The US Government might be the latest and most high-profile victim of increasingly sophisticated global cyberattacks, but these breaches have long been a threat to corporations across a multitude of sectors. As the world becomes more and more digital, the consequences of data breaches and hacks become a question of survival for companies. I sat down with Eyal Wachsman, co-founder, and CEO at , to discuss recent trends and developments in the cybersecurity industry. Cymulate Ishan Pandey: Hi Eyal, welcome to our “Behind the Startup” series. Tell us about yourself and the story behind Cymulate? Hello, and thanks for having me. The story behind Cymulate is simple. I have been in the security industry for over 20 years, on the customer side of the fence, as a CISO, and on the security service provider side. Over the years, I have seen how security spend has grown into a $150B market. Nevertheless, we are not any safer from cybercrime; in fact, it seems to be getting worse. Something was broken, what we found was that many breaches could have been stopped with existing security, they were either not configured correctly, or they failed for some other reason. Eyal Wachsman: Moreover, security teams were totally unaware of the problem. Pen testing was no longer effective because it is a slow process compared to the rate of change in IT, the attack surface, and threats. The industry needed a way to deal with the threat landscape based on a continuous assessment of threat and business evolutions. does this by replicating threats in our cloud so that our customers can check in real-time how their security is performing in the production. People, processes, and technology. We also tell them what needs to be done to improve their performance. We provide an easy way for security teams to maximize the utility of all the security capabilities they have. Cymulate Ishan Pandey: Keeping sensitive data secure is a huge challenge for corporations. What recent trends in cyber-attacks and data breaches are we witnessing in 2020? It is all about the data, and its always been about the data. We are seeing human-powered ransomware, where a criminal can buy a “bundle” that includes credentials to access a network and the tools to launch a successful ransomware campaign in one package. We see automation used extensively to increase the monetization of cybercrime and increase the likelihood of success. For example, to automate lateral movement, so that once within a network, it will distribute the ransomware to as many endpoints before the organization has detected a breach. Eyal Wachsman: Ishan Pandey: What advice would you give to a company’s management on handling and disclosing a data breach? Eyal Wachsman: I do not think there is any option today. You must disclose. The public is sensitive about it, and penalties can be high. The issue is how long does it take to make the decision to disclose. Most companies figure out how to go about disclosure during an actual event. I would advise them to figure it out beforehand and even exercise the process once a while. Ishan Pandey: How can simulating attacks and breaches help an organization in preparing for a cyber-attack? That’s the essence of what we do. Look, we will make sure your preventive security controls are working at optimal performance by subjecting them to a broad set of attacks. We will show you the variants that succeeded and provide the IoC’s or guidance to block them. However, that is just one part of the equation, and it’s not only about the technology. We also provide scenarios that exercise your people and processes to detect, contain and remediate malicious activity. Company’s that have limited resources will gain the most because most of them are not able to cope at all with the pace of threat evolution, we provide them with that capability. Nevertheless, large companies that have in-house pen testers and red teams will benefit from the offensive knowledge that we operationalize, automate and scale. Eyal Wachsman: Ishan Pandey: More and more companies are moving to the cloud, and the cloud is notorious for its security. What best practices and policies should companies have in place while migrating to cloud platforms? It is debatable if the cloud is more or less secure than on-prem. Also, it depends if we are talking about SaaS or Infrastructure. Infrastructure puts the burden on the customer; SaaS puts the burden on the provider. In any case, best practices should include a robust identity and access management system, data encryption where you own the keys, and anomaly detection systems. Eyal Wachsman: Ishan Pandey: According to you, deploying which new technology is changing the game for IT professionals when it comes to cybersecurity? Companies have anywhere between 25 to 50 types of security tools. My point is that there is no game-changer. There is an arms race between threat evolution and security technology evolution, and its won or lost on points. What is missing, and what is a game-changer is providing a CISO with the visibility he needs, to know what his security deficiencies are so that he can close them. It may be new technology; it may be more skills. Maybe it is related to a business initiative like cloud-first or working from home. Cymulate will show him, by challenging his security where he is vulnerable and what he needs to do to fix it. Eyal Wachsman: Ishan Pandey: Are you finding any new types of sophisticated malware and viruses during your forensic research? Actually, that is the sad part; many breaches can be stopped with existing technology. You need to understand how the threat landscape has evolved. The cybercrime economy is powered by a high-tech industry of suppliers and a market of consumers; the irony is that a lot of the glamour associated with hacking is not there anymore. It has been replaced by the same roles in the legitimate economy. They have analysts and developers, sysadmins, sales and customer support. If you have a working product that is good at ransomware, you will want to sell it to as many criminals as you can, and you will want to make it as simple as possible to use. So, a lot of the attacks are automated and replicated. The legit security industry catches on quite quickly and implements the safeguards. So yesterday it was automated ransomware combined with data exfiltration and now its human-powered ransomware. The question for a CISO is, do you know if the safeguards are useful in your network? Eyal Wachsman: Ishan Pandey: How can companies imbibe antifragile culture in their organizations? 2020 and Covid-19 has shown us the difference between agile businesses that survive the pandemic, and antifragile businesses that come out of the same period stronger. Antifragility is a company’s capability to react to “black swans” like the pandemic and leverage the situation to their advantage over slower-moving or rigid companies. To develop such a culture, a company should develop an environment that encourages experimentation, fails fast and learns from its mistakes. Eyal Wachsman: Ishan Pandey: What trends and opportunities do you see in 2021 for the cybersecurity industry? Let me gaze into my crystal ball 😊 I see more of the same which means more change. Business initiatives will drive changes in IT, and these will create new opportunities for cybercrime, new variants of malware and techniques and the security industry will try and sell you as much kit as possible by showing you how scary it is out there. Cybersecurity skills will remain scarce into 2021, which may just be the weakest aspect of cybersecurity today. The precious few will focus on collaboration to pro-actively fight cybercrime, and I hope this trend grows. Furthermore, we will continue to shine the lights on a company’s security stack so that they know where they need to focus their efforts limited by scarce resources and facing constant change. Eyal Wachsman: Cybersecurity requires periodic assessment to ensure that the cyber defences are adeqaute in order The purpose of this article is to remove informational asymmetry existing today in our digital markets by performing due diligence by asking the right questions and equipping readers with better opinions to make informed decisions. The material does not constitute any investment, financial, or legal advice. Please do your research before investing in any digital assets or tokens, etc. The writer does not have any vested interest in the company. Interviewer - Ishan Pandey.

Ball

Liquidity aggregation and farming on blockchain with Alexey Koloskov

How AI is Changing the User Shopping Experience with Omri Katz

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

On Cyberattacks and Data Security Solutions with Eyal Wachsman

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

$2M Backing and a Vision: How GAM3S.GG is Reshaping Web3 Gaming

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

$2M Backing and a Vision: How GAM3S.GG is Reshaping Web3 Gaming

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps