The Role of Managed Service Providers for Cybersecurity with Thomas DeMayo

In this episode of CHATTINN CYBER, Marc Schein interviews Thomas DeMayo, Principal in the Cyber Risk Management group with PKF O’Connor Davies, LLP. Thomas is the lead Cyber Risk Adviser and Auditor for the firm. He is responsible for implementing and designing the Firm’s Cyber Security service offerings, audit programs, and testing procedures. Thomas consults in IT governance, information security, threat and vulnerability management, privacy, and IT compliance. Today, he shares his backstory of getting into cybersecurity and what he’s learned from his journey so far.

Even as a kid, Thomas had a fascination for computers. After graduation, he ended up taking a job in network engineering at PKF O’Connor. Later on, he was asked to check on the firm’s systems, IPS, and calculations. That led him to shift to cybersecurity. And around 2006-2007, he already had clarity on what he was supposed to do going forward.

Thomas talks about the client benefits of partnering up with someone who has both cybersecurity resources and tax intellect. They can advise clients on a more cyber-specific path and help control their program. That’s invaluable to a lot of clients.

Towards the close of the conversation, Thomas talks about the future of a hybrid work environment. Hybrid working may or may not persist for a long time. But it is something that is not going to go away any time in the near future.

Quotes:

“Even as a kid, I was kind of always fascinated with getting the computer to do what I wanted.”

“We are those trusted advisors who are able to come in and say, yes, we can help you, we could advise you on a more cyber-specific path and help you control your program. That’s invaluable to a lot of clients.”

“When we’re helping them, we’re advising them on what they need, and that’s what matters; that’s the key thing.”

“You have to challenge them to make you understand what their cybersecurity program is, or at least ask them, show us what your basic cybersecurity policy looks like. I think that’s going to start to help you understand you even have a level of formality.”

“As the world wakes up and really starts to focus on this, they’ll start to look at that supply chain risk.”

“Some businesses based on their business model will realize that this really does work. Our employees are happier and are still productive; we don’t need to be in the office to do certain things.”

Time-Stamps:

[01:43] – Thomas explains how he got into the field of cybersecurity.

[03:58] – The benefits of partnering up with someone who has both cybersecurity resources and tax intellect.

[08:33] – Reasons why more clients are engaging in services related to cybersecurity.

[10:10] – Questions clients should be asking their Managed Service Provider.

[13:25] – Where do you see this hybrid work environment going in the next 18 months?

Connect with Thomas: 

LinkedIn: https://www.linkedin.com/in/thomas-demayo-002bbb71

Website: https://www.pkfod.com/people/thomas-demayo/

Email: tdemayo@pkfod.com

 

 

 

 

 

Top Three Cybersecurity Threats And The Industries Most Affected With Jennifer Coughlin, part 1

In this episode of CHATTINN CYBER, Marc Schein interviews Jennifer Coughlin, Founding Partner at Mullen Coughlin, a law firm exclusively dedicated to representing organizations facing data privacy events and information security incidents and the need to address these risks before a crisis hits. Jennifer focuses her practice solely on providing organizations of all sizes and from every industry sector with first-party breach response and third-party privacy defense legal services. In the first part of the conversation with Jennifer, we explore her journey to Mullen Coughlin, the top three cybersecurity threats organizations have faced in the past couple of years, and a detailed analysis of the industries most prone to the attacks.

Jennifer got into cybersecurity after John Mullen suggested the same to her decades ago, even before he got his first cyber case. They started their own cybersecurity firm Mullen Coughlin, which recently celebrated its fifth anniversary. Beginning with 13 attorneys, Mullen Coughlin expanded itself over the years and now has a team of 95 attorneys involved in data privacy and cybersecurity counseling. It is the largest privacy law firm in the US.

Cybersecurity breaches and vulnerabilities have increased in the recent decade. Jennifer lists the increase in incident response matters hence: In 2019, they had 2350 incident response matters, it grew to 3551 in 2020, and 3954 the following year. These numbers are not including the regulatory defense, litigation defense, and compliance.

The top three kinds of threats Mullen Coughlin handled in a recent couple of years have been ransomware attacks, business email compromises, and third-party events.

As Jennifer draws in from her organization’s reports, victim companies paid the attackers due to either of the following reasons:

  • The threat actor deleted the data, and the victim organization didn’t have backups because they were encrypted.
  • Or the victim organization had backups, but obtaining the key was quicker for restoration purposes.
  • 26% of the time, payments were made only for key and delete purposes.

