fbpx

Think Like the Enemy

Sponsored Content by Think Systems, Inc.

 

Harish Siriparapu wanted to be a fighter pilot growing up, but when his parents deemed his dream too risky, he discovered a new way to take off in the field of international security. He would learn to employ assault tactics and conduct evasive maneuvers in the airspace of the new millennium: cyberspace.

Harish, who grew up in Chennai, India, discovered his natural inclination for cyber security at University of South Carolina, where he took an immediate shine to the tactical detective work required to combat hackers. “I really enjoy the investigations and forensics, searching for clues and answers,” he says.

Harish, who is based in Ellicott City, now leads Think’s efforts to stay one step ahead of the cybercriminals. It is a fight, he says, that requires constant vigilance against a target that never stops moving.

Q: What is the biggest cyber security issue companies face?

A: Cyber threats are evolving so quickly that if you recognize a relevant cyber threat in June, by August or September that information might be obsolete. IT professionals must constantly keep on top of new threats and how they can impact an organization. In the current business climate, companies are transforming their systems to be more versatile, flexible and accessible. They’re moving more information to the cloud to allow employees to work from home. Organizations need to recognize that any computer system change is going to significantly impact security. In an environment that’s evolving as rapidly as IT, it can be difficult to keep track of the changing risks in a changing environment. Controlling unauthorized access to your data – from either a cyber threat or phishing malware — tests your organization’s agility, and ability to identify and adjust protocols to adequately mitigate risk. To me, this is the biggest problem in the market right now.

Q: What is the goal of a cyber attacker?

A: It is all tied to money. Cybercrime is the second largest economy outside the legal economy. There are cybercrime gangs, and there are nation-state actors that attempt to hurt an entire nation by attacking its critical infrastructure or government institutions. There are very few individual ‘mischief makers’ trying to hack into people’s systems. Today it is all about people trying to profit from cybercrime.

Q: Where are these gangs operating?

A: Many hackers are believed to be in Russia, eastern Europe, China and North Korea. To hack, you need to have a good internet infrastructure, so many believe Russia is a huge source of cybercrime. Gangs have distinct signatures in the tools they use. Some ransomware is exclusive to certain gangs in Russia and eastern Europe.

Q: So, what is the impact on small and large companies?

A: In 2018, cybercrime cost companies $1.5 trillion annually. It is believed the average data breach will cost about $3.8 million. Small and medium-sized businesses suffer 43 percent of all attacks, and 50 percent of small businesses experienced at least one cyberattack in 2019. The percentage of all attacks that are launched on phishing is 91 percent.

Q: How should a company combat cybercrime?

A: First, you have to be aware of what’s happening. Subscribe to industry bulletins like InfoGuard and FBI lists. The Secret Service issues advisories when they recognize certain threats, educating the community about what types of attacks are increasing and what types of controls can block the threat. Second, IT professionals should constantly analyze new and evolving tools in the market and understand how technological advances can be used against whichever threats you face. Constantly be on the lookout, understand what is happening in the industry, understand what is happening in your environment and respond quickly. Security monitoring — collecting logs from all systems – is key.

Q. Where are companies falling short?

A: Many companies don’t perform adequate security monitoring because they’re put off by the price tag. It can be one of the most expensive components of a security program, but there are cost-effective ways to perform security monitoring. Third and most of all: train people to use the systems you’ve put in place. In the security world there is a saying that humans are the weakest link in the chain. You can have the smartest firewalls and email security controls but if your users are not adequately trained, your entire program could be defeated by your own users.

Q: What does a leading company do to ensure cyber security?

A: An ordinary company trains it workforce on best practices in cyber security, such as using encrypted email, but a leading company will build what is called a cyber resilient culture. In a cyber resilient culture you are training your workforce not only to detect cyberattacks but to be part of the response process.

Q: What news sources or blogs do you find indispensable in your line of work?

A: I’ve set up Google alerts for topics like digital transformation, cloud security, and more. Security Blvd and Dark Reading are also good publications.

Q: Where do you think cybercrime is heading?

A: We haven’t seen the worst of it. It is going to get quite bad out there. There are two areas that concern me: the types of environments getting attacked are increasing. Industrial technology has traditionally not been targeted, but when you connect the technologies used in manufacturing plants, these become targets. The attacks are getting deeper too. While we are building cyber security solutions for artificial intelligence and machine learning, the attackers are also building hacking tools based on AI and machine learning. It is a money-making industry and cybercriminals have a lot of money to invest.

