider industry. Cybersecurity is not an area that can afford to be cut back on in this increasingly digital world”
RIGHT: Other
DOES A CASHLESS SOCIETY MEAN HIGHER RISK OF FRAUD? Armen Najarian, Chief Identity Officer at Outseer, spoke to Cyber Magazine about malicious apps and fraud within a cashless society READ MORE
TOP 10 CLOUD SECURITY COMPANIES Security in cloud computing is crucial to any company looking to keep its applications and data secure, we take a look at 10 companies offering protection READ MORE
Senior Member IEEE
HOW RED CANARY HELPS ORGANISATIONS PREVENT BREACHES In a world where cyber attacks are only growing, we take a look at how Red Canary and its Managed Detection and Response (MDR) services help companies
READ MORE
READ MORE
Kevin Curran
14
LEFT: Phishing emails
July 2022
Recently, it was announced NTT Data – a global leader in IT services and cybersecurity – partnered with Swimlane to reduce risk for shared customers via Swimlane’s low-code automation platform. Swimlane’s low-code automation platform coupled with NTT Data’s deep industry expertise delivers solutions that enable continuous compliance while preventing data breaches. In doing so, the pair will help security teams to more efficiently manage the growing volume of alerts and complexity of processes.
NATIONAL SECURITY In the event that Russian hackers decide to retaliate to the U.S. government launching counter attacks against Russia in cyberspace, it's an ongoing possibility that US companies or infrastructure could become collateral damage. COSTA RICA This year, notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid, allowing another band of extortionists to attack. The government later admitted that at least 30 of the agency's servers were infected.
JUL22
BAD TIMES
But, what exactly is security automation? Security automation is machine-based execution of security actions; it can detect, investigate and remediate cyberthreats with or without human intervention. This technology can identify incoming threats, triaging and prioritising alerts as they emerge, and performing automated incident response. With an automation security operations centre (SOC), enterprises will gain faster threat detection by automatically triage alerts and identify real incidents, allowing analysts to identify threats faster. Additionally, automated tools can execute security playbooks in response to certain types of incidents. With this, threats can be contained or even completely eradicated without human intervention.
OKTA Okta posted its financial results for its first quarter – which ended April 30, 2022 – revealing that the company saw its total revenue grow by an astounding 65% yearon-year, reaching heights of US$415mn.
GOOD TIMES
Security automation and accelerating incident response
PERIMETER 81 Israeli cyber firm Perimeter 81 has said its backers now value the cybersecurity company at US$1bn, bestowing it with unicorn status after the firm raised US$100mn to fund product development.
cybermagazine.com
15
TIMELINE
THE EVOLU PHISHING Phishing is a type of cyber attack where criminals use email, online messages or SMS to trick people into giving up personal data, usually by clicking a malicious link. As technology has advanced, phishing is becoming increasingly convincing, so this type of cybercrime is on the rise.
1990s
2001
2003
CYBERCRIME TAKES ON THE INTERNET
STEPPING INTO THE ECOMMERCE MARKET
ECOMMERCE BECOMES PHISHING PLAYGROUND
It’s thought that phishing is as old as the internet, but the earliest recorded use of the term came in 1996. Scammers sent an officiallooking email to unsuspecting AOL users, one of the leading internet service providers, requesting account information for a fake, but plausible reason.
In the early 2000s, attackers turned their attention to financial systems. The first known phishing attack on eCommerce websites started with the E-Gold website in June 2001.
By 2003, phishers had started registering domain names that were slight variations on legitimate commerce sites, such eBay and PayPal, and sending mass mailings asking customers to visit the sites, enter their passwords and update their credit card information.
16
July 2022
UTION OF G AT TACKS 2022 THE EVER-CHANGING SECURITY LANDSCAPE
2010s
2020
A NEW ERA OF CYBER ATTACKS
A SHIFT IN DIGITAL TECHNOLOGY
Around 2010, large organisations began employing more cyber security professionals to counter the increasing risk of cyberthreats. A notable attack in this decade was in 2013, when over 110 million Target customers had their credit card records stolen in a phishing attack.
In early 2020, as the world shifted to online living, phishing emails related to the COVID-19 pandemic started to rapidly increase. Popular themes included stimulus checks, fake contact warnings, fake test results, Netflix scams, fines for coming out of quarantine and many more.
Current phishing scams have been using the Russian invasion of Ukraine to their advantage, setting up donation scams and using the conflict to collect data and cryptocurrency from victims. Threat actors used email subject lines such as ‘Ukraine Donations’ to target potential phishing victims. According to recent research from IRONSCALES, 81% of organisations around the world have experienced an increase in email phishing attacks since March 2020. cybermagazine.com
17
TRAILBLAZER
Jesper Trolle Trolle is Chief Executive Officer at Exclusive Networks, a company that made €3.3bn in gross sales in FY21. A respected entrepreneurial executive with strong business and financial orientation, he has 26 years of experience within the Information Technology sector How did it feel to IPO at €1.8 billion? Securing a valuation of €1.8bn at our IPO on Euronext in September last year was a milestone moment for us. As cyber resilience becomes a pressing priority for governments, enterprises and individuals, it confirmed that Exclusive Networks is invested in the right areas of a high-growth market with a unique model and proposition. Over the past decade, we’ve evolved from a small private company to a global cybersecurity specialist, equipped with a portfolio of 260 leading cybersecurity vendors across 170 countries and around 21,000 partners. Witnessing the exponential growth of the business and investor appetite matching the extraordinary market demand for cyber products and services continues to be extremely rewarding. Ultimately, achieving such a strong valuation excited us about the future prospects of the business. Our IPO was about growth and bringing us one step closer to our mission: achieving a totally trusted digital future for all people and organisations. You are aiming for a totally trusted digital world. What does it look like? Our vision for a totally trusted digital world is one that is powered by high-performing 18
July 2022
technology, supported by an extensive partner ecosystem and delivered by industry-leading talent. A world with safe and secure online ecosystems, that is well equipped to prevent malicious attacks on business operations. How are your services different from others in the industry? Positioned at the centre of the cybersecurity ecosystem, we play a pivotal role at the heart of this market, interfacing between vendors and channel partners to solve complexity and fragmentation across the cybersecurity value chain. We help cybersecurity vendors scale their businesses globally and provide customers with cybersecurity services, enablement and world-leading technologies that fit their needs. Our deep specialisation in cybersecurity – with a 1:2 ratio of technical engineers to sales – means we have a deep understanding of the technical capabilities of our vendors as well as those of the customer base served by our partners. Our unique “local sale, global scale” model enables our partners to achieve global reach through a single point of contact, whilst providing the local expertise for each market’s needs.
“We feel strongly about taking a proactive approach to tackling the cyber skills talent gap” cybermagazine.com
19
TRAILBLAZER
“Our IPO was about growth and bringing us one step closer to our mission: achieving a totally trusted digital future for all people and organisations” Cyber plays a role in warfare too. How can countries protect themselves better? As we’ve seen recently, cyber warfare is an increasing threat and countries need to act fast to secure their critical national infrastructure – an attack on one sector can lead to disruptions in other sectors, as well. To stay ahead of potential breaches, governments must actively monitor rapidly evolving cyber threats and gain real-time visibility over their IT systems, 24 hours a day. International collaboration around the development of cybersecurity legislation and worldwide knowledge sharing are also crucial to increasing national protection. How does Exclusive Networks tackle the cyber skills shortage? We feel strongly about taking a proactive approach to tackling the cyber skills talent gap. For instance, we have partnered with Guardia Cybersecurity School to launch France’s first private cybersecurity academy in September this year – providing 150 students with expert mentorship and internships. We also have a partnership with California Polytechnic University in the US, where we launched a cyber facility that allows students to gain crucial industry experience alongside their degree, enabling us to nurture the next generation of talent. 20
July 2022
Exclusive Networks lists on Euronext Paris
cybermagazine.com
21
FIVE MINUTES WITH...
ARIEL PARNES
ARIEL PARNES, FORMER ISRAEL DEFENSE FORCE COLONEL, NOW CO-FOUNDER AND COO OF CYBERSECURITY CONSULTANCY MITIGA
Q. TELL US ABOUT YOUR BACKGROUND, ARIEL?
» I am a retired colonel from the Israel Defense Forces (IDF), where I served over 20 years in the 8200 Cyber Unit. I built a new unit within the IDF for special cyber operations, leading innovative technological efforts for the benefit of the State of Israel’s security, combatting cyber threats and terrorism around the world.
Q. TELL US ABOUT YOUR CURRENT ROLE?
» As the Chief Operating Officer at
Mitiga, I’m responsible for delivering our cybersecurity Incident Response and Readiness (IR²) solution to our customers. This covers the whole lifecycle of our customers and – if (and when) a breach happens – responding to customers’ incidents from investigation to full recovery. I also lead our Cyber Research program, which constantly generates new cloud attack scenarios, analyses them, and develops investigation modules to automate future response. This, and our work during active incidents, becomes part of our Incident Readiness and Response platform. My co-founders and I believe that finding and retaining the right people and nurturing Mitiga’s unique culture are fundamental to building an impactful company. I lead this effort with the help of our talented HR team. 22
July 2022
“ACTING AS AN INCIDENT COMMANDER IS AN INTENSE AND REWARDING ROLE” Finally, as a co-founder and board member, I am part of the team that defines and steers Mitiga’s strategy.
Q. WHAT HAS BEEN YOUR HIGHLIGHT IN YOUR CURRENT ROLE?
» Acting as an incident commander
is an intense and rewarding role. Being there for customers during a crisis, helping them understand what happened and what their options are, guiding them to make the right decisions based on our investigation, and helping them recover quickly is really a highlight.
Q. WHAT IS YOUR POINT OF DIFFERENCE AS A BUSINESS?
» Mitiga combines decades of
cloud security expertise and experience with a cloud-native platform that delivers the incident and breach readiness and response required for a quick return to business as normal. Our approach also increases resilience to future attacks by prioritising readiness rather than prevention and by collecting, structuring, storing and analysing critical forensic data from dozens of cloud sources. This helps us automate a comprehensive cybermagazine.com
23
FIVE MINUTES WITH...
compromise assessment process we call Forensics as Code. It enables us to use a single incident to inform future investigations, checking each subscriber’s data dynamically to continuously investigate similar potential breaches. Another point of differentiation is that, because of our focus on readiness, IR² subscribers receive incident response at no additional cost.
Q. WHAT TECHNOLOGY ARE YOU MOST LOOKING FORWARD TO USING MORE OF?
» We are always looking at
innovative technologies and thinking about how to use them, vetting them carefully in our engineering team. We have a unique approach for automation in IR, and we use Jupyter notebooks with Spark engines for Big Data and machine learning. Spark supports batch and real-time processing, interactive querying, analytics to machine learning, and graph processing. Spark uses in-memory query execution to provide a fast and efficient big data processing solution. We use it all over the three main cloud vendors (AWS, GCP, and Azure). We are also developing a unique internal Python package to support our Forensic as Code process. The Python package includes the logic of the Incident Response and is developed on top of Spark. Another unique technology we have is the way we prepare and save the collected data of customers to allow future fast retrieval at low cost. 24
July 2022
“I AM A RETIRED COLONEL FROM THE ISRAEL DEFENSE FORCES (IDF), WHERE I SERVED OVER 20 YEARS IN THE 8200 CYBER UNIT”
Q. WHAT IS YOUR LEADERSHIP STYLE?
» I believe in focusing on
communications – up, to the sides, and down. Strong communication is based on two principles: Being authentic: be genuine, frank, respectful but direct. Respect other people’s time – speak your mind. Listening: there is a huge difference between hearing and listening. Hearing is done through the ears while listening is through the mind and heart. I always strive to really understand the feelings, opinions, and perspectives of the other person.
PLANS FOR THE FUTURE We are a startup, so we have many plans. I’m excited about our growing team and increasing our automation capabilities to enable continuous, proactive breach investigation. We’re also building a new readiness dashboard for customers to easily understand where they stand and how they can improve.
cybermagazine.com
25
PLATINUM SPONSOR
INCREASE AGILITY AND GROWTH WITH A UNIFIED SALESFORCE PLATFORM FOR COMMUNICATIONS BUSINESSES Create frictionless telco industry customer journeys with Salesforce
SEE HOW THE 5G FUTURE WORKS EVEN FASTER
Find out how Salesforce solutions are helping communications providers meet emerging customer 5G needs. Watch our demo of a real-world example in the healthcare industry. WATCH DEMO NOW
>
SALESFORCE FOR COMMUNICATIONS Innovate faster and grow revenue with Communications Cloud. Create digitalfirst customer experiences. Learn how Communications Cloud helps CSPs: 9 9 9 9
Rapidly launch new offers and products Accelerate sales productivity Reduce system complexity Simplify onboarding and ordering
WATCH DEMO NOW
>
SALESFORCE
LEARN HOW TO TRANSFORM YOUR DIGITAL COMMERCE CAPABILITIES
Give your customers the digital experiences they demand by transforming your commerce platform. Read how you can grow your digital revenue, increase agility, and reduce costs. DOWNLOAD THE EBOOK
>
UNLOCK INNOVATION WITH SLACK AS YOUR DIGITAL HQ
Unite your digital-first teams around the customer. Discover how you can collaborate better and increase innovation. Watch how Vodafone dials up developer innovation and customer capability with Slack. WATCH THE VIDEO
>
SEE HOW THE TRAILBLAZERS STAND OUT FROM THE CROWD WITH COMMUNICATIONS CLOUD
Explore all the ways communications businesses are innovating and transforming customer relationships.
