Gaining the Technology Leadership Edge, Episode #73

Understanding Fourth-Party Risk: The Invisible Threat to Your Business

Show Notes

About the Guest(s):

Adam Gordon is a seasoned cybersecurity expert with extensive experience in the field of information security. Currently engaged in educational initiatives at New Horizons, he has a robust background in consulting for a diverse range of sectors including government, military, public, and private companies. Adam has worked with several high-profile organizations globally, helping them strengthen their cybersecurity defenses and manage technological debt. He is also a prolific speaker and educator, dedicated to cultivating a better understanding of risk management, business continuity, and disaster recovery among modern enterprises.

Episode Summary:

In this riveting episode of “Gaining the Technology Leadership Edge,” host Mike dives deep into the world of cybersecurity with renowned expert Adam Gordon. Amid the increasing threats, from major casino hacks to the incessant rise of ransomware, Adam shares invaluable insights on how enterprises can fortify their defenses against an ever-evolving threat landscape. He elucidates on the complexities of business continuity, disaster recovery, and the significance of continuous learning, making this episode a treasure trove of knowledge for anyone in the tech and cybersecurity industry.

Adam underscores the critical intersection of legacy debt, emerging technologies, and risk management in modern enterprises. He emphasizes how cyber threats have become more sophisticated, with nation-state actors aggressively targeting both public and private sectors. Detailing the growth of ransomware and its devastating impact on organizations, he highlights the indispensable need for adequate preparation and proactive risk mitigation strategies. Listeners will gain a deep understanding of how to tackle risky user behavior, mitigate social engineering attacks, and build a resilient enterprise through robust policies and continuous education.

Key Takeaways:

  • Intersection of Key Trends: Adam discusses the intersection of legacy debt, emerging technologies, and risk management in today’s enterprises, highlighting the challenges these pose to cybersecurity.
  • Nation-State Cyber Threats: Nation-state actors are increasingly targeting both public and private sectors, making it imperative for organizations to strengthen their defenses and be more vigilant.
  • Rise of Ransomware: The surge in ransomware attacks has exposed the vulnerabilities in many organizations’ business continuity and disaster recovery plans, emphasizing the need for comprehensive preparedness.
  • Risky User Behavior: Adam delves into the significance of mitigating risky user behavior and the importance of implementing consistent and comprehensive security awareness training within organizations.
  • Continuous Learning: Continuous learning and keeping abreast of the latest cybersecurity threats and best practices are vital for modern enterprises to thrive in an increasingly hostile threat landscape.

Notable Quotes:

  1. “The nexus of legacy debt, emerging technologies, and risk creates a very broad landscape organizations need to navigate.”
  2. “Nation-state actors lurking in the shadows have become more aggressive, targeting critical infrastructure and private sector entities alike.”
  3. “Ransomware attacks have exposed a soft underbelly in many businesses’ continuity and disaster recovery plans.”
  4. “Risky user behavior is a slow burn, continually eating away at an organization’s security framework.”
  5. “The myth of eradicating risk is a fallacy; instead, focus on preparedness because risk is a never-tiring monster.”

Watch Episode #73 on YouTube

Subscribe on YouTube

Episode Details

Key Takeaways

  • Ransomware and Nation-State Attacks: The evolving threat landscape demands robust business continuity strategies.
  • Risky User Behavior: Human error remains a critical vulnerability in organizational cybersecurity.
  • Continuous Learning: Regular, structured cybersecurity training can mitigate many risks posed by evolving threats.

In an enlightening discussion on the evolving landscape of cybersecurity, industry experts Mike and Adam Gordon delve into the intricacies of modern cyber threats, including high-profile casino hacks, the rise of ransomware, and the vulnerabilities stemming from risky user behavior. Adam Gordon, a cybersecurity expert, shares his insights on how organizations can better prepare and respond to these challenges.

The Rise of Ransomware and Nation-State Attacks

Ransomware and nation-state attacks have surged significantly in recent years, highlighting the importance of robust cybersecurity policies. Discussing the notorious attacks on major casinos like Caesars and MGM, Adam emphasizes, “Unfortunately, they hit at a point, a nexus, an inflection point in an organization’s planning that has for many years probably been one of the softer underbellies of business continuity and disaster recovery preparation.”

