Christian Have of Logpoint: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity
Once the attack is stopped, methodology is key. You need to know what’s next and how to stop it from happening again. While yes, you’re losing money every minute these systems are down, don’t be afraid to say, “I will bring them back online once we’ve reached a conclusion, and not a second sooner.” It’s important to act with confidence and to communicate at a level the business understands.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Christian Have.
Christian Have, CTO, brings years of cybersecurity expertise to his product strategy role at LogPoint. He owns the whole product process from vision, strategy, design, development to marketing. He brings to market products that fulfil the needs of today’s businesses. Have also oversees all aspects of the product journey from conceptualization, launch and post-launch performance. Prior to joining the company, he was the head of network security for the Danish National Police. He is also a guest lecturer on cybersecurity at leading Danish universities. He has a Bachelor of IT from the IT University of Copenhagen.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
Thank you for having me! I’m happy to give some background. Growing up, my mother worked as lab technician at a hospital, and my father was an engineer who worked teaching physics — I like to think I picked up on my dad’s ability to explain really complicated things in a way anyone can understand.
I consider both he and my older brother my very first teachers. When they would work on software together, they would let me help, showing me how you can manipulate the software to do something completely different than what it was intended for. This was how I first adopted a hacker mentality — I realized that hackers are simply tinkerers, with a curiosity about how things work, how it was designed, and how it was built. This mindset led me to where I am. In fact, as adults, my brother and I eventually worked together at Logpoint.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
This story didn’t quite inspire me to pursue cybersecurity, but rather confirmed my career decision was the right one. After I graduated college, I worked as a security specialist at a hospital and during that time, they experienced a severe breach. Keep in mind that twenty years ago, these sorts of cybercrimes really weren’t as hyped as they are now, so it just wasn’t something you heard about on the news. The ramifications of this breach could have been devastating — the hospital would have had to transfer patients away if it wasn’t quickly fixed. Handling this case really solidified my view of cybersecurity at an early age, and it highlighted the very real consequences of a breach, what was at stake, and the importance of a strong cyber posture.
Can you share the most interesting story that happened to you since you began this fascinating career?
During my career I had the opportunity to work for the Danish National Police, where we handled regional, local, and national police cybersecurity. In 2009, Denmark hosted the COP 15 conference, which President Barack Obama attended. To bolster security for his and everyone else’s safety, we had a request to support specific technology for his arrival that came directly from the Ministry of Justice.
The Ministry needed to know the cost and how long it would take to make necessary security updates. During this instance, I truly saw cybersecurity in a business context. In these situations, people don’t really care about the details, they care about getting it done. They trust your judgment — the recommendations of the experts — and you just need to make a well-informed decision to the best of your ability. It was certainly an interesting case to work on.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
Reflecting on my career, I’ve been really privileged to have amazing managers in every position. Specifically, when I joined Logpoint, the company began to hit new growth milestones, and expectations of its leadership grew in parallel.
I was very fortunate to be assigned a mentor who has made a huge impact both in the industry and my own career path. He constantly reminded me that at the end of the day, we were the experts. This individual gave me the guidance and confidence to say, “What is it you need built? Give me the budget and the direction and I’ll get it done.” It was a defining set of feedback that has helped shape the leader that I have become. I’m lucky to have him along as part of my journey.
Are you working on any exciting new projects now? How do you think that will help people?
At Logpoint, we have been doing some really interesting research into how investigations are being carried out for mid-size enterprises. Typically, mid-size enterprises are less methodical with how these investigations will play out, simply because many don’t have the resources that a larger company possesses.
With this in mind, we’ve been analyzing the process of their investigations, including what works, what doesn’t, and how we can use machine learning to suggest appropriate next steps for the analyst. The organization is really excited about how this will change the way we can better serve these customers.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
The Scandinavian workplace is truly unique. There are high levels of autonomy, and we tend to be really blunt and upfront. While the transparency is nice, it can also be tough. This is because we have highly dedicated employees who want to succeed but once things get complicated or uncommonly busy, they take more and more on, pressuring themselves to get the work complete.
