5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity

This is an excerpt from the original interview published by Tyler Gallagher on Medium, September 1st, 2021

Can you tell us a bit about how you grew up?

I grew up in Ringsted, Denmark — a rural city 50 km outside of Copenhagen — with my younger brother and we had parents who were both school teachers. This was an age before mobiles and I didn’t have my first until I was 26 and started working at Nokia. I remember that I got a 5110 and a 15 Commodore 64 with a tape station, needless to say, my youth was spent outside and I probably tried any sport that I could get my hands on. Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I am not sure that cybersecurity was an inspiration per se, but I “grew up” in telecoms working with prepaid network systems and later roaming. It was at this point that I became painfully aware of the amount of monetary fraud that was perpetrated against telcos globally.

So my “inspiration” was really finding out that telco fraud or ransomware always just ended up in the pockets of criminals or bad state actors and knowing that the problem was just growing at enormous rates. I ran a personal sanity check on how much money could have been used for “good” purposes and it eventually became a mission and driving force on what I wanted to do in my career. Now, I am happy that Wire is helping governments secure their communication and if we can be known for helping organizations like a hospital lower taxes or funds by saving them from being victims of a ransomware attack — that would be the ultimate inspiration.

Are you working on any exciting new projects now? How do you think that will help people?

I am really excited about the work we are doing in transforming collaboration within governments to be more secure, private, and data sovereign. It is clear that instant communication is here to stay, but so is the threat of hacking, cyber-espionage, etc.

I’m also excited about the fact that this work combines so well with Wire’s mission of delivering federation through Messaging Layer Security (MLS). The notion of different nation states having their own data sovereign instance and connecting that with an international organization or other government organizations would be a fantastic outcome. Rather than having these large valuable databases, we can encrypt them into the smallest payload — making it data sovereign and then connecting backends. I am proud to say that many of our government customers share that vision.

The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

I am super excited about the fact that cybersecurity has now moved up the importance ladder. The World Economic Forum listed cybersecurity in the top 3 issues facing humanity alongside the environment and health crisis and a lot of world leaders have now stepped up to the plate with early plans of getting a new infrastructure in place. I am especially excited about the three different approaches from Biden, Macron, and Merkel that will each have an effect in creating a new cyber-infrastructure. Biden is focusing on zero-trust and immediate action, Macron is investing into programs 5–20 years out on the horizon, and Merkel with a data sovereign approach to combat data hoarding practices from tech giants. These three things are really exciting to see since I absolutely believe that we need new approaches to cybersecurity.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

• Ransomware attacks have continued to be an ever evolving cybersecurity threat, across a variety of industries. This type of cyber attack can have a detrimental impact on ongoing operations, team productivity and ultimately your company’s bottom line, given its ability to encrypt essential information, for a substantial amount of time. Over the past year ransomware attacks have continued to climb in number and severity, with global ransomware recovery costs doubling from an average of $761,106 in 2020 to $1.85 million in 2021. The latest ransomware attacks on the Colonial Pipeline and most recently on Kasaya, have only continued to demonstrate that this problem is not at a risk of slowing down in the near future. It is critical that IT leaders, Chief Security Officers, and managers safeguard their data against ransomware by pursuing a new security-first infrastructure that is composed of Zero Trust elements such as end-to-end encryption, and decentralized data storage and protection.
• Phishing attacks are one of the most common cybersecurity threats that can impact an organization. A series of research reports have shown that 91% of successful cyberattacks start with a phishing email, wherein bad actors often coax users into opening malicious links embedded in the body of the message.If you or someone in your organization comes across a phishing attempt, it is always best to report these to IT teams, or a cybersecurity officer, who can then choose to combat this in two ways:
• Invest in technology that provides a secure environment. While “open” email systems are cheaper and more common, the risk they pose is not worth it — especially if you are a large enterprise or government organization that deals with mission- critical, confidential data everyday. Instead of using email, businesses should use a secure (end-to-end encrypted and invitation-only) platform to communicate and collaborate, particularly when sensitive items are being shared.
• Businesses should implement mandatory cybersecurity training for employees. Even in the best case scenario where a company invests heavily in cybersecurity technology, the whole system can still fall susceptible to human error. This is why it’s crucial to educate employees on how to identify and defend against potential cyber attacks.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

I am not doing operational cybersecurity per se, but I think that what we are doing at Wire is changing the information architecture approach from large databases to smaller encrypted payloads. I think this is the only way we move on from massive breaches and ransom payments, we need new infrastructure.

