Mark Ostrowski is Head of Engineering, US East, for Check Point Software, a global cyber security company. With over 20 years of experience in IT security, he has helped design and support some of the largest security environments in the country. Mark actively contributes to national and local media, discussing cyber security and its effects in business and at home. He also provides thought leadership for the IT security industry. In this piece, Mark offers engaging insights into the current threat landscape and how to approach security amidst the ‘new normal’. Discover new conceptual frameworks, tactics and methodologies.
How has the role of the CISO and security management changed in recent months?
An increasing number of a CISO’s responsibilities now center around cloud technologies, and on developing tighter security controls for employees who are working from anywhere. When it comes to cloud security, CISOs are interested in getting full visibility into all their cloud deployments, in fact better visibility. Remote work is certainly not going to go away and neither are the hackers.
What’s really changing for organizations in terms of their cyber risk profile?
The components of the risk profile and the intensity of the attacks have certainly changed, as attack surfaces have become so much larger on account of the fact that everyone’s working in a different way.
The best way to describe how the pandemic has changed risk levels is to talk about the specific narratives in the media that have received attention from threat actors. For example, things like the vaccine are generating a ton of media and a ton of interest. In turn, the vaccine has become a focal point for hackers, leading to the development of corresponding malware campaigns. In summary, the risk profile here is similar to what it was in the past, but the attack profile has changed.
What are the biggest gaps that you’re seeing between what organizations have in terms of cyber infrastructure, and what they need?
We’re seeing major gaps in cloud security. Folks are moving or building applications in the cloud very quickly, and they’re not thinking about how they’re going to apply security in new ways; for example, a container or a function-based security approach.
The attack surface is much different when everybody’s working remotely than when working within the confines of a specific office space. As a result CISO’s (if they have not already) transition or build cloud native and complete endpoint security.
Another gap is related to securing against DDoS attacks. Hackers are looking to disrupt companies that produce goods, services or intelligence that’s critical to government functionality or other essential organizations.
How can we keep Smishing, Vishing and Phishing to a minimum, given that they’ve been increasing amidst the ongoing coronavirus pandemic? Is there a role for automation here?
Keeping smishing, vishing and phishing to a minimum requires a combination of education and a strong technology play.
These types of attacks serve as a platform for education, enabling us to teach people not to click on things that they’re receiving unsolicited on their mobile devices, or through voicemail, or to take a call from somebody asking for some information.
And there is a role for automation here, but more importantly, there’s a role for a consolidated security process to help identify and prevent these attacks.
How can organizations develop tighter business plans so that they can avoid cutting or slowing cyber security spending?
One of the challenges for any CISO or any organization is how to react to the core issues that we’ve talked about; the expanded attack surfaces, people working from different locations…etc. As a business leader, you can very quickly start to spend and to acquire different technologies that address these issues. But with that, the spending goes through the roof because leaders are buying a lot of solutions at once.
Be sure that the technology purchases are marrying with the business plan, and avoid having to acquire several different technologies from vendors. Organizations should adopt a consolidated security solution. Otherwise, you end up with big challenges operationally. In the past, the multiplicity of cyber security platforms has served as a blindspot, which has been targeted by malicious actors.
Did you find this interview informative? Check back for another exclusive interview with Mark Ostrowski.