My advice would be to never forget the big picture, and to always remember that you’re not alone. Managers tend to give an assignment and trust that their employees will intuitively know their expectations. However, you should never be afraid and speak up and ask for context or questions. Once you have more information and understand the purpose, you can refocus priorities and feel confident in doing so.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
Of course. First, I’d say that it’s exciting to see how cloud computing has now become so accessible and cost-efficient. As a society, there is a huge landscape of tools and open-source technology at our fingertips. Combine that wealth of solutions with an understanding that companies need to invest in data-driven cybersecurity, and AI is no longer just seen as a marketing ploy or trendy buzzword.
Next, we’re also seeing the industry bridge the gap between engineering and product experts. Across the board, security vendors are moving machine learning experts away from the ivory towers of the engineering department to where customer problems are actually being discussed. There’s a greater understanding that their expertise can help solve customer pain points, and they should be at the forefront of this transformation.
Finally, we’re seeing innovation happen at a pace that we have never seen before. While the pandemic certainly spurred things forward, this has been a long time in the making. I have no doubt that we’ll continue to see cybersecurity solutions evolve as the threat landscape does so in parallel.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
Looking ahead, I think we’re not seeing new threats so much as shifting economic incentives behind ongoing threats due to the upcoming NIS2 regulations. These laws are less about promoting data privacy but rather establishing a zero-tolerance policy for leaks. If you have a breach, you will be fined, so there’s a financial incentive for bad actors to strike. To understand this, we just have to examine what happened with GDPR — ransomware threats increased astronomically after GDPR regulations were instituted because cyber criminals knew organizations would pay to avoid fines. With that in mind, there’s a good chance that with NIS2, we’ll see a similar uptick in these types of crimes that companies must be prepared for.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
In my previous positions, I’ve worked with a lot of private sector companies, as well as within the intelligence community. A common theme that I’ve witnessed both in the private and public sectors is that once a breach occurs, we almost always discover the necessary log materials were never there. This means most organizations only realize they need to improve their security posture when they’re already in the middle of a crisis. However, if you’re scrambling to reach security maturity during the firefight, you’re already losing.
It’s not always like this. In one case, the company I was working with had a well-monitored network and was in a good cybersecurity situation, yet they suddenly got reports from a user that they could not access specific data. It became clear that we had been breached by a well-funded, highly motivated individual who had been planning this attack for months. They knew exactly which security controls were in place and how to bypass them.
However, because the company had invested in its cybersecurity posture and had the right solutions — application flows, network flows, logging, and alerting processes were all in place — we had the situation managed. With complete visibility we were able to detect as the adversary made mistakes and triggered out alerts. If this network was set up like many corporate networks out there, it would have been a different story.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Security data link and SIEM are critical for threat detection, analytics, and response, as well as testing the technology. When you are in a security leadership position, there’s a constant concern that you are not detecting what you need to detect, and you won’t realize it until you’ve been hit. Breach and attack simulation (BAS) software allows you to run automated, controlled attacks to identify vulnerabilities before they’re exploited. This is where a true positive result is helpful.
Oftentimes in security, we focus on false negatives as they indicate that everything is okay, which is a huge relief. However, a true positive during testing highlights areas that are vulnerable and validates that the detection solutions and processes in place are in fact are working. Attack surface management technology is also proving to be important for companies as it allows you to map out and understand how big your network is, where it is changing, and how you can protect it. Of course, these solutions can’t replace red or blue teams, but they’re still critical to security.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
How you invest in cybersecurity depends on your degree of risk. If you’re a company with a lower level of risk, you can certainly decide to opt out of having a formal CISO or agency and instead invest in an “over the counter” software. But even then, someone must own the risk inside the organization. Whether you have a CISO or not, the board will still be held responsible if and when there is a breach, and there could be criminal charges in certain scenarios.
If you have a more average level of risk, you should consider outsourcing to an organization that can deal with data breaches on your behalf. I tend to think of a detection and response as literal firefighting — if a storefront has a fire, business operations stop while employees wait for firefighters to come in and address the challenges. With this level of risk, it simply doesn’t make financial sense to have firefighters within the company.