Salesforce CEO: MARC BENIOFF INDUSTRY: SOFTWARE & SERVICE PROVIDER HQ: SAN FRANCISCO, UNITED STATES
cybermagazine.com
27
28
July 2022
CLAROTY
PROTECTING SOCIETY WITH CYBER-PHYSICAL SECURITY WRITTEN BY: GEORGIA WILSON PRODUCED BY: GLEN WHITE
cybermagazine.com
29
CLAROTY
Simon Chassar, CRO, Claroty, reflects on the last two years, the maturity landscape of those in critical infrastructure sectors and Industry 5.0
I
In the business of building technology to protect critical infrastructure environments, Claroty’s core mission is to secure the cyber-physical systems used to run hospitals, power grids, oil pipelines, water utilities, and many other essential services that we depend on every day. “We have unique skills and a unique technology platform that is specially designed to detect, manage, and protect all connected devices within the four walls of an operational site, whether it’s industrial, medical, or commercial,” says Simon Chassar, chief revenue officer, Claroty. “Claroty has evolved significantly since I joined. When I started, the company was on a growth trajectory. There was an increase in the number of attacks in the critical infrastructure environments and increasing regulation. In the years following 2013, there has been a 3900% increase in ransomware attacks in these environments. “Since joining, we have established a structured organisation, increased our headcount and client base, and grown our revenue year on year by 100%. All of that growth has helped us to stay ahead of threats and to better serve our customers, protecting them from malactors taking advantage of the weaknesses within the critical infrastructure.”
30
July 2022
2015 Year founded
450+ Number of employees
Example of an image caption cybermagazine.com
31
CLAROTY
Simon Chassar TITLE: CHIEF REVENUE OFFICER INDUSTRY: INDUSTRIAL CYBERSECURITY LOCATION: SURREY, UNITED KINGDOM
EXECUTIVE BIO
Simon Chassar is Chief Revenue Officer at Claroty, where he leads the global sales organisation including territories, partnerships, sales engineers, sales development, and revenue operations. He brings more than 20 years of IT industry experience across the go-tomarket on hardware, software, and services at multinational organisations such as NTT, Cisco, Avaya, VMware, and Actifio. Prior to joining Claroty, he served as CRO of the security division of NTT, where he ran a sales channel, and marketing organisation of more than 300 people, delivering over $1.5 billion in revenue across products and services. Chassar is part of the World Economic Forum for Oil & Gas Security.
32
July 2022
“ Since joining, we have established a structured organisation, increased our headcount and client base, and grown our revenue year on year by 100%” SIMON CHASSAR
CHIEF REVENUE OFFICER, CLAROTY
Claroty: protecting society with cyber-physical security
On the cusp of a revolution: Industry 5.0 From the mechanisation of production through to automation and connectivity, the industrial sectors are on the cusp of a new evolution: Industry 5.0. “While Industry 4.0 saw connectivity of the end-to-end processes, Industry 5.0 harnesses all these other smart devices out there to effectively drive the optimisation of factories and production; humans and intelligent devices through connectivity,” says Chassar. He adds, “Increasingly, we are seeing those in the industry look at how they can optimise further by reducing waste, accelerating production, reducing energy, and improving health and safety through greater connectivity – not only in production, but across different functions and supply
chains, as well as automating functions where possible. “We are on that cusp now, where more organisations are heading in this direction regarding their future strategies. But, with greater connectivity of machines comes greater exposure to new kinds of cyber threats, which the machines are often not equipped to withstand. Ensuring that connectivity goes hand-in-hand with security is imperative for ensuring the safety and resiliency of the world’s critical infrastructure.” The maturity landscape of those in the industrial sector Although most organisations (60%) are only now going through the awareness phase and beginning to understand that they have these connected assets in their industrial environments, many continue to struggle to determine how they communicate or where they are located. cybermagazine.com
33
Digital Safety + Process Integrity = Cybersecurity for Industrial Environments With over 100 years of combined OT/IT Industrial, Enterprise and C-suite experience, Velta Technology helps clients: • Take proactive steps to protect Operational Technology (OT) from adverse cyber events • Discover and correct vulnerabilities relating to physical outcome producing equipment • Facilitate internal discussions between OT, IT, and the C-Suite to ensure cybersecurity ownership on the plant floor
Velta Technology Get Safer Sooner.
Industrial Environments, IIoT and Digital Safety Craig Duckworth, President and Co-Founder of Velta Technology, discusses IIoT, cybersecurity and partnering with Claroty to stay on top of the industry Craig Duckworth is the President and one of the co-founders of Velta Technology, providing Digital Safety, operational integrity, and cybersecurity for industrial manufacturing and critical infrastructure environments. “Communication between IT and Operational Technology (OT) teams is vitally important, and we believe OT needs to own the safety and security of the plant floor. IT security tools and solutions can’t be overlayed onto equipment in the Industrial Control System (ICS) environment. The two environments and skillsets to successfully manage and protect are very different.”
Velta Technology’s partnership with Claroty Velta Technology’s leadership team made the strategic decision to work only with top industrial cybersecurity companies – with Claroty a leader in asset visibility and
asktheexperts@veltatech.com
monitoring solutions for industrial networks. “We bring value to Claroty’s clients because of our deep understanding of the inner working of OT and IT environments, and the full potential of their industrial security solution. Velta Technology is not an IT cybersecurity technology company trying to move into the OT space. We understand process integrity and the inherent risks of plant floor equipment, which are unique to industrial environments. We help our mutual clients fully embrace what Claroty and our expertise at Velta Technology can offer.” A unique Velta Technology advantage is their team. “Our leadership team has over a hundred years of OT practitioner experience, and team members are degreed engineers that understand process integrity, ICS environments, and how to maximize Claroty’s solutions within the OT space,” said Duckworth.
The Future of IIoT and OT according to Velta Technology Over the next year, Duckworth sees Velta Technology poised for continued growth as a market leader. “Our deep understanding of the Claroty platforms combined with our rich knowledge of Industrial Control Systems, allows Velta Technology to highlight the value of Claroty and what they do for the OT space.”
Learn more
“Because of this, many organisations were not prepared for the last few years and remain unprepared for the years to come,” explains Chassar. “Currently, only 30% of organisations actually understand their assets, know how they communicate, and where they are located – and even fewer, 10%, have full vulnerability awareness of every single asset within their production and operational environments, understanding how they communicate and how they can mitigate threats,” he adds. 36
July 2022
While awareness is on the rise, the industry needs to be quicker if it is to successfully tackle malactors as they enhance their sophistication and maturity level. “In most cases, malactors or cyber criminals are effectively mimicking what would be a normal OT operator: they get inside the environment, start to learn and understand it – and, in most cases, more so than the companies themselves. So the discussion now at a boardroom level is how the industry can mitigate these risks because it is now a question of business continuity,” says Chassar.
CLAROTY
“While Industry 4.0 saw connectivity of the end-to-end processes, Industry 5.0 harnesses all these other smart devices out there to effectively drive the optimisation of factories and production between humans and machines” SIMON CHASSAR
CHIEF REVENUE OFFICER, CLAROTY
“Compliance and governance are also driving this need for organisations to take action and develop a standard framework.” Innovations in cybersecurit When it comes to innovation, Chassar is seeing clear investments being made in Claroty’s deep domain expertise area within industrial environments. “Organisations are innovating in network policy segmentation, user identity permissions, and network policy management to mitigate risks,” he says.
“I’ve also started to see more innovation in secure access, making sure that organisations have specific tools to access the physical systems' environment for every user and that can only be accessed by that user. This reduces the possibility of back door risks to the industrial environment.” Being prepared for a cyber attack “If an organisation doesn’t have a policy or project underway, then they should start one immediately,” says Chassar. He explains that it is imperative to understand where the assets are, how they communicate, and where they are most vulnerable. Once they start this process, the organisation needs to get to at least the same level of understanding as the criminals in order to manage this risk. cybermagazine.com
37
Intelligent Cybersecurity since 2012
OT/ICS, IT, CLOUD We’ve got you covered. Download eBook
Kudelski Security OT/ICS Solutions
CLAROTY
CLAROTY AND ITS PARTNERSHIPS “The next step on from this is to look at who has access to the environment and control that access. Knowing who’s connected, when, where, and to what system is critical. Then organisations should look at how to respond to and recover from potential attacks, and, finally, look at how they can detect attacks,” explains Chassar. Chassar also emphasises the importance of deploying the best technology. “With one hour of downtime having the potential to cost
“ With this greater interconnectivity of machines comes greater exposure to risk, so we have to make sure that we protect these newly formed connections”
Dedicated to building a safer society and protecting all critical infrastructures and industries, Claroty strives to build the best technologies to maintain the supply of essential products and services – healthcare, fuel, energy, food, water – by protecting them from threats as they become increasingly interconnected. “Our aim is to build the best technology and provide the best research to make everyone aware of the vulnerabilities out there and report on what the cyber criminals are up to, so our partners are critical to our delivery. We have an array of partners working with us, from advisors to system integrators, managed services and automation vendors,” says Chassar. “We have a broad range of partners that help our customers to protect themselves against the adversaries out there to create a safer society.”
SIMON CHASSAR
CHIEF REVENUE OFFICER, CLAROTY cybermagazine.com
39
“ Currently, only 30% of organisations actually understand their assets, know how they communicate, and where they are located – and even fewer, 10%, have full awareness of the risks and vulnerabilities affecting these assets and how to mitigate them” SIMON CHASSAR
CHIEF REVENUE OFFICER, CLAROTY
40
July 2022
CLAROTY
80%
of respondents experienced an attack
47%
reported an impact on their OT/industrial control system environment More than 60% paid the ransom
52%
paid more than US$500,000
90%
disclosed the incident to their shareholders or authorities
60%
are centralising both OT and IT governance under their CISO
62%
are supportive of government regulators enforcing mandatory and timely reporting of cybersecurity incidents that affect IT or OT/ICS/XIOT systems The global state of industrial cybersecurity independent survey results, 2021: Resilience amid disruption, Claroty
a manufacturer £5mn, deploying the best technology that you can helps you gain a full understanding of the risks and vulnerabilities within your environment. It can also help to identify early signs of anomalous behaviour, so that you can find out if a process is not operating as it should be before any damage is done,” says Chassar. What does the future hold? Over the next 12 to 18 months, Chassar expects to see an increase in the volume of regulations centred around critical infrastructure environments. “There are already many regulations underway in the United States, Australia, and Germany, and I believe that this will, in turn, drive the next wave of reporting compliance,” says Chassar. “I expect to see more innovation when it comes to the Extended IoT (XIOT) which will drive IT security and control vendors to partner with domain specialists – like Claroty – to deliver a much more holistic cybersecurity strategy. “Collaboration and shared knowledge will be a key trend in the future to enrich each other's understanding of a very complex environment. “I also see society placing more demand on factories to be faster and more efficient in the way they produce goods, as well as being more eco-aware by using less energy and reducing waste. With this, though, an increasing number of physical systems will become connected that will need protecting. Finally, I see a greater use of cloud technology as we see Industry 5.0 accelerate and organisations look to how they can be more interconnected with end-to-end efficiency, as well as be more energy efficient.”
cybermagazine.com
41
EVENT REVIEW
SHAPING THE
FUTURE
OF TECHNOLOGY 42
July 2022
EVENT REVIEW
Bizclik Media Group brought together industry experts and thought leaders to share their expertise at its Tech Live London event WRITTEN BY: TILLY KENYON
T
he world is becoming more interconnected than ever, with advances in technology changing the way we live. At Bizclik Media Group’s Tech Live London event, people from all walks of business had the opportunity to be a part of the conversations shaping the future of technology today. Held at the Tobacco Dock, London, on 23rd-24th June, the two-day hybrid event was held in-person and broadcast live via Brella, a fully interactive virtual platform. It incorporated four zones: Tech & AI LIVE, Cloud & 5G LIVE, Cyber LIVE and March8 LIVE, which covered a wide variety of topics ranging from security and the metaverse to women in STEM. Below is a collection of some of the highlights on each of the different stages across the event.
A Trusted Global Leader Delivering c.200MW of reliable, resilient and responsible data centres in the UK Quality
Innovation
Service
Award winning Tier III data centres providing customers with 100% uptime
VIRTUS is always striving to provide the best in cutting edge data centre technology
Our focus is on providing 100% customer satisfaction
11+ data centre locations in the UK, delivering reliable, resilient and responsible digital infrastructure
VIRTUS Data Centres 20 Balderton Street, London, W1K 6TL
+44 (0)20 7499 1300 info@virtusdcs.com www.virtusdatacentres.com
EVENT REVIEW
Tech & AI Looking at themes such as AI, Digital Ecosystems and Data & Analytics, the Tech & AI stage welcomed CTOs, CISOs and VPs of Technology from some of the most influential businesses in the world to share their insights. They explored how technology has developed, how it’s helping to solve problems, showcased the work being implemented right now and also looked at what is possible in the future. The impact of COVID-19 was a hot topic, with it having driven digital transformation and cloud adoption, while also substantially impacting
businesses with the shift to hybrid working. In one session, some of the issues raised referred to the use of technology as a substitute for human interaction and whether it could be, and would be, achieved through the current digital systems or even the use of holograms. “It’s basically about going fully virtual. Fully immersed technology that would take care of brainstorming workshops as well as every other aspect of meeting in person,” said Kreshnik Mati, Vice President Technology at Klick Health. Insights were also shared from companies including IBM, Unisys, Kainos, Sitecore, Interos, USAF, Oracle, JP Morgan, Tata, PwC and Infosys.
KRESHNIK MATI VP TECHNOLOGY, KLICK HEALTH
“It’s basically about going fully virtual” KRESHNIK MATI
VP TECHNOLOGY, KLICK HEALTH.
cybermagazine.com
45
EVENT REVIEW
FIRESIDE CHAT: DIGITAL ECOSYSTEMS ANTONY KAGOO, HEAD OF INNOVATION, COMMUNICATION, MEDIA & INFORMATION SERVICES, UK & EUROPE, TCS PAUL GRAHAM, DIRECTOR OF UK ENGINEERING, MATRIXX SCOTT BIRCH, CHIEF CONTENT OFFICER, BIZCLIK MEDIA GROUP
ARUNGALAI ANBARASU, CHIEF TECHNOLOGY & STRATEGY OFFICER, WAYGATE TECHNOLOGIES
GERAINT JOHN, VP INTEROS RESILIENCE LABS , INTEROS
AARON CELEYA, SQUADRON COMMANDER, UNITED STATES SPACE FORCE
46
July 2022
INDERPAL BHANDARI, GLOBAL CHIEF DATA OFFICER, IBM
EVENT REVIEW
AMR ELRAWI, DIRECTOR, SPORTS MARKETING AND BUSINESS DEVELOPMENT, ORACLE
PANEL DISCUSSION: THE DIGITAL WORKFORCE SHUBHI RAJNISH, GROUP HEAD OF INFORMATION & DIGITAL TECHNOLOGY, BAT SUSAN STANDIFORD, CTPMO, STEPSTONE KRESHNIK MATI, VP TECHNOLOGY, KLICK HEALTH SCOTT BIRCH, CHIEF CONTENT OFFICER, BIZCLIK MEDIA GROUP
cybermagazine.com
47
EVENT REVIEW
Cloud & 5G Leading telecommunications and data centre executives came together to discuss their strategies and the future of technology. A highlight from across the two days on the Cloud & 5G stage was the exciting talk about robot-aided forestry management. Ceren Clulow, who currently leads the Digital Connectivity Service in Nottinghamshire County Council, took to the stage where she explained all about the 5G Connected Forest. This is a world-first project, delivering 5G connectivity into a woodland area. The project investigates the role of 5G in delivering visitor attractions for all ages and protecting the sensitive forest environment through robotic environmental management and live monitoring. Aiming to transform and uplift natural spaces within the locality, they use robotic dogs that are programmed to explore the forest floor using sensors to detect terrain and its overall health, as well as identify the volume of sunlight reaching through the trees. The two dogs, Gizmo and Eric, also made a special appearance on stage – with Eric even showcasing a backflip!
