Navigating an Evolving Landscape of Cyber Threats
In this webinar Marko Spremo, Bluewave’s VP of Sales Strategy (formerly Telapprise) and Theresa Lanowitz, AT&T Cybersecurity’s Head of Evangelism explore emerging risks affecting mid-market enterprises and how business can reduce their exposure to disruption.
Topics we cover:
- Updates to the global threat landscape and emerging attack vectors: why not only big corporations are at risk
- How to leverage your cybersecurity budget for biggest security posture returns
- Best practices for training and educating employees on cybersecurity
- What cybersecurity considerations does a remote or hybrid workplace strategy necessitate?
- Managed security partnerships: maximum threat defense or wasted money?
Marko Spremo (00:06):
Good morning, everybody. Thank you for attending the navigating an evolving landscape of cyber threats. We’ll give everybody a couple of minutes here to log in and we’ll start at 10:02 Pacific.
Marko Spremo (00:19):
Marko Spremo (01:24):
Okay. Welcome, everybody. We’re just waiting for everybody to log in for a couple of minutes. We’ll start at 10:02 Pacific time.
Marko Spremo (01:44):
Okay. Good morning, good afternoon, everybody. Thank you for joining our event here called navigating an evolving landscape of cyber threats. As you know, cyber security is becoming something more and more everyday all of us not just from a corporate standpoint, but from an individual standpoint are running into every day. There was one yesterday with the T-Mobile issue. We’re seeing all these different things happen daily. And so as part of our webinars series, we did one a couple months back around SASE adoption, avoiding the pitfalls many companies face with [Ocado 00:02:19].
Marko Spremo (02:19):
Today, we are conducting our webinar around navigating the evolving landscape of cyber threats with our partner AT&T. The goal of today is to cover really five different topics, updates to the global threat landscape and emerging attack vectors. Why not only big corporations are at risk. How to leverage your cybersecurity budget for biggest security posture returns, three best practices for training and educating employees on cyber security.
Marko Spremo (02:45):
What cybersecurity considerations does a remote or hybrid workspace strategy necessitate. And last but not least managed security partnerships. Is it maximum threat fence or is it wasted money?
Marko Spremo (02:58):
For those of you that don’t know who we are here at Telapprise, we help clients translate the telecom and technology chaos in what we call streamline efficiency by helping our clients manage through what we’ll call the Technology Life Cycle of Pain. We do that by helping clients identify source, procure and implement solutions from the carriers and providers as a value added representative of our partners.
Marko Spremo (03:21):
As mentioned today, AT&T is our partner here, and I think a lot of organizations don’t realize how great of a cyber security stack acknowledge AT&T has. Following today’s session, we will be providing a copy of the AT&T, release AT&T cybersecurity insight report, as well as Telapprise will be providing a copy of a footprint scorecard of your company’s security posture.
Marko Spremo (03:46):
With that two real quick items of housekeeping, three items, actually. One, we want this to be interactive, so if you have questions as this goes through, please ask them so we can answer them. One of the things I think with cybersecurity in the book from Scott Augenbaum, who manages the FBI cybersecurity task force, there’s really four truths of cybersecurity, and I think this is really important before we get started.
Marko Spremo (04:13):
One, nobody here ever expects to become a victim. Two, you’re probably not getting your money back if it is taken. Three, the bad guys, they are probably not getting arrested. And four, the majority of the attacks can be prevented from a cybersecurity perspective. With that happy to introduce and thank you again, Theresa. Introduce Theresa Lanowitz, who is the head of communication evangelism for AT&T cybersecurity. I think we’ll have a great session and all learn a lot from Theresa’s point of view and really appreciate you taking the time. Theresa the floor is yours.
Theresa Lanowitz (04:55):
Thank you very much, Marko, and thank you everybody for attending today. Really looking forward to this session. And you see on our screen, we began with a poll, and the question is, what is your biggest cybersecurity concern today? Stolen credentials, falling victim to ransomware, DDoS attacks disrupting my business, nothing, my business is fully protected and something else. And I am really, really happy that nobody chose nothing, my businesses fully protected.
Theresa Lanowitz (05:22):
I think three, four years ago, we would have had people choosing, yeah, my business is fully protected. And where we have most of the responses right now is that people were saying… we have 75% that say falling victim to ransomware is their top concern, followed by stolen credentials, and then DDoS attacks, and then something else. And I’d be curious if that’s something else was a combination of ransomware with DDoS attacks to aid in the negotiation tactics. So we have seen this big spate of ransomware, and so this webcast is really, really timely in terms of what we’re going to talk about.
Theresa Lanowitz (05:58):
Let me share these results very quickly. Everybody should be seeing the results, and as I said, the number one concern that people have now about cybersecurity is falling victim to ransomware, so this is really an appropriate discussion that we’re going to have today. Just going to close this window down.
Theresa Lanowitz (06:20):
As Marko mentioned my name is Theresa Lanowitz and I’m head of evangelism for AT&T cybersecurity, and I assume that everybody knows who AT&T is. But AT&T cybersecurity is some a name that you may not have heard a whole lot about. AT&T cybersecurity, we have been around for 25 plus years with our consulting practice and our Managed Security Services practice. And if you think about it, AT&T we have been securing the network since the very first phone call, so we have over 140 years of managing and protecting that global network.
