I had a chance to interview renowned risk and cybersecurity expert, technology visionary and business leader Sai Huda. He is the author of ground-breaking book “Next Level Cybersecurity: Detect The Signals, Stop The Hack“. Huda shared his views on some of the pressing issues in cybersecurity today.
You can read the complete interview below:
1. Thanks for accepting our interview request. Can you tell us briefly about your career so far?
Thank you for the invitation. I served for seven years as the SVP/GM of the Risk, Information Security and Compliance business at FIS, a Fortune 500 company, serving over 20,000 clients worldwide.
Always strived to inspire the team to innovate with cloud-based technology, machine learning, and AI, and expert services. Under my leadership, FIS attained number 1 ranking in Chartis RiskTech100.®
Prior to that, I was the founder and CEO of Compliance Coach, an innovative cloud-based risk management software and consulting services company, serving over 1,500 clients in financial services, healthcare, and government sectors. FIS acquired Compliance Coach.
Now, I’ve written a game-changing book on cybersecurity. It is one of the most significant and disruptive risks facing organizations worldwide. The book is written in plain language, so everyone, from the board, c-level executives, management, and staff can all benefit.
2. In your book “Next Level Cybersecurity: Detect The Signals, Stop The Hack”, you explain that even with more than $100 billion spent annually on security, attackers break in, stay hidden and steal data. Can you tell us some of the key reasons why a security breach occurs?
Every organization should recognize they are a target because they have data and there are too many doors, windows and entryways for cyber attackers to get in. And the attackers are now sophisticated. They will get in, it is only a matter of time.
Intensive reviews of dozens and dozens of the world’s largest hacks reveal that while there are detection efforts, it is skewed toward prevention. Prevention efforts are of course important, but since attackers will get in, equal attention must be on detection going forward. And the focus must be on early detection, otherwise it will be too late.
My book uncovers the signals of the attackers that organizations are either missing or don’t know how to detect them early, apart from all of the noise. So, the attackers are slipping by the cybersecurity, staying undetected and stealing data or committing other harm.
3. You talk about 15 major signals of cyber attackers’ behavior and activity. What is common in all these signals? Can you elaborate?
What the 15 signals have in common is they provide early tip-offs to the hack. In the book, I explain the Cyber Attack Chain. It is a simplified model that shows the steps that cyber attackers tend to follow in just about every single hack. There are five steps: external reconnaissance, intrusion, lateral movement, command and control and execution.
At each step, there will be signals of the attackers’ behavior and activity. But the signals in the intrusion, lateral movement and command and control steps provide the greatest value because they are timely.
The external reconnaissance step is very early and the signals may not materialize into an attack while detecting signals in the execution step is too late because by this time the data theft or harm will have already occurred.
My research uncovered 15 major signals in the intrusion, lateral movement and command and control steps that should be the focus of detection.
4. Is it possible to stop a hack before it happens? Can you explain how?
Unfortunately, it is not a question of if, but when, the attackers will get in. My research of the world’s largest hacks reveals that if the organization had detected signals of the attackers early, in the intrusion, lateral movement or command and control steps, they would have been able to stop the hack and prevent the loss or damage.
My book shows how to detect the signals in time, using a seven-step early detection method. One of the key steps in this method is to map relevant signals to the Crown Jewels (crucial data, IP or other assets). It is a great use case for machine learning and AI. There is a lot of noise, so machine learning and AI can help eliminate false positives and expose the attackers’ signals early to stop the hack.
5. According to a report, in 2013, there were 500,000 malicious applications. In 2015, the number increased to 2.5 million. In 2017, it increased to 3.5 million. Why does this number grow every year? What is the motivation for hackers to build these applications?
The cyber attackers are now sophisticated and can easily create malicious applications customized to evade the cybersecurity. They are also asking themselves, why go to all the trouble to steal data when you can hijack the data or other Crown Jewels and lock them down until a ransom is paid? Recently, SamSam in the U.S. and Canada struck over 200 organizations. It provided the attackers over $6 million in ransom payments and caused over $30 million in additional financial damages.
A couple of years ago, NotPetya caused over $10 billion in financial damages worldwide. Detecting signals early of cyber attackers using malicious applications, whether it is ransomware or other applications, is now even more crucial to preventing a cyber disaster.
6. Can the implication of cybersecurity legislation stop cybercrime? What are the challenges in establishing a culture of cybersecurity?
Cybersecurity legislation worldwide, with teeth, will be a deterrent. Otherwise, it will be a paper tiger. Ideally, it should be a uniform law that is adopted by all countries, that provide stiff money penalties and jail sentences for cybercrime as well as extradition of the cybercriminals to the victim country for prosecution.
Unfortunately, currently it is several nation-states that are sponsoring the cyber attackers, so it will require global leadership and unity to get the world on the same page.
In the meantime, organizations worldwide need to make cybersecurity a priority, starting in the board room. It all starts at the top. My intensive review of the world’s largest hacks reveals in each case a common theme: inadequate or missing board cybersecurity oversight. In my book, I provide a practical way to take cybersecurity to the next level throughout the organization to stay one step ahead of the attackers.
7. What new types of threats and attacks do we need to be aware of, and how is that going to change the cybersecurity environment in 2019?
There are two blind spots that just about every single organization worldwide faces that cyber attackers will exploit, beginning in 2019.
One blind spot is the cloud. There is a false sense of comfort and lack of attention to detection, thinking the cloud is safer because of the cloud provider’s cybersecurity or because the cloud provider has an out-of-the-box monitoring system. However, if the organization fails to identify all Crown Jewels and map all relevant cyber attacker signals for the monitoring, the attackers will get in, remain undetected and steal data or commit other harm in the cloud.
The other blind spot is the Internet of Things (IoT). IoT devices (e.g. smart TVs, webcams, routers, sensors, etc.), with 5G on the way, will be ubiquitous in organizations worldwide. While IoT devices provide many benefits, they are a weak link in the chain due to poor built-in security and lack of monitoring. Cyber attackers will focus on IoT devices to make the intrusion, then pivot to get to the Crown Jewels. Detecting early signals of cyber attackers trying to exploit IoT devices will be critical.