ROBOT-AIDED FORESTRY MANAGEMENT. DR TAUFIQ ASYHARI, ASSOCIATE PROFESSOR IN NETWORKS & COMMUNICATIONS, BIRMINGHAM CITY UNIVERSITY MOAD IDRISSI, RESEARCH ASSOCIATE, ROBOTICS & AUTOMATION, BIRMINGHAM CITY UNIVERSITY
“We have an ambition to make Nottinghamshire a county for digital excellence and to try new technologies so that the next generation want to stay” CEREN CLULOW
DIGITAL CONNECTIVITY MANAGER, NOTTINGHAMSHIRE COUNTY COUNCIL
48
July 2022
EVENT REVIEW
NITU KAUSHAL, MANAGING DIRECTOR, INTELLIGENT EDGE, EUROPE REGION, ACCENTURE
PANEL DISCUSSION: DIVERSITY, EQUITY AND INCLUSION IN TELCO. NITU KAUSHAL, ACCENTURE CEREN CLULOW, NOTTINGHAMSHIRE COUNTY COUNCIL ALEX TUCK, BIZCLIK MEDIA GROUP
cybermagazine.com
49
PANEL DISCUSSION AMIR ABDELAZIM, JESSICA ELLIS, DIR JEREMY SPENCER, PAUL GOWANS, GLO
EVENT REVIEW
TESTIMONIALS “ It’s been great to have the opportunity to come along and meet lots of people across the 5G and cloud industry” ROBERT FRANKS MANAGING DIRECTOR, WM5G
“ It’s a great event, and I always find it good to get up on stage and speak to the audience” SIMON CHASSAR, CHIEF REVENUE OFFICER, CLAROTY
“ I really enjoyed coming here, it was a great venue and a fantastic opportunity for me to socialise” TAMMY ARCHER CISO, INCHCAPE
50
July 2022
“ It’s a great atmosphere at the event, and feels really supportive and encouraging. There’s some really cool tech too!” ELEANOR LUDLAM PARTNER AT DAC BEACHCROFT LLP
“ We’ve managed to showcase the robots’ capabilities and the research we have carried out. It’s great to see positive feedback” DR MOAD IDRISSI RESEARCH ASSOCIATE, SMART COMPUTING AND ROBOTICS, BIRMINGHAM UNIVERSITY.
N: 5G EXPERT PARTNER, DETECON INTERNATIONAL RECTOR OF APPLIED 5G, DELOITTE , MARKETING & COMMUNICATIONS DIRECTOR, BAI COMMUNICATIONS OBAL DIRECTOR 5G, VIAVI SOLUTIONS
EVENT REVIEW
TARA MCDAID, REGIONAL VICE PRESIDENT SALES, SALESFORCE
NICOLAS FORTINEAU, EXECUTIVE VICE PRESIDENT & CHIEF MARKETING OFFICER, AIRTIES
LIFE IN 2040: HOW 5G CAN HELP US GET THERE.HANNAH GRIFFITHS, SENIOR ASSOCIATE DIRECTOR, JACOBS LARA MOLONEY, HEAD OF SCOTLAND 5G CENTRE, SCOTLAND 5G CENTRE
cybermagazine.com
51
EVENT REVIEW
ELEANOR LUDLAM, PARTNER, DAC BEACHCROFT LLP
Enabling winning through the use of data A popular crowd pleaser at the event was the Oracle and Oracle Red Bull Racing F1 simulator, which attendees and speakers had the chance to experience. The 2021 race season was a huge success for Oracle Red Bull Racing. With the team achieving 23 podium finishes and Max Verstappen winning the driver’s championship, Oracle Red Bull Racing had its most successful season in recent history. “Oracle Cloud enabled us to make raceday decisions that helped Max Verstappen win the 2021 Drivers’ Championship.”
52
July 2022
Christian Horner, Oracle Red Bull Racing Team Principal and CEO Speaking on the Tech&AI stage was Amr Elrawi, Oracle’s Director, Sports Marketing and Business Development. He explained how Oracle is helping Oracle Red Bull Racing use data and technology to improve performance on the track and build an unrivalled fan experience. Elrawi also revealed how Oracle Cloud Infrastructure (OCI) is helping Oracle Red Bull Racing prepare race strategies and make realtime decisions during races to help them win.
SIMON CHASSAR, CHIEF REVENUE OFFICER, CLAROTY
TIMOTHY ROHRBAUGH, CISO, JETBLUE AIRWAYS
LESLEY KIPLING, CHIEF SECURITY ADVISOR, MICROSOFT
Cyber Recognised as a crucial element of the technology industry, cyber security is a major concern for organisations globally. Opening on the cyber stage on day one was a keynote presentation from Tammy Archer, CISO at Inchcape. Archer explained the various challenges CISOs are facing in the current changing climate. These included a rise in automated attacks and how attackers are becoming more motivated and knowledgeable. “There are going to be times when you will face quite difficult circumstances, but I would say when it does come to that, you just need to take a step back and think about how you are going to approach the problem,” Archer concluded. Another great presentation came from Simon Chassar, Chief Revenue Officer at Claroty, who gave a keynote presentation on managing cyber risk and XIoT. Chassar explained how everything in the world is now becoming connected, which in turn is creating a vast threat landscape. With more cyber attacks directed at the industrial industry, interconnected systems need to be protected, as the impact on society as a whole can be detrimental. Later on in the day, Simon Chassar was back on stage, but this time he was joined by Ian Lilleby, who is Group CISO at Sonnedix Group, and Rob Dyson, Global OT & IoT Security Services Leader at IBM. They discussed technological innovation, creating the right security policies for remote workers, and the ever-increasing volume of malware attacks. Dyson explained: “It’s an exciting time to work. We get to participate in this digital transformation, but we need to manage these vulnerabilities.” cybermagazine.com
53
EVENT REVIEW
March8 The March8 stage showcased discussions on women in STEM and what can be done to encourage future female generations into a male dominated industry. Are girls institutionally discouraged from pursuing STEM careers? Is there a cultural issue facing young women entering the industry? Or is it a combination of the two (and more)? These are some of the burning questions that were discussed. Paulina Laurie, Head of Women in Tech at Frank Group Recruitment, and Samantha Humphries, Head of Security Strategy, EMEA at Exabeam, took to the stage to discuss barriers of recruiting women in Science, technology, engineering, and mathematics (STEM). Laurie explained that barriers seem to start at a young age with stereotypes, but that it can also continue into the workforce, with people often thinking: “If I cannot see it, I cannot be it”. Towards the end of the event, Samantha Karlin gave a keynote presentation entitled ‘An Ethical Revolution in Tech’, which spoke about AI perpetuating bias and the false belief of emerging technologies being neutral and unbiased. She urged the audience to focus on being empathetic and protecting ‘feminist leadership’. Other powerful talks from inspiring women shed light on some of their personal experiences with sexism and how they overcame barriers to pursue their careers. 54
July 2022
PANEL DISCUSSION: SYSTEMIC GENDER BIAS ONLINE. EMILY COOK, MARKETING MANAGER, MARCH8 KATHERINE GORMLEY, PRINCIPAL SOLUTIONS ENGINEER, RESISTANT AI FANNIE DELAVELLE, MANAGER, BPIFRANCE ARUNGALAI ANBARASU, CHIEF TECHNOLOGY & STRATEGY OFFICER, WAYGATE TECHNOLOGIES
ALICE WILLIAMS, VICE PRESIDENT OF STRATEGY, SCHNEIDER ELECTRIC UK&I
NINA JANE PATEL, CO-FOUNDER & VP OF METAVERSE RESEARCH, KABUNI
EVENT REVIEW
“The power of the network is huge, the more people you meet, the more opportunities you find” SAMANTHA HUMPHRIES HEAD OF SECURITY STRATEGY EMEA, EXABEAM
MARA POMETTI, SENIOR AI STRATEGIST, IBM
SAMANTHA KARLIN, CEO, EMPOWER GLOBAL
Creating the technology of the future These are just a few snapshots of the insights available from across the four stages. Attendees and other viewers can catch up on all sessions from the hybrid event through the Brella platform and on Youtube in the coming week. It enables on-demand viewing and provides a method
of contact between registered attendees to allow businesses to collaborate further. TECH LIVE LONDON was brought to you by BizClik MediaGroup, in association with Claroty, Salesforce, Kainos, Oracle, Virtus Data Centres, CloudFactory, NorwegianDatacenter, umlaut, Africa DataCentres, and more great partners. cybermagazine.com
55
VODAFONE BUSINESS ENABLES SECURE GROW TH IN DIGIT ADOPTION AD FEATURE WRITTEN BY: TOM SWALLOW
PRODUCED BY: GLEN WHITE 56
July 2022
VODAFONE BUSINESS
TAL
cybermagazine.com
57
VODAFONE BUSINESS
Head of cyber security at Vodafone Business, Andrzej Kawalec gives a comprehensive view of cyber security and the demand from customers to simplify solutions
A
cross all forms of digital technology, the threat landscape is increasing, exacerbated by unprecedented global events that have shifted the way we consume digital tech and telecommunications. The COVID pandemic poses as an example of the dependency that individuals and businesses have developed on connectivity, as it saw many corporations shift to a work-from-home operating model and distanced technical capabilities had to adjust to meet the growing number of decentralised teams across the globe. While telecommunications has been around in one form or another for centuries, it takes a major shift in operations to understand just how critical connectivity is and, equally important, how vulnerable it can be. To sustain a business in the digital world requires the correct expertise to get teams online, but also the ability to protect them from the vulnerabilities that come from extended digital ecosystems. This is where Vodafone Business’ role begins: with a recognition that digital adoption – particularly among small businesses – left a void that could easily be filled with cyber threats and ransomware attempts. In comes the cybersecurity team at Vodafone Business, led by Andrzej Kawalec, Head of Cybersecurity, and responsible for the telecom giant’s cybersecurity portfolio, helping companies minimise exposure to threats. 58
July 2022
Example of an image caption cybermagazine.com
59
VODAFONE BUSINESS
Vodafone Business enables secure growth in digital adoption
Securing businesses for the day-to-day Kawalec cites the global pandemic as a “microcosm of a rapid adoption of technology”, which, as one of the major catalysts of the industry, is a big challenge that Vodafone Business has been faced with over the past few years when it comes to cyber threat defence. Putting this into perspective, Kawalec gives an overview of the shift and explains how digital solutions have become embedded in most aspects of business. “The principal way of doing most things was analogue or physical, and we actually shifted to the primary way of doing most 60
July 2022
“ We're going to see greater focus, not just on large single targets, but across many small organisations” ANDRZEJ KAWALEC
HEAD OF CYBER SECURITY, VODAFONE BUSINESS
VODAFONE BUSINESS
ANDRZEJ KAWALEC TITLE: HEAD OF CYBERSECURITY
things in our day-to-day lives, digitally,” says Kawalec. “Whether that was telemedicine, whether that was online, home education, hybrid working or transacting and banking, the delivery of food and groceries – the access has shifted towards digital as the primary mechanism, and then hybrid and physical secondarily.” As digital transformation takes place at such a rate, what Vodafone Business saw was an increased level of concern around trust and privacy. This was particularly evident among small-to-medium enterprises (SMEs), which
EXECUTIVE BIO
LOCATION: UNITED KINGDOM Andrzej Kawalec is the Head of Security Portfolio at Vodafone Business. Andrzej manages Vodafone Business’ global portfolio of security offerings. An inspirational and creative leader in the use of advanced information technology, Andrzej is constantly working to refine the balance between securing and enabling information assets. Andrzej is widely recognised for his expertise in cyber security and digital change. A former CTO himself, he has a vast amount of experience working at the board-level across public and private sectors, helping to define and promote cyber security strategy. He believes that Security is the enabling layer for innovation. From autonomous driving to digital healthcare, the technologies and societies of the future will not reach their full potential without secure digital foundations.