Theresa Lanowitz (06:57):
And our network today carries 446 petabytes of data per day. What we have from our Managed Security Services perspective is we have eight global SOCs or security operation centers that are operated 24/7/365, and those are around the world. And we also have a strong threat intelligence unit that if you use our managed services, that threat intelligence unit feeds the threat intelligence into what that team member inside the SOC is seeing, what those SOC analysts are actually seeing and help to make the best suggestions on remediation and so on. So AT&T cybersecurity has been around for quite some time.
Theresa Lanowitz (07:41):
And Marko, did you have anything you wanted to add to that?
Marko Spremo (07:43):
Yeah, I think one of the things that is really important is, and we’ll hopefully talk about this during our conversation is, how do you utilize that partnership and those resources? One of the things that we are seeing is more attacks happen every day. The conversation is becoming more and more difficult. We have a comment here, says, “I lose sleep over what is coming next. We didn’t talk about ransomware 10 years ago.” Yeah, we didn’t talk about these things and I think one of the things that a lot of organizations don’t talk about is the effect of just… This is not a tech thing, this is a business item.
Marko Spremo (08:24):
If you look at cyber insurance, we talked about this in other conversations, the insurance companies now are making it more difficult to support cyber insurance and process these claims because it is that difficult. I’m sorry. Go ahead, Theresa. Go ahead, sorry.
Theresa Lanowitz (08:43):
No, you’re absolutely right, we didn’t talk about ransomware 10 years ago, but it’s just getting so much easier. This slide I have up now talks about how these cyber risks continue to evolve. And if you think back to the mainframe days, think back before we had PCs in every department inside of an organization. Think back to the mainframe days, the biggest risk you had with mainframe security was that somebody would walk into that data center in the four walls of your organization, spill coffee on a keyboard, accidentally kick a plug out of the wall. That was your big cyber risk.
Theresa Lanowitz (09:14):
And back in 1971, the Creeper virus was written and it was just to show that software could move from computer to computer. There was nothing malicious in it. But as soon as compute power became democratized and we moved out of that data center and we moved to the PC land, where every network inside a department was connected, we were running in client server environments, we started to see viruses and worms pop up. And they were largely an activity by these hobbyist hackers that were out there.
Theresa Lanowitz (09:46):
The hobbyist hacker just wanted to go out and say, “Hey, here’s my fingerprint, I left it. Ha-ha. I was able to break into your network.” Fast forward to where we are today and the whole idea of cyber security has just mushroomed. And we have web applications that we have to protect, mobile applications that we have to protect and secure. We have to protect everything we’re putting up into the cloud. So what we have to protect, our intellectual property, our customer data, and so on has grown exponentially since the very first days of the client server world and those PCs being put out into the department.
Theresa Lanowitz (10:21):
And that adversary has evolved from the hobbyist hacker who was not intending to do any harm, but that adversary has now evolved to these very well coordinated gangs, the ransomware gangs, if you will, who are financially motivated. They’ll come and they’ll put ransomware on your network and work with you to have that ransom paid. You have hacktivists who want to do everything they possibly can to take your website down, and we have seen it as time and time again, and they do that with a lot of DDoS attacks. And then we have these well-coordinated nation states.
Theresa Lanowitz (10:58):
So what this is saying is that we have more attacks now, our attack vectors are more than what we have seen in the past. We have IoT devices that are coming onto the network in massive numbers and expanding that attack surface dramatically. And then as we move to the edge and everybody thinks about the edge a little bit differently, whether the edge is the cloud, your city, your farm, your car, your house. May be something that you are wearing on your body, or maybe some type of medical device that you have implanted in your body, that edge changes over time.
Theresa Lanowitz (11:32):
And so where we are now is the adversary has really… They have perfected this cyber crime to a science, you can go onto the dark web, buy ransomware as a service, which is what a lot of these gangs are doing, and then launch that attack against whoever you want to launch that attack against. And it has been very… they have been quite successful at it. And what we’re seeing is the adversaries are using ransomware and DDoS in conjunction with one another to further those attacks.
Theresa Lanowitz (12:02):
And maybe that’s what some of our audience members were alluding to when they said it was something else besides just DDoS, or ransomware, or stolen credentials. So we’re seeing that ransomware even in and of itself is evolving. It’s very easy to get, and you buy it on the dark web and you don’t need to be that technical. If you think back to last year, a couple of years ago, you had to be fairly technical to launch these attacks. You buy these services ransomware as a service, you buy it on the dark web, and it comes with complete support.
Theresa Lanowitz (12:31):
It’s just like going out and buying any other type of software product, any other type of software as a service where you can get help. So you don’t necessarily have to be really technical to launch these attacks. That’s really where we’re going, and one of the things that we do every year AT&T is we publish a thought leadership piece called The AT&T Cybersecurity Insights Report. And one of the questions we asked in our last report was we wanted to know from people, whether or not they expected that as they modernize their network, whether or not they’re going to see more attacks, less attacks.
Theresa Lanowitz (13:06):
And 76% of the survey respondents said that they expect to see wholly new attacks emerge as they start their network modernization, as they start to bring in more IoT devices for competitive business reasons. And the other 24%… Well 76% said, “Yeah, we expect to see new attacks.” The other 24% said, “Well, we won’t see new attacks. We expect to see a volume metric increase in attacks.” So that’s telling us that people really definitely have the idea of cyber crime on their minds and that it’s something that they know that whatever they are connecting to that network, whether it is an application, whether it is data, whether it is an end point, they know that they have to actually protect whatever they are connecting to that network.
