Have a Happy & Safe Thanksgiving!
In observance of the US holiday Veriato support will be closed on Nov. 26 & 27
- Use Cases
Dr. Christine Izuakor: Welcome to the Veriato Insider, a biweekly podcast, covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, a next-generation employee monitoring, and insider threat detection software provider. I'm Dr. Christine Izuakor, your host for today's segment and today's topic is covering trends to think about as we continue to evolve and operate in this new norm. So what are fads and phases that will soon pass versus what changes and impacts are here for the long run and so on?
We have a special guest with us today to cover this topic. Rolando Lopez is joining us here in Chicago. I had the pleasure of working with Rolando for a few years during my career in aviation and I'm always impressed. Rolando is an experienced cybersecurity expert who has a ton of knowledge on incident response, security strategy, and much more, within large corporations, such as Abbott and United Airlines. He is also a certified cloud-security professional, and holds an additional global information assurance certification, and so much more. So welcome, Rolando, and thanks for joining us.
Rolando Lopez: Yeah, no, I'm happy to be here. Thank you for the flattering introduction, Christine.
Dr. Christine Izuakor: Of course. Well deserved and earned. Okay. So maybe start out by telling us more about your background.
Rolando Lopez: Yeah. So, as you mentioned, I was at United Airlines, I've led a few initiatives there in Teams at United. Starting from all aspects of incident response to leading the day-to-day cases that come in and security events that come in, triaging them all the way through mediation, planning crisis plans with them for higher-level incidents and making sure that we practice it and build those relationships and plan so that it's a well-oiled machine when they come in. I've also then had the opportunity to lead the awareness and strategy function. So, taking the flip side of it and how do we reduce the human threat to United Airlines and use our employee base as that second shield, which is probably very close to home for you as well. You did a great job of setting the foundation for the program. And, before United, was at Abbott Laboratories. Was part of a very small group of six or so individuals that started their global security function. So as you can imagine, jack-of-all-trades from awareness, engineering, to policies, to you name it, we did it. So I got a really good chance to get exposed to all angles of security in that group. Before that, was a script. Started off security, taking it way back, like a script kiddie. So youth hacks and hacked video games. So I was the person that I defend against now. Looked for ways to exploit games, cheat whatever detection systems they had, and reverse-engineered malware. And just got really curious about it and never thought I could make a career out of it. But fast forward and now it's a hot, hot area. So I'm glad I did.
Dr. Christine Izuakor: Yeah, absolutely. And I love your journey. It's such an interesting story. And starting from the kind of playing around and doing your own thing to getting into this kind of small ecosystem. Right? And building things from the ground up, to going Fortune 100 and really looking at things on a global scale. So it definitely sounds like a valuable perspective to have.
Rolando Lopez: Yeah, thank you.
Dr. Christine Izuakor: So there's been a lot of change in the last few months. Right? So what are the most abnormal trends that you've seen in the cybersecurity industry today?
Rolando Lopez: Yeah, so number one, and I think this will resonate with a lot of businesses, is just the change and impact to day-to-day business and the way that employees work. The number of companies that have had to shift from a castle-and-moat type of strategy, where everything is, "Protect the office building," and you come into the office and you connect. And that's all we have to connect, and protect against, for the major threats. To now, our employees are everywhere. Right? For most companies that have those technology teams, which have access to that sensitive data and the systems back-ends, it's protecting those employees from home. And expanding their network to not just that castle and moat, but now these smaller hubs that are the employee's homes and their networks.
And how do you protect those? And how does that shift the paradigm from a threat model that was so focused, into something that now makes it seem like your employees are coming from everywhere, and looks abnormal when it's now the new norm? So I'd say the biggest shift from a technical standpoint is just that. The influx of remote work and the expansion of a network, to not just that owned by the company, but now the networks that are maintained by the employees as well.
Taking it a step above, I'd say the biggest change I've noticed, just in the people side of things, is fear. There's such a huge increase in just fear across the globe related to anything pandemic related. So anything that has to do with, that threatened somebody's sense of security, now is immediately top-of-mind. So if somebody gets a message that says their friend was infected with COVID or has the mention of COVID or stimulus check or payment or any relief options, it's top-of-mind to them. Rightfully so. Right? It's a pandemic, we want safety. We want to know that our loved ones are safe. We want to know that we're informed of the latest and greatest thing we have to do to protect ourselves and our families. Right? And as a result of that, what ends up happening is cybercriminals will take advantage of that fear and are increasing the level of phishing against these individuals. They're using COVID and COVID-related matters to try to tap into that fear. And, as a result, companies have to keep up with that.
Awareness is a huge thing that I've noticed, recently, a lot of. It's top of mind for a lot of companies because how do you protect against all of these increased numbers of phishing and raise awareness of these employees, which are rightfully worried and scared, in a level where the fear is increased to such a greater level during the pandemic, has been the biggest shift, I think, recently that companies have to really account for. Because you can build up your wall as high as you want, but if the guard lets somebody in, what good are the security tools, right?