As statistics from 2020 show, only 25% of organizations paid the attackers ransom. 75% of the organizations agreed to take the risk as they didn’t find it worth paying for a promise from a threat actor. The percentage of organizations making payments for ransomware attacks came further down to 18% in 2021, indicating considerable progress in cybersecurity.

After assessing the likelihood of different industries being hit with cybersecurity threats, Jennifer breaks them down into 10 categories. As per her reports, in 2021, the top 10 industries affected by cybercrime (from the highest percentage of cases to the lowest) were as follows:

  1. Financial and Professional services
  2. Manufacturing and Distribution
  3. Healthcare and Life Sciences
  4. Technology
  5. Hospitality and Entertainment
  6. Education
  7. Government
  8. Non-Profits
  9. Energy
  10. Others

Compared with the reports from 2020, the Manufacturing and Distribution industry remained at the second position. Evaluating the possible reasons for the consistently high levels of cyber threats in the industry, Jennifer says it could be because of inconsistent deployment of cybersecurity practices in organizations and a lack of thoroughness about cybersecurity safeguards, laws, and regulatory compliance procedures.

Now, what do the threat actors do with the acquired data? They put it out on the dark web or get it sold.

Listen to the episode to get detailed insight into the explained cybersecurity threats and figures!

Highlights:

“We are as successful as we are because of every single person on our team. And we recognize that everybody, recognizes that they are valued, and they are part of helping organizations through these really scary events, defending them in regulatory investigations and litigation and also helping them be better before they experience (cybersecurity threats).”

“Just because data is taken and you pay for a promise of deletion from the threat actor doesn’t mean if there’s protected data in that exfiltrated data, you get to absolve yourself, of having to notify under the laws that apply to you. You still have to notify, even though you’re getting a promise from a threat actor, it’s never going to be enough for a regulator when you find out you didn’t notice. ”

“We’ve seen ransomware really evolve over the past few years. And it’s evolved to a point where threat actors realize if they exfiltrate data, they will be able to put more pressure on the organization to pay, because, one, the organization needs access to their data, and two, they don’t want to experience potential reputational harm or damage if their data is leaked out on the dark web.”

Time-Stamps:

[00:53] – Jennifer’s way into cybersecurity

[03:43] – Why is the percentage of organizations paying ransom to threat actors low?

[10:36] – The organizations most prone to cyber attacks

[17:05] – Why the Manufacturing and Distribution industry continues to remain at the second position for the percentage of cyber threats faced

 

Connect with Jennifer:

 

Website: https://www.mullen.law/people/jennifer-a-coughlin/

Cyber Security Threats and Strategies – with Hon. Michael A.L. Balboni

In this episode of CHATTINN CYBER, Marc Schein interviews Michael A.L. Balboni, CEO of Redland Strategies Inc. Prior to Redland Strategies, Mike worked as a New York State Senator and chairman of Homeland Security and Law Enforcement committee.

Born in Burns Town New York, Mike studied law and had a unique experience of serving in the New York State Senate for 10 years. Afterward, he went to Albany where he was appointed the first chairman of the Senate homeland security committee. As a chairman of the 9/11 homeland security committee, he learned all aspects of homeland security including cybersecurity. By acknowledging the risks of chemical plants he created regulations for the infrastructure protection – by passing legislation and supervising the implementation process – by the department of homeland security and emergency services within New York City.

His firm, Redland Strategies, assists companies and government agencies to develop and implement security strategies to improve business performance and maximize growth. For example, in the cybersecurity space, he helps companies to develop strategies for data management, data processing, storage, cyber breach issues, threats from an energy perspective (mainly due to sensors that are used for energy digitization which are itself Internet Of Things (IoT) components), etc.

Additionally he talks about the threats of malicious-payloads taking over a physical operating system (cross over from IT to OT) – for example manipulation of a nuclear power plant via cyber-attack. This type of threat was faced by the Ukraine in 2017 when their 2 nuclear power plants were disrupted as a result of internet manipulation.

Mike also talks about the importance of home network security. He says that it is now more important than ever to secure home networks because our society is moving toward a home-based virtual-workforce and cyber threats are growing continuously. According to the FBI home routers are vulnerable, so it should be everyone’s focus to invest in a cyber-infrastructure and cybersecurity. Having said that, everyone should understand that cybersecurity is not a destination, it is a journey; you must continue to evolve because threats are evolving.

