Brian Linder is an Emerging Threats Expert and Evangelist in Check Point’s Office of the CTO, specializing in the Modern Secured Workforce.  Brian has appeared multiple times on CNBC, Fox, ABC, NBC, CBS, and NPR radio, and hosts Check Point’s CoffeeTalk Podcast and Weaponizers Underground, and has teamed on keynote CyberTalks at Check Point’s CPX360 events.  For 20+ years, Brian has been an advisor at the C-level to firms big and small in financial, legal and telecommunications, on next generation cybersecurity solutions and strategies for cloud, mobile, and network. Brian holds a B.S. in computer science from Drexel University and an M.S. in Information Science from the Pennsylvania State University. 

In this interview, Brian offers in-depth insights into how the pandemic has altered the nature of cyber threats, explains why CISOs are falling behind, shares amazing stories, presents ideas to discuss with your C-suite and more. Check out these must-read cyber security steps and strategies.

How will CISOs manage the hybrid workforce?

Let me say it this way–This notion of four walls in an office is a concept that has been changed forever. And CISOs are being asked to deal with this permanently. These days, the notion of a traditional office, where we enter through a set of double doors everyday, and exit through those same double doors to go home, is dated. I’m not saying some people won’t return to the office. I’m not even saying that some companies won’t end up bringing all their people back as though this the pandemic never even happened.

However, based on my experience talking to industry professionals and customers, everyone has to remain open minded about the possibility that, at any moment, the workforce as they know it will shift. New and different populations will suddenly be remote or, in an effort to cut costs, executive teams might decide to close offices. The safe bet is to assume that.

Online interactions will start to come from any number of devices; company-owned devices, personal devices. They’re going to be coming from anywhere. Signals could emerge from an office, they could be coming from a shared office, or they could come from places like WeWork, other types of communal office spaces, home offices, you name it. And they’re accessing applications that may live within the company’s direct control, like in a data center, or more likely, in the cloud or even as a service. Think software-as-a-service infrastructure like SAP, Oracle, O365.

That the CISO is now being called to manage the entire threat surface is almost too much to digest. The bad actors are very determined and perceive a lot of these companies as high value targets and realize that all it takes is one weak human to make the wrong click in order to launch a ransomware attack that could yield a huge payment. So basically, the bad actors know that the CISOs need to only be wrong one time, and/or be slightly off the ball just once, and it could represent a huge loss to the company. So, CISOs have a very tough job and they need a single platform, and the best threat prevention on the planet to be attacking this head on, and that is what they’re doing.

Tell us about how the lockdown was a trial-by-fire for CISOs?

The lockdown was probably the best example of where the needs of the remote user and the need to keep the remote user completely productive transcended the importance of security risks. Although all CISOs, I’m sure, were asked by their executives to exercise all options within their power in order to scale up security.

The lesson learned there, of course, was to be vigilant; to go back and see where improvements needed to be made for the sake of compliance or to ensure that organizations wouldn’t have their “CNN moment” or 15 minutes of unintended fame.

And I think most CISOs learned where their holes were and know what the challenges are. And I will tell you that this probably divides those that are bound to repeat some of the mistakes that have been made traditionally in cyber and those that won’t repeat them.

What amazing stories have emerged from CISOs’ pandemic-related challenges?

I had one CISO tell me that in the months prior to lockdown, which none of us saw coming, his firm had partnered with a single cyber security vendor to unify their security posture and strengthen their visibility. This CISO joked that timing of this was more luck than anything, although the plan to consolidate to a single vendor had been in the plan for some time.

They weren’t fortune tellers, they hadn’t seen the magic eight ball, but they had begun a total protection deployment, and fortunately they were already well into it when the lockdown began. So that gave him a huge advantage. But you can’t just start that kind of program in the morning and by night it’s done. Rather, it takes some time to do it.

What’s your take on the impact of SolarWinds amidst the pandemic-related security shifts?

SolarWinds represented an educational moment for CISOs. It was also an educational moment for vendors in the ecosystem. But I’ll tell you who else it was a teaching experience for– it was a teaching experience for bad actors. They’re going to leverage SolarWinds’ information in order to exploit systems. That’s a really vulnerable moment for all of our CISOs.

If not SolarWinds, what will lead organizations to assign greater priority to cyber security?

According to one research report, if a breach had occurred at another firm either in the same industry or in an adjacent one, boardrooms and executives at a given company were more likely to release funding for cyber security. However, without the occurrence of a breach in a specific sector, CISOs report that they’re sometimes unable to get the right controls in place; the right infrastructure. For better or for worse, seeing similar companies experience a breach can renew the commitment to cyber security.

Did you like this interview? Check back next week for more.