Get a DemoStart Free TrialSign In

Interview

3 min read

For the newest instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed Dan Izydorek, Founder of PC Miracles. Dan is a cybersecurity specialist who has recently spoken on Fox news on this subject.

Tell us about the business you represent, what is their vision & goals?

We’re technology consultants, but technology is only a means to an end. To move the needle for my clients, I focus on delivering three things…

  • Better productivity
  • Lower risk
  • Guidance, strategy, and advice to help them create a long-term strategy, a detailed roadmap, and budgets based on what their objectives are

Can you share a little bit about yourself and how you got into cybersecurity?

I have been in the IT industry for almost three decades and have seen the slow rise in cybersecurity issues within our industry.

It used to be that installing simple antivirus was a good deterrent and addressed most of the problems for that time period. Over time a much more comprehensive approach has been needed in the form of a layered security suite (not just antivirus).

There was a time that firewalls weren’t considered absolutely necessary in SMBs. Now it is not just a firewall, but spam filtering, antivirus, Managed DNS, VPNs, and becoming more prevalent is MultiFactor Authentication.

What advice would you give to someone wishing to start their career in cybersecurity?

If you don’t love this line of work, I would not recommend it. You truly must have an aptitude for technology and a desire to stay not just one but also several steps ahead of the bad guys.

What are some misconceptions that you believe businesses have about cybersecurity?

Cybersecurity is not just a “set it and forget it” type of solution. Cybersecurity protocols and standards are updated regularly.

Unfortunately, today’s security updates are tomorrow’s old news. Just installing antivirus, backup, firewall, and spam filters are reasonable steps in protecting yourself, but constant monitoring and diligence is required to maintain a healthy Cybersecurity profile.

How has the rise of insider threats impacted the cybersecurity landscape?

Insider threats have made the game even more challenging by now requiring an even more layered security approach.

Insider threats are a new dimension that requires several proactive measures that most businesses are not prepared or even capable of implementing.

How can an organization protect itself against this type of threat?

A few best practices for threat protection from insider threats are as follows:

  • Perform enterprise-wide risk assessments
  • Clearly document and consistently enforce policies and controls
  • Establish physical security in the work environment
  • Implement security software and appliances
  • Implement strict password and account management policies and practices
  • Monitor and control remote access from all endpoints, including mobile devices.
  • Harden network perimeter security.
  • Enable surveillance
  • Enforce separation of duties and least privilege.
  • Recycle your old hardware and documentation properly.
  • Use a log correlation engine or security information and event management system (open source SIEM) to log, monitor, and audit employee actions.
  • Implement secure backup, archiving, and recovery processes
  • Identify risky actors and respond promptly to suspicious behavior.
  • Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
  • Develop a comprehensive employee termination procedure.
  • Include insider threat awareness in periodic security training for all employees

Does your organization use log and metrics data to improve and secure your systems? How do you find managing logs assists your day-to-day work?

We are continuously monitoring and reviewing logs for our clients.

Logs allow us to look deep into a client’s environment to detect suspicious events and provide alerts to help our IT team eliminate threats before sensitive data is stolen or corrupted.

Are there any books, blogs, or other resources that you highly recommend?

None specifically. I read industry white papers on the latest trends as they arise.

Would you like to share any cybersecurity forecasts or predictions of your own with our readers?

An increase in attacks on remote infrastructure. Because of the pandemic, we saw an enormous rise in the number of workers moving from centralized locations to home offices; this, in turn, has led to an increase in the employment of technologies facilitating remote work, such as email, VPN, and remote desktop (RDP).

Unfortunately, in many cases, workers began working remotely so quickly that organizations didn’t have enough time to consider security implications fully.

This created an increased attack landscape, in which criminals understand the weak points and how to capitalize on them, particularly with VPN.

Sadly, we’ve seen several compromises already and expect to see this continue. Suffice to say; companies must focus on securing both their VPN and RDP infrastructures.

If you enjoyed this article then why not check out our previous post on Canary deployment or check out our Interview with Hikari Senju, Founder and CEO of Omneky next?

Get the latest elastic Stack & logging resources when you subscribe

© 2024 Logit.io Ltd, All rights reserved.