Theresa Lanowitz (13:51):
So we see these risks continuing to evolve, and what we know this year is, in the first half of 2021, we have seen a 92% increase year over year in ransomware attacks from where we were the first half of 2020. And we know these adversaries are very, very committed because what we saw at the beginning of the pandemic were more phishing attacks, more DDoS attacks, more ransomware attacks. And they were going after organizations that you thought, well, during a pandemic, maybe they would show sort of some kindness to hospitals, schools, churches, those types of things.
Theresa Lanowitz (14:27):
And those organizations were attacked just as ferociously as other types of businesses as well. These attacks are continuing to evolve. And Marko, do you have anything on this one that you want to share?
Marko Spremo (14:42):
I was just going to say, going back two points, the types of attacks. You’re talking about DDoS, phishing, smishing, man-in-the-middle, malware attack, drive-by… The attack, it just gets bigger, and bigger, and bigger. We talk about the report, we’re looking at network security, endpoint security, DNS health, applications security. Why is it important for organizations to think differently in the regard of it’s not just the large organizations?
Marko Spremo (15:17):
Going back to our first point of this webinar here, why is it important for organizations to think differently around, it’s not just the Fortune 100, 500, 1,000? That it is across the whole entire spectrum of business?
Theresa Lanowitz (15:33):
That’s a discussion point that we hear all the time, and it used to be, I think smaller organizations would say, “Well, they’re going to go after the larger, the Fortune 10. They’re going to go after the Fortune 10, the Fortune 100. I’m not really that big of a target.” That is not true. And I always get this question, “How do you really implement cybersecurity on a budget?” And if you think about it, every organization, whether you are the largest company in the world or the smallest a single person business in the world, everybody has a cybersecurity budget that they have to adhere to.
Theresa Lanowitz (16:07):
And what you want to be able to do is drive that operational efficiency into the cybersecurity budget. And the threat actors, the bad actors out there, they’re looking at organizations of all type. And what they’re doing is they are like water, they seek the path of least resistance. Some of these bad actors coming from emerging nations, if they can go in and they can get just a little bit of money from every attack that they perpetrate, that volume adds up.
Theresa Lanowitz (16:36):
So it doesn’t matter whether you are the biggest company in the world or you are the smallest company in the world, you are susceptible to cyber security attacks. You’re susceptible to some type of adversary getting into your digital assets that you need to secure. Whether that is intellectual property for life-saving medication, blueprints for a new plant, customer data that you have saved, healthcare data that is saved and so on. So everybody is at risk today, the cyber adversaries know no bounds.
Marko Spremo (17:12):
I saw something two days ago here in Silicon Valley, they’re actually starting to offer classes to teenagers to teach them about cyber security. It’s even going that far down the chain of the knowledge gap that they’re trying to educate everybody at a young age, just to understand these particular items. So it’s really interesting. From an AT&T perspective, so we talked about the slide early of all the different people, and staff, and services that AT&T provides.
Marko Spremo (17:46):
What do you see from an AT&T perspective across this large plane of cyber attacks? What is the biggest thing that keeps AT&T up at night?
Theresa Lanowitz (17:59):
The biggest thing is when we look at our clients, this slide talks about it perfectly. We have seen over the past year, the pandemic has pushed on this, some of these trends that were there before, but the pandemic has really accelerated these trends. We have this remote workforce, and remote work was one of those things that yeah, people were really saying, “I want to work remotely,” but now it was out of necessity that in March of 2020, everybody went home and started working remotely. So we had this sudden shift to remote work.
Theresa Lanowitz (18:32):
And then what we also see is that as a result of that sudden shift in remote work, if you recall back to the days, early in the pandemic when everybody was sent home to work, we saw people in the news pulling up to the front of their offices, putting their desktop computer in the trunk of their car, driving off. And now suddenly you as the company, that person, whoever was taking that desktop computer home, your corporate data may be sitting on somebody’s dining room table.
Theresa Lanowitz (18:58):
So what we saw was that after every organization got through this initial panic of, okay, we have to go to remote, we have to secure a remote workforce. What we started to see is organizations said, “We’re going to accelerate digital transformation. We were thinking about moving to the cloud previously, we were thinking about putting our storage in the cloud. We were thinking about using containers for our applications. We were thinking about using infrastructure as a service and so on.” But the pandemic really accelerated that digital transformation.
Theresa Lanowitz (19:28):
And I can tell you, prior to joining AT&T, I was an industry analyst, and we had been talking about digital transformation in the industry for probably a decade. And cybersecurity is now the center point of any digital transformation discussion. Before, what we see, what we were seeing is that security was seen as, oh, it’s going to take us longer to implement this because we have to have security at the core. And now you cannot have a digital transformation discussion without talking about security. And then of course these increased threats.
Theresa Lanowitz (20:03):
And so what we see, and you asked what keeps us up at night? What we see is that so many organizations are saying, “You know what? We’re not really equipped to fight cyber crime. It’s not our core competency. We build bicycles, we’re a financial services company. We sell flowers on main street. That’s our business.” And we want to be able to innovate for that bicycle shop, that financial services organization, that store that sells flowers on main street. We want to be able to make a better customer experience.
Theresa Lanowitz (20:35):
And we want to make sure though that our, our digital assets are safeguarded, and if we do have some type of event, some type of cyber event, we want to be able to act with confidence during that cyber event, and we want to help organizations drive that operational efficiency into their cybersecurity operations. That’s really where we come from from that point of view in terms of how we think we can best help our clients.
