Dustin Leefers Of ThrottleNet On What We Must Do To Protect Critical Industrial Systems From Cyber Attacks
An Interview With David Leichner
Identity and Access Management: Ensuring we correctly protect our identities and access is critical. Things such as password policies, multi-factor authentication, single sign-on, and conditional access should be standard practice. Further, ensuring that access and permissions are managed properly is equally important.
Ransomware attacks have sadly become commonplace and increasingly brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack? In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about what we must do to protect critical infrastructure systems from cyber attacks. As a part of this series, I had the pleasure of interviewing Dustin Leefers.
Dustin Leefers, Cybersecurity Manager at ThrottleNet, Inc. He has over 20 years of experience in the IT industry, including systems administration, network engineering, infrastructure architecture, and information security. His security certifications include CISSP (Certified Information Systems Security Professional) and CEH (Certified Ethical Hacker). He also holds numerous certifications in the systems and networking space from vendors, including Microsoft, CompTIA, Cisco, and VMware.
Dustin is passionate about protecting businesses in the increasingly complex and unpredictable cybersecurity landscape. He keeps up to date with industry trends and best practices to ensure the ThrottleNet Team keeps its customers as safe as possible.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in a small town in central Illinois. I was the oldest of three kids and had hard-working parents. We were lower-middle class, with enough money for all the necessities but not much more. Being the oldest of three kids with working parents caused me to grow up quickly and take on additional responsibility. I developed a passion for technology at a young age and was always fascinated by computers. After high school, I immediately got a job fixing and building computers while attending college and beginning working on certifications. Looking back, I believe growing up with more responsibility than a typical child played a role in who I became as an adult.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Movies from my childhood like “Hackers” and “The Net” helped open my eyes to the endless possibilities of computers and networks. I was lucky enough to have a computer at a relatively young age, and I was probably 8 or 9 when we got a hand-me-down 386 PC from a relative. I can remember building our first PC with my Dad a few years later. We spent a couple of months flipping through “Computer Shopper” regularly and picking out just the right components. For those who may not remember or know, Computer Shopper was an extensive magazine/catalog you could buy at the grocery store, and you could order PC components. I have always been interested in security and just migrated to it naturally as my career progressed.
Can you share the most interesting story that happened to you since you began this fascinating career?
A couple of years ago, we had a company reach out to us in dire need of help. They had recently been the victim of a ransomware attack. After we assessed their network, it was discovered the company had a terminal server with RDP exposed to the public internet. An attacker was able to get access to the machine and deploy ransomware to their servers. The attackers also encrypted their only backup. They had no cyber insurance and were in a very tough spot.
After determining there was no public decryption tool for this strain of ransomware, the company decided they wanted to pay the ransom. I exchanged emails with the hackers a few times to negotiate the ransom. They requested payment via bitcoin and provided the wallet address. Due to the amount of the ransom and no previous history with any provider, it would take 5–7 days to get a wallet setup for the business. They did not have that time; their business could not operate.
After discussing options with the client, I volunteered to use my bitcoin account to facilitate the payment. We worked out the details and got a liability waiver signed. After wiring the funds to my bitcoin account, we made the payment to the hackers. After about 6 hours, we received confirmation that payment was received, and the hackers provided the decryption information.
We do not typically recommend paying the ransom and will exhaust all options before doing so. However, in this situation, the company, due to poor security and backup practices, had no choice. How do you stop a business owner who has their whole life riding on a business from doing everything they can to save it?
You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
Curiosity — As I shared earlier, I have always been drawn to technology from an early age. This curiosity has stayed with me through adulthood and has driven me to want to continue to learn and problem-solve in this field. To be an expert in this field, you must continue growing to stay relevant.
Detail-oriented — Attention to detail is critical in cybersecurity, and one error could lead to a possible compromise. Also, leading your team and ensuring they know how important it is to the team’s overall success is crucial.
Integrity — Being widely trusted is essential when working in cybersecurity. I have been leaned upon to provide direct and honest feedback throughout my career. Companies will be trusting you with privileged information.
Are you working on any exciting new projects now? How do you think that will help people?
We recently launched our new Managed Services offerings at ThrottleNet. We are upgrading our existing clients to these new plans while working with them to improve their security further.
While we have always had security top of mind, we took that to the next level. Our new Managed Services offering is all-encompassing and provides the layered security needed today. It is important to note that it takes more than just the right tools to protect your business adequately; you must implement the right policies and procedures.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page, let’s begin with some simple definitions. Can you tell our readers about the different forms of cyber attacks?
Cyber threat actors have what seems to be an endless supply of options at their disposal. Zero-day vulnerabilities are being discovered at an unprecedented pace. Examples of common cyber attacks include malware, phishing, denial-of-service, SQL injections, man in the middle, and many more. The most talked about form of cyber attack in the media is ransomware. Ransomware is when a threat actor encrypts your data and holds it for ransom, often threatening to release your data on the dark web to ensure payment.
