Advanced Cybersecurity and Human Factor: A Conversation with Jeremy Samide, CEO and Co-Founder of Blackwired | Podcast Ep.10

And, you know, they are victims. And coming in to see those types of scenarios can be, can be, can be devastating.
But also, you know, again, it’s, you know, dealing with them in different ways to cope with the issues and to
mitigate the risk and to do the data containment.

It’s a daunting task. And so, it’s, again, we see the gamut of the different types of breaches that have been
anything from data exfiltration to ransomware to completely shutting down systems and production and, you know,
which ultimately shuts down revenue and operations. So, there’s a lot of different types of scenarios that we have
seen, you know, during those types of cyber breaches.

Some of the strategies, you know, again, that we’ve looked at, you know, to limiting such threats, you know, it
could be anything from, you know, we talk about resilience today, the industry talks about resilience, but there’s a
number of key and critical factors in order to get to resilience. And, you know, a lot of those are not met within
organizations. You know, we’ve been inside, you know, certain companies where you would think that they would have
controls and risk controls and things in place, and they either have been lax or they don’t have those types of
things, which has caused the issues in the first place.

So, you know, some of those strategies that they can look at in order to achieve resiliency, you know, could be
anything from, again, keeping those controls in place, testing those types of controls. There’s the security
education and awareness training. And then there’s the more technical aspects of an organization in which they need
to start to look at things like, you know, threat intelligence and an intelligence-led approach to understanding who
the adversaries are, staying one step ahead of the game, and keeping pace with the adversary when it comes to the
different types of attack vectors that many organizations see today.

So, a lot of those critical factors are required in order to achieve that resiliency. And it’s a constant effort,
and it needs to be executed with precision on a day-to-day basis.

Host: Speaking about cybersecurity, how important are continuous monitoring and observability in
cybersecurity, and what approaches work best here?

Jeremy: So, monitoring has been around for a long time. So that’s really a relatively easy task to
do. I think you mentioned the keyword there in observability.

I think today is the approach that we take from monitoring needs to change, and it has to do with the observability
or what we are actually looking at and what we are actually observing. So, there are technologies out there that
allow you to observe different types of threats. And basically, the way that we’ve been looking at this in the
industry is we build walls higher and we build walls thicker, right, in order to try and fortify our defenses from
the threat actors.

But what happens is during that process, there’s always cracks and holes within the perimeter. The fact is that
there is no perimeter today, and we need to look at how we are looking at those threats differently. So being able
to turn that lens around and look outward into the existential threats that organizations face and having the
visibility to see those threats and collect the information and the intelligence of what those are versus having
them knock on your door, knock down the walls, come inside of your organization, and at that point, it’s too late.

So, when threats come into the organization and they hit your endpoint detection and response systems or your
firewalls or other systems in your environment, it can be too late. So, by being able to, again, turn that lens
around and see those existential threats while they’re forming campaigns or while they are moving into position and
getting within striking distance of your organization is when you need to look at those and when you need to observe
and monitor those things so that you can take action before they strike. And those are the types of things that we
are looking at from our perspective with our customers is being able to provide that observability through the
monitoring of an environment, through the existential threats to be able to see that.

So those are some of the methodologies and the new measures of risk that we are looking at from the standpoint of
things like proximity. So how far are those threat actors actually outside your door, right? And what types of
activities are they doing?

So what tools are they using? And also the severity of those risks in terms of how lethal are those tools, right?
So, are they things that we’ve seen in the past?

Are they zero days? How formidable are they in terms of the probability of breaching your environment and causing a
cyber attack that could wreak havoc in your network or in your system? So those are some of the measures of risk
that we are looking at in which we are redefining what those what risk looks like today versus embracing for the
attack, right?

Because most companies just they brace for the impact and then they deal with the issue. There’s a there’s a better
way to do it. And that way is to again, turn that lens around and look outward instead of waiting, right?

Which is what we all do today.

Host: And that’s a really good perspective. So Jeremy, according to you, what are some most common
mistakes companies make when setting up their cyber security systems?