Q: What advice do you have for companies facing these evolving threats?

A: Don’t put all your focus on operations like patching or compliance. That’s the bare minimum. The secret is to build a wholistic program. You need a team of well-rounded information security individuals who are able to tackle planning, governance, operations and compliance. In the small business market, companies need to either find someone who can handle all these facets, train someone to perform these functions or hire a virtual chief information security officer. Cyber-attacks are not just happening to the big guys: they are happening to small companies as well. The small business market needs to take cyber security threats seriously. The risks are real and getting more sophisticated every day.

About Harish Siripurapu

Harish is a Cybersecurity and Privacy Executive Advisor at Think. He brings over 16 years of cybersecurity strategy and operations management leadership, including Fortune 100 experience. Harish served as Director of Global Security at Sitecore, and previously PricewaterhousCoopers where he developed and implemented security strategies, transformed programs, responded to cyber incidents and critical regulatory findings (GLBA, HIPPA, PCI, DSS) instituting remediation plans.

 

You May Also Like

TSC Miami Receives Investment From Trilantic North America

Trilantic North America, a private equity firm, recently completed a substantial growth investment in TSC Miami. The investment is being made in partnership with TSC’s founding team, namely Billy Koorse, his son Evan Koorse, and their partner Scott Valancy, which retains a meaningful equity stake and continues to run the business post-close. Founded in 2001 and

Levan Center of Innovation in Broward Forms Strategic Collaboration With Space Foundation

The Alan B. Levan | NSU Broward Center of Innovation (Levan Center of Innovation) has formed a new strategic collaboration with the Space Foundation. The partnership will enable the Space Foundation to create programming for the Levan Center of Innovation’s LEVL5: SPACE DOCK at NSU™ initiative by using the center’s four core programs (Ideate, Incubate, Accelerate, Post-Accelerate) as the

Sintavia in Fort Lauderdale Chosen for Major White House Initiative

Sintavia, LLC, a designer and additive manufacturer of advanced propulsion and thermodynamic systems for the Aerospace, Defense and Space industry, was recently chosen to represent the AM supply chain to launch a major White House initiative called “AM Forward.” Unveiled on May 6 by President Joe Biden in Cincinnati, Ohio, this new initiative involves a

Alan B Levan | NSU Broward Center of Innovation Held Future Forward Event to Celebrate Impact of Levan Center

Since opening its doors last year, the Alan B Levan | NSU Broward Center of Innovation (Levan Center) has been the catalyst for growing tech start-up companies in Broward County. To recognize the importance of its operations and demonstrate its future capabilities, the Levan Center hosted its Future Forward event. Local community members and the media were

Other Posts

TD Bank Group Creates South Florida Tech Hub to Accelerate Digital Growth

TD Bank recently partnered with the Alan B. Levan NSU Broward Center of Innovation (Levan Center) to establish a new technology hub in South Florida to support future generations of technology professionals and foster and attract more talent to the area.  “Our new technology hub will focus on tapping into South Florida’s fast-growing technology talent pool

Sky’s the Limit When Miami Entrepreneur Rani Kohen Hits the NASDAQ

Sky Technologies (SKYX) recently completed an IPO, a market valuation of $1 billion pre-revenue, and founder and chairman Rani Kohen, a Miami-based inventor and entrepreneur who has created more than 60 global patents, took the stage at the NASDAQ on March 4 to ring the opening bell. “As electricity is a standard in every home

Vulnerable Tri-County Residents Face Challenges to Access Vital Infrastructure and Transportation Services

The final installment of SFBW’s three-part Virtual Connect series recently concluded with a discussion on how private and government entities can ensure equal transportation access to all South Florida residents. The “Virtual Connect: Social Equity and Transportation” forum was moderated by Anthony Abbate, professor at Florida Atlantic’s school of architecture. Abbate was joined by Greg Stuart, executive

Softbank Group Has Exceeded Its $100 Million Commitment to Invest in Miami Startups—and That’s Only the Beginning

Last fall, SoftBank Group announced that it had exceeded its initial $100 million commitment to invest in Miami tech companies across its various funds by more than 250%, for a total of more than $250 million. That’s what you’d call fast work: The Miami Initiative was launched in January 2021 as a commitment to invest in companies