SpyCloud is a top-notch Cybersecurity company when it comes to account takeover (ATO) prevention. They prevent all ranges of data breaches and account takeovers either directly or through product integrations.
With their award-winning solutions, businesses and employees alike can proactively prevent Business email compromise (BEC) as well as phishing attempts by cybercriminals. Also, SpyCloud’s fraud investigation team can hunt down any cyber-fraud incidents.
Question: SpyCloud has provided innovative cybersecurity solutions to well-know B2B and consumers. Can you tell us your success story?
Answer: In a world where breaches are almost inevitable, we saw a need to help companies outpace cybercriminals. Using human intelligence that goes deeper than the typical dark web scanning service, we are able to recover breach data within days of a breach occurring and are often the first to disclose to the victim organization that they have been breached. In parallel, we cleanse the breached data, add context and decrypt passwords so we can determine when our customers’ information was contained in the breach. We then get the exposed data into our customers’ hands so they can reset exposed passwords before they can be exploited by criminals. It’s an arms race.
Our goal is to destroy the criminal’s ability to profit from any data they are stealing. Changing an exposed password before a criminal can make use of it is key. Early data recovery plus automated remediation sets us apart for enterprises that need to protect their employees and consumers from account takeover and the associated loss of time, money and reputation.
Question: In your opinion, can you tell about the challenges of protecting sensitive information at all levels?
Answer: This is a broad topic which can go in many directions. So, let’s think about it from an enterprise perspective: whether you’re a CISO or an individual, there’s a huge level of personal responsibility involved — one that is very difficult to breed in employees whose credentials can unlock customer data, financials, IP and more. Enterprises do their best to secure areas that could be exposed by employees, but also realize that the larger the company, the more challenging this becomes. When it comes to security, people are the weakest link. If it’s difficult to solve this issue at an employee level, it’s even worse when it comes to being able to trust third-party partners and vendors in an enterprise supply chain.
Some have access to your payroll and financial data, employee PII and other sensitive information, and their exposures can be an open door to your network. As security practitioners, we not only mandate strong password hygiene for employees (and for many businesses, and consumers too), but now have to address the risk associated with third parties (not to mention 4th and 5th parties). Third-party risk has become a board-level issue (along with identity) and ensuring remediation of third-party breach exposure is now a growing responsibility among vendor risk and M&A teams.
Question: Would you say governments are involved in security breaches? And how can government interference be curbed?
Answer: Since we are focused on the cybercrime domain, when we run into activity that may be nation-state related, we hand that over to the authorities. With that being said, we have a customer that is constantly dealing with targeted account takeover attacks originating from Iran. The level of sophistication associated with these attacks does indicate that they are well funded, and our customer strongly believes that the attackers are sponsored. Nation-states using account takeover techniques should not come as a surprise to anyone. All attackers (sophisticated or even nation-state sponsored) will make use of this attack vector because it is so successful. Then, once they are in the organization, they will move laterally to seek out high valued assets and intellectual property.
Attackers are human – even nation-state sponsored attackers. They will take the path of least resistance. Account takeovers are now a part of that easy attack path. Targeted account takeover prevention will absolutely slow them down and stop them from taking advantage of this particular path of least resistance in the same way it prevents criminals.
Question: What do your Clients have to worry about?
Answer: In addition to what we view as the set of challenges to protecting sensitive information at all levels (as we discussed with your second question), we see many businesses thinking they are preventing account takeover by deploying bot detection/firewall technology. The truth is, protection from cybercriminal attacks requires more. Everywhere you have a bot firewall, you also need a “targeted” account takeover prevention solution. We’re seeing security teams underestimate the damage caused by manual, targeted attacks performed by sophisticated cybercriminals (as opposed to brute-force credential stuffing attacks performed by bots).
Customers on our Advisory Board recently told us that targeted attacks (which do not emanate from a bot) account for 80% of their overall loss. While untargeted, credential stuffing type attacks account for the other 20% of loss. Targeted attacks can only be stopped by early prevention solutions that can detect exposures that do not come through bots. For that, you need access to the most current breach data possible. Choose an ATO prevention partner who can detect potential compromises early and automate the remediation (password reset) process.
Question: From your Client’s feedback, do they experience more internal or external security breaches?
Answer: Internal breaches are definitely rarer, and bad actors inside an organization often leave a more obvious trail of evidence than external attackers. After all, they’re exploiting their privileged access, which makes it more likely that there’s a record of their access to follow during a breach investigation.
Question: What are the challenges facing the market? What are your strong points against your competitors in solving the marketplace challenges?
Answer: One of the biggest challenges for businesses of all types is staying ahead of threat actors. This was one of the reasons we created SpyCloud – to outpace the criminals. To pull this off, we need relevant, high valued assets that are being circulated in the criminal underground as early in the attack lifecycle as possible. Many of our competitors focus on data later in the attack lifecycle that’s on the visible “deep and dark web”, which often means sophisticated threat actors have already had a chance to monetize that data.
At SpyCloud, we collect data directly from the first team of criminals with access to it. We’re plugged into the criminal underground – where breach data is shared first, but only among actors that are “trusted”. Pulling data this early in the timeline enables our customers to take action – reset exposed passwords – before the data is exploited by criminals. Invalidating breached data is really the only way to win.
Question: How would you rate the success of HUMINT in combating social engineering threats? In what other areas will your HUMINT technology come to play?
Answer: Every online user needs to adopt the zero trust model. This is the best way to combat social engineering. Don’t click on a link, don’t open an attachment in email, don’t trust anything that you receive over email, SMS, etc… Our HUMINT team is constantly interacting with criminals that focus on social engineering – which goes well beyond account takeover. Where SpyCloud comes into play is around employee accounts. Under the zero trust model, you should not trust that someone logging into your network is actually an employee – unless you validate accounts with SpyCloud first. Without checking for account exposures, a criminal could be acting like an employee, sending email from the employee’s mailbox and furthering their abilities to social engineer victims, which may be your executives, customers or supply chain vendors.
Question: How can the everyday user derive the most out of Human Intelligence (HUMINT) in protecting their privacy?
Answer: HUMINT is not something that can be done without a lot of training and experience. It’s an advanced tradecraft that must be performed by professionals – or it could quickly lead to dangerous outcomes. Let SpyCloud do the HUMINT heavy lifting so you don’t put yourself or your resources at risk. We will find exposures at massive scale before they can become a problem for the everyday user. We empower our customers and individuals using our free monitoring service to be diligent about changing their passwords when their information is exposed in a breach.
Our service offers enough information so that users can understand the level of risk they face. Resetting to complex, unique, unexposed passwords and using two-factor authentication wherever possible are the best ways individuals can protect themselves from account takeover and resultant breaches.
Question: What is the future of SpyCloud?
Answer: Today our focus is to eliminate account takeovers and prevent criminals from profiting on breached data. Over the next few months, our customers will benefit from new software that will allow them to further automate the prevention aspects. We would love to share the details of this as we are proud of our roadmap, but we are keeping the details close to our chest for now. We hope to leapfrog certain types of cybercriminals, so we must be careful to not tip our hand ahead of time.
Thank you for your time.