Nation-state actors have shifted from industrial espionage to targeting high-profile corporations and public infrastructures. This transition marks a significant change in the threat landscape. “Traditionally, they’ve been active in looking at cyber espionage, industrial espionage, looking for economic and or political, perhaps economic or military advantage. But… they decided to confront not just other nation-states but really merge their activities into the private sector realm,” Adam notes. This convergence poses a significant risk to the global economic flow and public safety.

Ransomware attacks, often state-sponsored, target critical infrastructures like hospitals and educational institutions. Adam underscores, “Ransomware itself, again, has been around for a long time… but it was really lurking in the shadows until maybe the last three or four, maybe five years.” These attacks exploit the gaps in business continuity and disaster recovery plans, often leading organizations to pay hefty ransoms due to inadequate preparation.

Addressing Risky User Behavior

One of the most daunting challenges in cybersecurity is managing risky user behavior. Human error remains a critical vulnerability, often leading to significant breaches. Adam shares, “Risky user behavior is one of the things that keeps me and probably a lot of your listeners as senior-level executives in organizations fraught with concern about risk and where it’s going to enter the organization keeps them up at night.”

Risky behaviors include using insecure public Wi-Fi, leaving devices unattended, and using easily guessable security questions. Mike adds, “Someone sitting next to a plane and saying, ‘Hold on to my laptop, I have to go to the restroom.’ It’s the same kind of thing.” These seemingly minor actions can open doors to significant security breaches.

Moreover, risky user behavior often goes unnoticed until it’s too late. “The problem with risky user behavior, it’s a slow burn… it just eats away at the underlying architecture and framework of the organization little by little,” Adam explains. This gradual erosion of security can lead to substantial long-term damage, making it essential for organizations to address these behaviors proactively.

The Necessity of Continuous Learning and Structured Training

Continuous learning and structured training are pivotal in mitigating cybersecurity risks. With evolving threats, regular training ensures that all employees, from top executives to entry-level staff, are equipped with the knowledge and tools to protect the organization.

Adam highlights the importance of a comprehensive approach to security training, “What I don’t often see or hear is a monthly campaign, is a newsletter, is a weekly email that goes out and updates people on suspicious activity.” A consistent, organized, and reproducible set of training events that are mandatory for all employees can significantly enhance an organization’s security posture.

Implementing such programs requires commitment from senior leadership. Adam asserts, “Change starts at the top… and it’s a question of having that senior leadership impetus to really live those exact things that you want your culture and your people, the organization to do.” When senior leaders prioritize cybersecurity and actively participate in training initiatives, it sets a positive example for the entire organization.

These measures not only help in preventing attacks but also prepare the organization to respond effectively when breaches occur. Adam advises, “It’s not a question of if I will get hacked, if I will be breached, if I will be attacked with ransomware, but it’s a matter of when one or more of those things will happen to an organization at some point.”

In an era where cyber threats are increasingly sophisticated and pervasive, organizations must adopt a vigilant and prepared stance. The insights shared by Adam Gordon emphasize the critical need for comprehensive business continuity and disaster recovery plans that address both technological and human factors.

The rise of ransomware and nation-state-sponsored attacks underscores the importance of robust security measures and proactive risk management. Additionally, mitigating risky user behavior through regular and structured security training can significantly enhance an organization’s resilience against cyber threats.

Adam aptly summarizes the essence of cybersecurity preparedness, “We need to be vigilant all the time. The bad actors and the risk purveyors need to just get lucky one time when we take our eye off that proverbial wall.” This continuous vigilance, coupled with a strong culture of cybersecurity awareness, can empower organizations to navigate the complexities of the modern threat landscape effectively.

Contact Information for Adam Gordon

LinkedIn: linkedin.com/in/adam-gordon-cissp

Website: https://www.newhorizons.com/

Timestamp Summary
0:00 Strengthening Cybersecurity Through Continuous Learning and Preparedness
2:50 Addressing Technical Debt and Risk Management in Modern Organizations
6:14 The Evolving Landscape of Cybersecurity Threats
13:50 Addressing Business Continuity and Disaster Recovery Challenges
16:43 Unintentional Risks of Using Public Wi-Fi and Laptops in Public
19:09 Mitigating Risky User Behavior Through Consistent Security Awareness
24:14 The Unending Vigilance Required to Mitigate Organizational Risk
28:34 Human Error and Risky Behavior in Cybersecurity
32:16 Cybersecurity Awareness and Social Media Scams
35:00 The Importance of Comprehensive Cybersecurity Measures in Organizations
42:02 Connecting on LinkedIn and Gaining the Technology Leadership Edge