Here is the Ted Ross Interview with SecureBlitz. SpyCloud is a top-notch cybersecurity company that deals with account takeover (ATO) prevention. They prevent all ranges of data breaches and account takeovers directly or through product integrations.
With their award-winning solutions, businesses and employees can proactively prevent Business email compromise (BEC) and phishing attempts by cybercriminals. Also, SpyCloud’s fraud investigation team can hunt down any cyber-fraud incidents.
In this exclusive interview, we sat down with Ted Ross, CEO and Co-Founder of SpyCloud, to learn more about the company, its cybersecurity solutions, and the future of the cybersecurity industry.
Table of Contents
Question: SpyCloud has provided innovative cybersecurity solutions to well-known B2B and consumers. Can you tell us your success story?
Ted Ross: In a world where breaches are almost inevitable, we saw a need to help companies outpace cybercriminals. Using human intelligence that goes deeper than the typical dark web scanning service, we can recover breach data within days of a breach occurring and are often the first to disclose to the victim organization that they have been breached.
In parallel, we cleanse the breached data, add context, and decrypt passwords to determine when our customers’ information was contained in the breach. We then get the exposed data into our customers’ hands so they can reset exposed passwords before criminals can exploit them. It’s an arms race.
We aim to destroy the criminal’s ability to profit from any data they steal. Changing an exposed password before a criminal can use it is key. Early data recovery plus automated remediation sets us apart for enterprises that must protect employees and consumers from account takeover and the associated loss of time, money, and reputation.
Question: Can you tell us about the challenges of protecting sensitive information at all levels?
Ted Ross: This is a broad topic that can go in many directions. So, let’s think about it from an enterprise perspective: whether you’re a CISO or an individual, there’s a huge level of personal responsibility involved — one that is very difficult to breed in employees whose credentials can unlock customer data, financials, IP, and more.
Enterprises do their best to secure areas that employees could expose, but they also realize that the larger the company, the more challenging this becomes. When it comes to security, people are the weakest link. If it’s difficult to solve this issue at an employee level, it’s even worse when it comes to trusting third-party partners and vendors in an enterprise supply chain.
Some have access to your payroll and financial data, employee PII, and other sensitive information, and their exposure can open the door to your network. As security practitioners, we not only mandate strong password hygiene for employees (and many businesses and consumers, too) but now have to address the risk associated with third parties (not to mention 4th and 5th parties).
Third-party risk has become a board-level issue (along with identity), and ensuring remediation of third-party breach exposure is now a growing responsibility among vendor risk and M&A teams.
Question: Would you say governments are involved in security breaches? And how can government interference be curbed?
Ted Ross: Since we are focused on the cybercrime domain, we hand that over to the authorities when we run into an activity that may be nation-state-related. That said, a customer constantly deals with targeted account takeover attacks from Iran.
The sophistication of these attacks indicates that they are well-funded, and our customer strongly believes that the attackers are sponsored. Nation-states using account takeover techniques should not come as a surprise to anyone. All attackers (sophisticated or nation-state sponsored) will use this attack vector because it is successful. Then, once they are in the organization, they will move laterally to seek out high-valued assets and intellectual property.
Attackers are human – even nation-state-sponsored attackers. They will take the path of least resistance. Account takeovers are now a part of that easy attack path. Targeted account takeover prevention will slow them down and stop them from taking advantage of this path of least resistance in the same way it prevents criminals.
Question: What do your Clients have to worry about?
Ted Ross: In addition to what we view as the set of challenges to protecting sensitive information at all levels (as discussed with your second question), many businesses think they are preventing account takeover by deploying bot detection/firewall technology. The truth is that protection from cybercriminal attacks requires more.
It would be best to have a “targeted” account takeover prevention solution everywhere you have a bot firewall. We’re seeing security teams underestimate the damage caused by manual, targeted attacks performed by sophisticated cybercriminals (as opposed to brute-force credential stuffing attacks performed by bots).
