Cyber Defense: Aaron Sandeen Of Cyber Security Works On The 5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack

Understand your attack surface — Your attack surface is how a hacker sees your organization from the outside and includes details from the deep and dark webs. You need to continuously scan your known and unknown assets to identify any exposures, APIs, expired certificates, vulnerabilities in your technology stack, data leakage, open ports / protocols / services, non-production systems exposed to the public, assets potentially exposed to ransomware and much more.

In our uncertain and turbulent world, cyberattacks on private businesses are sadly a common tactic of hostile foreign regimes as well as criminal gangs. Cyberattacks and ransomware have crippled large multinational organizations and even governments. What does every company need to do to protect itself from a cyberattack?

In this series called “5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack” we are talking to cybersecurity experts and chief information security officers who can share insights from their experience, with all of us.

As a part of this series, I had the pleasure of interviewing Aaron Sandeen.

Aaron Sandeen has more than 28 years of business and IT experience in public and private sectors, helping organizations drive impactful transformation through innovative programs, technologies and culture. Aaron is the CEO of Cyber Security Works (CSW), a company focused on helping leaders to continuously prioritize and remediate their cybersecurity threats on-prem and in the cloud. He attributes his continued success to working through active collaboration with stakeholders to clearly identify current risks and how they are often already impacting organizations.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in Montana and from a young age I was exposed to plenty of technology like the Atari system, Timex Sinclair 2068, and Commodore 64. Having that experience definitely shaped my interest in technology because after I started working my first job, I bought a Macintosh computer and a hard drive to go along with it. Now my childhood interests of technology and business are my career and I could not be happier.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I have been in the tech industry for a long time. Early on I worked on app development, system administration, system logistics, and process improvement. I didn’t consider a career in cybersecurity until I became the CIO for the state of Arizona in 2011. Hardly a month into the position, I was asked to be a keynote speaker at a cybersecurity summit. In preparation for the summit, it began with a simple Google search which completely changed how I imagined my career to take shape in the future. I came across an article about a CIO in a similar position as mine who was fired for their lack of preparedness in the event of a cyber attack. Once I read that article I began hiring cybersecurity professionals and really identifying where our system exposures were. I knew I never wanted a story like that written about me, so I wanted to acquire the necessary cybersecurity tools I needed in case of such an event.

Can you share the most interesting story that happened to you since you began this fascinating career?

In this field, a lot of stories come to mind, but one particular story that comes to mind involves a massive DDoS attack from Anonymous while I was working at the State of Arizona. A mother reached out asking for help stating that hacker group Anonymous attacked the hospital that her kids were being treated at. It was a moment of panic, and something we had to come up with a solution for fast. Luckily due to the state’s resources and the connections I made with previous work, we managed to identify a solution. It was really interesting because we worked with AWS and we found credentials that assisted us in notifying the issue.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

Passion, compassion and trust are the three characteristics I try to embody as a leader. Passion allows me to engage an audience and encourage employees to work towards our goals. Compassion is required to be an effective leader as it allows me to better serve my people, clients or constituents in the case of my previous position. And finally, you have to build trust. Trust is especially important in our field where a client’s baseline expectation is to keep their data protected and safe from harm.

Are you working on any exciting new projects now? How do you think that will help people?

Our main focus today is cyber security powered by intelligence, and we plan to achieve this through a three-pronged approach utilizing hard data, machine learning, and advancing our human capital. The large amounts of quantifiable data we collect needs to be processed efficiently by our automated systems, but the true power comes from our work force’s ability to refine processes and validate the end results. Separately we are also investing in our attack surface management and adopting the hacker mindset to better understand the vulnerabilities an organization might not be aware of.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Cybersecurity?

My credibility begins with my experience working with the State of Arizona, and continues into my position at CSW. At the State of Arizona, I was entrusted with an abundance of types of sensitive data tied to individuals such as tax information, medical information, and birth/death records. That kind of information cannot be taken lightly as people depend on them to conduct daily personal business. Following that, the information is stored across multiple servers and managed by hundreds of individuals; it requires a tremendous group effort to connect the dots, and get the data to the right place at the right time.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of cyber attacks that we need to be cognizant of?

