Tue, Dec 6, 2022
Welcome Guest
Free Trial RSS
Get FREE trial access to our award winning publications
Horizons: Family Office & Investor Magazine

Cybersecurity: Don’t ever think you’re “too small” or not relevant

Monday, September 16, 2019

Keith Garner, VP of International Business Development of Stealthcare LLC, a Cyber Intelligence firm in Cleveland, OH.

Stealthcare developed the world’s most complete cyber threat intelligence and aggregation platform, Zero Day Live. Zero Day Live PREVENTS cyber threats before they weaponize and cause damage to organizations – reducing cyber risk by more than 50% – adding value and protection your current security vendors lack.

Don’t ever think you’re “too small” or not relevant

Matthias Knab: Every week I get at least one email from a person or a company, and it’s clear to me that I received the email because that person or the company got hacked.

In some cases, the hacker took over the ENTIRE email infrastructure of the firm. When you then email back asking, “Hey, all good Your email system seems hacked!”, you sometimes get a reply FROM THE HACKER, who now sits on top of the company’s IT and email, telling you, “No, all good, that link I sent you is secure, you can go ahead and (open the file | download the document) – whatever.”

You don’t want to go through such an experience. This is why I believe we have to walk the extra mile and get the extra protection which is available with PREDICTIVE cyber intelligence.

Banks, hedge funds, investment management firms and also family offices fall victim to cyber-attacks 300 times more than other industries. So, don’t ever think “you’re too small” and that nobody would be “interested in what you are doing”...

Stealthcare is the leading Cyber intelligence company that I have come across. What we are going to talk about is very important for all corporations and individuals. Today, corporations spend, each year, millions on cyber security solutions to protect their organizations from intrusion, but still, bad actors continue to breach defenses time and again. We will explore why this is happening and what can be done about it.

Keith Garner: It is true that companies do spend millions each year on cyber security, and unfortunately, they are still getting breached. Why is that The truth is that 90% of today’s branded security products – hardware that every company has to have, like firewalls, email security or endpoint security – can only do so much. They only protect organizations from “known threats” via “signature based” technology. What that means is, once a cyber threat has been identified as a “known bad” (signature is known), then the branded security product can identify it and can prevent it from gaining access to the corporate network and causing damage. It’s vital to have these security controls in place. These tools and the “signatures” and “patches” that come with them, decrease the attack surface and keep organizations safe. All companies invest in these technologies today.

The challenge is that 42% of today’s threat actors exploit and weaponize non- signature based, or zero-day threats. Meaning, modern threats are so new they are unknown by traditional branded security products. Since these products have no “signature” to use to block the threat, these non-signature, based threats continue to breach defenses. Stealthcare specializes in threat intelligence that solves this signature problem. We discover the non-signature threats and layer that intelligence into the existing security products companies already own. By automatically pushing this new intelligence into these products, the unknown becomes known, enabling these branded security products to prevent an attack that would otherwise be invisible to them.

An example that probably everyone knows is the Wannacry ransomware, which in 2017 infected hundreds of thousands of computers in more than 150 countries. Organizations impacted included The UK National Health Service (impacting hospital computers, MRI scanners and blood-storage refrigerators), Nissan Motor Manufacturing, Renault (both stopped production at several sites in an attempt to stop the spread of the ransomware), Spain’s Telefónica, FedEx and the national railway of Germany, Deutsche Bahn.

While WannaCry’s impact was unprecedented, Stealthcare clients were spared the devastation. How is that possible The Zero Day Live platform identified Wannacry 15 days before it was known and were able to secure their clients’ systems.

“Zero Day Live” also uncovered LockerGoga, a more recent, major malware strain, 46 days before the ransomware shut down aluminum manufacturer Norsk Hydro, causing the firm to lose $69MM, to date, dealing with the breach.

Matthias Knab: This is indeed impressive. Coming back to the challenge firms and individuals have to protect themselves against cyber-crime, what else is going wrong or what other observation would you like to share?

Keith: Well, we understand that currently 85% to 90% of the market is focused on what we would consider to be the back end of the problem, which also is the most expensive end of the problem.

I’ll explain. Let’s say your organization experiences a cyber breach, and hopefully you have a roadmap/ plan developed on how to deal with it and who to call when this happens. Unfortunately, a lot of organizations still don’t have that, or they don’t update it enough, so they are scrambling around to fix the problem while in crisis mode. Now, since they are likely not prepared, they are vulnerable – operations have been shut down, systems are not accessible, and they need help, now! They reach out to the first cyber security firm they can find and are now at the mercy of that firm in the hopes they can solve the problem. Not a great way to do business.