Jeremy: Yeah, that’s a good one. I mean, we can spend a whole day on that, I suppose. But, you
know, there’s a lot of common mistakes that organizations make.

You know, some of the more prevalent ones would be, you know, just human misconfiguration right of systems. I think
that there’s some of the dynamics in this industry when it comes to things like, you know, like, like egos and so
forth that can get in the way of people working together or, you know, my way or the highway. And you know, this is
the way we’ve done it versus actually looking at it from a holistic standpoint and, you know, soliciting expert
opinions from your peers, you know, in order to do what’s right in the network.

But I think that some of the more common mistakes as well, you know, come from the lack of mapping the functionality
of our of the business, you know, and mapping that with the technical feasibility of, you know, what it is that, you
know, is it should be done from a technical standpoint. So, you know, again, the old adage of, you know, people
process, and technology is sort of a cliche. But it still rings true today in terms of, you know, it’s not just
about the technology.

It’s not just about the people, right. There’s a process that’s involved in that. But you know, I think, again,
having the right people in your organization with the right skill sets that have been trained properly in order to
engineer, architect and configure those systems, I think is very important.

And that’s sometimes a common mistake where you see I.T. professionals doing security functions because they believe
they can or it’s a limitation within the organization and they’re doing the best they can. And that’s, you know,
that’s all they can do. But a lot of times that can cause common mistakes and common failures within systems that we
see a lot, too.

So, it really there’s a lot of there can be a lot of issues and pitfalls, you know, in the in that particular area.

Host: Why is cybersecurity so critical in the finance sector and like what are some of the common
cyber threats in this specific area?

Jeremy: Yeah. So, look, the financial sector is one of the most highly targeted industries from a
vertical market standpoint for privacy, for obvious reasons. Right.

So, there’s monetary gain from, you know, attacking these types of critical infrastructures in this in this
particular vertical market. So, you know, we’ve seen a lot of different types of threats, a lot of different types
of threat actors that are targeting the financial institutions, not only to harvest, you know, customers information
and user information to be able to sell that, but also to be able to liquidate those types of accounts. I mean,
we’ve seen threat actors that have been able to gain access to financial systems and and literally siphon money out
of out of customers’ accounts like hundreds and hundreds and thousands of millions of dollars.

So, you know, these are things that we have seen and that we’ve been tracking certain threat actors that are both
new on the scene and ones that are certainly old on the street. But that’s probably the primarily primary reason. So
today, when you have some of these financial institutions that are now starting to get into or they were getting
into things like, OK, you can have you can have bank accounts, but now you can also have cryptocurrency and
different types of portfolios within your environment as a customer, as a service.

You know, that was very dangerous because we were seeing a lot of these breaches within these types of new fintech
organizations that they were able to hold money as an account holder, as a custodian, but then also hold the crypto.
So, they were at, you know, the threat actors were actually getting into the accounts and then they were converting
all of their, you know, their retail accounts from stocks and things like that, cashing those in, converting it to
crypto and then siphoning the crypto out. Right.

So, it was it was a more it was an easier way for threat actors to more to take that information, to take that money
and convert it into crypto and then disappear with it. Right. Send it through mixers and different kinds of tumblers
and things like that, that would obfuscate those transactions that made it very difficult to track.

So, we’ve seen a lot of that as well. And with some of the larger, more popular, you know, fintech companies that
were doing that. So, it’s a it’s a you know, from a market sector, it’s one of the most highly coveted for threat
actors to, you know, to attack and to target.

Host: Do you think cyber security is only the IT team’s responsibility or can non-technical people
contribute to?

Jeremy: I think that this goes from everybody is included from the chairman of the board down to
the lowest level employee that may have an email address or physical access to a building. It’s everybody’s
responsibility to do this. So, it’s the most common, you know, individual or employee within a within an
organization is the can be the weakest link.

So, it could come in from an email. It could come in from, you know, any other type of mobile device from again,
from the lowest level types of employees or personnel that are within the organization. But then again, it could
come from the top, from a non-technical chairman or chair of a company that is also connected to the organization.