However, if your company is in an industry that deals with especially sensitive data, such as finance, healthcare, or government, there is naturally a higher level of risk. In this scenario, if you have a large enough IT team, you should consider bringing these initiatives in-house under a CISO. Economies of scale are in play here, and if the risk is great enough, incurring additional costs to expand your cybersecurity and IT teams will eventually pay dividends.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
Pardon the contradiction, but I actually think we need to shift mindset away from the thinking that breach detection is a problem for the employee. Instead, that responsibility needs to live at the C-level. Certainly, corporate employees should be educated in identifying phishing campaigns — misspelled words, incorrect greetings, or strange requests with a high degree of urgency are all indications of a phishing email. Yet, organizational and security leaders must take the lead in terms of cybersecurity and deploy a detection strategy. Employees should not have to feel the pressure that it is up to them to catch a breach, but instead, each company should see the greater value in a well-executed cybersecurity posture — and it starts with the C-suite.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
During a breach, many organizations will be scrambling to react. If you’re outside of the Fortune 500, it may be the first time you’re experiencing a breach, and it’s easy to mix the firefighting activities and arson investigation together as you rush to find a solution. Instead, companies must be methodical.
Take the time to determine how and when the breach occurred, what has been impacted, who needs to be alerted, what remediation steps are needed, and when your systems can be brought back. Be clear on what you’re doing and why, and be aware that typically after an initial breach, there’s a good chance you will be breached again. Finally, don’t be afraid to reach out to an external team to help you. Threat actors are unfortunately becoming more sophisticated and well-funded, and sometimes outside forces are needed to handle the situation.
For Logpoint, it’s been a positive. In the EU, there’s an inherent suspicion of distrust for companies that cannot provide legitimate answers to who has access to user data. And while Logpoint is a global organization, our company was born out of EU, so our DNA is distinctly European. Being privacy oriented has always been a priority for us. As Logpoint grows, it’s something we’re continually working on — being EAL3+ certified to NATO standards means we have a good grasp on this.
For businesses in general, I see these laws as a necessary step in the right direction. The digital transformation journey over the last 25 years has truly been the wild, wild west, meaning much of it has been unregulated. With NIS2, CPRA, GDPR, and more, we are moving towards holding cybersecurity and IT service providers accountable for the software they are providing.
What are the most common data security and cybersecurity mistakes you have seen companies make?
I would certainly say target fixation, by which I mean becoming so fixated on protecting one vulnerability that you leave another exposed. I once worked with a CISO that said insider threats are the company’s biggest concern, but when pressed, it turned out a lot of the basics outside of internal threats had not been addressed. It’s not uncommon to have threat models that have little to do with reality, leading to a blind spot to what’s actually going on.
Don’t be afraid to “gut check” yourself through testing to ensure you’re working in the right direction. Understanding what you should do and where you should do it helps companies fully prepare for and understand their actual threat landscape.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
In terms of privacy errors, not so much — we’re using the same privacy systems as before, and these did not change much when the shift to remote work occurred. On the other hand, cybersecurity errors, yes — we’ve definitely seen an increase.
It really became clear how vulnerable many companies were due to soft, unprotected perimeters. What saved many companies cybersecurity-wise was the fact that the shift to remote work was global, meaning organizations everywhere had to make updates across the board. If it had been more region-based, it would have required a more staggered and disjointed approach, making the transition a lot more difficult.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- Understand what you have and the assets you need to have to protect yourself — without that, the foundation erodes.
- Equip yourself with the right tools. If you don’t have the data or anti-virus capabilities, you will lose out on the necessary visibility to protect and detect incidents.
- Test your systems regularly to understand how good your controls really are. Remember, a true positive during testing is better than a false negative in reality!
- Automation is critical for efficiency. When it comes to detection and response, you don’t have time to make mistakes or for the new security analyst to figure it out. Automation must be there from the start, and it needs to be structured so you can respond appropriately.
- Once the attack is stopped, methodology is key. You need to know what’s next and how to stop it from happening again. While yes, you’re losing money every minute these systems are down, don’t be afraid to say, “I will bring them back online once we’ve reached a conclusion, and not a second sooner.” It’s important to act with confidence and to communicate at a level the business understands.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
Businesses genuinely care about cybersecurity these days and we’re in a time when security leaders need to learn how to adapt. For example, spend twice as long on communications around cybersecurity so that every person within the business, from the top down, understands the issues and what is being asked of them.
You do not have to prove that you’re the expert, because the reality is, no one cares about the technical aspects. Instead, they care about business priorities. Keep in mind that ultimately, you’re dealing with people, not machines. Don’t be part of the 70% that get breached again after an initial breach, but rather a part of the 30% that learn from their mistakes.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!