And then also just with that fear, realizing that tools like behavior analytics tools and insider threat detection tools, the classic term of insider threat has changed. Right? If you speak to most individuals and you talk insider threat, they're thinking, "Okay, an employee that's planning a logic bomb in case they leave," or "Employee that's doing X, Y, and Z, that they shouldn't," but the paradigm has shifted now. So, there is such an increase in attacks related to account takeovers and man-in-the-mailbox attacks where there's literally somebody... it's no fault to your employee.
They didn't let them in, but they've for whatever reason, they were compromised. And now someone's in their mailbox and using that mailbox to pose as them. So it's realizing that the insider threat angle now has to encompass that anomaly detection and those users accounts and realizing that there's something weird going on and, baked into that, the added angle of all that remote work now. It makes it more challenging, but I think it's a good opportunity for the industry to evolve and solve that problem for these companies that are facing it, either now, or they will face it in the near future.
Dr. Christine Izuakor: Totally agree, 1,000%. So, you've talked about a couple of different trends and angles here. Right? But what trends do you think will stick as we progress to somewhat normal at some point? What do you think will stick versus what might revert back once things calmed down a little bit more?
Rolando Lopez: So I think the evolution of the security posture for every company will have to account for remote work because we don't know how long it's going to be before things get back to normal. So I don't think that's going anywhere. The fact that companies need to plan for remote workers, that they need to make sure that they adapt their security controls to make sure that they protect these employees isn't going anywhere anytime soon.
Also, I think the fear will take some time to dissipate and start to decrease. So I think, for at least until this kind of starts to settle, companies will still need to put a key focus into keeping awareness programs going, especially in a time where resources are thin. And a security team, some security teams, had to decrease from 50% or sometimes greater, just due to budgetary concerns to keep the business afloat. So in those times, making sure that in that shuffle of resources, that somebody doesn't accidentally cut the handoff too far down the line and cut off security awareness program that might be the first line of defense. And it's a very simple way to get employees engaged and to be a part of the security and the part of the solution where security controls might fail.So I think that those two are not going anywhere anytime soon and the cybercriminals targeting anything they can that's related to COVID, isn't changing anytime soon. If anything, it might increase if any new news comes out. So just something to be wary of.
Dr. Christine Izuakor: Is there anything that you think will revert back to pre-pandemic times?
Rolando Lopez: I think right now there has been a trend that I've noticed. I'm just speaking to colleagues and peers in the industry, in that security teams are having to quickly keep up with the business. And the business can change from one day to the next, just due to a new regulation, due to a news story that went down that causes a lot of bad publicity, and they're changing quickly. Tech companies are putting out new solutions quickly. Companies are rolling out new solutions to protect those remote employees quickly. It's happening at a pace that is hard for some security teams to keep up with, with the resource constraints that they're currently facing.
So that's one, I think that is recent, a recent trend is just the amount of workload that's going onto these security teams that keep the company secure while enabling the business. That will likely revert back to more normal levels after this all sets, as teams kind of taper out and the solutions that are needed for the new norm are in place and they're tested and they're vetted and everything kind of settles. That will, I think, go back to normal, hopefully, for the sanity of my security colleagues and professionals across the world. But that's one that I think a lot of security professionals are looking forward to.
Dr. Christine Izuakor: Yeah. Fair enough. I've had my share of just dealing with the overwhelming, as I'm sure you have too, the overwhelming pressure of working with limited resources in the security space. So another question that I have is, and you've touched on this a little bit, but what should security leaders do to continually adjust and adapt?
Rolando Lopez: The number one advice I would give a security leader in this environment is to stay plugged into the business. The business is going to move a million miles a minute right now and there are new opportunities that will jump up. They might have a new campaign or a new solution that they're putting out or a new way to host a virtual meeting that might not be secure, that they're planning. So stay plugged in and make sure that you're a part of the conversation and that when you're having those conversations, you're not a blocker. You're not seen as a person that's blocked in the room because then it's very easy to stop getting invited to those meetings. So stay plugged in, be that advocate, make sure that you're the voice of security in the room, but also that you're taking that information back to your team.
A lot of times your team may be playing catch up and think that there's a solution that they're working on and the business might shift course, and they might spend weeks on that matter when priorities have readjusted. And their time could have been spent doing something completely different, which would have added more value to the business and to the bottom line for their company. So that's one thing I'd say is stay plugged in. Secondly, I know we've already brought up the issue of resource constraints. So in a time of resource constraints, I think it's very easy to see new problems and try to look for new solutions. But my advice would be to, for some of those issues, take a look back at the tools and vendors that you already have.
Many vendors out there are more than happy to come in, and you give them the problems that you're facing and they'll tell you how their product can solve it with the existing licenses that you have. Because guess what, they want your money and they want your business at the end of this pandemic. Right? They don't want you to go to one of their competitors because they're able to solve your problem.
