Why Putting Procedures in Place to Detect & Respond Quickly to Attacks is as Important as Threat Prevention
CyberNews interviewed our CEO, Tony Velleca about cybersecurity, threats, and security measures that enterprises should implement. Below is a transcript of Tony’s interview with CyberNews.
As companies shift to the cloud and cyberattackers don’t rest, there is a rising need for more comprehensive security solutions for enterprises.
Fraud, ransomware, data theft – various malicious threats can strike a company. Aside from ruining brand reputation, there can be major financial consequences that will disturb the business.
While traditional security solutions like password managers and VPNs are broadly used, they’re not enough to secure a whole enterprise.
To learn about cybersecurity, threats, and measures that companies should implement, we invited Tony Velleca, the CEO of CyberProof – a company that specializes in cybersecurity services.
Tell us a little bit about your history. How did CyberProof originate?
I was the Chief Information Officer at UST for several years before I founded CyberProof. CyberProof was an idea that developed because at the time, at UST, we were focused on helping our customers transition to being more digital organizations. UST was helping very large enterprises going through these changes and the key question suddenly became: How can we best help our clients with this transitional process?
As part of our strategy, we realized cybersecurity was going to be an important aspect of digital transformation for our customers, and we needed to help them with that process. We decided to spin off cybersecurity capabilities as a separate company both because cybersecurity is somewhat independent of other IT services and because enterprises were looking for a start-up – for an organization that was disruptive. From our perspective, we were interested in disrupting how people look at cybersecurity and felt that in order to do that, we needed to be independent.
With regard to my own, personal background – just to go back to the original question: Before becoming involved with UST and then with CyberProof, I co-founded and was CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000. I also worked for Boeing and Rolls-Royce, Inc. focusing on conceptual design and optimized propulsion systems for next-generation aircraft.
Can you tell us a little bit about what you do? What challenges do you help navigate?
At CyberProof, we help customers set up and operate next-generation security operations. We established a next-generation security architecture. We work closely with Microsoft Azure.
At CyberProof, we help customers set up and operate next-generation security operations. We established a next-generation security architecture. We work closely with Microsoft Azure.
CyberProof’s security operation uses a cloud-native, future-proofed security architecture that’s tightly integrated with our advanced services – including advanced 24/7 threat detection and response, threat intelligence, threat hunting, and more. The key is to enable and support our global, enterprise clients in transferring from old legacy technology to a next-generation architecture.
What types of technology do you use to detect threats before they can be executed?
CyberProof supports a “best of breed” approach using the Microsoft architecture to take advantage of innovation. For example, we have the expertise to integrate with the best Endpoint Detection & Response (EDR), Network Detection & Response (NDR), cloud, and application monitoring solutions.
For technology orchestration and the management of our services, we deploy our own technology, the CyberProof Defense Center (CDC) platform, which allows us to integrate all the relevant “best of breed” products and solutions.
Did you notice any new threats emerging as a result of the current global events?
To answer this question, I just want to give an example that happened about five years ago: Maersk was impacted by malware, simply because they happened to have an office in Ukraine. It was malware that was distributed in Ukraine at the time – and Maersk was hurt by it.
My point is that these types of attacks are part of geo-political cyber warfare tactics and they can – accidentally or intentionally – impact corporations. In the current conflict, we have seen new threats emerge, mostly in the form of malware. There is also the potential risk of hostile attack on critical infrastructure, which needs to be considered.
Why do you think certain organizations are unaware of the dangers hiding in their own networks?
Cybersecurity is a complex field. There are many attackers and some of them have highly sophisticated means. Moreover, IT organizations are vulnerable; people will always make mistakes, it’s unavoidable – and the result of human error allows attackers to gain initial access to a network. So the problem is a combination of the complexity of the attacks combined with the problems arising from human error.
Of course, it’s not just a matter of preventing an attack. I believe that having the procedures and capabilities in place to detect and respond quickly to attacks or vulnerabilities is at least as important as prevention.
It’s not just a matter of preventing an attack. I believe that having the procedures and capabilities in place to detect and respond quickly to attacks or vulnerabilities is at least as important as prevention.
What are the most common problems companies run into on their digital transformation journey?
One key challenge for companies is the move from data centers to the public cloud. It is a fundamental shift in the type of talent that you require within the organization to successfully manage security.
People were used to working with firewalls, network switches, routers, etc. – and now they need to worry about things like endpoint detection and cloud that aren’t going through the on-premises network anymore. Application security testing becomes more important. They also need to consider adopting Zero Trust, supporting identity-focused security measures that provide protection for new forms of working.
One of the key problems for enterprises undergoing digital transformation is the human resources problem – i.e., your cybersecurity team doesn’t have prior experience with this. A company needs to either retrain and upskill its existing talent, or else it needs to start finding new talent. It’s a big shift, and this type of change is hard.
One key challenge for companies is the move from data centers to the public cloud. It is a fundamental shift in the type of talent that you require within the organization to successfully manage security.
In the age of frequent cyberattacks, do you think small businesses and big enterprises require the same security measures?
No, small businesses do not need the same type of security measures as big enterprises. Look, for example, at whether a particular organization is a likely target of an attack; enterprises have more concern that they will be targeted.
Keep in mind that the smaller companies don’t have the budget to be able to protect themselves in the way that larger companies must operate. But at the same time, with the advent of the cloud, many security problems are mitigated by the cloud providers themselves. This offers smaller companies a higher level of security, even with a limited budget.
What new threats do you think the public should be ready to take on in the next few years? What security tools should be implemented?
To my mind, what’s new is that now, everything is connected. The convergence of OT and IT leads to the possibility of attacks on pipelines and physical infrastructures. In the future, there are likely going to be attacks on self-driving vehicles.
These are completely new situations. They involve new vulnerabilities, new ways of attacking countries, for example – and completely different attack scenarios. There is real cause for concern because these types of attacks have the potential to hurt people directly – for example, if self-driving cars suddenly started to malfunction.
Share with us, what’s next for CyberProof?
My sense is that over the next three to five years, cybersecurity will become a vertical-driven market. This means that to reduce the risk to an enterprise, security leaders need to identify and prioritize which aspects of cyber risk to target through an understanding of the organization’s broader context.
At CyberProof, for example, we determine how to best protect the “crown jewels” of each of our clients by focusing on the attack tactics, techniques, and procedures that we understand are most likely to be used against each organization. We map out an organization’s particular industry, geo-location, IT ecosystem, and other factors that play a crucial role in influencing which kinds of cyberattacks are most likely to occur.
I believe it’s crucial to approach cybersecurity from the perspective of risk. This involves understanding which cyberattacks are most relevant to a particular organization (based on its industry, location, IT ecosystem, etc. ) – and then prioritizing, so that we can detect and respond to attacks optimally. By looking at the specifics of each enterprise’s context, we reduce the risk profile of our clients successfully.