Expert Profile
Role:
Former Director of IT
Organization:
Huawei Technologies
Bio:
For the last 21 years, Cooper has worked with various IT and Technology companies such as AWS and Danavo in creating new products and partnerships. As the Technical Program Manager of AWS Infrastructure, he was involved in program management of multiple projects that turned ideas to prototypes, strengthened business strategy in technological ventures, and implemented innovative changes worldwide. He was recently employed with Huawei Technologies as the Director of IT where he evolved the IT service from staff augmentation to managed service model.
Section 1: Current Cyber Security Trends and Challenges
1.1. What is your organizations approach to cyber security?
My industry is in telecommunications within the technology segment. We have some P2P solutions to cell wireless towers. We also have P2P solution to cell phones.
Within the approach to cybersecurity, there are many dynamics. One is the size of the team, depending on the budget, depending on companies’ allocation of resources. Typically, we would have a one-person team or two people team that will define policies and run audits. These people may not be technical, but they have to know security principles extremely well. They will leverage IT, our contractors to implement and maintain the cybersecurity infrastructure.
The cybersecurity infrastructure can range from endpoint device all the way to hybrid cloud security. There are many layers. Depending on the company’s budget, sometimes in my company’s case we may have a penetration test conducted by a third party periodically. The goal here is to have a third party to help us define our vulnerabilities. We also have to set our goals for the future too. Now this is all depending on our situation. But the general approach is that number one, we still have the same principle, security.
And typically, the principle right now is getting to Zero Trust Architecture. Zero Trust from my perspective has two important elements. One is granular access, in the past we could be accessing our VPN accessing our network. I have the entire network of devices that can access it. Right now, it’s per user and specifically with the user’s privilege and rights assigned.
Right now, if I can connect to my company internal network, I’m allowed to access application A and application B, and this is it. Even though application XYZ we think might work, I do not have access to it. Because at the application level I have blocked it. There is another one we call conditional access. Basically, this defines exactly the type of the users’ background information. If the background information fits with the users access right now. For example, I’m in the USA. But if people see me logging in from Russia or Iran, that is a so-called ‘impossible travel event,’ we will stop it. This condition access is also very, very important. So, those are the general tools approach we have for Zero Trust. But if we want to further dive in, there are a lot of layers behind a tool.
1.2. How are cybersecurity operations structured in your industry?
We have so-called privileged access and management. There are some things that, yes, I have my password, or I can access this application, which is great. But if I want access say the domain controller of my organization, and that’s a mission critical device that stores user account information, computer information, a lot of information. I don’t want to use my password to access it. If my password was compromised, the hacker can get into the machine. And worse will be the ransomware. People can use my personal password to encrypt files. And that’s not particularly good. Therefore, we set up a privilege access management system. Which stores the mission critical equipment passwords for me. If I ever want to access the mission critical devices, I log into the password management and server first. And then the machine will log into other machines on my behalf.
If I lose my password, that’s no big deal. Because my password just only has access to my information and doesn’t have access to any server information out there. This is one example.
The definition of cybersecurity has two parts. Now, one is focused more on user and data, the other is infrastructure. And I can tell you that infrastructure training is going away fast, just because moving to the cloud provider, have the economic scale of people and machines to deal with those kinds of issues. So that’s a major trend. In the future it’s all going to be about the data and the user access.
1.3. What are the current cybersecurity priorities?
These priorities right now, number one, ransomware; number two, hacking from outside for internal employee information; third, it is insider threats. Usually, we talk about data loss prevention. We have employees who may leak data. Unintentionally or sometimes unethically. So, three major threats.
1.3.1. How have you invested into solutions to deal with the threats?
For ransomware, we are trying to implement solutions. One is to migrate our valuable data to SAS, to the Public Cloud Solutions. Where there is privileged access and management systems we protect our passwords. But if our data is stored on our local area network, there are still some risks in there.
We are starting to migrate a lot of data to the public cloud. For example, we use Druva. This is a solution where they let us pack our data into their public cloud. So none of my employee users, the passwords, can actually encrypt the data in Druva’s environment. Hosted by Druva, managed by Druva. So in this case, we are completely safe. And that’s for data backup, but the rest of them Office 365, I also try to make them store everything on a cloud.
Hacking is a big deal here right now, myself I’ve seen numerous attempts. One attempt successfully hacked one person’s account this year. This could happen. Now we always talk about the cybersecurity risk, in two important elements, the impact and the probability. Ransomware has high impact, but probability is quite low.
But if it happens it’s a big deal. Hacking, impact might be small, but the probability is very high. ZoomInfo, and it’s actually a very unethical company that from my perspective, they set up traps. They lure some of the users to make some clicks on their computers. The users, all contact information will upload to their servers. And once uploaded, if we want to take it offline, it’s almost impossible.
