I have been actively counseling CEOs on how best to secure business continuity during this unique time, and wanted to make those recommendations available to everyone. Below, read a question and answer session with me on securing business continuity.
Cybereason today represents the cutting edge of how to design and protect a remote company. The remote aspect of a business is not so different from the zero trust concept, and that is the model we have used from the very beginning. We designed the system such that, even if someone is able to hack into one machine, they cannot leverage other machines. Switching from remote work, for us, was the same as working from the office.
For us, our ability to monitor every device, laptops and phones, all from remote, is very important. Having the ability to control the cloud and the environment we have from remote is something we are doing on a daily basis.
I’m going to answer this by looking at the non-obvious things teams can do to thrive when remote. The non-obvious best practice is communication.
When everyone is working in the same office, you feel like you can talk to them and have a short conversation in the halls. A lot of communication between humans is nonverbal. And remotely, it’s much more difficult to pick up on those cues, if they are even present at all. Now, we have to over communicate. Assume nothing, ask everything. This has been one of my top priorities.
I’m speaking to the senior management team every single day. And I”ve told each of them to speak to their team every single day too -- all the way down the management chain. WE are holding all-hands meetings for every employee across the globe every week.
To maintain a continuum of communication in multiple levels across the whole company, you have to over communicate. It’s a must.
Many people have talked for the past year about the expanding IT perimeter. With this situation, the perimeter has suddenly disappeared. If you don’t have an endpoint security solution right now, you are in trouble. It’s critical to be able to monitor every asset you have regardless of where they are. It’s not just the ability to monitor and detect threats, it's about stopping them too.
Prevent as much as possible, analyze, collect data, and be able to perform remote incident response. That’s what’s needed.
There are two aspects. The first one is our people. I want our entire team to be safe. That’s the first thing we took care of when this all happened. As a tech startup in the field of cybersecurity, the employees we have are the brains of our organization. They are the ones that actually serve our customer, develop our platform.
The second one is not so much the macro economy, though I am worried about it, but the micro economy of cyber. As a CEO, I am concerned, but I also see it as an opportunity to serve our customers better. In some countries, we were even defined as a critical company to continue work, just like banks and grocery stores. The reason is simple: the government and organizations understand that protecting companies from cyber threats is critical.
For more insights from Lior and other industry-leading CEOs, watch the on-demand recording of our recent virtual panel, "Security Leaders Answer Questions on Shifting to Remote Work."
Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.
All Posts by Lior Div
Your organization was hit by ransomware, and it is now time to negotiate the terms of a deal that will bring back your data and (hopefully) won’t leave the company’s coffers empty. But are you sure you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good? Check it out...
We’ve all experienced the creepiness of modern data trafficking, but that kind of daily annoyance is the surface of a much bigger issue: Big Tech companies such as Amazon & Microsoft are lobbying policymakers to veto laws that harm their business, and often hide their lobbying behind industry coalitions or organizations with names that are vague and seemingly harmless. Will current and future privacy laws actually protect your information, or will they protect the companies collecting your information? – check it out...