lacked sufficient capabilities to ward off cyber attacks. Addressing these two ‘waves’ of change, he completes the trio of digital trends by discussing the regulatory shift that took place during COVID-19 as a reaction from governments and industry bodies to the increased level of digital adoption and threats. Ultimately, as explained by Kawalec, “those cybermagazine.com
61
VODAFONE BUSINESS
“ We're really proud because it allows you to understand and detect what's happening across your organisation” ANDRZEJ KAWALEC
HEAD OF CYBER SECURITY, VODAFONE BUSINESS
62
July 2022
VODAFONE BUSINESS
three things are crashing onto organisations of all sizes”, creating significant stress and strain on businesses. Simplifying security is at the heart of Vodafone Business One of the key messages emphasised when talking to Kawalec surrounds Vodafone Business’ overarching goal of simplifying cybersecurity for both individuals and businesses. The firm currently serves a global network of 300 million people with connectivity they interact with in their everyday lives, putting Vodafone in a widespread position of trust from its global clientele. Of its customer base, it serves over 6 million businesses globally, ranging from SMEs to large corporations – but the message of trust remains the same. “We look across, not just the underlying connection of organisations and people, but at how they use technology, be that as an employee or a consumer, how they use cloud and advanced analytics,” Kawalec explains. “One of the big areas we're really focused on is extending into some really exciting new areas of technology, including how we work at the edge of our networks and deliver cloud computing to companies of all sizes. Also, how we roll out and help people understand and use the internet of things.” To support its global network, Vodafone Business develops exciting new initiatives to minimise the threat level for all organisations, which was a particularly crucial function during the pandemic. One of the more immediate projects to be put in place as a response to rising digital adoption is the V-Hub. Specifically developed for SMEs, the V-Hub acts as a knowledge centre for digital adoption and advises leaders on making the right choices in their transition, as well as securing their digital ecosystems. cybermagazine.com
63
VODAFONE BUSINESS
However, in the grand scheme of things, this is a step in the right direction as the firm undergoes prolonged work to help firms understand their cybersecurity much better. “We’re right in the middle of rolling out a security risk rating, helping all of our customers understand how they can better protect the things that matter most.” Mitigating risks is one area in which Vodafone Business has gained the trust of its clients, but another critical area that the company is proud of is its detection and response capability, formed as a response to the extent of damage that businesses can suffer from in the event of a cyber breach. According to Kawalec, the ability to detect cyber attacks can reduce recovery times from what would usually be 21 days. “It’s something we're really proud of, because it allows you to understand and detect what's happening across your organisation and all of the micro moments; interactions; connections; data that's sent; the services you use; and managing and detecting the behaviour of those things,” says Kawalec. “When something happens that is out of the normal bounds of behaviour, it could be a great indicator of a cyber attack. That's the moment that you need to put in place a response.” “We've put in place a series of detection and response capabilities for our customers, allowing them to bring that time right down and reduce the damage or the impact of an attack.” Supply chains and industry demand cybersecurity One of the critical areas for cybersecurity highlighted by Kawalec is the supply chain industry, which also echoes similar messages across other industrialised sectors. 64
July 2022
VODAFONE BUSINESS
Vodafone serves over
300mn
customers across the globe, including over
6mn
business customers
“Security is a global game. You really need to understand the global geopolitical trends and be able to track cyber criminal gangs and operations and how they've industrialised their activities across borders and different technology types.” While global insights are necessary for organisations, in terms of securing their operations – particularly in the realm of supply chains – they must also champion solutions that provide pinpoint accuracy in the event of a cyber attack. This narrows down the entry point of an organisation and remedial work can begin much faster. “How does this trade off in the supply chain? Well, understanding and knowing all of the organisations that you as an individual company work with, being able to track and understand their risks, and to highlight and understand trends across those suppliers – these are things that you can only get with that global scale oversight.” The company’s risk rating product provides organisations with that capability and allows them to visualise their primary risks and the vulnerabilities that are presented through working with other organisations. With the implementation of the internet of things (IoT) into industrial settings, such as manufacturing and utilities, the key to achieving this successfully is to, again, look at the number of entry points and apply logic similar to that of the supply chain. “Industrialisation has lowered the price point for cyber criminals to attack and allowed them to prosecute attacks at a much greater scale. They're able to then directly monetise both the extortion of the data that’s released and secondary sale on the black market or the deep web,” explains Kawalec. cybermagazine.com
65
VODAFONE BUSINESS
Bringing together best-in-class solutions In order to maintain its global network, Vodafone Business works with best-in-class solution providers to ensure the best possible outcomes for organisations. Citing work with the leading information technology company Accenture, Kawalec expands upon the nature of their contributions. “Big, global, exciting new partners. Our job is always to integrate those solutions, delivering them and translating them to our customers,” he says. This is what sets the Vodafone Business service apart: offering a range of solutions 66
July 2022
that support customers at their most vulnerable and distressed. By leveraging a strategic partnership network, the strain on users worldwide is eased. As the attack surface increases and businesses, both large and small, adopt more sophisticated systems for their day-to-day operations, the battle against cyber crime continues, albeit with an increased number of criminals focusing on ways to access data much easier and at a lower cost to them. The remedial work carried out by cybersecurity teams is paramount to ensure that digital ecosystems are secure
or as intelligent as possible to manage the abundance of threats to which companies are exposed. As businesses hand out digital devices to their employees, Kawalec believes this will facilitate a shift in the way cyber criminals target them, finding their entry points on the edge instead of conventional infiltration methods. “We're going to see greater focus, not just on large single targets, but across many small organisations as the price per attack decreases. We're also going to see a greater focus on the user. This is where emerging trends like ‘zero trust’ really come to the fore,” Kawalec says.
To expand business globally and securely, organisations must look at their threat landscape, as well as their detection capabilities and strategies for minimising the damage inflicted by impending cyber threats. Luckily, Vodafone Business’ Head of Cybersecurity is on hand to help, believing that simplifying cybersecurity for its customers is the key focus for success.
cybermagazine.com
67
Enterprise-wide cyb in the ag
Now that more companies are tweaking platforms to allow for multicloud functionality, we take a look at the benefits, risks and cybersecurity implications WRITTEN BY: JESS GIBSON
68
July 2022
bersecurity ge of the multicloud NETWORKS
I
f you’re anything like me, you’re likely to have been told that you spend too much time with your head in the clouds at least once or twice in your lifetime. Back when I was younger, this was most definitely considered ‘a bad trait’ – a sign that too much time was wasted on daydreaming and not enough spent on productive pursuits. Lucky, then, that the evolution of technology over the past couple of decades has expanded the definition of clouds to include distributed computing. Nowadays, it’s not necessarily a bad thing to have your head in the clouds; in fact, most organisations and enterprises have their ‘heads’ in this digital sphere pretty permanently – we are officially in the age of ubiquitous cloud computing.
It all began in the mid-90s (although the concept can be traced back to the 1950s), with the creation of just one singular virtual cloud. Then came the wave of cloud platforms, each one connected to bespoke architecture provided by different leaders in the tech space – big hitters such as Google, Microsoft and Amazon were the first to dip their proverbial toes in exploring cloud solutions. Over the past decade, most companies with their finger on the pulse have invested in cloud capabilities, leading to a range of public, private and hybrid clouds – and the newest emergent: multicloud. But what is multicloud? And why is it so important for businesses? cybermagazine.com
69
A Trusted Global Leader Delivering c.200MW of reliable, resilient and responsible data centres in the UK Quality
Innovation
Service
Award winning Tier III data centres providing customers with 100% uptime
VIRTUS is always striving to provide the best in cutting edge data centre technology
Our focus is on providing 100% customer satisfaction
11+ data centre locations in the UK, delivering reliable, resilient and responsible digital infrastructure
VIRTUS Data Centres 20 Balderton Street, London, W1K 6TL
+44 (0)20 7499 1300 info@virtusdcs.com www.virtusdatacentres.com
NETWORKS
“ Over 70% of enterprises now use three or more clouds” TUSHAR TAMBAY
VICE PRESIDENT OF PRODUCT DEVELOPMENT, ENTRUST
Increased complexity requires consistency and cross-platform capabilities With the capabilities of cloud computing infiltrating almost every aspect of our lives, it was inevitable that the world would witness new cloud platforms popping up all over the place. This has generated increased data distribution, leading to complexity as customers across both public and private spheres demand seamless integration between individual cloud platforms. And thus came the birth of multicloud.
It’s a cloud computing solution that allows portability across multiple providers’ infrastructures. Multicloud solutions are primarily built on an open-source, cloud-native technology called Kubernetes – supported by all public cloud providers – which helps to manage workloads across multiple clouds with a central console. Generally, multicloud provides organisations with the flexibility to optimise performance, utilise the best tech available, and control associated costs. Perhaps the simplest example of multicloud would be SaaS integration via different vendors. In enterprise terms, however, multicloud refers to running applications at PaaS or IaaS organisations via multiple cloud providers, such as Amazon Web Services, IBM, and Google, to name a few – which is gaining in popularity. cybermagazine.com
71
“Over 70% of enterprises now use three or more clouds,” says Tushar Tambay, Vice President of Product Development at Entrust. A multicloud solution – what are the benefits? Dell Technologies recently announced that it had jumped on board the multicloud train, enabling application and data consistency with its APEX Multi-Cloud Data Services, while also extending DevOps support through new offers and resources designed to aid consumers in choosing the right cloud environment. “Today’s multicloud reality is complex as data becomes more distributed across on-premises and colocation data 72
July 2022
“ Today’s multicloud reality is complex as data becomes more distributed across on-premises and colocation data centres, multiple public clouds and edge environments" JEFF BOUDREAU
PRESIDENT, INFRASTRUCTURE SOLUTIONS GROUP, DELL TECHNOLOGIES
NETWORKS
centres, multiple public clouds and edge environments," says Jeff Boudreau, President of the Infrastructure Solutions Group at Dell Technologies. “We have the industry’s broadest technology portfolio, consistent tools, experience building open ecosystems and leading data storage capabilities, services, and supply chains. All this uniquely positions Dell to help customers take control of their multicloud strategy.” An overarching benefit of embracing multicloud is the freedom and flexibility it offers consumers, in that it prevents vendor lock-in and instead expands their options. Customers and businesses can identify the best prices, performance and security standards, and compute requirements, mixing-and-matching according to their
individual needs and putting the control in their hands. Another benefit is the way in which using multiple clouds enables the adoption of best-in-class tech from any vendor, helping organisations stay ahead of the curve and separate themselves from contemporaries, whilst expanding the pool of possibility. For many organisations, one of the biggest disruptors when limited to just one vendor’s cloud infrastructure is the potential for outages and unplanned downtime. Separate cloud infrastructure not only limits the potential for a range of services to be impacted at the same time, but also reduces exposure to licensing, security, and compatibility issues arising from ‘shadow IT’. cybermagazine.com
73
NETWORKS
What are some of the pitfalls of multicloud? Where there are positives, you can usually find negatives – and multicloud solutions are not exempt from this. While there are a number of benefits that businesses and individuals can take advantage of, central management is absolutely key; without it, chaos ensues. “The volume of enterprises using different clouds often creates an unwieldy, de facto multi-cloud environment. As organisations migrate more operations to the cloud and use containers and Kubernetes, managing these to ensure consistent security and compliance is becoming increasingly challenging,” says Entrust’s Tambay. The core issue with multicloud strategies is that the infrastructure forming different vendors’ cloud platforms is often inconsistent in terms of standards, functionality and compliance – teams may, for example, work in silos, different platforms may vary in speed when responding to queries and problems, or there may be a lack of consistent, efficient tools, exposing security gaps while increasing costs. And, with an ever-changing app landscape, such cloud platforms must be designed to support the growing complexity of both existing and new application architectures – currently, only 21% of IT leaders feel fully confident that their current infrastructure can support such growth. This growth means that security compliance will be even harder to maintain, as it needs to be factored into every decision and functionality change made, potentially increasing the attack surface and exposing holes. Multicloud – the next generation Multicloud technology has both pros and cons, but, with a study conducted by Forrester Consulting suggesting that 83% of organisations have already adopted a 74
July 2022
NETWORKS
“ That’s what an intelligent multicloud solution offers: secure integration of multiple networks to provide flexible bandwidth for today’s critical cloud applications” DAN DAVIES
CHIEF TECHNOLOGY OFFICER, MAINTEL
multicloud approach or plan, getting a handle on some of the core concerns now is crucial to averting major disasters in future. According to Dan Davies, Chief Technology Officer at Maintel, evolved cloud strategies post-COVID are essential for business innovation and growth, which means that companies need to get to grips with security measures “to protect critical information” and “secure cloud applications”. “That’s what an intelligent multicloud solution offers: secure integration of multiple networks to provide flexible bandwidth for today’s critical cloud applications. Such an approach means that a diverse range of devices and locations can seamlessly and securely connect to cloud applications on-demand, easing the complexity burden on CISOs, and increasing security with standardised policies across users, devices and networks,” Davies explains. Multicloud is the next generation of cloud capability. It can offer considerable flexibility, cost savings, and the agility to innovate, but first, companies must build an intelligent networking strategy that refuses to compromise on security, experience, or cost. The increasing importance of networking in the digital strategies of different companies means that now is the time for organisations to jump in, feet first, and realise the benefits. cybermagazine.com
75
SECURING A FAMILY-OWNED BUSINESS WITH ST LOUIS’S FIRST BANK WRITTEN BY: ALEX TUCK PRODUCED BY: GLEN WHITE
76
July 2022
cybermagazine.com
77
FIRST BANK
Marc Ashworth, SVP & CISO at First Bank, discusses his role as a leader at the family-run business First Bank, who are helping local businesses thrive
A
t First Bank, the vision is clear: for now and well into the future, they’re looking ahead to identify every available avenue to help nourish and support family-owned and privately held businesses, regardless of their size or tenure. As a proud, family-owned business with a 100-year-plus history, First Bank specialises in privately held and family-owned businesses, in addition to offering extensive personal and wealth services – so there’s an innate willingness to go the extra mile and partner in their customer’s long-term success. As a fitting example of this, First Bank launched the Center for Family-Owned Businesses to offer tailored resources to serve the unique needs of family business members. The Dierberg family, along with First Bank’s Chairman and Chief Executive Officer Shelley Seifert, remain committed to establishing it as the bank of choice for families and family-owned businesses, now and well into the future, through continued growth and innovation. Part of this service, and perhaps one of the most crucial parts for any business in today’s marketplace, is security – whether physical or virtual. Marc Ashworth is the Senior Vice President & Chief Information Security Officer for First Bank. Under his management remit are four teams: the Networking Support Team; the Information Security 78
July 2022
Example of
Beverly Hillscaption Branch an image cybermagazine.com
79
FIRST BANK
Title of the video
“ We refer to our team of colleagues as being family, so it's woven into all that we do” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
Group; Fraud Team; and Physical Security. With the bank now for four and a half years, he has accumulated over 30 years in the industry. Heritage drives culture at First Bank First Bank, as Ashworth explains, more than understands how best to cater to the needs of other family-owned businesses, as well as their family employees. “The family focus applies to more than just our clients. We refer to our team of 80
July 2022
colleagues as being family, so it's woven into all that we do. And you really feel it when you talk to the owners, as they're really supportive of what you do. It's a lot different when you're with a family-owned business versus just a corporation, in my opinion,” he added. First Bank is uniquely positioned to understand the needs and challenges of other family-owned and privately held companies, due to four generations of reliable ownership that offer the ability and experience needed to help businesses plan for the long term and ultimately thrive in today's environment. The bank offers consistent and high-quality experiences for their clients that cover a range of topics especially geared to family businesses. Ashworth adds: “Whether it's succession planning, tax strategy, family, trust issues, estate planning, and more, we have the experience and expertise to support the family-owned businesses with any banking
FIRST BANK
need. We help family businesses thrive across generations and in ways that go beyond traditional banking products.”
