Hi, and welcome to this podcast. I'm Steve Kovsky, Editorial Director, and I'm very pleased to be sitting down with Shishir Singh, who is our new CTO for the cyber division. Shishir, would you talk a little bit about yourself? You're relatively new to BlackBerry, so why are you here? What convinced you that this was the right place to be, and what is your role?
Thank you, Steve. And good morning, everyone. When I looked at BlackBerry, Steve, honestly speaking, I knew that Cylance was the company they acquired, but that was in my memory two years back. And when I started talking to people, I realized that the richness of the portfolio was so good, and I thought that this can really come together to solve customer use cases and the problems which the cybersecurity industry is facing. BlackBerry can bring the portfolio together to solve some of the complex problems we see in the industry.
You come to BlackBerry at an interesting time: We're on the heels of a global pandemic. We now have a major military conflict that has very high potential of impacting the security of organizations, both in the region – that's already occurred – and really throughout the world.
In my 20-plus years of covering technology as an analyst, and now as an embedded content editor for BlackBerry, I've never seen a period where cyber warfare was considered such a clear and present danger to so many organizations in the public and private sectors. I wonder if we could talk about what you see as some of the key implications for BlackBerry cyber security customers and organizations at large?
It's very unfortunate what we are seeing in today's geopolitical situation. I hope everybody's staying safe in this current environment. And if you look at it, in the broader way, cybersecurity is definitely one of the ways countries, companies, and enterprises are going after each other, because this is one of the ways they can get into the digital infrastructure very easily. Now, it's really important to note that along with the companies who are there “in region,” the pandemic has proved the world is small. Everybody's connected to everyone. Everybody is part of the connecting tissue, across the board.
Supply chain attacks were another big example where shortcomings in security impacted almost everybody. Looking at that, and given the cloud transformation we saw in the last couple of years, that has given a humongous opportunity for the bad guys to target anybody's infrastructure, where they can exploit vulnerabilities and get to the digital infrastructure very, very easily.
I would say that it's really important for the large enterprise, as well as for the small enterprise, to be aware of their digital assets – where they are and how to protect them. Also, it is important that we protect our people. People, the users, along with the assets and the applications, are everywhere. People are connecting from any place, any location, to get access to their applications, and that's creating a lot of holes where the hackers can get to you pretty easily.
BlackBerry published a blog recently that was based on an interview with you, talking about what small to midsize businesses should be concerned about right now.
In many cases, SMBs don't realize that they could potentially be targeted by a nation state. They're not as prepared for it as a large organization and they're vulnerable.
The other thing is, they're often connected to large organizations. They may be part of the supply chain of a large organization, perhaps in the critical infrastructure of a company or a nation. And that is a weak link and a potential vector by which an actor could target and try to have impact at even a societal level.
Could you talk about the challenge for SMBs and some of the best practices that they could be using right now to protect themselves?
That's a great question, Steve, especially for SMBs and smaller organizations where they're trying to deal with resource issues, because they may have a really important asset or business to deal with, but they don't have enough resources from the cybersecurity point of view. They may not be in a position where they can go and do incident response, or do a tech health check of their environment or infrastructure to make sure their patches are up to date, so they know exactly what the vulnerabilities are out there in the field.
What makes it more difficult for these SMBs is that they don't have any security operations center (SOC) environment, because they don't understand all the alerts coming from the infrastructure, from all the control points they have. It is important for them to depend on partners, like cybersecurity companies, where they can go and ask for help.
There are a few things they should be really taking care of. One is regularly making sure they have got the current patches applied in their environment. I would also say that there are often some weak links where you put your old machines with the old software, which is not completely up to date, and that becomes a weak link for attackers to get into your environment. This requires continuously monitoring, and making sure you get help from your cybersecurity vendor to do assessments on a regular basis.
There are a few other common practices you can adopt. For example, authentication and authorization are often used interchangeably. So make sure that your authentication is proper, and that you've got the multifactor authentication in place. But also, make sure you are taking care of the authorization part, where the user is actually authorized to access applications based on their roles and responsibilities.
The third thing I would say is that with some of the control points – whether it's on your endpoint device or in the network or in the cloud – there is a very common thing that happens: the configuration “drifts.” Whenever you are developing new software and trying to host it in the cloud, you have to make sure the “configuration drift” is taken care of. You do this by continuously monitoring those things, to make sure vulnerabilities are not exploited by the attackers.
Encryption is another thing that you mentioned, encrypting all your assets. Could you talk about that a little bit?
It's really important to do encryption of your important assets, not just from the compliance standpoint, but from the safety standpoint. We have modern encryption algorithms, whether your data is at rest, in motion or in transit. Make sure that it is all encrypted in a way that attackers have the least access to the assets that they're after.
This is very helpful, Shishir. Any final words of advice to companies that are perhaps fearful they could become a target – or collateral damage – in this conflict?
One of the things I would suggest is Zero Trust network access. Zero Trust is a proactive way of making sure that your infrastructure is designed in a way where it is less exposed to attackers who are out there looking for the weaker links.
Zero Trust network access has multiple parts. One is with your control points, whether it's your endpoints, managed or unmanaged devices, or control points like firewalls or IPSes. All of them are trying to connect to the cloud. ZTNA makes sure that access is completely secure, and also that access to each asset is actually authorized by the IT admins, and that it has the right security postures and policy engines in place.
And the last mile I would say is your SaaS applications, sanctioned applications, or long-tail SaaS applications, or if you are developing new software into the PaaS environment. All of that is going through this zero trust network access, which has the right micro segmentations, app segmentations, geo segmentations, and all of that.
It's really important – even for the SMBs – to make sure that they have the right network or zero trust network infrastructure in place, and that they have the right control points to manage all these things.
That's a fantastic checklist, and a place for people to start. Shishir, I want to thank you so much for joining us and discussing this topic.
Thank you so much for having me, Steve.