All posts by Andrew Hay, Co-Founder and CTO

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

LEO Cyber Security Featured on the Momentum Cyber CYBERscape

LEO Cyber Security is pleased to be featured in version 2.5 of Momentum Cyber’s CYBERscape matrix within the Security Consulting category. LEO’s inclusion alongside well established cyber security consulting vendors such as IBM, Booze Allen Hamilton, Deloitte, KPMG, EY, and PWC, among others, validates our overall strategy of using creative solutions to help our customers build and manage security programs.

“We are excited to be included, for the first time, amongst some of the largest cyber vendors in the world,” said LEO CEO and Founder David Deering. “2 years ago we founded LEO and are now competing against much larger, more mature business with stronger brand recognition. This is a testament to our unique approach.”

The highly referenced cybersecurity landscape taxonomy is part of Momentum’s Cybersecurity Snapshot, which highlights M&A activity, Venture Capital, Initial Public Offerings, public market valuations, and sector trends in the dynamic Cybersecurity industry.

About Momentum Cyber

Momentum Cyber is the premier trusted advisor to the cybersecurity industry providing bespoke high-impact advice combined with tailored, senior-level access. The firm was founded by world-class operators and advisors and caters to the unique needs of both earlier stage Founders, CEOs, & Boards as well as the complexity of later stage & public companies throughout their lifecycle – Incubation to Exit. Headquartered in San Francisco with operations globally, the founding team has closed over 200 transactions totaling over $200 billion in value. Momentum Cybersecurity Group, LLC conducts its M&A advisory services as an M&A Broker as defined by the SEC.

About LEO Cyber Security

LEO is a cyber security advisory and operations concern comprised of some of the world’s most knowledgeable cyber experts. Its name is a derivation of the Renaissance visionary, Leonardo da Vinci, who refused to accept the status quo. LEO provides both advisory and operational assistance to our customers. With deep cyber skills, LEO is poised to help clients build effective and cost-efficient cyber programs.

For more information, visit leocybersecurity.com, contact us, or follow LEO on Twitter @LEOCyberSec.


Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

SMBs face costs of up to $2.5 million after a data breach

According to a security report released by Cisco yesterday, SMBs can face costs of up to $2.5 million after experiencing a data breach. That might not sound like a lot of money to a large Fortune 500 company but for a mid-market company, it could be devastating. The study also shows that 53 percent of midmarket companies (n=1816) have experienced a data breach – a significant sample size of companies with 1-499 employees.

Executives responsible and accountable for security at midmarket businesses. (Click to enlarge).

What’s more interesting, however, are the sections of the report detailing how organizations are addressing the cyber security problems they are faced with. For example, the study shows that 92 percent of midmarket businesses have an executive responsible or accountable for security. Of these executives, the Chief Information Security Officer, Chief Security Officer, and Chief Executive Officer are anointed as the security champion comprising 42%, 24%, and 10%, respectively.

Midmarket has something in common with larger counterparts: a shortage of IT staff hindering the ability to shore up defenses. According to the Cisco report:

There simply aren’t enough people in-house to manage tools that could improve security, according to Cisco’s research. For that reason, many small/midmarket businesses look to outsourced assistance to gather the talent they need to increase their knowledge of threats, save money, and respond to breaches more quickly.

Midmarket businesses use outsourced help to overcome the lack of internal resources. (Click to enlarge).

The study cites “the desire for unbiased insight was the most common reason” given by midmarket businesses for outsourcing their security tasks, followed by cost-effectiveness, and the need to respond to security incidents promptly.

In fact, the study found that roughly 46 percent of alerts are not investigated and, of those that are, only 37 percent are legitimate threats.

This is one of the main reasons we founded LEO Cyber Security and built the LEO Security Operations Stack – a SecOps platform enabling visibility to networks along with compromise prevention, detection, and response capabilities for hosts, networks, and cloud.

Midmarket businesses outsource advice and consulting as well as incident response. (Click to enlarge).

Looking back at the Cisco report, respondents state that they continue to rely on partners to deliver Outsourced advice and consulting services (57 percent), Incident response (54 percent), and Security monitoring (51 percent).