Customers on our Advisory Board recently told us that targeted attacks (which do not emanate from a bot) account for 80% of their overall loss. While untargeted, credential stuffing attacks account for the other 20% of the loss.
Early prevention solutions that detect exposures that do not come through bots can only stop targeted attacks. For that, you need access to the most current breach data possible. Choose an ATO prevention partner who can detect potential compromises early and automate the remediation (password reset) process.
Question: From your Client’s feedback, do they experience more internal or external security breaches?
Ted Ross: Internal breaches are rarer, and bad actors inside an organization often leave a more obvious trail of evidence than external attackers. After all, they’re exploiting their privileged access, which makes it more likely that there’s a record of their access to follow during a breach investigation.
Question: What are the challenges facing the market? What are your strong points against your competitors in solving the marketplace challenges?
Ted Ross: One of the biggest challenges for businesses of all types is staying ahead of threat actors. This was one of the reasons we created SpyCloud – to outpace the criminals. We need relevant, high-valued assets circulated in the criminal underground as early as the attack lifecycle to pull this off.
Many of our competitors focus on data later in the attack lifecycle on the visible “deep and dark web,” which often means sophisticated threat actors have already had a chance to monetize that data.
At SpyCloud, we collect data directly from the first team of criminals who have access to it. We’re plugged into the criminal underground – where breach data is shared first, but only among actors that are “trusted”.
Pulling data this early in the timeline enables our customers to take action – reset exposed passwords – before criminals exploit the data. Invalidating breached data is the only way to win.
Question: How would you rate the success of HUMINT in combating social engineering threats? In what other areas will your HUMINT technology come into play?
Ted Ross: Every online user needs to adopt the zero-trust model. This is the best way to combat social engineering. Don’t click on a link, don’t open an attachment in an email, or trust anything you receive over email, SMS, etc.… Our HUMINT team is constantly interacting with criminals who focus on social engineering – which goes well beyond account takeover.
SpyCloud comes into play around employee accounts. Under the zero trust model, you should not trust that someone logging into your network is an employee – unless you validate accounts with SpyCloud first. Without checking for account exposures, a criminal could act like an employee, sending emails from the employee’s mailbox and furthering their abilities to social engineer victims, which may be your executives, customers, or supply chain vendors.
Question: How can everyday users benefit from Human Intelligence (HUMINT) in protecting their privacy?
Ted Ross: HUMINT cannot be done without much training and experience. It’s an advanced tradecraft that professionals must perform – or it could quickly lead to dangerous outcomes.
Let SpyCloud do the HUMINT heavy lifting so you don’t put yourself or your resources at risk. We will find exposures at a massive scale before they can become a problem for the everyday user. We empower our customers and individuals using our free monitoring service to be diligent about changing their passwords when their information is exposed to a breach.
Our service offers enough information so that users can understand the level of risk they face. Resetting complex, unique, unexposed passwords and using two-factor authentication wherever possible are the best ways to protect individuals from account takeover and resultant breaches.
Question: What is the future of SpyCloud?
Ted Ross: Today, we focus on eliminating account takeovers and preventing criminals from profiting from breached data. Over the next few months, our customers will benefit from new software that will allow them to automate the prevention aspects further.
We would love to share this as we are proud of our roadmap, but we are keeping the details close to our chest for now. We hope to leapfrog certain types of cyber criminals, so we must be careful not to tip our hand beforehand.
Thank you for your time.
Check your exposure at SpyCloud.
Note: This was initially published in November 2019 but has been updated for freshness and accuracy.
INTERESTING POSTS
- Scattered Canary: How A Nigerian Fraud Ring Hijacked Washington Unemployment System
- Social Media Takeover: What It Is And How To Use It Correctly
- The Increasing Importance Of Cybersecurity In 2024
- Top Countries Notable for Cyber Criminals
- Can VPNs Help Prevent Cyberattacks? [We Have The Answer]
- Cyber Security Assessment [Step By Step GUIDE]