If they are a large enough organization, they also have to hire a strategic communications firm to come in and develop messaging and a communication plan to share this embarrassing and brand staining event with their affected customers, clients, partners and the public. At this point, they likely are not even sure what sensitive customer or company information has been compromised or stolen. Then a cyber forensic firm is hired to assess where the failure occurred and try to get operations up and running again and determine what data was stolen. Next, attorneys are hired to council on upcoming lawsuits and potential government inquires. The list of expenses goes on and on. As you can imagine this whole process can get out of control quickly.

In fact, an average to medium size organization is looking at a $2MM price tag to manage the breach. We built Zero Day Live (ZDL) to avoid the back end of the problem and instead focus on the front end, prevention.

Organizations, the progressive and forward thinking ones, are starting to focus on the front end of the problem. As the saying goes, “An ounce of prevention is worth a pound of cure.” In other words, a little precaution and preventative maintenance before a crisis occurs is preferable to a lot of cleaning up afterward.

We see the smarter organizations starting to say, “What if we had the ability to prevent these breaches before they occur ” They do this by investing in threat intelligence via ZDL. Threat Intelligence eliminates the common refrain we hear when bad things happen, “I wish I would have known about this threat before it hit me.”

What is obvious too, this is the much cheaper end of the problem to focus on. Threat intelligence platforms, like Zero Day Live, are added as a layered security approach, on top of your existing infrastructure. This will drastically reduce the chances of a cyber breach event happening to your organization. Based on industry research, and what we’ve seen in working with our clients, we reduce our clients overall threat risk by more than 50% above and beyond the protection their current products offer.

Banks, hedge funds, investment management firms and also family offices fall victim to cyber-attacks 300 times more than other industries. Allow me to add a bit more color to this. One of our clients is a North American hedge fund. Each month we send each client a threat detection report, detailing the intelligence we’ve delivered into their infrastructure to protect them from zero day and unknown threats (non-signature based).

In the case of this particular hedge fund, our Zero Day Live intelligence was responsible for over 20% of the overall blocked traffic in a typical, recent month. So, just to make that clear, without our protection, that 20% of inbound threats – primarily from hosts located in Russia (13.5% from a single IP), China, and the United States – were not picked up by the fund’s existing branded security provider, leaving them vulnerable to attack. As we prove via our analytics, implementing a predictive threat intelligence application, like Zero Day Live is a wise investment.

Every industry can benefit from Threat Intelligence. Another example is Insurance. Imagine you are an insurer offering a cyber insurance policy. The goal is to offer protection in the event your client suffers a cyber-attack. As an insurer you offer the policy because you want the premium and you hope you don’t have to pay out (because it’s going to be a big pay out if you do.)

Before writing the policy, what if you knew your client was 50% less likely to be breached because that client has a cutting edge predictive cyber threat solution in place For an insurer, that client is a much better risk than the client who is not investing in threat intelligence. We’re engaged with a number of insurers exploring the impact of this technology on their business.

Matthias Knab: Can to share with us where your intelligence is actually coming from?

Keith: We have a unique tradecraft based on over 18 years of experience in this field. The way I like to share how this works is to think of us as the undercover cops of the deep dark web. We source about 60% to 65% of our intelligence from deep dark web sources, where most zero day or non-signature based threats are born. Along with our sensor networks, social media scanning and monitoring of surface web threats we provide a collection of intelligence, offering rich context and a complete picture of a threat and how to stop it. This includes the attack vector, the impact and its potential to do damage to your organization.

Every company is unique so the threat that matters to your company might not be as impactful on another firm. Why Threats are targeted by industry, network technology, (like the different hardware, firewalls, email security tools, and human resources each organization already possesses.) We call this the CyberDNA of a company. Some large enterprises might have a security operations center or SOC, a team of 20 or more people that work on security, while another firm might have one person, or none, dedicated to security. Stealthcare takes all of this into consideration as we build a preventative cyber threat intelligence solution for our clients that is automated and eliminates the need for human capital expenditures.

Everything we’ve talked about, I think up to this point, has been focused on what do you do about your own organization, but the unfortunate reality of today’s interconnected world is that you also have to worry about the security of third parties to which you are connected. You may remember the Target breach in 2013, where the cyber attackers gained access to Target’s computer gateway server through credentials stolen from a third-party vendor. Using the credentials to exploit weaknesses in Target’s system, the attackers gained access to a customer service database, installed malware on the system and captured full names, phone numbers, email addresses, payment card numbers, credit card verification codes, and other sensitive data of 41 million customer payment card accounts and contact information for more than 60 million Target customers. This attack began by exploiting one of Targets third party vendors, in this case it was a heating, ventilation and air conditioning company.