Outsourcing cyber security help is a good way for businesses to make the most of limited resources but responsible surfacing of threats, monitoring the efficacy of the security program, and providing cyber advisory services is just as important (if not more important) than pushing alerts to a third-party provider to watch on your behalf.

This is why LEO Cyber Security provides world-class CISOs and other cyber experts to supplement your company’s security department on a fractional, virtual, or “as-needed” basis. With our focus on the midmarket space, we understand the challenges your organization faces and can bring to bear the top minds in the cyber security industry to help address them.

We encourage you to read the full Cisco report and reach out to us should you have any questions about implementing any of the recommendations detailed therein.

 

 

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Infosecurity Magazine Online Summit – North America

Join LEO Cyber Security’s CTO Andrew Hay on Wednesday, September 12th, 2018 at 12:00 PM EDT (17:00:00 UTC) for an exciting free Infosecurity Magazine Online Summit session entitled A Breach Too Far: Why Data Breaches are Getting Worse.

Overview

Despite increased information security budgets, better awareness and improved Board buy-in, data breaches continue to hit headlines thick and fast and what’s more, the severity of the breaches continue to escalate. This panel questions why data breaches are getting worse and what measures can be put in place to stop your organization from becoming tomorrow’s headline.

Register to attend the webinar here: https://www.infosecurity-magazine.com/online-summits/infosecurity-online-summit-na-2018/.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Insurance Occurrence Assurance?

You may have seen our friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses.

From the article:

In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. The first was a “computer and electronic crime” (C&E) rider that had a single loss limit liability of $8 million, with a $125,000 deductible.

The second was a “debit card rider” which provided coverage for losses which result directly from the use of lost, stolen or altered debit cards or counterfeit cards. That policy has a single loss limit of liability of $50,000, with a $25,000 deductible and an aggregate limit of $250,000.

According to the lawsuit, in June 2018 Everest determined both the 2016 and 2017 breaches were covered exclusively by the debit card rider, and not the $8 million C&E rider. The insurance company said the bank could not recover lost funds under the C&E rider because of two “exclusions” in that rider which spell out circumstances under which the insurer will not provide reimbursement.

Cyber security insurance is still in its infancy and issues with claims that could potentially span multiple policies and riders will continue to happen – think of the stories of health insurance claims being denied for pre-existing conditions and other loopholes. This, unfortunately, is the nature of insurance. Legal precedent, litigation, and insurance claim issues aside, your organization needs to understand that cyber security insurance is but one tool to reduce the financial impact on your organization when faced with a breach.

Cyber security insurance cannot and should not, however, be viewed as your primary means of defending against an attack.

The best way to maintain a defensible security posture is to have an information security program that is current, robust, and measurable. An effective information security program will provide far more protection for the operational state of your organization than cyber security insurance alone. To put it another way, insurance is a reactive measure whereas an effective security program is a proactive measure.

If you were in a fight, would you want to wait and see what happens after a punch is thrown to the bridge of your nose? Perhaps you would like to train to dodge or block that punch instead? Something to think about.

Need some help evaluating your information security program’s effectiveness? Reach out to LEO Cyber Security today to chat with one of our expert Chief Information Security Officers (CISOs).

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Free SANS Webinar: I Before R Except After IOC

Join LEO Cyber Security’s CTO Andrew Hay on Wednesday, July 25th, 2018 at 10:30 AM EDT (14:30:00 UTC) for an exciting free SANS Institute Webinar entitled “I” Before “R” Except After IOC. Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.

Overview
Just because the security industry touts indicators of compromise (IOCs) as much needed intelligence in the war on attackers, the fact is that not every IOC is valuable enough to trigger an incident response (IR) activity. All too often our provided indicators contain information of varying quality including expired attribution, dubious origin, and incomplete details. So how many IOCs are needed before you can confidently declare an incident? After this session, the attendee will:

  • Know how to quickly determine the value of an IOC,
  • Understand when more information is needed (and from what source), and
  • Make intelligent decisions on whether or not an incident should be declared.

Register to attend the webinar here: https://www.sans.org/webcasts/108100.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Upcoming LEO Red Team/Blue Team Training in Houston

Join LEO Cyber Security on Wednesday, July 11, 2018 from 8:00 AM to 6:00 PM (CDT) for our highly interactive Red Team/Blue Team Training in Houston, TX, taught by “Hacking Exposed: ICS” author, Clint Bodungen.

