SafeGuard Cyber CEO and Co-founder, Jim Zuffoletti and HCA Healthcare’s Chief Security Officer, Paul Connelly recently joined Cybercrime Magazine to talk about securing the human elements of digital communications and the need to gain visibility into business communication applications.
Below is a recap of the highlights from the discussion.
WATCH THE VIDEO:
The Human Challenge of Digital Communications
In the cybersecurity world, there is a lot of talk about how humans have become the weakest link in terms of cybersecurity. One productive tactic from companies has been to adopt employee training, particularly around identifying phishing scams and social engineering.
Still, there is an inherent lack of security around the digital communication applications that employees use. This can be partially attributed to humanity’s desire to be everywhere digitally, Jim explains: “Humans want the ability to use all the different types of apps that are out there, in both their personal life as well as their professional life.”
Moreover, cyberattacks have also become more sophisticated, and have adapted to this human behavior.
“The attacks that we’re seeing, particularly several of them in the last couple of weeks, are increasingly multiple platform-oriented and subtle,” Jim elaborates.
“The challenge is not just, ‘How do you defend this fickle human being?’ but also, ‘How do you protect him against an adversary that is getting more sophisticated in their means of attacks?’”
Plugging the Dam
Paul points out that humanity’s drive to try out different apps for digital communications is for the most part not driven by ill intentions at all, but by a desire to perform better as employees.
“For most organizations, you don’t have people intentionally trying to create security risks,” Paul explains. “They all just want to get their job done; they all just want to do them fast and innovatively, and take advantage of opportunities to be efficient. The problem is, you can easily end up in a ‘How many holes in the dam can you plug at one time?’ type of situation.”
Both Jim and Paul agree that one of the solutions to this conundrum is to limit the way bad actors can move through a company’s system. As Paul points out:
“The bad guys find their way into one door, and they navigate around, so you want to limit the number of potential doors that can be used.”
Ditching the Cookie Cutter Approach
To limit the potential entrances for bad actors, Jim emphasizes the importance of “sanctioning” an app for digital communications.
“‘Sanction’ doesn’t mean these apps should fit kind of a cookie-cutter approach, but they all have to be vetted in terms of understanding what kind of controls are present or exerted over it,” Jim elaborates.
Jim adds that meeting the visibility requirements for these applications, as well as understanding the identity of the person using them, is also paramount to a proper cybersecurity approach. “Cyber threat actors are not just targeting Slack, for instance; they’re really thinking about all those digital communication platforms that the same person may be on.”
Paul agrees, emphasizing that companies shouldn’t rely on cookie-cutter solutions. “You can drain the innovation out of your organization if you become the security group that’s got these draconian measures, where you can’t go outside the lines of this box,” Paul explains.
Paul is a firm believer in educating users on the potential risks of any applications that they bring in. He also advocates using tools to monitor and detect cyberattacks and threats, and to present the data gathered by those tools to the employees in question, in order to create discussions around sanctioning and securing new apps.
“I just think if you can work a cycle like that, where you’re part of the solution rather than being the person who says ‘no’, you get cooperation, and a way to work together with your users.”
Watch the Entire Conversation
There’s a lot more that Jim, Paul, and Steve talked about during this interview. If you’d like to learn more about:
Watch the full interview: