April 2019

I recently received several e-mails from people asking some very pointed questions about cybersecurity providers and their practices.

Our security provider just revealed that their Security Operations Center is not on-site as we believed. It’s a virtual space. Is this common? Do you see this as an issue? The short answer is: Yes and Yes. We all see and approach business differently. However, from my perspective and in my experience, fielding an advanced cybersecurity team remotely lessens the team’s effectiveness and problem-solving abilities. It’s really a matter of common sense.

From multi-level attacks to phishing schemes, the threats we detect and destroy every day are quite sophisticated. Sure, some of the threats are, I hate to say it, garden variety and easily overcome. But more advanced threats require complex problem solving. Having cyber operatives together, face-to-face, in a common space allows for heightened collaboration and operationalizes proper analysis via a Fusion Center.

Nothing, in any industry, can replace a tightknit team, working side-by-side thinking as one. That reality is even more apparent in the cyber security world. Being together creates a spontaneous energy that cannot exist in a virtual environment. When people, good and talented people collaborate in the same space, the old business proverb of one plus one equals three explodes to four, five or six. We all feed off of the energy of others – it’s human nature. The collective considers solutions the individual might miss.

Our cybersecurity partner recently informed us they will be outsourcing a portion of our threat protections services to contract workers and freelancers, so they can “hire the best talent at affordable rates, to keep prices down.” Should I be concerned? You shouldn’t be concerned – you should be alarmed. Human beings are the most significant weakness in any security operation. It’s virtually impossible to monitor and evaluate non-employees with the same level of scrutiny as a direct hire. You’re allowing your provider to give the keys to the kingdom, access to your networks, systems and most sensitive data, to an outsider. It’s more than bad business. It’s risk in its purest form.

Non-employees could be:

– Threat actors posing as reputable security personnel

– More easily corrupted or influenced by organized criminals, rogue nations or your even your competitors

– The most dangerous of threats, because they know your organization’s most significant weaknesses and vulnerabilities

– Less effective because they are not personally invested in the culture of your provider – hired guns can be loose cannons that don’t have a personal stake in your business

In many industries, possibly your own, outsourcing makes sense. But when it comes to cybersecurity, your provider needs to have a fully-vetted, continuously monitored, in-house team to reduce the chance for impropriety.

Our legal department has expressed concerns about our security partner’s digital forensics. What should I ask when interviewing a digital forensics expert? Digital forensics requires a unique blend of cybersecurity expertise, legal knowledge for proper handling of evidence, and the ability to communicate complex information in a simple, organized fashion that’s clear and easy-to-understand.

When interviewing, I would recommend first asking for a presentation demonstrating cases that were both won and lost as a result of digital forensics. If an expert can show where things went wrong in the past, as well as went right, you’ll find the right expert. Failure remains a better teacher than success.

Secondly, ask to interview the forensics expert (or experts) who will be working directly on your account. Judge their ability to engage and communicate. Judge whether they talk “with you” or “at you”. Too many experts, speak in lofty language that can make those unfamiliar with the subject matter feel overwhelmed and even “stupid.”

Lastly, consider offering the prospective provider a modest stipend and have your legal team host a mock trial or mock deposition, which will allow you to watch the expert in action. This type of exercise will also build confidence within your legal team, because they will be able to understand, first-hand, how the expert handles pressure, answers questions, and represents your company.

Remember, if you have a question, you’re probably not the only one in search of the answer. The questions covered today are perfect examples since we received multiple requests about each topic. So, keep your questions coming. I’m here to help.