What is Red Team/Blue Team Training?

Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise ICS networks and assets, you’re only getting half of the picture. Without that other half, you’re essentially blindly deploying generic security controls and “best practices”. In order to have an efficient and cost-effective risk mitigation strategy, you must understand not only where your vulnerabilities are, but also the tactics that attackers will use to exploit these vulnerabilities. Red Team/Blue Team Training provides the opportunity to learn these adversarial tactics in conjunction with the defensive methods, and then students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers).

Traditionally, Red Team/Blue Team Training has been a significant time commitment, often upwards of five days. Obviously, this can be taxing on those with constrained schedules and budgets. LEO’s Red Team/Blue Team Training uses cutting edge computer gaming technology developed by the authors of “Hacking Exposed: Industrial Control Systems”, to offer all of the best aspects of Red Team/Blue Team Training, but in a fraction of the time and without a technical learning curve. Students of all levels can even play the part of the Red Team, regardless of experience or skill level.

In the end, students will learn that defending their ICS networks and assets is more than simply deploying “best practices” and “layered defense”. By applying the skills they learn against a live opponent who is strategizing against them, they learn how to create targeted defensive strategies and respond and adapt to active attacks.

What You Will Get Out of This Class:

  • Learn and apply practical industrial cyber security concepts in a one-day class
  • Learn vulnerabilities and attack vectors specific to industrial control systems
  • Learn the methods and strategies hackers use to attack industrial control systems as well as traditional IT systems
  • Learn how to deploy efficient and cost-effective mitigation strategies and security controls
  • Learn how to build a complete cyber security program
  • Apply what you’ve learned against a live adversary in a cutting edge, turn-based computer game
  • Learn how to respond to, adapt, and defend against active attacks
  • Participate as the blue team and the red team, regardless of experience or technical skills level
  • Taught by LEO’s industry-leading, world-class experts with years of real-world experience.

Register today!

 

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Upcoming Webinar: Enabling IaaS in your Enterprise

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security

This Thursday, May 24, 2018 at 13:00 EDT, 10:00 PDT I will be presenting on an Infosecurity webinar entitled Enabling IaaS in your Enterprise, and Security and Visibility in Azure and AWS.

Moderated by Dan Raywood, Contributing Editor, Infosecurity Magazine, the webinar will look at this extension of Shadow IT, how to regain control of your environment and how, despite the security within these services, you can gain visibility.

My co-presenters on the webinar will be James Bone, Lecturer in Discipline-ERM, Columbia University’s School of Professional Studies and Arun Goel, Director of Product Management CASB, Oracle.

Please register here to attend.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Just How Prolific is Ransomware?

Our friends over at Bromium recently published a study entitled “into the web of profit” that focussed on revenue flow and profit distribution as it pertains to ransomware. The annual revenue from the ransomware supply chain – $1.5 trillion (no, this isn’t a typo).

The amount of money involved is staggering when you consider that the average ransomware demand-per-incident is roughly $2,500 but can go as high as $50,000 (or higher) depending on the affected organization and its perceived worth to the attacker. According to Bromium $1 billion was obtained from ransomware, $160 billion was made from data trading, $500 billion from trade secrets, $860 billion from illegal goods and services online, and $1.6 billion on crime-ware.

If you’ve been putting off updating your information security program documentation to include ransomware mitigation and response procedures it may be time to block off some calendar spots in your day to make it happen. If you’re unsure as to how you should update your program to incorporate ransomware risk tolerances, mitigation, and response activities, please reach out to LEO Cyber Security today and speak with one of our experienced CISOs.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Andrew Hay Interviewed on RSAC TV

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security

I had the pleasure of being interviewed by Eleanor Dallaway, Editor & Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference.

In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Opportunities to Meet LEO Cyber Security Experts

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security

 

Having spoken, keynoted, and served on panels at conferences around the globe, LEO Cyber Security experts are often asked to speak on the information security topics affecting a wide range of industries. Not only do we speak at a lot of conferences, we also like having conversations with like-minded individuals and those looking to solve the complex problems facing their respective organizations.

For an upcoming list of events where you can see LEO Cyber Security presentations and meet with the speakers, please bookmark our Opportunities to Meet LEO’s Experts page.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.