Situations always change, however, phishing and hacking have been a concern for many years now. Criminal groups are becoming highly sophisticated with increased resources and using them to target businesses for financial gain. CSW has done ransomware research for years to stop ransomware attacks and understand how the trend will develop.

Who has to be most concerned about a cyber attack? Is it primarily businesses or even private individuals?

Profit generating businesses are targets for cyber attacks for obvious reasons; there is a financial motive behind most attacks outside of a state sponsored attack. On the consumer/individual side of things, weaknesses lie within credentials which can be exploited through phishing attempts. Fake texts or emails requesting information hit people’s inboxes everyday and these hacking groups are looking for weak points to compromise their financial information.

Who should be called first after one is aware that they are the victim of a cyber attack? The local police? The FBI? A cybersecurity expert?

I believe every organization should have an emergency response plan which defines a clear line of action. Technical teams need to become aware, contact leadership immediately, legal council, then cyber insurance as they will have contacts and resources available. But there are different points of contact for responsive, and incident response activity. Law enforcement is always good to be contacted depending on what data is stolen.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

I think the most common mistake that is happening right now is not what is being done but rather something that is being missed within the industry. The best thing organizations could do to strengthen their security is to try to increase their maturity and focus on being a better cybersecurity organization. Compliance requires enterprises to do a “pen” test once a year. However, companies should try performing it four times a year. That takes discipline and resources and I believe that the organizations doing that are focusing on frequency to extend coverage.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

Understand what your exposure is and get a good understanding of service management. It is important to know what is out there, what are the open ports and systems to take advantage of. Now it’s important to take action to understand the priorities of how these vulnerabilities can be used, which are trending and how to follow through with that.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack” and why? (Please share a story or example for each.)

1. Understand your attack surface — Your attack surface is how a hacker sees your organization from the outside and includes details from the deep and dark webs. You need to continuously scan your known and unknown assets to identify any exposures, APIs, expired certificates, vulnerabilities in your technology stack, data leakage, open ports / protocols / services, non-production systems exposed to the public, assets potentially exposed to ransomware and much more.
2. Increase the frequency of vulnerability scanning and pentesting — Advanced Persistent Threat (APT) groups and cyber criminals are consistently and aggressively exploiting new and old vulnerabilities everyday. In Q1 2022 our researchers found a 17.9% increase of ransomware groups utilizing older vulnerabilities from previous years. With this constant onslaught of attacks your organization needs to also be continuously scanning and pentesting your environment and applications to find if your security has holes that need to be patched. The Peter Drucker quote still applies — “What’s measured improves”. Increasing frequency and coverage is key!
3. Add data-driven intelligence to help prioritize and act smartly — Using vulnerability criticality is not enough. Most organizations don’t have the resources to remediate every vulnerability all the time. Risk prioritization is critical. Being able to target, group and track where to focus using data is a game changer. But even this isn’t enough to stay ahead. Predictive security capabilities are now giving organizations an extra early warning advantage by using AI/ML capabilities to calculate the probability of vulnerability being exploited in the wild. Just one extra day of advanced notice can be a game changer!
4. Ensure that you have a great backup strategy — You never want to be the one to be attacked, but you always need to be ready for it. Make sure that there are processes in place to determine which data should be backed up, how frequently it should be backed up, identify and implement a backup and recovery solution, along with making sure to test and monitor that system.
5. Modernize your systems and Reduce your technical debt — Technology is ever evolving which means that legacy systems can have functionality and performance issues down the road. We have a saying ‘Old is Gold’. Meaning that legacy systems and technologies come with a laundry list of issues. Having business conversations to understand the system needs, making decisions to sunset applications where the value doesn’t equal the total costs to maintain are critical. Ruthlessly and continuously evaluating these systems helps maintain your environments and reduce your overall security risks.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

A movement that increases frequency, increases visibility and increases use of data is the movement I sponsor.

How can our readers further follow your work online?

LinkedIn — https://www.linkedin.com/in/aaronsandeen/

This was very inspiring and informative. Thank you so much for the time you spent with this interview!