MARC ASHWORTH TITLE: S VP, CHIEF INFORMATION SECURITY OFFICER
Issues in cybersecurity for smalland medium-sized enterprises Ransomware has been a big topic for most businesses in recent times, because of the potential destructiveness. According to Ashworth, even when companies have tried to pay the ransom, they may only get a limited amount back, and this exacerbates the need to build an infrastructure around that major threat, so that you can recover and be protected. “Ransomware in a lot of cases is a symptom of an overall breach, because there's lateral movement going on. So, for me, I'm concerned about lateral movement. We protect against that and stop it or mitigate it as much as possible.”
INDUSTRY: FINANCE LOCATION: GREATER ST. LOUIS, USA Marc Ashworth, Chief Information Security Officer at First Bank, is an esteemed security professional with over 30 years of experience in cyber security, fraud, IT/security, business strategy, project management, author, and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Co-Founder of the State of Cyber Annual Security Conference, and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department, Corporate Security, and the Network Services Department.
Client Story Bob Brinkman, Brinkman Constructors
1906 Year founded
Our Vision "To help family-owned businesses, their families and employees thrive through the generations." be with First Bank."
EXECUTIVE BIO
"It's just been a wonderful relationship. They're easy to deal with and they're a family-ownded buisness; they're not a large bank corporaton like some of these people that we've done business with. But it's been a great ride. We'll always be with First Bank."
Segmentation has never been this rewarding Stop ransomware in its tracks. Boost security performance with Akamai Guardicore Segmentation.
Learn more
Akamai prioritises the future demands of cyber customers Steve Winterfeld of Akamai discusses the company’s university-based founding and how it merged into a leading multibillion-dollar cybersecurity firm Akamai was founded following a competition at the Massachusetts Institute of Technology (MIT), entered by its co-Founder and CEO Frank Thomson Leighton—Dr Tom Leighton. Since that time, the organisation has expanded massively, and in the words of Steve Winterfeld, Advisory CISO at Akamai, the company “continues to solve hard problems.” The cybersecurity company plays a critical role for corporations as it focuses on the future, to determine whether threat motivation will change and how to best combat ransomware attacks, state-sponsored DDoS attacks, and ransomware that could turn into wiperware. “Those are real concerns, and we’re keeping an eye out for those. And so we have probably 15 security capabilities backed up by services, responding to customers’ needs and rapidly growing on the edge compute and cloud side.” “We started out with a web application, or as it is more commonly called now, web application and API protection, and expanded into protecting the infrastructure against DDoS to include the DNS infrastructure and recently added internal infrastructure protection and visibility through micro-segmentation,” explains Winterfeld.
Responding to the cybersecurity needs of the customer As an established cybersecurity organisation, Akamai can now focus on what customers need. Winterfeld explains that, in response to its clients’ feedback, the company has been acquiring the necessary assets and tools to fulfil those needs with the recent purchase of Guardicore. Guardicore’s leading microsegmentation products will be added to Akamai’s comprehensive portfolio of Zero Trust solutions to protect enterprises from damage caused by breaches like ransomware, while safeguarding the critical assets at the core of the network. “We bought Linode, which is a cloud provider. And so now we have an integrated platform to build and perform on as well as secure.” A prime example of Akamai’s ability to meet customer demands, particularly in high-risk environments, is its partnership with First Bank, which is “very concerned about its real-time visibility into its network. We’re partnering with them on a software-based microsegmentation, where they’re able to see those data flows and create segments.”
Lateral movement is when an attacker or software can bounce from one machine to another within the network. Bouncing between servers and PCs can mean multiple places to install software that can then trigger at any time. Attackers can quickly move through a vulnerability – such as an admin area like a password – so Ashworth insists that you want to get them to where they can't go anywhere else, causing them to finally give up and go somewhere else. “You don't have to be the fastest person running from the bear, you just have to be 84
July 2022
faster than the last guy,” jokes Ashworth. “One of the main ways that they get in is via phishing. We concentrate on stopping that number one attack vector, as it is crucial for any bank, enterprise, or small company. “I think with the current international tensions, we’ve seen a move towards pseudo ransomware where there's not a ransom. It's more of just a destructive nature, such as wiper wear, where it basically either wipes the drives or encrypts the data with no way of recovery. Our team is always on high alert because of what's happening and the warnings by
FIRST BANK
ITM (Interactive Teller Machine)
the federal government. Any CISO needs to worry about this tension; they need to be thinking globally,” says Ashworth.
Clayton Branch
The importance of patch management Patch management and vulnerability management often go hand-in-hand, and it requires watching on a weekly basis, with the security teams providing oversight and guidance to the patching teams. “For those out patching the systems and the applications, it’s all about keeping the numbers down as low as possible. Sometimes, it is one step forward and three back -it's a never-ending problem and you have to really measure which vulnerabilities and patches you’re working on. Sometimes applications are more difficult to patch, so it's a longer process, or maybe the vendor doesn't support it yet. You have to be very proactive to keep these things going, watching those numbers and
“ We help family businesses thrive across generations and in ways that go beyond traditional banking products” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
cybermagazine.com
85
FIRST BANK
making sure you're at acceptable levels, especially on higher risk ones,” said Ashworth. Training to protect users on the front line of the cyber threat First Bank has several annual training programmes that they offer, from a compliance standpoint. They also conduct monthly targeted phishing campaigns that function as training exercises to keep people informed, alongside training materials, so that if people do fail, there’s refreshers from time-to-time, as well as a weekly newsletter with tips and updates on current events in the cyber world, such as recent breaches. “It's a learning experience for them and customised so they can share those tips with their families and friends, too.
“We get a lot of great feedback from the employees on these from around the building. That feedback is really valuable, and we encourage involvement with other teams and projects in order to keep the bank safe,” said Ashworth. For customers, too, there are periodic webinars that are also recorded and put up online, providing a bank of useful tips and cyber advice to protect from various fraudulent scams. “We post these tips out on our social media feeds and update that on the website, too. We keep our customers and others in our network updated. I'm pretty vocal on LinkedIn as well as Facebook. It's a group thing. It's not just up to the security team to have to worry about this. We all have to worry about it,” he said.
Community comes first at First Bank
86
July 2022
Kansas Branch
“ We are here for our customers to help them succeed and to help their employees succeed” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
cybermagazine.com
87
Bogey Branch ITM (Interactive Teller Machine)
Relentless risk management and learning to switch off Based out of the St. Louis area in Missouri, the bank now has a presence in six states, specifically in California, Kansas and Illinois, too. With this kind of customer reach, one of the biggest aspects of Ashworth’s job is the risk-management side of things. At times, the volume of risks out there can be overwhelming, but the CISO has ways to handle this. “It's a constant flow of issues and threats, and it never stops, so it does get overwhelming. I think that's in part why 88
July 2022
CISOs have high turnovers,” said Ashworth. He refers to the latest statistics on this matter, which suggest an average 20-month tenure for a CISO. “I mean, I've been CISO here for four and a half years. I’m able to sometimes stop listening to my podcast for updates and reading articles. I live in nature, so working from home has helped as I can go for a walk or something.” “What you have to do is constantly monitor. And the pressure to protect your customers, your company and your employees – it's a lot! It is fun, though, as it changes daily. So, because of that, you really have to be willing to adapt and be open to constantly learning,” he said. “The overall security community is very tight knit, and they're willing to share and talk about their experiences in a sharing infrastructure. If we can get the government to do that more in terms of mutual data sharing, that would be great, and I think we’ll get there. It's really a lot of fun and I hope more people jump into cyber,” said Ashworth.
“ Our team is always on high alert” MARC ASHWORTH
SVP, CHIEF INFORMATION SECURITY OFFICER, FIRST BANK
FIRST BANK
Partnerships help handle new challenges First Bank has won recognition by Juniper Networks for the lean processes that they've done, because of how they've automated many things within their core environments. Silver Peak, which is now owned by Aruba, a global leader in wired, wireless, and SD-WAN solutions that use AI to automate and secure the network from edge-to-cloud, has been instrumental. “Even Aruba has come back afterwards and recognised what we've done, creating use cases for us and featuring the bank in their catalogue. Last year, First Bank partnered with Akamai to assist the bank in achieving strategic security initiatives: “Akamai is another great partner for us and they provide a solid suite of security and networking offerings. I’m really excited about this partnership and where we are going with it,” said Ashworth. “There’s also great local partners out of St. Louis like Network Technology Partners
(NTP), a great vendor that provides lots of different solutions. A good reseller and they work with us really well. They listen whenever you have a problem and can bring in a solution for you,” said Ashworth. With their customers having faced significant challenges during the pandemic, First Bank pride themselves on building strong personal relationships. With programmes like PPP, they helped many existing customers to get business funding, as well as non-customers who were having difficulties with their current banking partners. This involved lots of video calls in particular, with physical meetings not possible at the time, but that didn’t prevent First Bank staying focused and dedicated – as Ashworth explains: “We are here for our customers to help them succeed and to help their employees succeed.”
cybermagazine.com
89
THE ONQOGNQ THREAT OF RANSOMWARE GN BUSGNESS
90
July 2022
TECHNOLOGY
AS RANSOMWARE THREATS PERSIST, IT IS NOW MORE IMPORTANT THAN EVER FOR COMPANIES TO SECURE THEIR APPLICATIONS AND BOLSTER THEIR SECURITY DEFENCES WRITTEN BY: CATHERINE GRAY
H
aving the correct cyber defences is imperative for businesses, now more than ever, as cyber criminals become more sophisticated and their attacks more complex. Organisations fall victim to ransomware attacks every 11 seconds and these types of attacks have significant ramifications. Ransomware is one of the many negative outcomes that occur from poor app security, so, to protect businesses from such attacks, cyber security professionals should implement strong app security programmes and instil best practices company-wide. This type of cyber attack is malware designed to deny a user or organisation access to files on their computer. To gain access to these files, criminals often request a ransom payment for the decryption key. Frustratingly, criminals often tend to place organisations in such a position that paying the ransom is the easiest and cheapest way to regain access to their files. “We’ve seen a cybercrime shift from covert shadow groups into these cybercrime cartels, now providing ransomware-as-aservice and executing multistage campaigns. Yet, the industry’s focus is now turning to an alarming trend requiring urgent attention,” said Tom Kellermann, Head of Cybersecurity Strategy at VMware. cybermagazine.com
91
Unlock Your Data for AI and Automation Accelerate your AI/ML and automation initiatives and optimize business operations with CloudFactory’s scalable human-in-the-loop workforce. Natural Language Processing Data Labeling and Cleansing CV Image Annotation Data and Document Processing Machine Learning
LEARN MORE
TECHNOLOGY
“ WE MAY ONLY BE AT THE START OF A MODERN NIGHTMARE!” KEVIN CURRAN
IEEE SENIOR MEMBER AND PROFESSOR OF CYBERSECURITY, ULSTER UNIVERSITY
Wannacry ransomware attack Five years ago, the notorious WannaCry ransomware attack became one of the first examples of a worldwide cyber attack, ultimately establishing ransomware as a major cyber threat vector. Leaving a distinct mark in the technology world, the attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of US dollars.
Commenting on this attack, Kevin Curran, IEEE Senior Member and Professor of Cybersecurity at Ulster University, says: “Consider the more recent attack back in May 2021 on the Colonial pipeline in the USA, which runs from Houston, Texas to New Jersey and controls 50% of the fuel supply in North America. It revealed the damage ransomware can pose to vital national infrastructure and public services, which seem to be the main target at present as it causes the most disruption. We may only be at the start of a modern nightmare!” Also reflecting on the cyber security space since this attack, Michael Smith, CTO, Neustar Security Services, notes: “Newer strains have emerged and, whilst organisations may have learned from their initial failures, ransomware continues to be cybermagazine.com
93
TECHNOLOGY
“ WE’VE SEEN A CYBERCRIME SHIFT FROM COVERT SHADOW GROUPS INTO THESE CYBERCRIME CARTELS, NOW PROVIDING RANSOMWARE-AS-A-SERVICE AND EXECUTING MULTISTAGE CAMPAIGNS” TOM KELLERMANN
HEAD OF CYBERSECURITY STRATEGY, VMWARE
one of the dominant forms across the threat landscape. The criminals running these campaigns are in it for the money and were initially drawn to ransomware because the payoff was so quick.” Undoubtedly, though, the landscape has shifted significantly since WannaCry – as Curran explains: “Threat actors have gone to a great effort to remain under the radar of leading antivirus (AV) solutions. Once a network has been compromised, they further penetrate the connected internal network using exploits and automatic USB infection to encrypt files, in addition to sending them outwards. A key threat of this malware is its ability to evade detection – and it goes to great lengths to do so effectively.” He adds: “Some have adopted a 'radio silence' technique, through a sophisticated monitoring of system processes, where malware knows when to stay silent or lie dormant; 'stealth mode' techniques have been adopted by malware to evade detection. Techniques include frequently checking AV results to change versions and builds on all infected servers when any trace of detection appears, in addition to monitoring memory consumption to prevent common server administration utilities from detecting the ransomware processes.” 94
July 2022
IBM SECURITY According to IBM Security, the average cost of data breaches is nearing US$4.24mn.