Marko Spremo (21:01):
Theresa Lanowitz (21:05):
We were talking about this idea of digital transformation and what the pandemic really spurred on in the year 2020. What we learned is that 2020 was the year that cybersecurity went from a technical problem to a business imperative. Cybersecurity used to be, you had the CSO in larger organizations, or you had the person inside of the IT department who was tasked with cybersecurity. Really smart people, focused on maybe reading some logs, really may be securing end points, they were doing some type of cybersecurity activity.
Theresa Lanowitz (21:40):
But 2020 really said, “You know what? Cyber security is not just a technical issue. It’s not just for this really smart group of people in the IT department or this really smart team working for the CSO. It’s really a business imperative.” When we saw everybody move to remote work and we knew that we had to have everybody secured, we had to have the network secured. People were going home, they didn’t necessarily all have laptops, they weren’t necessarily all road warriors, so had to make sure that the network was secure. We had to make sure that everything they were attaching to that network was secure. And suddenly cybersecurity became a big, big topic, and 2020 was really that year.
Theresa Lanowitz (22:15):
And if you have a CSO in your organization, the CSO’s role has changed dramatically, shifted really dramatically in the past year. That CSO is now a trusted advisor to the full C-suite, as well as to the board. And that CSO goes and advises and talks to the board about business outcomes on what that business risk tolerance really is, because cybersecurity is a business problem, it’s not a technical problem. And that CSO is now working cross-functionally, that CSO wants to help every organization make sure that they are going down this digital transformation path successfully, and that they are putting security at the center of everything.
Theresa Lanowitz (22:57):
And that CSO is still the leader of that internal security practice that has really now taken on more than just patching. In the past, the CSO may have been seen as, oh, it’s just the CSO or the IT person charged with security. Maybe they’re just there for patching. But they really have to start looking at these emerging technologies. They have to start looking at network modernization. They have to start looking at putting this security first mindset throughout the entire organization and making sure that proper security hygiene is ingrained in everybody in the organization.
Theresa Lanowitz (23:33):
You mentioned something really interesting that in Silicon Valley, they’re are teaching teenagers about proper security hygiene, which is just really awesome. And if you have an organization that is doing proper security hygiene, training people what to click on, what not to click on. How to really manage your passwords versus putting them on a sticky note under your keyboard or something like that. If you really have an organization that is training on cyber hygiene, that person takes that information that they learn at work, and they take it home.
Theresa Lanowitz (24:03):
They take it to their families, they take it to their friends. They suddenly become far more aware of what’s going on. And this is something that we all need to be much more aware of and it starts with the basics. So this is really where we see today’s organizations.
Marko Spremo (24:20):
If we can go back to just the slide just one second, and maybe you’ll touch on this there in a minute. But not everybody has a CSO. One, we know that there is a huge knowledge gap in cybersecurity security just in general, if you look at how many cyber jobs are out there and how many people trying to be trained on it. I keep telling everybody, I’ve been doing this longer than I care to admit, but it doesn’t get easier every year. It gets harder. Just there’s more and more stuff you have to know and learn just as technology evolves.
Marko Spremo (24:59):
And maybe you talk about this year in the coming slides, but what do we do for those organizations that don’t have a CSO? Maybe I’m a mid-market or large organization. I have IT team, I have a CIO. Where do I split the best practices of my roles between my IT team and maybe an outsource provider like an AT&T or another third MSSP provider? Where do I do that? Because not every organization has a CSO,
Theresa Lanowitz (25:35):
Yeah, you’re absolutely right, not every organization has a CSO, but every organization over the past year has certainly understood that cybersecurity needs to be a priority for them. So if you don’t have a CSO, but maybe you have somebody inside of your IT organization who is in charge of security, make sure that that person is being looked at more clearly in terms of what they can provide to the overall business strategy and work with managed security service providers, such as AT&T Cybersecurity.
Theresa Lanowitz (26:07):
We have a really wonderful consulting team who can come in and who can help you with your security posture assessments. They can offer a CSO as a service, so you can work with our consulting team. And that consulting team can then say, “Here’s what you’re doing really well internally. Here’s what you may want to use a managed security service for.” And if we recall back to those big complexities that we’re seeing, this idea of everybody being able to take on the task of running their own cybersecurity organization is quite daunting, because it…
Theresa Lanowitz (26:40):
And as you said, Marko, there’s a really, really big cybersecurity skills gap in the market right now. From ISC to independent organization, they estimated that in 2020, we were at a skills gap of about four million people globally. And in 2020, we made a little bit of a dent in that, but we’re still at three million. So three million people in terms of the skills gap globally by an independent organization, (ISC)².
Theresa Lanowitz (27:07):
So looking to bring on that trusted advisor in terms of a managed security vendor is really a good thing to do, and I’ll tell you, this is what we hear from so many clients all the time. We have one client, healthcare organization and they did not have a CSO. They had some really smart people on the IT team who were reading some SIM logs and saying, “Well, maybe we should do this, maybe we should do that.” And they knew they needed to do something much more than what they were doing.
Theresa Lanowitz (27:39):
And they were only running these logs, they were only monitoring their network, looking at what was going on. They were only doing that during business hours, 9:00 to 5:00 every day. Well, they went home for a long weekend, and so they were off Saturday, Sunday, Monday. And when they came back in, they found out that they were the target of ransomware, a healthcare company, target of ransomware. So they were able to negotiate with the adversary. They did not pay the ransomware, they were able to negotiate with the adversary and they did not publicize the data. Thank goodness.