We have to ask our legal team to contact their legal team to do all sorts of things. We have to use a lot of user training. This is the biggest challenge in the future. Because it’s very difficult to train all the users to be perfectly good. We try to employ some third-party software that train people. We purposely send some emails that’s made by our own IT team to train people and make sure they’ll learn not to click the links. This is going to be the hardest one. We also try to make sure that we employ the second factor authentications. So, if there’s any outsider trying to hack into our account, it’s not as simple anymore. We did have one case that even with second factor authentication, we still saw almost a successful attempt to obtain the data from my company.
Finally, insider threats. This is about data loss prevention. This is very challenging because it’s the insiders. They are supposed to get the data, but they should not leak the data. So, what we did was, number one we have a secure web gateway. We trace where they go from internal network. We also make sure that we give people a lot of training and we plan to install what we call SASE Solutions. Basically, it’s a solution that when a user connects to the internet, they don’t connect to internet directly, they connect to our firewall first and then connect to the internet. So, we become the gateway of internet access. Whether they go from home, or they work in our company. This way we can do as much as we can to prevent sensitive data getting leaked.
1.4. What are your current cybersecurity challenges?
1.4.1. COVID 19 and Remote Working
I really think it is user training. In the past we have in-person training and I can demonstrate the problems in front of them and they can see it. Now with video conference, I think it has changed the learning curve, it is not so simple to train everybody. I cannot see people’s facial expression as easily. I don’t know if they understand it or not. So that’s the biggest challenge from my perspective right now.
1.4.2. Cloud security
Cloud security, it is a broad topic. I would say in most cases the security we’re talking about here is focused on users. The other kind of security, with cloud security we do it very well. That is the infrastructure security. Because the cloud service provider will take that share of the responsibility. I don’t have a robot DDoS attacks anymore. From my perspective, I would like a cloud security model more because then all I have to do is focus on users.
I think the major change, it might be just more ransomware attacks. As an example, there is an oil pipeline getting ransomware threats where people actually have to pay. Those are real from my perspective. Because we did see a rise of those events and, I think it may not have to do with the pandemic. It’s simply that cryptocurrency is getting more and more common. So, it just becomes easier for people to use this ransomware business model now, unfortunately.
1.5. What is being done to mitigate against the threats?
We are migrating a lot of our applications of valuable data to the cloud. We also employed applications for privileged access and management systems. We also implemented second factor authentication. It was all completed last year. And then we implement network access control solutions in our offices. If they come to our office, only certified devices can connect to the network and reach internal resources.
Section 2: Post COVID Strategies and Outlook
2.1. What has been the impact of this / these on your business and industry?
Impact is on SASE Solution, we are thinking about to implement a solution firewall. So, with both Palo Alto and Zscaler right now, basically these are firewalls in the cloud. The user at home, we know when they access the internet, they don’t really have a firewall right now. They have to connect to our internal network and from our internal network, access to the internet.
But our internal network may not be close to their location and therefore performance may suffer. We want to just provide a cloud firewall for them. And the cloud firewall has the infrastructure that might be providing a much better performance experience for our employees. So, that’s the idea here. Most important, we do not have to host our own firewall as much anymore. We can reduce our internal infrastructure.
2.2. Have you seen a change in customer / client CS attitudes?
Yes, we started to be more careful about vendor communications. We realized the cases that people unfortunately were not aware of some social engineering attacks. We have business with Sa-Shi and CW, and then they were hackers pretending to be SASE employees trying to approach us in the past. So, SASE became increasingly sophisticated, and they also send us a certified email. We also became more aware of some social engineering attacks.
2.3. What are the learnings that are going to stay with us for the longer-term?
COVID boosted the acceleration of work from home. And therefore, technology that supports work from home will thrive. That will sway moderately next year if increased people return to the office. But no matter what the companies, who survived through the pandemic, they have already developed this ecosystem for people to work from home.
SASE Solutions, they may continue to thrive. Software like endpoint device protection, CrowdStrike may continue to thrive too. Because the company realized that whether they like it or not, they have to protect their endpoint devices, whether it’s on a phone or on computers. So those will become more and more important for the general overall business climate.
2.4. What new risks are you now preparing for?
The new risk is still focusing on ransomware and user issues. I wouldn’t say they’re new. They just more advanced. Because we saw how Solar, is getting attacked. The on-premises solutions are becoming more and more risky to host from my perspective. Quite frankly, we also want to reduce our data center footprint. So, we reduce a lot of our own costs.
The other thing here is just simply that hacker technology is getting more and more advanced and making it very difficult to punish them. They’re ahead of us. People just don’t talk about it. I would say rather than simply just getting more and more advanced in defensive technology; there’s also a new approach for my company to develop more procedures to deal with all kinds of attacks that we didn’t have before.