TECHNOLOGY
Learning and adapting following the WannaCry attack Now, organisations must continue to protect themselves from such attacks, particularly as cyber criminals increasingly look to target large numbers of employees through a series of attacks using tailored techniques or dynamic websites to outsmart IT teams and bypass security systems. This, notes Curran, “has an alarmingly high success rate and can be very hard to detect, especially given the rise in hybrid working – which has introduced more devices than ever to companies’ networks”. “Most organisations will have built policies and procedures that protect individuals and the organisation’s infrastructure, but it is unlikely that they have this level of contingency plan in place – meaning the all new, work-from-home culture is still being tried and tested.” Smith also warns about the impact ransomware could have, with threats of a Distributed Denial of Service (DDoS) attack used as a triple extortion or to contact the organisation's customers as a quadruple extortion. He explains: “With previous ransomware, the impact was downtime or unavailable data. With double, triple and even quadruple-extortion, organisations are being pushed from corrective controls centred on asset and data availability, such as backup and recovery, to detective and preventive controls focused on integrity and confidentiality. We are essentially being forced to adapt again and again to attacker behaviour – the threat landscape requires constant evolution.” To move forward and ensure organisations are well protected, IT departments must be able to maintain proficient security protocols or policies for years to come. To ensure this is done well, IT security staff should be increased with sufficient training. cybermagazine.com
95
TECHNOLOGY
“It does not help that the salaries on offer are relatively low when compared to the wider industry. Cybersecurity is not an area that can afford to be cut back on in this increasingly digital world, especially when it comes to something as important as medical records or legal history with our personal information,” says Cullen. Concluding, Smith notes: “Ransomware attacks have grown in such significance that the question is no longer if an organisation will be targeted, but when. Leaders must recognise by now the importance of educating all employees on basic security
96
July 2022
– not just leaving it to dedicated-security staff – especially given how many major breaches stem from ignorance not malice. For their own protection, companies must assume that, with insider threats, as with any security risk, compromise is a matter of when and not if. “Moving forward, leaders should start by implementing a multi-layered security approach. This includes having a thorough, planned approach to software patch updates and fixes, carrying out frequent vulnerability and penetration testing, as well as ensuring regular updates to data
TECHNOLOGY
“ RANSOMWARE ATTACKS HAVE GROWN IN SUCH SIGNIFICANCE THAT THE QUESTION IS NO LONGER IF AN ORGANISATION WILL BE TARGETED, BUT WHEN” MICHAEL SMITH
CTO, NEUSTAR SECURITY SERVICES
backup systems are made. Once these basics are in place, enterprises should also implement reliable distributed denial of service (DDoS) network protection, along with phishing prevention.” Vmware’s Kellerman concludes by adding: “In our research, 81% of businesses now have an active threat hunting programme to prepare for breaches not yet uncovered. Despite this, there’s more to be done. Organisations must prioritise investment in securing cloud workloads at every point in the security lifecycle to shield against future ransomware attacks.”
TOM KELLERMANN, HEAD OF CYBERSECURITY STRATEGY AT VMWARE “Our 2021 Global Security Insights Report found that attackers aren’t stopping once they’ve held a firm to ransom. Nearly 40% of surveyed security leaders agreed that double-extortion ransomware was the most observed new ransomware attack technique. Bad actors are now returning to the scene of the crime to exfiltrate sensitive information and use it for blackmail or selling information on the dark web. With additional extortion methods available, we could even expect triple and quadruple extortion attacks to increase.”
cybermagazine.com
97
GTCC
WRITTEN BY: ILKHAN OZSEVIM PRODUCED BY: TOM VENTURO
Seeking viable avenues to improve educational access 98
July 2022
cybermagazine.com
99
GTCC
As an AVP at GTCC, Ron Horn has an impressive approach to using tech to solve issues as diverse as education, social mobility, family and mental health
G
uilford Technical Community College (GTCC) is one of the largest community colleges in the US state of North Carolina, typically ranking fourth for the largest community college in the state, with nearly 27,000 registered students annually. “We've been around since the late ‘50s,” says Horn. “There are five campuses here in Guilford County, which is part of what they call 'the triad' region. Our programmes include many traditional education opportunities, like associates and transfer degrees. But we also offer many skilled trade options, like advanced manufacturing, CDL or truck-driving training, welding, automotive, healthcare and also, quite uniquely, we have aviation, with a large aviation programme that's still growing.” Community colleges are generally recognised for providing what’s known as ‘workforce education’, however, since the ‘T’ in ‘GTCC’ stands for ‘technical’ – and thanks to Ron Horn – many developments are taking place in terms of the types of courses that are now being offered. “I currently oversee about 30 permanent employees in the areas of infrastructure, security, networking, telephony service, delivery, application support and project management.” Innovative courses at GTCC “I have taken advantage of the opportunity to be able to contribute from a very non-
100
July 2022
Ron Horn CIO and Associate Vice President for IT
Example of an image caption cybermagazine.com
101
GTCC
GTCC: seeking viable avenues to improve educational access
traditional CIO perspective, bringing outstanding programmes to the school – like 3D printing, autonomous vehicles, blockchain and micro-credentials or microcertifications, Amazon web services (AWS) – and I have been partnering with agencies that are geared much more towards the community college environment.” This innovative development also acts as a bridge between the ‘community’ and ‘technical’ aspects of GTCC, combining the social orientation of the spirit of a community college with innovation so that both ends of the equation may benefit. “We have a large student population who suffer financially,” says Horn. “They don't have the financial resources that are available to a lot of students in other circumstances. We noticed, especially when the pandemic came around, that there was a large drop-off in a certain male sector of students, and soon discovered that they weren't re-enrolling because they had to 102
July 2022
go back to work, because other household members were now unemployed due to COVID.” Education and wellbeing Since this realisation, Horn’s focus has been on creating viable programmes to counteract and resolve these issues from educational, career, financial and even familial perspectives. He’s intent on making college more accessible for those impacted by the pandemic, and those for whom the pandemic highlighted an already-existing conflict between education and financial concerns. He says: “Now, with these new courses, a student doesn't have to go through a complete two-year programme to earn their certificate; instead, they can go through these boot-camp-like, condensed courses to generate a nationally recognised certificate, which will enable them to efficiently access gainful employment and
RON HORN TITLE: CIO AND ASSOCIATE VICE PRESIDENT FOR IT INDUSTRY: CYBERSECURITY
EXECUTIVE BIO
LOCATION: UNITED STATES Ron is an Information Technology Executive with over 25 years of experience leading and transforming technology initiatives in healthcare, higher education, retail, manufacturing, and the federal government. He is focused on his craft, capabilities, and expertise in enterprise cybersecurity, process improvement, risk management, technology innovation, and leadership. Ron has spent his 25-year career in Information Technology leading teams responsible for strategic planning, governance, service delivery, infrastructure operations, enterprise cybersecurity, compliance, and regulatory reviews to clients. Ron leads with a focus on current and future state assessments enabling organisations to remain competitive in their industry, maintaining sustainable architecture, staff alignment, and training on process improvement.
2022
TRENDS
Want to know what's looming on the cybersecurity horizon? Explore what 300+ global IT experts have to say. Set priorities, gain insights and prepare for challenges with our exclusive report
GET THE REPORT
GTCC
“ When I get up every day not knowing really what to expect, that excites me” RON HORN
CIO AND ASSOCIATE VICE PRESIDENT FOR IT, GTCC
start earning an income for their families on a much shorter time scale.” An impressive approach to problemsolving, it serves to accentuate the relationship between access to education and social mobility, as well as critical family matters that, when considered together, have obvious interrelated impacts on issues such as mental health and emotional wellbeing. Motivation and inspiration It was natural, therefore, to enquire about Horn’s motivations when it comes to problem-solving and thinking outside of the box. When asked what inspires him to come to work every day, he says: “I think this may sound a little strange, but it’s the thought
of the unknown and not knowing what to expect that’s a major motivational force for me. I've worked in a lot of different industries and, at one point in my career, I even worked in the federal prison industry. The first time the doors shut on me, it really jolted me and gave me a dose of reality. “But then, getting up and going to work every day not knowing what to expect was kind of exciting and even thrilling for me. In a very similar fashion (but on a much lower key, of course), it's the same for me today. When I get up every day not knowing really what to expect, that excites me, because it makes me think creatively and keeps me on my toes.” Horn says that his inspiration also comes from the opportunity for people to learn and advance their careers. “From a leadership cybermagazine.com
105
GTCC
“ No longer are we focused just on the students that are in our local area” RON HORN
CIO AND ASSOCIATE VICE PRESIDENT FOR IT, GTCC
perspective,” he says, “I take the time to meet each one of my staff members and to spend time with them, asking them questions like: 'What is it that motivates you to come to work every day?', 'What do you like?', 'What don't you like?', 'What leadership style do you like?' and, essentially, I really want to help people to grow.” Expansion of the educational environment through technology As CIO, Horn knows, of course, that behind the people – whether they be student or staff member – there is a technological and informational highway that allows them to connect and thrive in GTCC’s environment. And, precisely because of those technologies and innovations, the very concept of the educational environment itself expands beyond its mere physical boundaries, redefining the educational milieu altogether. Horn observes that, while most higher education institutions have not traditionally looked at mobile-first and cloud-first environments, his approach from the start was – in terms of a data-based perspective – transformational from the beginning. 106
July 2022
“I think it's been an option for many higher education institutions and something that they initially wanted to merely dip their toes in, if you will, just a little bit at a time to test the temperature of the water. But when I came on board, I was immediately focused on moving as much data as I could to the cloud. That made sense for the business, and it didn't create any additional risk. So, I evaluated what data we were moving and how it was to be protected. That was my cloud-first strategy from the beginning.
“Then there are mobile-first tools. We are in a highly mobile environment, and most people carry around a cell phone, which is their access-point to data 24/7. So, as an organisation, you must be able to deliver the data to the customer, which, in our case, is our students. “We've really laser-focused on allowing the students to access every piece of information on their phones and to be able to do everything they need from these devices.”
Technology and student enrolment Technology not only serves to improve the educational possibilities of students and learners, but it also serves to increase the number of students that enroll on the courses overall. “No longer are you focused just on the students that are in your local area, such as those that can commute back and forth to your campus,” Horn says. “But now that the borders have been removed, it also create a different competitive landscape. “This makes it important to be able to convince students of why it's a wise choice cybermagazine.com
107
GTCC
for them to attend Guilford Technical Community College. Therein lies the importance of your messaging and how you differentiate yourself from other colleges.” GTCC has, as a result, increased its online presence and developed the systems that allow students to complete their coursework online. Horn says: “I think that the pandemic has just accelerated this transition – I think that these thoughts, ideas, movements and strategies were already there, but that COVID has acted as a catalyst. So, our college is focused on that delivery, while retaining our traditional infrastructure and our campuses, which are going to continue to be available for the students in the local area. “We're also going to continue to look at our strategy as to how we deliver online, what we deliver online and how we differentiate ourselves from other schools.” Cybersecurity and partnership with Arctic Wolf Speaking on the college’s partner ecosystem, Horn underlines that, most importantly, GTCC looks for organisations that closely understand GTCC’s business, strategy, audience and demographic. “What we are specifically looking for is alignment,” he says. “We don't want a company that we just write a cheque to every month or year. Vendor partners mean something to us; they are organisations that we have frequent conversations and meetings with and where we talk about strategy. “And I think that's one of the things that we saw with Arctic Wolf.” Arctic Wolf provides a critical managed detection and response (MDR) framework, which plays a crucial role in the cybersecurity and risk management of GTCC’s systems. 108
July 2022
“ Essentially, I really want to help people to grow” RON HORN
CIO AND ASSOCIATE VICE PRESIDENT FOR IT, GTCC
In terms of cybersecurity, Horn refers to the CIA’s triad of ‘Confidentiality, Integrity and Availability’, noting that “those really ring true to our mission here at GTCC, in making sure that we maintain our students, faculty and staff privacy, and access to their data”. Horn continues: “Arctic Wolf is an organisation that I could have those conversations with and that I developed those relationships with, so that they understand who we are, what our mission is, what our focus is and where we're going. “Arctic Wolf have been very supportive and transparent, and we've had a lot of conversations where they're open to feedback. They're willing to work with us and to refine the tools and processes that we need for our organisation to move forward.” GTCC will continue to focus on automation, simplification and standardisation of their tool sets, and will focus on decreasing such overheads – from a staffing-resources perspective – so that they can focus on further innovation and dreaming up fresh approaches and systems to enhance those innovations at the college.
cybermagazine.com
109
TOP 10
110
July 2022
CYBER
DATA BREACHES Twitter, Facebook, Yahoo, Marriott, LinkedIn – some of the data breaches that affect hundreds of millions of people are not as rare as you might hope WRITTEN BY: SCOTT BIRCH
cybermagazine.com
111
TOP 10
10
County Ventures
SIZE: 200 million personal records DATE: October 2013 Court Ventures fell victim to a hacker selling credit card numbers and social security numbers from this breach. A subsidiary of Experian, the hacker gained access to the Court Ventures database by posing as a private investigator from Singapore. Lessons were not learned, and Experian was again breached in 2020 through deception.
09 Twitter
SIZE: 330 million users DATE: May 2018 Twitter blamed a ‘bug’ or ‘glitch’ for the fact it left all of its users’ passwords unmasked for months in an internal log. While Twitter has said that there was no breach or misuse of this information, only time will tell. In July 2020, hackers took over high-profile Twitter accounts in a bitcoin scam, with the likes of Elon Musk, Bill Gates and Barack Obama all targeted. 112
July 2022
08
Marriott International SIZE: 500 million guests DATE: November 2018
Talk about playing the long game. Hospitality giant Marriott International announced that hackers had stolen data on 500 million Starwood hotel guests in November 2018, but the hackers had entered the Starwood system (in 2014) before it was even acquired by Marriott (in 2016). As well as the usual contact information, credit and debit card details were also included in the hack.
07 Yahoo
SIZE: 500 million accounts DATE: 2014 This is not the only time you will see internet pioneer Yahoo on this list. This time around, ‘just’ 500 million accounts were compromised by what Yahoo called a ‘statesponsored actor’. Personal data included names, emails, phone numbers, dates of birth, security questions and answers. Yahoo only acknowledged this breach in 2016. cybermagazine.com
113
Empower your business
by connecting to the largest Pan-African network of data centres
Find out more A business of
www.africadatacentres.com | enquiries@africadatacentres.com
NORWAY THE WORLD’S MOST SUSTAINABLE DATA CENTER NATION?
With surplus of renewable energy, low electricity prices, good digital infrastructure and a cool climate, Norway presents a strong value proposition.
