Last week, Digital Journal reported on a cyber espionage campaign that in some cases successfully broke into the core systems that control some energy companies’ operations in the U.S. and in Europe, giving the hackers operational access and the ability to stop the flow of electricity. Cybersecurity has become an integral part of a company’s business model as the world has become more connected, particularly in the area of cross-border dependence on data-sharing. To find out more about what companies can do to better prepare for future cyberattacks, Digital Journal caught up with Gregory Garrett, the Head of International Cybersecurity at BDO USA. Mr. Garrett joined BDO in August this year as head of International Cybersecurity in the firm’s Technology and Business Transformation Services practice. With over 30 years in the security and related consulting and professional services, Gregg has extensive experience in developing and implementing cyber risk management programs.
Owing to the concerns raised by Symantec over the group calling themselves Dragonfly 2.0, Digital Journal asked Gregg, “How can companies prepare for additional cyberattacks like Symantec was describing? Gregg Garrett: “It appears that the Dragonfly group had used a variety of attack methods to deliver malware to their victims within the energy sector, including fake Flash updates, Trojan horse software and spear phishing emails based on well-researched social media analysis.” Digital Journal: So, what is the first and probably most important action a company needs to take to protect itself? Gregg answered, saying: “The best way companies can combat these attacks is to increase the quality and frequency of their cybersecurity awareness education and training from the top-down.” And this is at the core of Garrett’s message to companies facing security problems today. “A successful cyber risk management program needs to integrate top-down organization education with robust information governance, threat detection and monitoring, and an incident response plan that is ready not if, but when, an attack strikes, Garrett said. “BDO understands this and integrates cybersecurity products, services, and educational tools holistically, from both a proactive and reactive point of view.” Interestingly, security in a company does not just involve the employees but reaches all the way to the top. Additionally, whether intentional or not, the biggest threats to an organization originate from current or former employees. So it is easy to see why security, and in particular, cybersecurity has become so important in today’s world. Digital Journal asked Gregg if smart grid technology would help in mitigating cyberattacks? Gregg answered: “Smart grid technology will enhance overall information security. However, hackers will always try to find the most vulnerable aspects of any information system, which often are company executives’ work and personal email accounts.”
Gregg explained, “This is especially true if both accounts are shared on the same mobile device or if the executive’s access their company information systems remotely without multi-factor authentication (MFA).” For those not familiar with the term, this is an authentication mechanism. For example, to access your account, you may be may be asked a close relative’s full name or the name of your favorite pet. This is why cybersecurity strategies have turned the focus on risk management and loss prevention. Organizations have been so focused on protecting their data from outside forces, they have totally overlooked protecting that data from forces from the inside. This very real problem was recently brought to light when it was found that close to 5,500 bank employees of a large bank used personal information to generate fake accounts, also transferring money to the accounts. Digital Journal asked Gregg to discuss how BDO was using artificial intelligence and machine learning in handling cybersecurity threats in the workplace. This is one area where Gregg’s wide-ranging experience in cybersecurity assessment and employee education will help to identify often overlooked cyber risks, respond to incidents in real-time and keep ahead of emerging risks. Gregg explained: “At BDO, we are continually advising and sharing with our clients the newest hardware, software and professional services available that use the latest technologies on the market, including AI, machine learning and more. Our goal as a professional services firm and partner is to help them make informed decisions on how they can enhance their cyber security in the most timely, compliant and cost-effective manner.” http://www.digitaljournal.com/tech-and-science/technology/an-interview-with-bdo-usa-cybersecurity-expert-gregory-garrett/article/502025