Wednesday, May 18 2022

Large enterprises continue to be beleaguered by the outsized consequences of human errors, many of which are entirely avoidable. Jeremy Seth Davis spoke with RedSeal CEO Ray Rothrock about developing digital resilience against threats that rely on employee negligence.

Rothrock has since published an executive handbook on the topic, Digital Resilience: Is Your Company Ready for the Next Cyber Threat?, and he was recently named executive chairman of the cyber risk modeling platform.

This transcript has been edited slightly for clarity.

I’d like to hear your thoughts on cybersecurity trends. You have discussed phishing attacks. That’s an important area of concern.

Phishing has become a really big deal. No longer is the perimeter of a corporation or an organization now the main barrier—because phishing just walks through the front door, usually attached to email. In fact, I’ve seen reports that about 95% of all the attacks, begin with a phishing event or someone either intentionally or accidentally clicks on a link in an email, they think it’s official or whatever. So that means the threat is now in, it’s not just being stopped at the firewall and detecting that malware in the email, for example, is very difficult. I mean, fire eye has some technology there, but nothing’s perfect. So assume it’s in assume you’re going to click on assume it’s going to disperse itself. But phishing is a big deal. There are companies I’m aware of startups that are working on technologies that will try to detect the phishing packets before they get to the firewall that would be great. But that’s probably a ways off and they’ll never be 100%.

It’s just a way that the bad guys have inflected the market one more time to get inside your perimeter defense and so therefore, interior defenses and capability respond is really important. Actually, the big aha moment, this third phase, if you will, that I see happening is McKinsey & Company published a book called Beyond Cybersecurity in April of this year and it’s about resilience. In particular, they call it digital resilience, and resilience, basically, as the ability to recover from impairment. Automobiles have resilience, they build steel bodies, you know, airplanes have the ability to fly on three engines instead of four those. These are thoughtful things about how if you have a complicated machine, how it can survive a problem. Networks were not built that way. The concept of resilience or impairment and surviving is just not there.

An example of that was last July, the New York Stock Exchange, United Airlines and the Wall Street Journal, all three of those networks were down for two hours at the same time. Was it cyber? Was it an attack? Was it a Twitter feeds all thought we were having a Pearl Harbor moment? It was not. These were simple mistakes that people made by uploading some images on Cisco firewall on Cisco routers that were not quite right, and they brought those networks down. These were cyber events by normal people doing their job that brought down these companies. Can you imagine if you brought down the banking system by uploading the wrong router image, that’s a big deal and this whole resilience in particular digital resilience, measuring it, taking actions, when you find problems in that assessment, is what we’re all about and other companies, I think there’s going to be a real emergence of that concept. It’s already in the C-suite. How do you know this stuff? How do you measure this stuff? That’s what we do and I’ve put all my attention and I’ve hired a team that thinks this way.

Previous

Grace Chi: "There's still a lot of ambiguity"

Next

Cyber-hygiene: Managing the managers

Check Also

Widget

Don’t Miss

Cyber Deals: Datadog, AutoRABIT, Teleport, YL Ventures

Corey Campbell

CYBERSECURITY VENTURE FUNDING AND MERGERS: This week’s largest venture rounds INVOLVED Identity and Access Management, email security, and API security. Observability and managed security TOOLS REMAIN STRONG TARGETS FOR STRATEGIC BUYERS. Funding SaaS observability company Observe, Inc. has secured $70 million in a series A-2 funding round with participation from Sutter Hill Ventures (SVH), Capital […]

Abnormal Security Raises $210M in Series C Funding Round

SecureDisruptions

Abnormal Security, the leading AI-based cloud-native email security platform, announced today the close of a $210 million Series C round of financing led by global software investor Insight Partners, with participation from Greylock Partners and Menlo Ventures. With this round, the 4-year-old company is now valued at $4 billion. The move to hybrid work fueled […]

Datadog to Acquire Hdiv Security

SecureDisruptions

Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today announced it has entered into a definitive agreement to acquire Hdiv Security, a leading security-testing software provider. The addition of Hdiv Security’s capabilities to Datadog’s Cloud Security Platform will enable a more comprehensive approach to application security. Hdiv Security’s product monitors application behavior to […]

Traceable AI Raises $60 Million IN Series B Funding Round

SecureDisruptions

Traceable AI, the API security & observability company, today announced it has raised $60 million in Series B funding. This new funding values Traceable AI at more than $450 million. This investment round was led by Institutional Venture Partners (IVP), and other investors include Tiger Global Management and existing investors Unusual Ventures and BIG Labs. Traceable AI plans to […]

Network Perception Secures $13 Million in Series A Funding Round

SecureDisruptions

Network Perception, innovators of operational technology (OT) solutions which protect mission-critical assets, announced today that it has raised $13 million in Series A financing. The funding round was led by The Westly Group with participation from Energy Impact Partners and other existing investors, including Serra Ventures, Okapi Venture Capital, Energy Foundry and SaaS Venture Capital. […]

Cyber Executive Moves: Accenture, CISA, Shift5

Julia Bischoff

The CISA and Department of Energy gain new cybersecurity veterans. CISOs Connect names a new president. Information technology management company Accenture appointed Paolo Dal Cin as global head of Accenture Security and as a member of Accenture’s Global Management Committee. Dal Cin has been with the company since 2003 and most recently led security teams […]