CTO Interview: Otavio Freire, SafeGuard Cyber
Wed 27 May 2020 | Otavio Freire
“As long as we continue to execute and lead differently, we will continue to grow”
Dr Roger G. Johnston’s “Backwards” security maxim states: “Most people will assume everything is secure until provided strong evidence to the contrary.” The observation reflects our collective tendency to ignore potential vulnerabilities in products, services or technologies if acknowledging them interrupts our enjoyment of them or the utility they carry.
Of course, this pathology is rare in security teams, but highly present in users and consumers, who see technology as a means to an end and relish any new tool that promises to shave seconds of their daily routine. The most potent example this side of the millennium was Cambridge Analytica’s covert harvesting of our personalities via innocuous quizzes. But for today’s organisations – right here, right, now – what is the “Backwards” blindspot?
For Otavio Freire, CTO of digital risk protection company SafeGuard Cyber, it’s the broad adoption of collaboration, chat, and social channels such as Microsoft Teams, Slack, WhatsApp, or LinkedIn. Which he says, is creating “an expansive attack surface with huge cyber risks for any enterprise”.
The co-founder of the US-based security company says the risks associated with new digital communication channels – including spear-phishing, ransomware and cyber espionage attacks – are often worryingly overlooked. “These channels operate with a volume and velocity that is rapidly outpacing email. Email security is a $3B industry and has been well-fortified against attack. New digital channels are less fortified.”
The Digital Cyber Kill Chain
Look no further than the extensive 18 month cyber operation, dubbed “Operation Sharpshooter”, carried out by North Korea’s Lazarus Group against 87 companies from 2018-2019. While the full impact of the campaign is unknown, we know its goal was to penetrate allied security defenses and extract intellectual property by targeting some of the world’s leading defense, finance, and energy organisations.
This wasn’t your ordinary state-sponsored attack. Researchers working for cybersecurity firm McAfee tracked the trail of breadcrumbs and ended up somewhere strange but familiar. It turned out the nation-state hacking group began their assault on LinkedIn. They scoped out employees within their targets and pinged them with LinkedIn direct messages and phishing emails disguised as job opportunities. If they got a hook, the hackers then executed a sophisticated and persistent data mining operation. “Social media was the “weakest” link in a chain of vulnerabilities”, SafeGuard Cyber wrote in its online report of the campaign.
This may be a worse case scenario, but the tactics the rogue state employed can be reproduced by hackers of all stripes: scouring social media platforms to identify victims; engaging in social engineering by posing as legitimate professionals and then “spear-phishing” (a highly-targeted form of phishing) targets with a malicious link or file. Once the attacker has compromised the victim, they begin their assault on the enterprise perimeter with an APT (advanced persistent threat) campaign – moving laterally through the network for the long-haul and seizing any opportunities to escalate access.
What makes collaboration, chat and social channels so attractive to cybercriminals and nation-state hackers is the interactions that take place outside the network perimeter, defined as the boundary between the private and locally managed-and-owned side of a network the public-facing network. Freire says this renders them “practically invisible to security teams”. On top of that, all of these channels permit attachments and links, making them ripe for phishing.
The Perfect Storm
It is often said that crises breed innovation, and there’s arguably no better example of this than the swiftness with which hackers have mobilised around the Covid-19 opportunity. Like several other leading figures in the security industry, Freire describes the present conditions as a perfect storm for cybercrime – constituting “the rapid shift to remote work environments and rapid adoption of digital channels to enable business continuity”, as well as the “alacrity with which bad actors have shifted tactics to attack these channels.”
“We’ve seen Zoom invites that deliver fake Office 365 login pages. With those credentials, bad actors could impersonate employees inside a Teams environment and deliver malicious payloads disguised as a coworker. We’ve also seen an uptick in impersonation of executives, government and private enterprise, in order to phish employees.”
Covid-19 is the ultimate test of SafeGuard Cyber’s security platform, which Freire explains was purpose-built to bring channels like WhatsApp and WeChat “out of the shadows and into the enterprise framework at scale”. By necessity, some of the world’s biggest companies have rolled out digital communication services globally overnight, companies now turning to SafeGuard to retrospectively implement the needed protections.
When stay-at-home measures swept the world, one of SafeGuard’s Fortune 100 client’s Slack communications doubled in volume to 120,000 messages per day. With SafeGuard’s platform, that client can now bring real-time monitoring to this new domain. SafeGuard has been steadily gaining traction since Freire and his partner, Jim Zuffoletti, founded the company in 2014 (most recently securing $11m in Series B funding in 2018). In all likelihood, 2020 will be its standout year.
“We have never been this busy. In these circumstances, we consider ourselves fortunate, and we’re grateful for the opportunity to help our customers, old and new, through this digital transition.” Thanks to their cloud-native infrastructure, the company has been able to scale quickly to meet demand, and it has even managed to roll out additional security features for large enterprise deployments of Microsoft Teams and Slack.
Freire says technology leaders are increasingly acknowledging that cyber and compliance protection is just as critical to business continuity as a high-performing tech stack: “We had already realised that once you reliably secure third-party cloud channels against cyber and compliance risks, you can operate more smoothly,” he says.
Companies are not only adopting digital channels to temporarily support core business functions but are seizing the opportunity to expedite mulled digital transformation plans. One of SafeGuard’s clients has migrated all of its customer service and eCommerce functions to WhatsApp. Following positive customer response, the client is sticking with the channel when normal service resumes. “We have seen novel uses and unexpected impacts to our customers’ business in super positive ways,” says Freire.
Although the company has undoubtedly benefited from new business in recent weeks, Freire is keeping his feet on the ground. He warns the consequences of Covid-19 will persist long after the immediate threat has passed, and fears escalation in nation-state cyber attacks and rising cyber crime as unemployment grows. His number one focus remains on how his company can offer value to companies and governments facing these evolving challenges.
“Technologies may change, but the need for security and compliance protection for communications will always be there. The longer trend is how we continue to think about where technology is heading and how we will protect it. We need to continue to think and act differently than the others, engage deeply with our customers to solve their problems, innovate, and understand disruptions in the marketplace. As long as we continue to execute and lead differently, we will continue to grow.”