Gaining the Technology Leadership Edge, Episode #44
Cybersecurity expert discusses common breaches and best practices for protection
Show Notes
About the Guest(s):
Mike Andrewes is a seasoned cybersecurity consultant with a deep background in telecommunications, networking, and project management. He has amassed over 20 years of experience, starting his career in active duty within the Department of Defense. His profound understanding of cybersecurity programs led him to spearhead the cybersecurity office for a network of 28,000 users, both classified and unclassified. Currently, Mike lends his expertise to Yastis, employing his passion for the cybersecurity field to aid companies in bolstering their digital defenses.
Episode Summary:
In this compelling episode of “Gaining the Technology Leadership Edge,” host Michael delves into the intricate world of cybersecurity with expert Mike Andrews from Yastis. As they navigate the crucial topics within the industry, the conversation reveals insights into the pervasive cybersecurity challenges facing companies of all sizes, drawing upon real-world examples, including notable breaches like those seen at MGM.
Mike shares his journey from the Department of Defense to the private sector, highlighting the unique perspective he gained from his government experience. The discussion spans topics from the prevalence of phishing attacks to the intricacies of securing a network, offering listeners a glimpse into the daily life of a cybersecurity consultant. The episode is rich with practical advice, emphasizing the importance of robust security measures and proactive approaches to cyber threats.
Key Takeaways:
- Foundational Cybersecurity: Government backgrounds provide valuable insights and preparedness for private sector cybersecurity challenges.
- Common Threats: Despite technological advancements, common threats like phishing continue to dominate cybersecurity incidents.
- Strategic Defense: Implementing strong two-factor authentication, access segmentation, and comprehensive incident response plans are essential for robust security.
- Help Desk Vulnerabilities: The MGM breach demonstrates the vital need for stringent help desk authentication processes.
- Importance of Testing: Regularly testing backups and security systems is critical to ensure they function correctly when needed.
Notable Quotes:
- “Getting into a system is very important… They don’t make it that easy on you, and it’s rightfully so.” – Mike discussion on proper authentication methods.
- “In cybersecurity, the more you have, the more vulnerable you are.” – Mike on the importance of limiting system surface area and privileges.
- “If one goes down, the other one’s still there. And if it’s like on the same server in the same room, can’t be sure about that.” – Mike discussing the significance of separated backups.
Watch Episode #44 on YouTube
Subscribe on YouTube
Episode Details
Protecting Your Business Cybersphere: Best Practices and Insights from a Cybersecurity Pro
In an age where digital threats are continually evolving, businesses must be vigilant about their cybersecurity measures. As Mike Andrewes, a cybersecurity consultant from Yastis, discusses the intricacies of cybersecurity in the modern business landscape, important insights come to light. Drawing from his dialogue with Michael, the host of “Gaining the Technology Leadership Edge,” we explore how businesses can fortify their digital domains against ever-present threats.
Key Takeaways:
- Strong Authentication Practices: The importance of strict authentication measures, including two-factor authentication and avoiding simple information verification, to prevent unauthorized system access.
- Cybersecurity As a Non-Negotiable Asset: The necessity for businesses of all sizes to prioritize cybersecurity, which is as crucial to operation as any other foundational aspect of the organization.
- Vigilance in Compliance and Monitoring: The role of rigorous compliance adherence and continuous monitoring in preventing and swiftly addressing cybersecurity breaches.
Strong Authentication and User Access Control: The First Line of Defense
In the realm of cybersecurity, stringent user authentication and access control are paramount. As Mike Andrewes asserts, “85% to 90% of all incidents” involve basic hacking techniques that exploit weak authentication practices. This indicates a pressing necessity for businesses to step up their authentication protocols.
User Authentication: Beyond the Basics
“Getting into a system is very important,” Mike points out. He emphasizes the value of multifaceted authentication measures, advocating for methods that go beyond simple question-and-answer strategies utilized by companies like MGM, which recently suffered a significant breach. The lesson here is clear – simple credentials are insufficient.
Access Control Lists and Least Privilege
Detailed in the discussion is the concept of ‘least privilege,’ where user access is meticulously regulated to minimize the risks of internal threats. Access control lists (ACLs) serve as digital gatekeepers, ensuring that employees only access what they need for their roles. This helps to restrict the attack surface within an organization.