DOWNLOAD OUR REPORT TO LEARN MORE
www.norwaydatacenters.com
TOP 10
05
SIZE: 700 million users DATE: June 2021
06
SIZE: 533 million users DATE: April 2019 (and April 2021) Two third-party app datasets were the weak link here that saw more than 500 million Facebook users having their likes, reactions and Facebook data exposed. That anxiety intensified when that same information was made available on the Dark Web for free in April 2021. This particularly exposed phone numbers associated with Facebook accounts.
Let’s be careful with the terminology here. LinkedIn claims this megahack of 92% of its users was not in fact a data breach but a violation of their terms and services through prohibited data scraping. This data included email addresses, names, phone numbers, usernames, geolocations. The hacker scraped the data by exploiting LinkedIn’s API. While much of the information is indeed in the public domain, those email addresses are not usually made public.
cybermagazine.com
115
TOP 10
04
Verifications.io
SIZE: 763 million users DATE: February 2019 Verifications.io is a company that proves or verifies email addresses for marketing activity. The breach here does not just include those unique email addresses – it can also include names, phone numbers, and other sensitive data too. The damage could be even higher, with some later estimates putting the leak as high as 2 billion records.
03
First American Financial Corporation SIZE: 885 million DATE: May 2019
You know it’s bad news when a journalist reveals your bank has exposed personal information for more than 15 years amounting to more than 800 million records. First American is the second largest mortgage title and settlement company in the US, handling personal and financial documents. In June 2021, First American finally faced the music, with the Securities and Exchange Commission fining the company less than US$500,000. 116
July 2022
Aadhaar
SIZE: 1.1 billion people DATE: March 2018 There may be attacks that affect more accounts on this list, but to impact more than 1 billion people really is staggering. That is the unwanted record that India’s state-owned utility company Aadhaar has to contend with, with the biometric and personal details (name, photographs, fingerprints, bank details) all available to the highest bidder on the net. The price for this wealth of information? Just US$7.50.
cybermagazine.com
117
PLATINUM SPONSOR
TRUSTWORTHY TECHNOLOGY IS SUSTAINABLE TECHNOLOGY
T
ortoise and Kainos spoke to a range of experts throughout the field of artificial intelligence; from executives and technicians, to researchers and government officials. Those insights are revealed in the form of three hypotheses about how the domain of trust in artificial intelligence is changing: ‘The future of trust in artificial intelligence: responsibility, understandability and sustainability’. To coincide with the report, Jane Fletcher, Experience Design Principal at Kainos, discussed 'Sustainability: A path to trust for Data & AI' in a virtual keynote at TECH LIVE LONDON. Trust in the AI ecosystem is largely dependent on data, the conclusions and predictions reached, and the sensitivity of the system to bias and other influences. As governments and corporations 118
July 2022
consider ways of enforcing technologies that are lawful, ethical and robust, Fletcher discussed the increase in regulation around data over the last few years due to GDPR, the growing importance of cybersecurity and the role of AI ethics on the imminent EU AI act.
Language, automation and trust
Fletcher elaborated on the move towards sustainability that has seen professionalisation, standardisation and mechanisms for disclosure – all to create confidence that the world economy can decarbonise, be governed fairly and embrace an inclusive society. Much like the major drivers that propelled the original Industrial Revolution: language, automation and trust, the latter in particular is vital to tempering AI for widespread use today, lowering the barrier of entry in order to accelerate adoption.
KAINOS
Ethics vital to wider AI adoption
Kainos suggests that if we don't act today in a responsible and ethical way, in terms of how we develop and deploy AI to help users understand its capabilities, then this lack of trust will limit or prevent the adoption of artificial intelligence over the next few years. Acting early can mitigate and prevent some of those issues from arising, and Kainos will share tips on these first steps.
Data Governance unlocks success Also at TECH LIVE LONDON was, Karim Jessani., Principal: Data & AI Practice / CSO, who discussed ‘Data Governance / With Great Power, Comes Great Responsibility’. Jessani said: “If an organisation recognises data as a true and valuable asset and treats it as such through a comprehensive data governance policy, it will be able to use data more wisely to empower its business for success”.
KAINOS: DIGITAL TRANSFORMATION SERVICES Belfast-headquartered IT provider Kainos has developed a unique mindset that embraces any digital challenge. With 98% customer satisfaction rating, their key technology partners are AWS, Microsoft, and Workday, with notable clients like the NHS, UK Government, and Netflix.
Kainos CEO: BRENDAN MOONEY INDUSTRY: SOFTWARE & TECHNOLOGY HQ: BELFAST, UNITED KINGDOM
cybermagazine.com
119
Q1 TOP 10
120
July 2022
1 Yahoo
SIZE: 3 billion accounts DATE: October 2013 & October 2017 Don’t be fooled by the two dates, this is the same breach but reported on two separate occasions by victims Yahoo. The original attack, where Yahoo claimed hackers had compromised a billion, happened in 2013 but was only reported three years later while the internet giant was in negotiations with Verizon for a sale. Then Yahoo later came out and admitted the actual figure was closer to 3
billion compromised accounts. One of the original internet pioneers, and the most visited site on the web back in the day, Yahoo’s steady but relentless fall from grace saw it turn down the chance to buy Google (US$2bn) and Facebook (US$1bn) before finally being acquired by Verizon for US$4.5bn in 2017 – around a tenth of its value at the height of the dot. com bubble.
cybermagazine.com
121
TRANSFORMING LIVES WITH DATA INSIGHTS WRITTEN BY: CATHERINE GRAY PRODUCED BY: MIKE SADR
122
July 2022
CITY OF PORTLAND
cybermagazine.com
123
CITY OF PORTLAND
As the world opens back up, the City of Portland adopts a data-driven approach and next-generation cyber security to improve the lives of its communities
T
hroughout the pandemic, towns and cities have had to transform the way they provide services for their communities. The City of Portland, Oregon is no exception to this and has been embarking on an innovative, data-driven approach to policy. Located in the Northwest of the U.S., at the juncture of the Willamette and Columbia rivers, Portland serves the needs of its communities with over 25 departments focused on public services and liveability improvements across the city. Driven by his passion to give back to the community, Christopher Paidhrin, Senior Information Security Officer for the city, has been dedicated to Portland’s transformation of technology and web services, with a focus on protecting the city’s data and information. Noting how COVID has impacted the city, Paidhrin says: “During the COVID era, we've had to adapt considerably to provide about 70% of our services via telework. This was a challenge to address quickly. The state, county and city had lockdowns and yet 30% of our workforce still needed to go out in person to provide public safety services, maintain roads and pipes, perform inspections, and a wide array of services that a city provides. The COVID era forced us to adapt, but our services continued.” “Fortunately, with cross-team collaboration we were able to provide extensive telework services within days. As
124
July 2022
Christopher Paidhrin cybermagazine.com
125
CITY OF PORTLAND
we come out of the COVID era we're looking forward to robust growth and recovery in the next couple of years.” Now, as we emerge from the pandemic and cities recover from the economic impact of lockdowns, Smart City solutions are becoming increasingly vital to aid adaptation to the technology-driven world we live in. The City of Portland has been identified as an early pioneer in municipal open data policymaking, being one of the first cities or states, in 2009, to advance the strategy and the second city or state to adopt a formal policy and programme in 2014. As an early pioneer, the city has been well equipped to deal with the impact of COVID while utilising open data to create a healthy environment for its communities, as Paidhrin explains: “One of our initiatives, Smart Cities, leverages innovative technologies, data collection and data management tools to enhance community engagement, improve
126
July 2022
delivery of public services, and address City goals around equity, mobility, affordability, sustainability, community health and safety, workforce development, and resiliency. Our city is looking forward to expanding on these services and capabilities for our communities that are struggling to come out of the COVID era.” The pandemic has refocused how Portland has executed its service visioning, as Paidhrin explains: “How we go about providing our services has been significantly impacted by the COVID era and its continuing challenges — for our communities and our employees. We quickly stood up a COVID response team to address the need to maintain community services, and to support employees and their families impacted by the pandemic. The technological element was the simpler challenge. Meeting the people-centric needs required a larger, cross-team, effort. The City’s core values - of equity, transparency, communication, collaboration, fiscal
“ WE CHOSE FORTINET AS WE TRUST THEM TO BE ON THE FRONT LINE. THEY ARE THE BOUNDARY, THE BARRIER BETWEEN THE CITY'S TREASURED RESOURCES AND THE CYBER WORLD” CHRISTOPHER PAIDHRIN
SENIOR INFORMATION SECURITY OFFICER, CITY OF PORTLAND
CHRISTOPHER PAIDHRIN TITLE: S ENIOR INFORMATION SECURITY OFFICER INDUSTRY: GOVERNMENT
responsibility, and anti-racism - have guided our priorities.” “Now that we are in the process of returning a large portion of our workforce back into our workspaces, there is a significant challenge in returning to a space that has been vacant for two years. We need to make sure that the technology resources are available and that they meet the needs of our workforce within a hybrid –on-premises and telework-workspace. We also need to ensure hygiene protocols are in place and that public and personal safety remain our top priorities. It was a challenge to have 70% of our workforce move to telework. And it's a challenge to move 70% back into the workspace and find effective ways to do that. We are also mindful of the 30% of our workforce that braved on-site and in-the-field work throughout the pandemic. We can’t thank them enough for their commitment,” he adds.
LOCATION: UNITED STATES Christopher Paidhrin's mission over the past 22 years of his information security leadership and service has been to 'add lasting value'. Christopher is an internationally recognised public sector and healthcare information security authority and mentor, having received recognition and awards for service excellence, including NetworkWorld, ISE (iise.org), SC Magazine, Information Security magazine’s 2011 “Security 7” Award, and 2021 Oregon CISO of the Year (SIM). For the past seven years Christopher has been the Senior (Chief) Information Security Officer for the City of Portland, Oregon, aligning cybersecurity best practices with Citywide services and values, including equity, diversity, privacy, and open data governance.
cybermagazine.com
127
Secure your hybrid workforce Digital security, everywhere you need it Learn more at www.fortinet.com
CITY OF PORTLAND
Creating innovative ways to make data more accessible Just as businesses have had to adapt, invest in technologies to support telework, and respond to the restrictions introduced because of coronavirus, the public sector has had to grapple with these challenges as well. Pairing this with Portland’s data-driven approach, Paidhrin notes how the city looked to make information more accessible online: “The city has migrated our website from an on-premises solution to a cloud solution, transforming service accessibility and ease of access to the right information or service contact with the least effort. Information is findable by our community, and we are mindfully transparent in our use and retention of data. Portland’s data transparency is reflected not just in our values, but also in how we provide information to our community.” “We have also gone from a traditional in-person Council meeting process to teleconferencing and now to a hybrid approach that accommodates both. We strive to lower barriers of access to our city leadership by enhancing channels of communication so our communities can
“ WE REALLY LOVE OUR CITY AND LOVE BEING OUT IN OUR CITY. SO, THIS WILL BE AN OPPORTUNITY FOR US TO INVITE EVERYONE BACK IN” CHRISTOPHER PAIDHRIN
SENIOR INFORMATION SECURITY OFFICER, CITY OF PORTLAND
voice their concerns and their interests to connect with us, because not everyone is able to hear or see through a teleconference service, or has a digital device and internet service,” the Senior Information Security Officer continues. These channels consist of several adaptive technologies the city has created to ensure the entire community can access information easily. Examples include closed captioning and translation services. Paidhrin explains that the city wants to provide
cybermagazine.com
129
“access to information and resources, access to influence our decision making, access to our leaders in such a way that if our community can't be there in person, they can reach us through other means”. “Since 95% of the city's information is public information, they should have ready access to it in ways that can be useful to them, not just bits of data, but actionable information,” he adds. Engaging with communities for more insight Portland’s Smart City initiative aligns with one of the city’s core technology missions to adopt 21st century technologies. Paying attention to the needs of its communities at every level, the City of Portland holds community forums, provides surveys, and embarks on community outreach to understand what the communities need and how technology can play a role in meeting those needs. 130
July 2022
“Many of our departments have deeply engaged community initiatives. That's their sole purpose: to stay connected and encourage the engagement of our communities in city decisions and activities,” says Paidhrin. Rooted in this public service mission is data. Looking to execute best practices to leverage information for new community services, Portland takes all the data from these community initiatives to provide intelligence to the community via apps, services and outreach that improve the quality of their lives. Smart City PDX has partnered with the Portland community to make the city a place where data and technology are used to improve people’s lives, particularly in underserved communities. Together, they will proactively prepare for future technologies to promote communitydriven goals and values. The pair use data and
CITY OF PORTLAND
technology responsibly to support a healthy, safe, more affordable, and prosperous Portland. “It is a collaborative effort, and we are doing our part in learning from other cities who are also pioneers in Smart Cities initiatives. It is exciting to explore new and innovative ways to offer services. It's a great mission to participate in,” comments Paidhrin. Protecting the city and its data With all these data-driven initiatives comes a significant need for the city to bolster its cyber defences. As the city collects and analyses an increasing volume of data, Paidhrin and his team need to ensure that this data is protected from threat and damage. If left vulnerable, the city could face unknown challenges that would hinder its Smart City roadmap.