Matthias Knab: What do you see on the horizon from a threat perspective, what’s coming?

Keith: Unfortunately, threat activity is on the rise. Branded security products can’t keep up with modern threat actors and their tools, tactics and procedures. Threat actors know how profitable these crimes are and they also know they can remain anonymous while they wage these attacks. The only way we see to start winning this fight is to change the way we go about protecting our environments. We must change our focus, moving aware from reactive and toward preventive measures. If we don’t, how can we expect any real change

For the sake of this conversation, let me point to three different types of threats we see on the rise. First, the world’s geopolitical situation encourages more state-sponsored threat activity. These threat actors use very advanced malware, ransomware, and other tools for espionage. They want to disrupt operations with DDoS attacks, stealing top secret information and intellectual property theft. They are very focused on critical infrastructure. Think public utilities, government entities, defense contractors and major manufacturers as prime targets. These state threat actors are very sophisticated and specialize in developing zero day threats because they understand modern defenses and ways to bypass them.

The second area of concern are certain criminal syndicates that work together to basically try to blur the lines and look like a state sponsored threat actor. By mimicking a Chinese or Russian threat group they trick investigators into thinking it’s state sponsored, when in reality it’s actually a sophisticated criminal syndicate. They are typically financially motivated. It’s not about politics but financial gain. They use similar malware and ransomware strains to obfuscate attribution. We think of this network of criminals as a kind of cyber mob.

The third growing trend is ransomware and malware being offered by threat actors on the dark web “as a service”. While it might be hard for the average person to imagine, threat actors sell commercial malware and support it like a legitimate company might sell a software package. They offer reseller arraignments, customer service support and details on how to weaponize the threat.

Today most teenagers are computer savvy enough to understand how networks operate. Most of these networks come with basic usernames and passwords – factory settings that are never changed. It’s very easy for anyone with limited knowledge to gain access and cause disruption. From there, they deliver a payload they purchased on the surface web or a dark web and exploit their victims for financial gain. This is much less risky than robbing a bank and the financial rewards are much greater as they get paid in cryptocurrency and no one is the wiser. With the rise of IoT devices in homes, governments and businesses of all sizes, these threats will continue to grow in sophistication and impact.

The challenges in modern cyber security are great, but just like in every business, information is power. If you have the information, the intelligence, then you have the power. Wouldn’t you rather know what is happening and how to deal with it and take the power away from the threat actor That is the value offered by Stealthcare. Together, we can change the course of cyber security from a reactive, losing battle, to a proactive winning proposition.

Watch the full video interview here: “http://www. opalesque.tv/hedge-fund-videos/jeremy-samide- stealthcare/1 The Stealthcare team has offered to Horizons readers a free cyber security consultation – reserve your spot here: https://calendly.com/cyber_review

Today's Exclusives Today's Other Voices More Exclusives
Previous Opalesque Exclusives                                  
More Other Voices
Previous Other Voices                                               
Access Alternative Market Briefing

  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. Opalesque Exclusive: Marks delves into what really matters[more]

    B. G., Opalesque Geneva: Howard Marks, co-founder and co-chairman of Oaktree Capital Management, weighs what should and should not matter for investors in his latest memo last week. Among the things t

  2. Legal: British fund manager Jeremy Leach and his firms settle fraud litigation for $11.5m, DOL slams lawsuit seeking to overturn crypto guidance[more]

    British fund manager Jeremy Leach and his firms settle fraud litigation for $11.5m From Offshore Alert: Four days before a trial was due to start in the Cayman Islands, British fund manager Jeremy Leach and eight of his firms settled a fraud complaint by agreeing to pay $11.5 million o

  3. Family offices upbeat on private assets, reduce public assets exposure[more]

    Laxman Pai, Opalesque Asia: Family offices are investing more in private assets and cutting back on investments in public markets, with higher risk-adjusted returns cited as the main driver, said a study. According to the survey findings by German digital private equity firm Moonfare, and the

  4. Opalesque Exclusive: A Swiss managed futures strategy that can offer diversification to any portfolio[more]

    B. G., Opalesque Geneva for New Managers: TARO (R) Diversified is a Swiss algorithmic and systematic investment strategy that offers diversification benefits to almost any professionally managed portfolio through it

  5. Alts manager Medalist Partners acquires a minority stake in Semper Capital to tap opportunities in structured credit[more]

    Laxman Pai, Opalesque Asia: Medalist Partners, which specializes in private credit, has acquired a minority stake in Semper Capital to extend its offerings to the mass market. Medalist currently manages approximately $2.2 billion in assets across strategies in asset-based private credit, struc