Theresa Lanowitz (28:10):
But what happened at that moment, at that moment, the C-suite executives, the CEO, the CIO, the CTO, the CFO, the board, they all said, “You know what? Cybersecurity is something we really need to invest in. And we know there’s a cybersecurity skills gap.” And what they did was they went off and they said, “Let’s bring in a Managed Security Services provider.” And what they ended up doing was they did the evaluation and they brought in AT&T from a cybersecurity perspective. And they were also an AT&T network customer.
Theresa Lanowitz (28:42):
So if you’re using the AT&T network and you are looking at a Managed Security Services, it makes sense to look at AT&T from a cybersecurity perspective. What that does is it helps to make your network more resilient and you have a single point of procurement for the network, as well as cybersecurity, and a single point of support contact if there is a problem, because nothing is 100% full proof. That’s a really just a really quick story about one of our clients who said, and they said it verbatim is that cybersecurity that day went from being something that was a technical issue, that these really smart guys were taking a look at to really being a business issue.
Theresa Lanowitz (29:20):
And we see this now with the CSO realities, and this is what every organization is really struggling with, digital transformation, security has to be a centerpiece. You want to have somebody advising your board on risk, the risk appetite and what your security risks can be. And that leading with a security first mindset says that we are going to start at the top, we’re going to do a really good job of educating our people on the cybersecurity basics, hygiene, and so on. And we also have a really great white paper that we wrote at AT&T cybersecurity on cybersecurity maturity.
Theresa Lanowitz (29:57):
I think one of the things, and this goes back to the question that you asked earlier. So many organizations think, the biggest companies in the world, they are the most mature, they’re not going to have any problems. And we did some research and what we found out was that it does not matter how large or how small your organization is to determine what your maturity is. What matters is the processes you have in place, the procedures you have in place. So you may be a very, very small company and be very, very mature.
Theresa Lanowitz (30:26):
I believe we also have that white paper that we can distribute to our attendees today, looking at cybersecurity maturity.
Marko Spremo (30:35):
Theresa Lanowitz (30:38):
I mentioned the AT&T Cybersecurity Insights Report, one of the things we learned in our current report is that the journey to zero trust is well underway. And you’ll hear the words zero trust thrown around. We have 94% of our survey participants, this was a global survey say that they are on their journey to zero trust. And it’s really important to realize that zero trust is not a product. It’s not something that you can go out and sell to people and say, “Aha, now your zero trust certified.”
Theresa Lanowitz (31:06):
Zero trust is really this framework and this mindset to say that we are going to trust no person and no thing. And this is especially important as we start to see more IoT devices connecting to the network. And we’re going to verify every person and everything. It used to be that if Marko’s sitting inside of his organization, he doesn’t have to be verified because he’s trusted, they know that it’s Marko. But with zero trust, it says, “Everybody and everything needs to be verified, and we’re not going to trust every person and everything.”
Theresa Lanowitz (31:39):
And this becomes especially true once you start to add IoT devices. This is especially true if you’re concerned about securing a global supply chain, if you’re working with a lot of third-party vendors. It’s really important even internally, you make sure that you’re doing the proper network segmentation so that your engineers working over here on your intellectual property, they can’t just very easily go into the HR system and get all of the records, and salary data, and private information that an HR organization needs to contain.
Theresa Lanowitz (32:14):
And likewise, you don’t want that HR person going over into the engineering area where they may be working on some sort of new design, some type of new model of car, or some sort of a new medication, that sort of thing. So, that idea of network segmentation is really important. And we look at applications, we know that organizations are saying that 83% of… In our survey, 83% said that web-based app attacks are a big challenge to address. So we want to make sure that we’re securing those applications as well.
Theresa Lanowitz (32:46):
So often the application’s kind of, don’t get mentioned. We’re concerned about securing the network, but we want to make sure that we’re securing those applications as well. And what we also found out, we’re living in a software-defined world and the results of our last survey really show us that we are living in this software-defined world. The attack surface is expanding, we’re putting more and more IoT devices out there. Those IoT devices, sometimes we forget about them. We say, “Oh, that initiative is over.” Maybe we don’t disconnect them all.
Theresa Lanowitz (33:14):
So, that gives the cyber adversary an entree into your network. So, organizations are really concerned about securing data, securing access to IoT, securing applications as well. And people are concerned about data breaches, new vulnerabilities that may be entered in through their software applications and so on as well as DDoS attacks.
Theresa Lanowitz (33:40):
But ultimately what we at AT&T cybersecurity realize is that you have a business to run. Whether you are building bicycles, you’re a financial services company, or you’re selling flowers on main street. You want to be able to innovate for your customer experience, but you also want to make sure that you are safeguarding those digital assets, regardless of what they are. And you want to be able to act with confidence. If you do have some type of cyber security event, you want to make sure that you’re working with a trusted advisor that can help you in that time of cyber uncertainty.
Theresa Lanowitz (34:12):
And what you also want to be able to do is drive efficiency into your security operations. Marko mentioned the cybersecurity skills gap, which is very real. Using something like AT&T Cybersecurity Managed Security Services, you can drive that efficiency into your security operations. With AT&T cybersecurity, what we offer is the people process technology and accountability. And again, if you are using the AT&T network and the AT&T Cybersecurity Managed Security Services, it helps to make your network more resilient.
Theresa Lanowitz (34:44):
And your network is a reflection of your business, so whatever you have on that network that you really have to focus on protecting, regardless of what your business is, you can do that with AT&T Cybersecurity Managed Security Services.
Theresa Lanowitz (34:57):
That’s pretty much all I have from my side. Do we have any questions from our audience?
Marko Spremo (35:02):
Yeah. I have a few questions as… Going back to some of the items of covering, and thank you for the insight and visibility. I think the first question that most clients ask, “Where do I start? I don’t have an unlimited budget and it’s…” When we talk to clients, we’re talking about hardening the target, just like your home, if you don’t have an alarm system at home, if someone doesn’t see that, well, and they see the one next door, they see one down the street, probably the one that doesn’t have the alarm system makes it a lot easier.
Marko Spremo (35:38):
But from that standpoint is what… I don’t have an unlimited budget. I’m IT, we know this that between IT and finance, there’s always an issue of trying to get monies. I think the conversation and dialogue is starting to change as we’re starting to see about how important this is, because just like insurance, you mentioned insurance before, just like insurance, you never need it until you need it and you don’t want to spend money on it until you need it. But when it happens, boy, are you happy that you have it because that cost out of pocket would be, same thing here you cripple your business.
Marko Spremo (36:15):
If I’m a business owner or I’m someone on this webinar, where do I start? Where do I get… If I have X amount of dollars, what’s step one? If I needed 10 steps, where do I start in step one? And what am I going to get the most value from that amount of investment, if you will?
Theresa Lanowitz (36:37):
Really great point. Cybersecurity is a journey, not a destination. Cybersecurity is constantly evolving. When we started out this webcast, you said that five years ago, we didn’t talk about ransomware. So cybersecurity is a journey, it’s not a destination. What we can provide AT&T cybersecurity are basically two ways to engage with us. First is through our consulting team. And if you’re out there, you don’t really have a cybersecurity team, you’re not really doing anything on cybersecurity. You’re that house at the end of the street without the lock and the bad guys are just saying, “Hmm, that looks to be like my target.”
Theresa Lanowitz (37:14):
You can engage with us with our consulting team. The consulting team can come in, they can help you with a security posture assessment. They can run some exercises with you and so on. And from there, that consulting team can also help you understand how you can work with our Managed Security Services team. Do you want to go and have endpoint protection? Do you want to have your endpoints managed through our Managed Security Services? Do you want to have your network managed? Do you want to have threat detection and response managed so that you are constantly aware of the threats that are hitting against your network?
Theresa Lanowitz (37:51):
There are a variety of ways to engage with us. If you have nothing, I would say, start with consulting. If you have something, start with consulting, because they’ll be able to help you understand what your organization should really look like. And from there, the Managed Security Services will play out, determine what you need to protect inside of your organization. Do you have a lot of people in the field with a bunch of different devices, phones, laptops, tablets other types of physical devices, and so on? Maybe you are really, really good candidate for managed endpoint protection, which we offer.
Theresa Lanowitz (38:28):
Managed threat detection and response is also a really good way to understand what’s going on across your network, getting that information from everything that is going on in your network.
Marko Spremo (38:41):
From that that standpoint, would it be fair to say from what you see as somebody who’s doing this every day and evangelizing this topic for AT&T, is it fair to say that clients don’t necessarily know what to ask or where to go? And that is something that is part of a discovery that really should sit down with somebody from a cybersecurity, either MSSP, or an AT&T, or third party? Because I know in a lot of things that we see, when we start talking to clients, they don’t necessarily know what they don’t have and you can’t manage what you can’t see.
Marko Spremo (39:20):
Is that a fair assumption and statement from your viewpoint of sitting and having all these conversations as an expert in cybersecurity?
Theresa Lanowitz (39:28):
Yeah, absolutely. And I think that you’ll hear when you talk to somebody from the AT&T cybersecurity side, whether it is somebody from our consulting team or somebody from our managed services team. They’ll tell you that people are shocked at what our teams are able to uncover in this dialogue, in this discovery session, and it’s okay. I think everybody is in that same situation, and because you’re business, you’re focused on whatever your business is, and we are the experts in cybersecurity, and we can help you become a more proficient.
Theresa Lanowitz (40:06):
We can help you become better protected. We can help you prevent a lot of those problems that you have been having. So yeah, that discovery session is really, really good. And it goes back to Henry Ford. If Henry Ford had asked customers what they needed, they would have said, “We need faster horses.” And Henry Ford came and said, “You know what, but there’s a different way. There’s a better way than a horse. There’s this thing called the automobile.”
Theresa Lanowitz (40:32):
And that’s when you sit down and you have that discovery session with our team on the consulting side, on the managed security side. They’re able to uncover the needs that you have, and you may not even know what your current needs are. So I think that’s a really, really fair point. And don’t be afraid to ask questions, that’s what our teams are for. Don’t be afraid to ask questions.
Marko Spremo (40:56):
One of the things that we’ve been seeing, when we help clients optimize their spend, and contracts, and services, and things of that nature, what we’re seeing is, people are struggling having to find budget for cybersecurity. And so we’re doing that with those monies that typically people would save and put back in, “Okay, I’m going to reduce my operational expense.” They’re trying to take that money and put it into cyber because they know how important it is once they start going through the discovery.
