Everbridge CISO Jeremy Capell
How CISOs Can Guard Against Evolving Physical and Digital Corporate Security Threats
A rise in both physical and digital security threats is placing greater pressure on CISOs and other security professionals to prepare for and mitigate evolving security threats of all kinds. To protect organizations and their people, security teams need to be able to visualize threats, respond quickly and communicate effectively.
According to a recent study, 84% of security leaders believe their company would be better able to prevent crises if all members of their physical security team could view threat data in a single solution.
To discuss these trends, we caught up with award-winning Everbridge CISO Jeremy Capell to discuss emerging physical and digital security trends, how security professionals can best guard against them and foster more organizational resilience.
Why are you passionate about corporate security?
Jeremy Capell: I am particularly passionate about corporate security because my original career started in this space, and we’re fundamentally moving in a direction where it’s no longer going to be about “How do you protect that system or that business?” It’s really shifting more into “how do we protect the individuals, the people, our society, communities, as well as our nation states?”
We are shifting security from just protecting traditional IT systems into more critical infrastructure, Internet of Things (IoT), becoming way more incorporated in our communities. And fundamentally, it’s almost bringing security back into that fundamental concept of resilience.
In your view, how is the role of the CISO changing?
Jeremy Capell: We’re shifting into a digital decade. We’ve seen the beginnings of this, but really if you start to think about it, we’re now having eCommerce, eGovernment, and even eIdentity. Social media is ever-present. So, the role of the CISO needs to keep pace with these trends.
The other aspect includes traditional physical environments, like critical infrastructure facilities for companies and manufacturing. They used to be isolated and fundamentally are shifting now to a digital era where they’re accessible from anywhere on the globe through the Internet. And that obviously brings a whole rise of new threats and new opportunities for attackers to take advantage of, and conversely for CISOs to address.
What physical and digital security trends are you seeing?
Jeremy Capell: Looking at the trends associated with both physical and digital, what’s become extremely evident is the convergence of physical and digital. If we take look at attackers, they’re utilizing digital access to gain physical access, or they’re using physical access to gain digital access. We’re seeing it on a much larger scale right now.
If we look at the Ukraine crisis as an example where there’s a hybrid attack coming. On a digital front, we’ve seen a significant increase in DDoS attacks, which are Distributed Denial of Service attacks on critical infrastructure, to disrupt operations and make a land invasion far easier. We also saw the holdback of a vulnerability, which was utilized in the Hermetic Wiper virus, fundamentally similar to a Ransomware, except it doesn’t go in any crypto data, it just completely deletes it to create disruption to server. Lastly, we’ve seen on the digital front a significant amount of misinformation being propagated through social media and just through communities as well.
If you’re having a coordinated attack, you need a coordinated response to be able to defend against that, or you create a realm of chaos. The lack of communication allows the attacker then to be at an advantage as opposed to a joint prepared and trained response that can defend against that and be resilient against an attack.
What other security trends are you seeing?
Jeremy Capell: I think one of the largest increases that we’ve seen is an evolution of phishing attacks and an evolution of whaling attacks. What I mean by that is traditional phishing attacks we’re all used to were standard phrases that were distributed to the masses by email in the hopes that some people would click on them. And certainly, people did click on them.
What’s shifting now is the inclusion of artificial intelligence (AI), because this is becoming a real industry. As for artificial intelligence, it basically goes and scrapes across the Internet any intel it can get on an individual, so personalized information about where you work and who you work for, rental properties you have, what you’re doing on social media and so on, and it aggregates this information. It defines messages so it can automatically generate targeted messages to individuals at scale. So, what we’re seeing is way more targeted attacks on individuals that are way more personalized, but still done without the need for individuals having to go through that as an attack service and just mass producing through artificial intelligence.
How can security professionals take a more holistic approach to these kinds of threats, whether physical or digital?
Jeremy Capell: Taking a holistic approach to security is extremely important. When we look at it, I like to talk about in terms of an ecosystem. When forming an ecosystem, you really must have two points of trust. First, the messaging needs to be secure. And again, the individual needs to trust in the messaging from the solutions through to them is secure, not interrupted and leading them somewhere that they shouldn’t be going. You need to ensure that you build that trust through practice. Those individuals need to know that these solutions work and that they have been practiced. Second, you have the coordinator, the person who is the CISO, who is coordinating and responding. They too, need to feel that trust in the solutions that they have.
It is no longer good enough to have a solution purely for the purpose of passing an audit, because they provide some level of notification or communication. You need that ecosystem, which includes the ability to have assets on the ground, or even fly in airplanes or buses and extract individuals. And they need those capabilities and situational awareness on the ground itself.
What can security professionals, including CISOs, do now to better prepare for future security threats and build that enterprise resilience they need to thrive?
Jeremy Capell: Security practitioners right now can really start to build a more resilient practice by converging a lot of those practices, whether they’re physical or digital. This is where a CISO can work hand in hand with other security professionals to implement augmented responsibilities as opposed to operating in complete silos. What we don’t want is a circumstance where the lack of, let’s say badge entry to a facility, allows an attacker to drop a USB, which then grants digital access. Nor do we want the solution that’s used to provide entry into a compromised building so that individuals can digitally rebuild badge tags and gain their own access into physical environments that they’re not authorized to access.
Really, it’s that convergence and collaboration, bringing those two entities and responsibilities fundamentally closer together, that helps to bring resilience to that organization. Resilience is not only the ability to respond. It’s also the ability to recover quickly — the ability to advance and become better so that you can respond to hybrid attacks coming on a continuous basis as they evolve.
What advice do you have for other CISOs as they look to the future of security?
Jeremy Capell: I think advice for CISOs around the world is really to understand that the role of the CISO is shifting from protecting a particular solution within a business, or a product within a business, to contributing to the protection of societies, communities, and nations. It is important for us as the public and private sector to both contribute to the defense of this nation and globally to the nations across the world. Protection is important and it comes from CISOs collaborating with other security professionals and finding that equilibrium between digital and physical and how we’re going to work together to respond in unison.
How can Everbridge help enterprises address some of these challenges you’ve mentioned and build resilience?
Jeremy Capell: Everbridge has the ability to fundamentally shift and help enterprises, communities, nations, when they’re dealing with critical events of all kinds. The ability to provide resilience by responding to, and recovering from disruptions, no matter what they are. Firstly, and most fundamental is having risk and intelligence information. You want the ability to have aggregated information and intelligence you can trust, so that when you’re making decisions, you make the right decisions. Everbridge does a great job of pulling in multiple different sources from all over the globe in terms of aggregating intelligence and providing that concept.
Everbridge also ensures the communications from the coordinator to the recipients, and in reverse, are very secure, and that there is no interruption in that process. I would say another aspect on top of that is then coordinating with the physical response: the ability to utilize resources on the ground. Everbridge helps its customers secure assets, arrange evacuation routes, and ensure that we get people on the ground with situational awareness to be able to adjust to changing circumstances. The ecosystem we offer is especially important in these circumstances. A unified ecosystem like the Everbridge platform gives enterprises the confidence they need to respond to critical events.