“Through due diligence, constant threat monitoring and following best practices, we strive to prevent cyberattacks. Central to our cyber program is to follow a federal cyber framework — in use by cities, counties and states across the U.S. – called the Cyber Security Framework (CSF) from the National Institute of Standards and Technologies (NIST),” explains Paidhrin. “The NIST CSF framework consists of five functions and 20 categories. It helps us to effectively segment the complexity of cybersecurity into manageable work categories. The framework provides an ordered grouping and a life cycle perspective on data security and the use and protection of information. And by having our programme follow this framework, we can identify where we need additional resources, people, technologies, and funding. We can then justify our cyber program needs appropriately, determine the maturity, strengths, weaknesses, and then establish a multiyear roadmap for how we can mature our programme,” he adds. This framework is essential as Portland looks for new ways to improve its cyber strategy. As many of the city’s peers also use this framework, they can anonymously share with each other their progress and their challenges through an annual survey facilitated by the Centre for Internet Security. “The NCSR annual survey provides U.S. public entities an external metric of how our cyber programmes and business resiliency compare to our peers. This comparison helps us to motivate ourselves to do better and to collaborate better so that we share the lessons learned from years of shared process improvement,” notes Paidhrin. Central to the City of Portland’s cyber security infrastructure is security company Fortinet. “We spent two-plus years cybermagazine.com
131
evaluating next generation firewall and integrated cyber security solutions for our primary cyber security protection. And we conducted real-world evaluations of the leading firewall vendors,” says Paidhrin. He adds: “We chose Fortinet as we trust them to be on the front line. They are the boundary, the barrier between the city's treasured resources and the cyber world. There are a lot of good things out on the internet, but they are a lot of bad things that are happening. So, it was really important for us to find a next generation platform that could meet our cyber security and service needs for years to come.” The FortiGates’ Artificial Intelligence and Machine Learning (AI/ML)-powered FortiGuard Services provide Portland with intrusion prevention system (IPS) inspections, content filtering, web filtering, and antivirus protection. These capabilities make it much
“ MANY OF OUR DEPARTMENTS HAVE DEEPLY ENGAGED COMMUNITY INITIATIVES. THAT'S THEIR SOLE PURPOSE: TO STAY CONNECTED TO, AND ENCOURAGE, THE ENGAGEMENT OF OUR COMMUNITY IN CITY DECISIONS AND ACTIVITIES” CHRISTOPHER PAIDHRIN
SENIOR INFORMATION SECURITY OFFICER, CITY OF PORTLAND
132
July 2022
CITY OF PORTLAND
easier for city staff to respond to Distributed Denial of Service (DDoS) attempts and other cyber threats. The city’s goal, according to Paidhrin, is to build a zero-trust network access (ZTNA), in which all network activities and resources are allowed or allocated based on the identity of the user requesting them. Most of the Portland infrastructure is in early stages of the journey to ZTNA, but the city’s Revenue Division is pioneering a Fortinet-based approach where FortiGate offers the natively integrated ZTNA enforcement capability to city’s many applications and services. Opening up the city post-COVID Now, as the city emerges from the pandemic and services shift to a ‘new normal’, Portland plans to continue its technology and services transformation, with COVID era lessons learned, to focus
on ensuring community safety as the city embarks on its alignment of police and public safety services. Looking ahead, Paidhrin shares more plans for the city: “Our outreach into our communities was sustained throughout the COVID era, but now, with the return to the city of more of our workforce, we continue to improve our services. The next six months are going to be intensive: we will embark on a restoration of full services, the opening up of businesses, and we will be encouraging our community to come back into the core of the city. So, on the city side, it's going to be intense, but we're very excited.” He concludes: “We really love our city and love being out in our city. This will be an opportunity for us to invite everyone back in.”
cybermagazine.com
133
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
GUARDIANS OF A WORLD-CLASS ACADEMIC MEDICAL CENTRE WRITTEN BY: ALEX TUCK PRODUCED BY: TOM VENTURO
134
July 2022
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
cybermagazine.com
135
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
Michael Meis Associate CISO, discusses talenT, The University of Kansas Health System
136
July 2022
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
Michael Meis, Associate CISO, discusses talent, risk and tactical cyber warfare as the first line of defence at the University of Kansas Health System
W
1906
Year Founded
12,500 Number of Employees
hen Simeon Bell, MD, set the stage for academic medicine in Kansas City and the wider region, his gift to the world was the establishment of a hospital, founded in 1906 as part of the University of Kansas School of Medicine. From humble beginnings on Goat Hill in the small town of Rosedale, now part of Kansas City, the hospital has evolved into a destination academic health system sought out by patients and top-notch medical professionals from around the United States. The hospital reached an important milestone in 1998 when it became an independent hospital, and 20 years on from that point, The University of Kansas Hospital joined with The University of Kansas Physicians in 2017 to form The University of Kansas Health System. Michael Meis is the Associate Chief Information Security Officer, a role supporting the VP of Technology, Sean Roberts, and the CIO, Chris Harper, within the Health Information Technology services team. Meis’ role supports the cybersecurity, operations and defence strategies. “What really makes the health system so special is the people. Both those that are directly providing patient care and then those in support roles like myself. All of us have this very singular focus on creating a worldclass patient experience, whether that's in the direct interactions with our patients or in building the systems that enable that type of world-class care,” said Meis. cybermagazine.com
137
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
In order to accomplish this mission, the health system leverages a range of innovative technology to support care providers as well as augment and empower all their employees. As an academic health system serving the people of Kansas, the region and the nation, The University of Kansas Health System enhances the health and wellness of the individuals, families and communities they serve. Cybersecurity’s critical role in both patient care and employee care Protecting data is paramount as a patient care provider in a health system, where the relationship is built on patients' trust. “They must trust that we're going to give them the best possible care and that we're 138
July 2022
going to keep their data safe from cyber criminals or anyone else who wants access to that data who’s not authorised to it. In order to keep that trust, there is the data privacy component to protect such critical information,” he said. “We've recently seen cyber threats that have been very focused on disrupting the availability of critical infrastructure, including healthcare. And so we, as a cybersecurity team, need to make sure that not only is their data safe, but also that those medical systems, devices and records are available when the care provider needs them.” According to Meis, cybersecurity strategy is split into two core components: a tactical angle focused on attack paths, threat actors and how they operate, and then a more
EXECUTIVE BIO MICHAEL MEIS TITLE: ASSOCIATE CISO LOCATION: KANSAS CITY Michael is a security leader with a passion for architecting security programs, leading people, and developing world-class security teams. During his career, Michael partnered with the USDA CISO to develop one of the largest consolidations of security services in the federal government. Michael also led the H&R Block Information Security team through a transformation of their GRC operations to instil quantitative cyber risk management practices. Michael currently leads The University of Kansas Health System Cybersecurity team as they protect the critical systems, data, and people that provide lifesaving patient care. Additionally, Michael regularly donates his time and expertise to inspire the next generation of leaders and cyber professionals. Michael holds an undergraduate degree in Information Technology Service Management, two graduate degrees including an MBA and an M.S. in Cybersecurity and Information Assurance as well as multiple professional certifications.
“At the end of the day, you need people to be able to win these adversarial relationships with cyber threat actors” MICHAEL MEIS
ASSOCIATE CISO, DISCUSSES TALENT, THE UNIVERSITY OF KANSAS HEALTH SYSTEM
cybermagazine.com
139
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
Guardians of a world-class academic medical centre
“ We've recently seen cyber threats that have been very focused on disrupting the availability of critical infrastructure, including healthcare” MICHAEL MEIS
ASSOCIATE CISO, THE UNIVERSITY OF KANSAS HEALTH SYSTEM
140
July 2022
strategic angle to understand the business in regard to how the organisation communicates and what the revenue cycle looks like. Using threat intelligence allows the cybersecurity team to shrink the pool of potential threat actors down so they can only focus on threats that are most relevant to the health system. “Once we've shrunk those down, then we can focus on the capabilities of the threat actors, what their tools, tactics, and procedures might look like, and then compare those against our own internal detection capabilities. We look at what we might be able to stop, where we might have gaps and then focus our maturity efforts on shoring up those gaps. Even if it's only a detection method in the meantime, we must understand cybersecurity as it relates to the business and be able to justify the investments into security technology,” said Meis.
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
Podcasts represent the respectful, insightful and transparent voice of The University of Kansas Health System: Morning Medical Update Experts from The University of Kansas Health System discuss current health events and advances in medicine.
The art of cyber warfare Meis understands that the organisation is never going to be able to protect themselves against every possible threat. Being a U.S. Army veteran himself, Meis is a big fan of warfare strategy, finding many parallels between these tactics and cybersecurity strategy. Cybersecurity attracts a lot of veterans for these reasons – and a warfare mindset is a crucial step one in becoming a highly effective cybersecurity professional, according to Meis. In the military, your mission is to keep yourself, your squad, and your platoon alive. “That lofty mission,” said Meis, “is something that very, very few organisations are able to replicate in the civilian world. Cybersecurity kind of gives that purpose of defending organisations and people who otherwise wouldn't be able to defend themselves.
Open Mics with Dr. Stites The University of Kansas Health System's own chief medical officer, Steve Stites, MD, interviews physicians and leaders about advances in healthcare and current affairs. Bench to Bedside Bench to Bedside is a weekly Facebook Live series hosted by The University of Kansas Cancer Center, which follows the latest news and developments related to cancer care, clinical trials and research. All Things Heart Everything in life leads back to your heart. Each week, Medical News Network host Alexis Del Sid shares real-life patient stories and speaks with medical experts about all things related to heart health.
cybermagazine.com
141
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
You see a lot of veterans who end up in the cybersecurity space after they separate from the military.” According to Meis, it is an adversarial relationship with threat actors, “whether they're financially motivated, hacktivists or just want to watch the world burn, at the core, they are trying to get into our health system and disrupt what we do.” Whether that's stealing patient data or disrupting the availability of systems, monitoring is vital to an effective cybersecurity strategy, or otherwise “you're going to be checking compliance boxes while they're somewhere else causing damage”. Handling the cyber talent shortage It's no secret that there's a shortage of cybersecurity talent. Meis remarks that it’s probably become the number one risk to the industry over the last two to three years. Within the team, Meis and his colleagues have placed a really big priority on putting people first and making sure that they're at the centre of the cybersecurity strategy. “A lot of the cybersecurity vendors try to pretend like their tools can run without human intervention, and that sounds great. At the end of the day, you need people to be able to win these adversarial relationships with threat actors. So we support their development, something that's often overlooked in corporate culture – specifically within cybersecurity, where people don’t always get opportunities to stretch into new roles or to another role within the same team.” The organisation invests heavily in training so that, for instance, you may be a risk analyst today, but should you want to be a penetration tester tomorrow, that’s a possibility. Dedicated horizontal and vertical career progression opportunities prevent 142
July 2022
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
“ All of us at the health system have this very singular focus on creating a world-class patient experience” MICHAEL MEIS
ASSOCIATE CISO, DISCUSSES TALENT, THE UNIVERSITY OF KANSAS HEALTH SYSTEM
staff from being defined by the initial job they happen to land in when they first arrive in cybersecurity, enabling growth and increasing job satisfaction, while reducing turnover. “We've seen an incredible rate of burnout across the industry, so we focus on that with our people as well, supporting them with a robust PTO policy. We have mental health support and then a really positive work environment that focuses on making sure they're taking care of themselves, as well as focusing on the mission. “It’s also essential that we communicate clearly, so there’s not a mysticism around the direction of the organisation. We communicate with transparency and also give people the space to be human. Everyone is going to make mistakes,” explains Meis. This approach facilitates how they find and recruit new cybersecurity talent: looking within the health system for the right types of people, focusing on aptitude like problem solving, finding creative solutions and being able to move at a faster pace. “That ability to problem solve at scale and at velocity becomes very important. We look for a great attitude and an aptitude that can be supported with technical training cybermagazine.com
143
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
“ We are committed to continuing our legacy of excellence by providing outstanding service, leading-edge care and healthcare education to people in the Kansas City region, throughout Kansas and beyond” BOB PAGE
PRESIDENT AND CEO, THE UNIVERSITY OF KANSAS HEALTH SYSTEM
THAT INHERENT RISK REPORT?
IT’S ALREADY DONE. See why risk management leaders rank Onspring #1 for GRC in the Leader Quadrant onspring.com/quadrant 144
July 2022
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
throughout their development. Within 6 months, you can have a highly competent and driven cybersecurity professional. So we look at non-standard backgrounds, because frankly, we're all competing for the same people who have those ‘standard’ cyber backgrounds.” With staff turnover below 10%, the health system had achieved results exceeding the industry average. Adopting cyber risk quantification practices Being able to speak the language of the organisation in business terms is key. In the case of the health system, it has driven the adoption of Cyber Risk Quantification, which looks at potential loss scenarios to understand the probability and cost of that event. With data behind them and a structured approach toward measuring the inherent uncertainty of risk, the cybersecurity team is able to communicate risk in the universal language of money.
“Everyone understands money. Everyone understands an annualised loss exposure and a loss exceedance curve. We want to remove the dark security magic out of security communication and start communicating like a business executive. That's been an important piece for us and for our health system leadership: to be able to understand cybersecurity risk in business terms without having to take a cybersecurity crash course.” Meis acknowledges that risk awareness has fundamentally changed the way they think about cybersecurity, shifting from just a technology problem to one of overall business risk: “It puts your organisation in its entirety at risk, if it's a large enough attack. There was a news story recently where we saw a small university that experienced a ransomware attack and was unable to completely recover from it, so it is now shutting down entirely. “Our industry has kind of played in the basement for the past 30 to 40 years, and now cybersecurity has become so prevalent that that's no longer good enough. In order to evolve, we need to be able to adopt these risk quantification techniques,” said Meis. Cyber a young industry “When you think about us as an industry, we're very young – especially when you compare us to the finance industry or legal; they've been around for a couple hundred years at minimum. But we've started to see that same maturation of our industry, and I think that's going to continue and it's going to require the security leaders of tomorrow to evolve.” According to Meis, those leaders of the future must understand how the organisation operates in terms of revenue cycles and where adversaries are going to target and be able to communicate this effectively to other business leaders. cybermagazine.com
145
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
146
July 2022
THE UNIVERSITY OF KANSAS HEALTH SYSTEM
“ You see a lot of veterans who end up in the cybersecurity space after they separate from the military” MICHAEL MEIS
ASSOCIATE CISO, THE UNIVERSITY OF KANSAS HEALTH SYSTEM
“Maturation and automation around security technology is key, as that talent gap is not going away anytime soon,” he added. Even with the education initiatives the cybersecurity industry has recently put in place, it's going to take several years for that to come to fruition. “We know that over 80% of the cybersecurity industry is over 35, meaning that there is a mass retirement party coming at some point soon. To address that, we need to continue to invest in automation as a force multiplier for the people that we have right now to avoid burnout.” Meis adds that the final piece of what we'll see in the future of the cybersecurity industry is around regulation, at both federal and state levels. “At some point, there are going to be more Intercontinental agreements between nations. The UK, the United States, and the EU have collaborated on several pieces of legislation – we will most likely see more of that going forward. So, if we haven't invested in our GRC programmes, we're not going to be ready to take those on,” said Meis.
cybermagazine.com
147
something is coming...
W AT C H T H E I D E N T
EDITORIAL OPPOR TUNITIES
ADVERTISING OPPORTUNITIES
evmagazine.com A BizClik Brand