Marko Spremo (41:25):
A couple of questions, and this is where I think the… We all talk about the cloud and we talk about hybrid, so we have a question from the audience. How do we ensure the level of security from the cloud providers, the SaaS providers? Isn’t that enough? They’ve got the cybersecurity, so all I’ve got to do is log into it, what’s the big deal? What do I have to do?
Theresa Lanowitz (41:51):
I love that question because a few years ago when cloud was becoming popular, I think so many organizations thought, I’m using this public cloud provider, name your favorite public cloud provider. And any application that I put out there, I don’t have to worry about securing. And we saw what happened with that. That was definitely not the way to go. What you really need to do is you really need to make sure that whatever you are putting into the cloud, that it is secure.
Theresa Lanowitz (42:15):
Yes, the cloud providers are providing that infrastructure security, but whatever you put in there, whatever is your intellectual property, your applications, your data, your endpoints, your services, and so on, you have to be concerned about securing those. And in fact, in our AT&T Cybersecurity Insights Report, we wrote about this concept of the shared responsibility model from a network provider point of view. The network provider for the network is going to provide you with a certain amount of inherent security in that network.
Theresa Lanowitz (42:45):
But you, you’re connecting your data, your applications, your endpoints, your services, you have to make sure that you are protecting whatever you are connecting to that network. And so in the AT&T Cybersecurity Insights Report, it’s figure seven, it’s one of the things that I love to talk about a lot is this concept of shared responsibility. What we’ve found out is that when we ask people about, and this was with regard to 5G network, so a network modernization play.
Theresa Lanowitz (43:16):
When we ask people about what they thought about 5G and security for their applications, for their data, for their end points. 50% of the survey respondents said, “You know what? 5G out of the box is good. I don’t have to do anything.” The other 50% said, “Wow, this is a whole new network architecture. We’re going to be doing things differently. We’re going to have different devices. We’re going to have… Our applications are going to look completely different. We’re going to have a lot of non-duty types of applications. So we have to be concerned about what we’re going to do from a cybersecurity perspective and how we’re going to secure all of these things.”
Theresa Lanowitz (43:52):
So this whole idea of, I’m running on somebody else I’m not running the data center myself, I’m running in the cloud, I’m running on infrastructure that I am paying for from some other provider. You still have to make sure that you’re securing what you’re putting in there.
Marko Spremo (44:11):
I have a comment here, someone said, “We just implemented the cloud access security broker service.” What are some of the services from that standpoint that… I know that AT&T has its own portfolio, but what are some of the partners that you’re working with? Because I know one of the things that is… This is broad-brushed, it goes across very many spectrums of cyber. What are some of the things you can do to help in that arena?
Theresa Lanowitz (44:37):
The person was talking about CASB, the Cloud Access Security Broker. And if you’ve heard the term SASE, the Secure Access Service Edge, this is something where AT&T has really invested quite a bit over the past year. From a SASE point of view, you have the convergence of the network SD-WAN, along with cybersecurity controls, you have that modernization of the network. You want to have unified security and you want to build digital trust with people.
Theresa Lanowitz (45:01):
So you have SD-WAN, zero trust, which we talked about a little bit today. You have CASB, the secure web gateway, and a firewall. From a Managed Security Services point of view, this is saying that you’re living in a software-defined world, it is really about getting that single point of view from your SASE vendor about what is going on with your applications. And some of the partners that we work with on the Managed Security Services side, we work with Fortinet, Palo Alto Networks, SentinelOne, MobileIron is now Ivanti. We work with Check Point.
Theresa Lanowitz (45:43):
So we work with the biggest cybersecurity names in the business and we take that relationship that we have with them very, very seriously. And we make sure that we won’t… When you come to us from a Managed Security Services point of view, we make sure that we’re offering up the best option for you for what your organization needs, and we work with you on defining that.
Marko Spremo (46:08):
So all these different acronyms, service sets how do I… Last couple of questions really. How do I as an end user educate and what is the best practice for me to train and educate the employees in cyber? I can put all these different tools in place, but how do I educate these pieces and where do I start? Because again, going back to the, I don’t have an unlimited budget to do all these things, but I think education is really important. A lot of people don’t even understand about, you log in and you talk about leaving a password.
Marko Spremo (46:50):
I was at a place last night, literally they asked me to log into their computer, and then, “Can you put your password on a piece of paper?” “No and no. that’s not going to happen. You’re nuts.” The education piece, not everybody understands what we’re talking about from end users standpoint and maybe from IT. But how do we educate end users? And where do I start?
Theresa Lanowitz (47:17):
That’s a really, really good point. If you have nothing right now inside of your organization, it’s that cybersecurity hygiene. And this is something, we were talking about cybersecurity and the budgets that go along with it. This is one of the least expensive things that you can do in terms of training people what to look for in a phishing attack, which links should you click on? How do you determine if a link is actually safe to click on? So you can run these types of exercises inside of your own organization, teaching people about password protection.
Theresa Lanowitz (47:50):
And one of the things, as a cybersecurity industry, October is cybersecurity awareness month, and it’s great that October is cybersecurity awareness month, but you should be aware of cybersecurity every single day. This goes back to what you were just talking about, Marko, the basics. Just working in your organization to help people understand what the basic cybersecurity hygiene practices are. And that’s something that you can do very easily and very inexpensively. Once people start to understand that and once your employees start to understand that cybersecurity is everybody’s responsibility, it gets taken far more seriously.