Cybersecurity: An Integral Asset for Business Stability
“Businesses must do cybersecurity on any budget,” Mike underscores. He debunks the misconception that only large companies with vast resources can afford robust cybersecurity measures. Small businesses have access to enterprise-level security features through scalable tools. The message is clear: cybersecurity is not a luxury but an imperative for all businesses.
The Need for a Proactive Approach
Mike underscores the necessity of a proactive approach to cybersecurity, where tools like mobile device management enhance monitoring and control over work-from-home setups. He also explicates the significance of due diligence in engaging with cybersecurity professionals, urging businesses to start conversations with nondisclosure agreements, thus mitigating risk from the outset.
Cybersecurity Across the Spectrum
Mike draws a distinction between the structured environment of government cybersecurity and the less formal but equally important practices in the private sector. He argues for a harmonious blend of risk management and compliance to adapt to different business circumstances.
Continuous Cybersecurity Monitoring: A Critical Imperative
Drawing from government practices, Mike illuminates the importance of continuous monitoring for active perimeter defense. A robust security operations center, staffed by vigilant professionals who can recognize and respond to threats in real time, is vital for maintaining security integrity. The alternative – reviewing logs after an incident – simply does not suffice in the fast-paced digital arena.
Preemptive Threat Management
“They’re good about watching the perimeter to make sure things are being watched,” Mike says about government-level security. Applying this insight to the private sector, businesses that actively monitor and swiftly act upon suspicious activity can minimize the fallout of potential security incidents.
The Response to Incidents
Having an incident response plan in place is essential for businesses to combat the unexpected. Mike emphasizes that such plans must be concrete, outlining detailed procedures for restoring systems, reaching out to necessary contacts, and managing the aftermath of a security breach.
Protecting your business’s digital environment is not a future consideration; it’s an immediate and ongoing responsibility. Engaging with a cybersecurity consultant like Mike Andrewes from Yastis can be the difference between safeguarding your digital assets and facing the repercussions of a cyber breach. As Mike and Michael have hashed out, from robust authentication to vigilant monitoring and incident response, cybersecurity is a multifaceted discipline that every business must embrace.
By applying these insights, organizations can transcend reactivity, proactively fortifying their networks, and ensuring the continuity of their digital operations. In a landscape where a single oversight can have drastic consequences, a dedicated approach to cybersecurity is not just advisable—it’s absolutely essential.
Contact Information for Mike Andrewes
LinkedIn: Mike Andrewes
Website: yastis.com
| Timestamp | Summary |
|---|---|
| 0:00:00 | Introduction and discussion on the prevalence of hacking incidents |
| 0:00:33 | Mike’s background and entry into the cybersecurity field |
| 0:01:19 | The trend of cybersecurity professionals coming from the government |
| 0:01:59 | Minimum revenue requirement for engaging with Yastis |
| 0:02:59 | Common ways people are breached, including phishing and overlooking basic security measures |
| 0:03:47 | Example of the MGM breach and the importance of authentication and vetting processes |
| 0:05:37 | Advice for companies to avoid breaches, including strong two-factor authentication and segmentation |
| 0:08:18 | Importance of having an incident response plan and thorough testing of backups |
| 0:09:38 | Engagement process with Yastis and focus on compliance |
| 0:11:25 | Yastis’ unique approach of combining risk reduction and compliance in their services |
| 0:11:58 | Surprise of team members working at a financial institution |
| 0:13:03 | Common mistakes in cybersecurity engagements |
| 0:16:18 | Importance of firewalls and access control lists |
| 0:20:07 | Need for individuals to prioritize cybersecurity at home and in business |
| 0:22:24 | Small companies can afford cybersecurity on a budget |
| 0:23:03 | Benefits of smart home technology |
| 0:23:35 | The importance of using codes for security instead of physical keys |
| 0:24:01 | Tech professionals often work late nights to implement projects |
| 0:24:47 | Magic Mind as a solution for improving focus and energy |
| 0:26:05 | Balancing work, family, and sleep as a tech professional |
| 0:27:17 | Differences in cybersecurity practices between government and non-government entities |
| 0:28:33 | The advantages of actively monitoring network security |
| 0:29:46 | Contact information for Yastis and Michael Andrews |
| 0:30:14 | Conclusion and invitation for future assistance |