So use and tap into that and bring those vendors in. And they're an additional resource that can come in and help solve this for you. You're not alone. And a lot of times look for things that are not enabled in these tools, but also look for trials. Right? Sometimes, if it's a vendor you've been working with for years, you can work out creative deals with them where they'll let you test drive a product that you need, to solve a problem, for the rest of the year, and then might jump into your license next time it renews. So there's a lot of partnerships that can build and creative solutions in a time of resource constraints. So those are my biggest two, I'd say. Stay plugged in to the business and look for opportunities to leverage the vendors and solutions that you already have, and turn on more buttons to solve your problems.
Dr. Christine Izuakor: Love it. I actually thought of something too. When you mentioned the first point about staying plugged in with the business, I think that's really important. I was having a conversation with a founder about a week ago or so, and there's been a lot of pivoting, especially in the startup community and small business community, when it comes to trying to adjust to all of the changes as a part of the pandemic. And I remember they were saying something like there was a disconnect between the decisions to pivot and what the tech team had already committed to continuing to move forward with. And so it's almost like they were building out two completely different companies and didn't even know it.
Rolando Lopez: And it's so easy for that to happen too. And it's understandable. Things are moving so fast and there's so much going on that it's very easy for a leader to get maybe distracted with something else that's going on and forget even that at one point in a meeting where, "Hey, we're going to scrap this initiative," and forget that point and go and tell their team something else, and their team might still be working on the point that was scrapped. So it's very important to stay aligned for these leaders, especially when they are limited to resources as it is. But I do like to give tactical advice a lot. So that's more like strategic high-level advice. From a tactical standpoint, given that social engineering is going up associated with this, a few pieces of tactical advice to security leaders is to one, from a phishing standpoint, URLs as a threat have gone up from 75% in 2018 to 85% in 2019. And it's a trend that's going up. So looking for solutions that will protect your URLs and make your URLs go through a proxy of some sort that will protect your users from clicking and also make it easier for your security team to investigate, is a way to go.
Even better. If you're able to, blocking newly registered domains, those are domains that are registered within a certain period of time, typically like the last 30 days. Blocking those from being accessed from your managed devices or from your proxies is a great way to solve a lot of these phishing threats that are always adapting. And if 85% of those links are at, let's say, theoretically speaking, like 90% of them are newly registered. You just dropped your threat landscape by 90% and saved your security teams and incident responders a lot of time. So from a tactical standpoint, as much as you can block newly registered domains, a lot of key solutions will enable you to do that, proxy solutions, just work with your vendors on that. And just to give an idea of what that prevents, Palo Altos ran an analysis on newly registered domains and their analysis concluded that 70%, 70%, it's more than two-thirds of those newly registered domains are malicious, suspicious, or not safe for work. So you'll save yourself just 70% of that 85%. Right? Is a huge number. And the more that you can take off your team's back at the moment and make it easier, definitely take advantage of it.
Also, multifactor authentication - cannot stress it enough - is a huge block against man-in-the-mailbox attacks. So if you don't already, get MFA in front of your emails and your collaboration tools as fast as possible. Microsoft ran some studies and said that MFA alone can block 99, over 99% of automated account takeover, at times. And that's huge. Right? That's a huge win for your security team as well. So those three pieces of tactical advice I like to give that are more specific to the current threat landscape and things that people can do.
Dr. Christine Izuakor: So, a lot of really great points and you've already covered so much ground. Is there anything else final that you want to add?
Rolando Lopez: From a leader's advice, I'd say number one, just reemphasizing the point, make sure your team's aligned. It's very easy, right now it's like the world's on fire, everything needs to be done quickly. There are fewer resources, so everything's a priority, it seems like. So make sure that you're checking in with your team and asking them what their priorities are and making sure that they're aligned with yours. And that you're also, again, taking those priorities back to your team.
From a security professional standpoint, I know there is almost like a hero-effect that has come up during the pandemic with first responders getting so much light with so much going on around the world, and hero stories that are going on around the world. It's very easy to feel like you want to take all that on yourself, and even though your teammates might be lessened, to feel the need to jump up and take so much more.
So my advice during that time is just making sure that you're touching base with your leader too, and sharing what your priorities are with them as well. Make sure that you're managing up and that you're asking them what their priorities are and making sure that they know what you're working on. And that they help you realign those priorities if you ever feel like it's too much. It's the only way we're going to keep our sanity.
Dr. Christine Izuakor: Absolutely. And that we need these days. Oh, hey Rolando, thanks so much for joining us today. That concludes the Veriato Insider podcast for this week. Again, this has been brought to you by Veriato an award-winning cybersecurity company recently recognized with the Gold Award for best insider threat solution of 2020.
Their solutions are anchored around four core pillars of cybersecurity protection, including employee monitoring and web filtering, workplace investigations, insider threat detection, and ransomware support.
Thanks for tuning in and a special thank you to Rolando again for joining us today.
Rolando Lopez: Thank you for having me.
Dr. Christine Izuakor: I'm Dr. Christine Izuakor, the CEO of Cyber Pop-up, and it's been our pleasure to share these insights with you. Until next time, stay safe and secure insiders.