In the wake of the WannaCry ransomware attacks, enterprises around the world are waking up to the reality that cyberattacks are unavoidable, increasingly effective, pervasive and simply bad for business. This newfound awareness comes at little surprise to the cybersecurity community, which has been advocating that executives take cybersecurity more seriously, and consider the cyber risk among some of the largest challenges facing their enterprise.
And while the increasingly persistent and sophisticated cyber threat is creating headaches for enterprises, it’s also creating opportunity for innovative solution providers with platforms and applications capable of protecting networks and data. One of these innovative cybersecurity solution providers is Nehemiah Security, which offers a solution suite that helps users find their risk, make their risk surface smaller, and actively mitigate vulnerabilities that leave them susceptible to attack.
We recently had the opportunity to sit down with Paul Farrell, the CEO of Nehemiah Security, to discuss the shifting threat landscape, whether enterprises are as prepared for cyberattacks as they should be, and how the solutions offered by Nehemiah Security can help companies better secure their networks.
Here is what Paul had to say:
Corporate Growth, Capital Style (CGCS): Cybersecurity is a top priority for most enterprise IT departments today. Why is cybersecurity so important considering today’s threat landscape? What has changed and evolved to make a focus on cybersecurity so critical for enterprises today?
Paul Farrell: People are starting to understand the real threat of cybersecurity today. They’re finally starting to truly understand what’s at stake. On a larger scale, there are foreign nations perpetuating attacks, but even on a smaller scale, there are people that are stealing their business and stealing their information. And people are waking up to that fact – that there is a real threat that can’t be ignored anymore.
And it needs to be understood and explored at all levels of the organization. That’s an important thing.
For many years, the thought from the CEO and Board perspective was, “let the IT guys take care of this and just make it go away.” They thought it was just one of those, “crazy IT things.” But, today, they recognize that it’s a real problem and a real business risk, and they’re working to understand it and address it properly.
CGCS: What has evolved or changed within the enterprise that makes them more susceptible to cyberattack and cyber breach?
Paul Farrell: I think it’s the advent of technology and the interconnectedness of today’s Web-enabled world. And that’s what has changed – the pace.
Since the late 90’s, we’ve been on really a brisk pace of technology and IT adoption, and we’re probably only about 20 percent of the way through what’s going to happen in the long term. So, things are getting more and more connected. Organizations are getting increasingly connected to their suppliers.
And the pace of innovation is still picking up. We had just-in-time inventory a long time ago – nobody even talks about that anymore. That was a big thing a few years ago. Now it’s just assumed that a company is doing things and adopting technologies like that.
The complexity of the applications that we’re using has increased dramatically. And then, these applications aren’t just stand-alone. All of our applications connect and interact with other applications.
CGCS: Would you say that most enterprises and organizations are as prepared as they should and could be for a cyberattack? What are the ramifications of not being properly prepared? What could the impact be to the enterprise?
Paul Farrell: The ramifications are all downside – you’re going to get breached and it’s going to be bad. That being said, is everyone prepared? That’s a difficult question, but I’m inclined to say that they’re not as prepared as they should be. I’ve spoken to many people in the marketplace and we’re discussing basic cybersecurity hygiene – like keeping applications up to date – and people aren’t doing what they should be doing – the “ABC’s.”
The other issue is that the attackers, they’re becoming more and more sophisticated. The attackers are using shell commands, they’re using main memory breaches that are there for a while and then go away – they’re somewhat of a sleeper cell, they get inside of an organization and then go to sleep for a year before they attack. So the complexity of attacks, the frequency of the attacks is all going up.
The good thing is that we’re aware of it now. We’re doing things now to mitigate attacks. But I don’t think organizations do enough from a hygiene perspective as they should. It’s a complex problem that needs to be addressed daily. People within the organization have to wake up every day and understand how they can better protect their organization that day and reduce its risk. Organizations need to give them a better idea of where the risk is and how to better address it.
CGCS: How does the Nehemiah Security solution suite better prepare enterprises for the security threats they may face?
Paul Farrell: The first part of being better prepared is to know your risk. We have a solution called AtomicEye Risk Quantifier that runs in a virtual environment and shows the organization where the risk is from a systems standpoint.
The next application is AtomicEye Attack Surface Manager. It shrinks the attackable surface down to a smaller, more manageable size that’s easier for IT resources to manage.
And then there’s AtomicEye Continuous Protection, which is our adaptive reference modeling solution that finds anomalies in the network and reports on them. We know that risk changes every day in an organization. If someone comes in and changes just one thing, your previous tests are useless because your security parameters have changed.
AtomicEye Continuous Protection can send all of the changes in the corporate environment over to the Risk Quantifier and they can rerun, because risk is something that we should be thinking about over time or over days. And then when Risk Quantifier finds something wrong, it can report it to a tech service manager, who can go and work towards fixing it.
It’s a virtual aid, where information goes from Risk Quantifier over to AtomicEye Attack Surface Manager, over to AtomicEye Continuous Protection, and back again and works to protect the company.
CGCS: Who utilizes the Nehemiah Security solution suite? Is it mostly by enterprises in the private sector, or does the federal government and Defense Department utilize these solutions?
Paul Farrell: We’ve always been in the software industry and have always been successful in it. And much of our experience has been in the B2B marketplace. However, our location [in the Nation’s capital] is home to such a large federal presence, and that gives us many opportunities in that area.
We have a subsidiary we acquired called Siege Technology and they’re 100 percent federal and DoD focused. As a result, we have several DoD clients, and we’re looking to actively maintain and grow that business. However, we’re hoping to grow our base of enterprise customers as well.
To learn more about Nehemiah Security and its suite of innovative security solutions, visit their Website at www.nehemiahsecurity.com.