Theresa Lanowitz (48:30):
I mentioned October, cyber awareness month, do something every single day to help remind people that cybersecurity is their responsibility. Put out a little email, put out a little reminder, do things to make it… Gamify it, make it fun, make it interesting for people to learn about. And those are some very, very basic things that you can do. And one of the things that I always like to advocate for is that if you have a cybersecurity team, that cybersecurity team should do some lunch and learn sessions so that people understand not what they do.
Theresa Lanowitz (49:07):
Not that, oh, we’re looking at this SIM log and we’re looking at all of these attacks, and look at all of these attacks that we have prevented. It’s the why. Talk about why you do things, talk about the business risk that you are reducing. Talk about the fact that you are preventing adversaries from coming into your organization and taking your intellectual property. Talk about the fact that your business, your website is up and your website contributes to 85% of your overall revenue. And because website is so secure, your customers have trust in it.
Theresa Lanowitz (49:45):
So talk about the why of what you do, not the what of what you do. So make it about the business and at the end of the day, why what you do is so important and so powerful. And if you don’t have a cybersecurity team, bring on a Managed Security Services provider like AT&T. Have somebody from AT&T for example, come in and talk to your teams in lunch and learn sessions and so on. That’s a really good way to get started just with the basics.
Marko Spremo (50:15):
The last item/common/question that I have is, one of the things we talked about was this… As we’re all still in remote and hybrid and whatever that future holds, hopefully one day, we were talking about prior to starting this, how we missed looking into a camera is not exactly the same thing as sitting with an audience, and we miss that. But if I was sitting across the table in a room with you, and you said, “Okay this is… We’re not moving for the foreseeable future, hopefully it’s sooner than later.”
Marko Spremo (50:55):
But where do I start with the environment that I am today? If there were three things you can state as somebody who’s running an IT or a business owner, what are the three things I need to start with? If you said, “These are the absolute one, two, and three things you have to do in the environment we are today,” what are those things?
Theresa Lanowitz (51:15):
I would say, cybersecurity basics, understand your environment, understand your risks, understand what risks come with that environment. And protect your network, protect your endpoints and manage your threats. Those are the big things I would say.
Marko Spremo (51:33):
Okay. As an IT person, how do I go about giving that budget? What’s the thing I need to tell my team? What’s the thing I need to go to my board or my executives to say, this is why you need to learn and understand about cybersecurity, this is the threat?
Theresa Lanowitz (51:54):
It’s that justification, and it can’t be, “We need to buy XYZ tool because we need to know ABC is happening on our network or this is happening against our end point.” It has to be in business language. So puts a justification forward in business language. Here’s why we need to do this. If we don’t secure, if we don’t understand what threats are coming at our endpoints, if we’re not securing our endpoints, we run the risk of an adversary attacking an endpoint, moving laterally through our network and taking down our entire infrastructure.
Theresa Lanowitz (52:29):
And that means our website is down, and that means that people cannot order whatever they order from us, our E-commerce has gone. That means that we have lost some customer trust in the market. If you’re a publicly traded company, that means that you may have lost some shareholder trust as well. Your stock may be impacted. Frame everything, train the justification in business terms. Don’t go down the rabbit hole of saying, “Here are all the technical reasons why we need to do this.”
Theresa Lanowitz (52:59):
Frame it in business terms, frame it in very clear business terms about what you’re going to lose if an attack happens monetarily, and what you’re going to gain by making sure that you are more secure. This idea of digital trust among companies is really gaining traction. We’ve been hearing about this in the marketplace now for probably the past 10 years or so, but with this recent spate of cyber attacks, especially in ransomware, and now with the cyber gangs using DDoS attacks as negotiating tactics, we’re really hearing a lot more about digital trust.
Theresa Lanowitz (53:35):
So do I want to do business with you? How trustworthy are you? How trustworthy is your supply chain? Do you have proof that you have secured your digital supply chain? And those are the types of things that customers are going to be looking at in the future, B2C as well as B2B moving forward. So this whole idea of cybersecurity is now, as we talked about it in the beginning, it’s moved from being a technical issue to being a business issue. Raise the point at the business issue, justify it from the business perspective.
Marko Spremo (54:06):
Well, thank you. Appreciate that. We really, really appreciate it. And Theresa, thank you for putting this together and then having a conversation, and joining us, and taking the time. Thank you to all the attendees. We don’t have any more questions. Theresa, from your point of view, is there anything that we did not discuss that you wanted to discuss in our topic of conversation today that we missed?
Theresa Lanowitz (54:32):
We had a pretty wide ranging conversation, but I would say, it is really about making sure that you can innovate for your business, innovate for your customer and make sure that you are securing those digital assets. Being able to act with confidence if an event does occur, and also being able to drive that efficiency into your security operations. So overall making it safer for your business to innovate.
Marko Spremo (54:54):
Thank you so. Thank you to everybody for attending. Theresa, thank you very much again for the time. We’ll be sending out the cybersecurity insights report to everybody that attended, as well as for those that attended from a corporate email address. We’ll be putting the threat footprint scorecard together as well and reaching out to you with that information. Thank you so much. This topic, I’m sure we’ll be talking about it again because it is eve-evolving and ever-changing.
Marko Spremo (55:23):
Thank you, everybody for your time, we really appreciate it, and have a great day.
Theresa Lanowitz (55:27):
Marko Spremo (55:29):
Thank you. Bye-bye.
Marko Spremo (55:31):