Lastly, he shares his thoughts about the impact of Covid-19 on large organizations and the accessibility of the Covid-19 vaccine. He talks about sports organizations, they are employing the best strategies to keep their players, coaches, and staff safe. However, sports organizations right now are facing a huge challenge in bringing indoors. Everyone is waiting for the Covid-19 vaccine, but the distribution of a safe vaccine to enough people to bring us back to some sense of normalcy is not going to happen overnight.

Topics Discussed in the Podcast

  1. The journey of Michael A.L. Balboni’s professional life.
  2. Balboni’s experience of serving at New York State Senate and Senate Homeland Security Committee.
  3. Cyber threats from energy perspective and the role of digitization in that.
  4. Cyber attacks to take over a physical operating system (cross over from IT to OT).
  5. Recent presidential elections’ security.
  6. Importance of securing home-networks and investing in cyber-infrastructure and cybersecurity.
  7. Some fundamental cybersecurity strategies.
  8. Perks of working with the best and brightest people.
  9. Thoughts about the accessibility of the Covid-19 vaccine.

 

An interview with Darren Blatt CEO of Affiliate Ball

In this episode of Chattinn Cyber, Marc Schein interviews Darren Blatt, a pioneer of Professional Internet marketing and the CEO of Affiliate Ball.

Darren begins the conversation with a reference to how it all started for him and how he transitioned seamlessly into the industry that had the Internet at its center. He then reflects upon the definition of an Affiliate, pertaining to the Affiliate industry before getting into the technicalities of the contemporary world’s most prominent field — Digital Marketing.

Darren shares his comprehensive insight into how the huge trade shows across major cities such as New York, Vegas, San Francisco, etc., allows him to justify the marketing and branding efforts. To that end, he points out that throwing affiliate balls require utmost interaction, especially when the marketing methods have taken a massive and unprecedented turn during the pandemic. He goes on to describe how the pandemic has pushed him to tweak his approach to trade shows and how he has leveraged virtual connectivity to keep the flow intact.

Subsequently, Darren addresses working with celebrities and their impact on the marketing endeavors. Finally revisiting some of the best practices for effective marketing.

Key Takeaways:

  1. Heading to trade shows regardless of the industry or the industry segment is essential for learning.
  2. Targeting trade shows concentrated around the niche is even better and further attracts a great learning experience.
  3. Success in the digital world is guided by various underlying facets, with “asking questions” being integral.

Key Quotes:

  • “An affiliate is someone who gets paid on production” – Darren (3:43)
  • “Throwing Big Events are really some of the best branding and marketing you can do.” – Darren (5:40)
  • “But by the time we all get back in person, I think you’re going to see these events explode because people are dying to go back to listen to them” – Darren (13:30)
  • “There is 80 20 rule in marketing where 20 percent is what you know, and 80 percent is who you know.” – Darren (18:00)

Cyber Security: An Invisible War Fought From the Home Front

In this episode, Marc Schein interviews former Congressman Patrick Murphy. Beginning as a Division 1 athlete turned West Point faculty member, the Pennsylvania native eventually entered into a multi-tour deployment after 9/11 and then returned to the U.S. to serve in Congress. Accomplishing much more than the average American within just a few short decades, Murphy has experienced and witnessed some of the major formational moments that have rocked our country both for better and for worse.

Following in the footsteps of many war veterans like Sam Walton of Walmart, Ralph Roberts of Comcast, Phil Knight and Bill Bowerman of Nike, and Frederick Smith of FedEX, Patrick Murphy’s commitment to bolstering the success and advancement of our country did not end upon leaving the field or the office. Years later, this “soldier for life” finds himself once again serving the American people, this time in the form of cyber security.

Murphy explains, “In warfare, we [say that] the first four domains are air, sea, space, and land. The fifth domain is cyber. That fifth domain isn’t just in the battlefield. It’s here.” Schein and Murphy discuss how U.S. cyber safety is not a hypothetical, distant threat but an active, invisible war that exists both nationally and internationally. Financial institutions, energy grids, the telecom industry, and personal data are all at risk for a breach at any moment. “That war,” begins Murphy, “is being fought on your iphone and on your desktop at home…and at your workplace.”

Serving as a member of the Cyberspace Solarium Commission, Murphy meets weekly with other public and private sector leaders who, in part, are in charge of creating recommendation reports that detail a national approach toward cyber threats. Believing that these threats will only increase as we move into this new decade, Murphy advocates that we all need to participate in the cyber battle. Both public and private sectors should adhere to the recommendations released this March and learn to practice “proper cyber hygiene.” Listen in to this episode to gain an understanding of basic cyber issues and what you can do to be a part of the solution.