We all admire Elon Musk for trying to make transportation more environmentally friendly, we need to come together to do the same in the cybersecurity community. We need to find a new sustainable infrastructure that starts to cut the massive growth in cyber crime.

Right now, I feel that the team at Wire is trying to do just that and we are working with amazing companies in IETF to bring about MLS. My main takeaway is that we as a community need to really rethink our core architectures. We need the same impetus and urgency to act now, similar to the actions taken with green energy or the vaccine programs of COVID.

What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why?

1. Adopt a Zero Trust approach

Zero Trust is a dynamic and hyper-vigilant security model that employs continuous monitoring and improvement to systems as a proactive defense against cyberthreats. The zero trust approach operates exactly as it’s name entails, assuming that organizations should not automatically trust anything inside or outside its perimeters. Platforms that run on the zero trust framework assume that all data, devices, apps and users both inside or outside of the corporate network are inherently insecure and, therefore, must be authenticated/verified before being granted access. Adopting a Zero Trust approach, entails leveraging stringent protocols and technologies such as multi-factor authentication, end-to-end encryption, identity access management, orchestration, and other comprehensive system permissions and safeguards. Rather than lowering cybersecurity safeguards within an internal network, Zero Trust ensures that anything inside or outside a corporate network (including data, devices, systems and users) is treated with stringent security measures regardless.

2. Provide company policies around tools

Research has continued to reveal that the majority of successful cyberattacks begin with a phishing email, often arising from “open” email systems, such as Gmail, where messages are able to be sent and received from anyone. This type of open email system provides an environment where those who are not trained on how to identify the warning signs of a scam (or people who are trained but are moving too quickly to pay proper attention) become easy targets for bad actors. As email is a ubiquitous practice in daily business operations, it is essential to establish concrete guidelines around which communication tools are appropriate for sensitive conversations. Conversations that include references to company IP, customer data, or other types of sensitive information should be reserved for trusted security channels, and must be kept off platforms that are susceptible to known security and privacy flaws.

3. Invest in cybersecurity training

Enforcing cybersecurity training is a necessary procedure to help spearhead cybersecurity awareness across one’s organization. It is never best to assume that cybersecurity practices are common knowledge to your employees. According to a survey from software company LoopUp, 70% of business professionals said it was normal to discuss company confidential information on calls, despite the fact that many popular solutions don’t offer end-to-end encryption by default. In a fast paced world where immediacy and ease is highly valued, building a true culture of security means taking the time to thoroughly educate employees on the how and why of cybersecurity. Cybersecurity training should include, but not be limited to, educating employees on the weak points of cybersecurity, alerting them to the critical business and legal risks of a breach, providing teams with the right tools for sharing and discussing confidential information, and training everyone in proper protocol to defend against attacks (and recover in the event of a breach).

4. Update your tech stack

Chief security officers and IT leaders must not overlook the significance of reevaluating their tech stack on an ongoing basis. Ensuring that security technology is up to date on correct security protocols and protections is especially important, in our current era of hybrid work, where remote workers (and therefore your company’s digital assets) are more vulnerable to cybercriminals, while operating outside of traditional perimeter-based security protections. Consider shifting all critical communications — where sensitive data and information is shared — to a secure environment that offers end-to-end encryption and is invitation-only.

5. Prepare your teams for the worst

Even organizations that do their due diligence to educate employees and utilize secure platforms and systems can still fall victim to cyber attacks. Therefore, it’s important to understand how the business will react in the event of an incident, and develop a plan for action. When developing these procedures, some key questions to ask yourself can be: how will business continuity be guaranteed if corporate networks or systems are compromised? What are the roles and responsibilities of key stakeholders in a crisis event? How will secure internal communications function? At the end of the day, effective management and response to a crisis is just as critical as proactive measures and can be a key factor in minimizing damage.

About Rasmus Holst

Rasmus Holst is the chief revenue officer of Wire, an open source, end-to-end encrypted collaboration platform. Throughout his career, Rasmus has delivered growth, exits, restructuring, strategic direction and customer retention across start-ups and established multi-million-dollar businesses. He joins Wire from Huddle, where he served as the company’s Chief Operating Officer. Rasmus has served in senior leadership roles at Syniverse, Oracle, Intec, Digiquant, and Nokia.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes. Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.