So, this is something that we’re seeing that’s very prevalent today, which is that third party risk or that sideways
risk where we see, you know, large organizations that have multiple third-party vendors. And that’s where the risk
is coming from today, because that’s where a lot of the threat actors in and the trends that they are doing is
they’re looking at their third-party suppliers that may not be as large, that may not be as formidable and don’t
have the infrastructure or resources to protect. However, that third party provides a service, right, or a product
to that organization in which there is a communication relationship or a connection to that organization, whether it
be, you know, an API connection or there’s some other type of connection where they use the smaller company or the
third party as a drop point in order to get to the larger company.

So, and then once they do that, then it becomes, you know, a subterfuge where they’ve used a third party in a
third-party risk to get to the financial institution or a larger company in order to exfiltrate data or, you know,
use an exploit or whatever. So, it’s becoming very common.

Host: So according to you or in your opinion, how can zero trust security and multifactor
authentication help build a stronger security system?

Jeremy: So those are some interesting terms. So, I think from a multifactor standpoint, it does
help in an organization. It provides more of a layered security approach.

However, some of the more sophisticated threat actors today, you know, they are able to circumvent multifactor
authentication or two factor authentication. We see that all the time. So, does it help?

Yes, it helps. I think zero trust is sort of a it’s a buzzword today that’s being thrown around very loosely with a
lot of organizations. So really defining what zero trust really means is very important.

And, you know, the general term is obviously, you know, it’s trusting no devices and so forth. But what does that
really mean to an organization and how is that actually architected in order to become an enterprise solution that’s
feasible, usable within an environment? So, you know, I think zero trust has a place in the organization.

I think it needs to be continued to be developed and put into practice where it’s something that’s actually usable
and feasible and actually can prove that you can provide a truly a zero-trust environment that I think, you know,
companies on the market today, again, they’re they’re working toward that. But I don’t think that we’ve achieved
that zero-trust capability yet. Also, the adoption of zero trust, I think, you know, today, based on what’s
available, is is can be can be difficult when you have some of these larger organizations that, you know, need to
really change the direction or the trajectory of their security approach.

And zero trust is not something you just sort of install and, you know, you’re on your way. Right. So, it’s a whole
different mindset.

It’s a whole different approach. It could be it could change the architecture. It can change a lot of different
processes within an organization that require time and money and resources to do.

So, I think it’s a it’s a longer-term strategy that if configured and built properly, you can achieve zero trust.

Host: All right. Lastly, what do you think the future of cybersecurity looks like? Like any
predictions for the coming years?

Jeremy: I think it gets worse before it gets better. I think that’s where I think that’s where
we’re at right now. I think we’re seeing some, you know, some fever pitches where that’s occurring now.

I think the geopolitical landscape is driving a lot of that, certainly with the election coming up next month in the
United States, I think with the conflict in the Middle East, I think that’s causing a lot of geopolitical issues and
tension. Certainly, the Russian-Ukrainian war that’s going on, that’s causing a lot of political geopolitical
tension. And with that comes a lot of state-sponsored activities that come out from that.

You know, you have things coming out of the PRC, so with Taiwan and other and other countries like that in various
regions. So, there’s a lot going on, I think, that are driving a lot of a lot of that activity. I think that, you
know, state-sponsored activity and what we would call like state organized crime activity or criminal activity, the
lines are being blurred between who’s doing what.

And I think it’s becoming more difficult to identify attribution and the motives behind state-sponsored versus
state-organized criminal activity, again, is becoming blurred. So, it’s it’s it truly is a cyber war that we are in.
And I think that’s from a prediction standpoint, I think that gets worse before it gets better.

And a lot of it is being driven by those geopolitical events.

Host: This has been such an engaging conversation. Jeremy, thank you so much for sharing your
knowledge and giving us a deeper understanding of the challenges and the future of cybersecurity. Thank you so much.

Jeremy: Thank you very much.

Host: Thank you all for being part of this exclusive interview. I am your host Sayali signing off
for today. We’ll see you in the next episode of ExtraMile by HiTechNectar with our next extraordinary leader on
board sharing their thoughts.

Until then, please stay tuned.