For the benefit of our readers, how would you define a critical infrastructure system? Can you please explain with some examples?
There are 16 different sectors that are considered to be critical infrastructure, and these sectors are so important that they are deemed vital to the stability and success of our country. These critical infrastructure sectors include food and agriculture, financial services, healthcare, communications, water, energy, and many others.
Can you share some examples of recent and notable attacks against critical infrastructure systems? Why do you think these attacks were so significant?
Two recent attacks come to mind immediately, Colonial Pipeline and JBS Foods.
Colonial Pipeline is the largest fuel pipeline in the United States. They were hit by a cyber attack in 2021 that caused the pipeline to shut down entirely and cause fuel shortages on the east coast. This cyber attack was due to a single compromised password.
JBS Foods is the world’s largest meat processing company. They also fell victim to a cyber attack in 2021 that caused their operations to shut down. JBS Foods ended up paying an 11-million-dollar ransom to a notorious ransomware group called REvil.
These attacks showed a frightening glimpse of cyber warfare and attacking critical infrastructure.
Why are critical infrastructure systems particularly vulnerable to attack?
There are several reasons that critical infrastructure is more vulnerable to attack. They are considerable targets in a wide array of sectors; these are all industries you consider when you think about wreaking maximum havoc. Further, many of these industries use older specialized systems that may have less scrutinized vulnerabilities due to their specialized nature.
What makes critical infrastructure systems such an attractive target for bad actors?
Critical infrastructure is crucial to the operation of our nation, and any disruption is newsworthy. Hackers love the challenge and notoriety that comes with these big targets. Further, they are all well-financed and often have government backing. The combination of having available resources and the critical nature of their operations makes it more likely the hackers will be paid for a successful attack. Finally, taking out these industries from a nation-state attack viewpoint would cause maximum damage.
Who has to be most concerned about cyber attacks? Is it primarily businesses or even private individuals?
Everyone should be concerned about cyber attacks. Cybercrime comes in all shapes and sizes, and everyone is at risk. Cybercriminals cast a wide net and will victimize anyone vulnerable, including people, businesses, and governments. Individuals must continue improving their cyber knowledge to better safeguard all facets of their life.
Who should be called first after one is aware that they are the victim of a cyber attack? The local police? The FBI? A cybersecurity expert?
Your first call should be to your IT/Cybersecurity provider. In these scenarios, time is critical, and responding quickly can often help minimize the attack’s impact. Once you have your IT/Cybersecurity provider working to contain and understand the attack’s impact, you should call your Cybersecurity insurance provider. Your insurance provider will often have a team that will assist with forensics, incident response, contacting authorities, etc.
Having said that, every business and situation is different. This answer can vary widely and should be included in your Incident Response Plan.
What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?
Most businesses seem to think they are not at risk of ransomware because they are too small or do not have anything of value to the attackers. However, the truth is most ransomware attacks are not targeted. They are attacks of opportunity. Attackers look for soft targets and strike. It is easier and more profitable to infiltrate many poorly protected targets than to infiltrate one highly protected one. The most common attack vectors are insecure services (RDP, FTP, etc.), poor password practices, poor email security, poor patching practices, and other fundamental items.
What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?
The problem with cybercrimes is they can be committed from anywhere, and the attackers are usually in other countries. We need to work to make agreements with other countries on extraditing cyber criminals. Unfortunately, many countries that are the most active in ransomware attacks are not overly friendly toward the United States. The United States needs to continue to increase its offensive attacks against ransomware gangs. Offensive attacks are an excellent tactic for slowing down their operations.
Thinking outside the box, I would love to see tax breaks for businesses that follow strict cybersecurity standards. This would be a great way to spur improvement in cybersecurity across the country.
Ok, thank you. Here is the main question of our interview. What are the “5 Things We Must Do To Protect Critical Infrastructure Systems From Cyber Attacks” and why?
Security Awareness Training: Phishing and other forms of social engineering continue to be the leading cause of cybersecurity breaches. We must continue to train our employees across the entire organization; no one should be exempt. It is obvious that improvements need to be made here, and we need to continue to try new forms of training to move forward.
Identity and Access Management: Ensuring we correctly protect our identities and access is critical. Things such as password policies, multi-factor authentication, single sign-on, and conditional access should be standard practice. Further, ensuring that access and permissions are managed properly is equally important.
Investing in Cybersecurity: Understanding that cybersecurity is a journey that is never complete and continuing to invest where needed is an essential hurdle for some organizations. Unfortunately, threat actors are constantly evolving and require continued resources to combat.
Cybersecurity Framework Alignment: Cybersecurity frameworks provide a roadmap for implementing effective cybersecurity controls. CIS and NIST have great frameworks that will assist with minimizing risk across the environment.
Executive Support for Cybersecurity: Some cybersecurity initiatives cause friction throughout an organization. Employees do not like change, and they do not like restrictions. Some unpopular decisions may need to be made to reduce the risk for the organization. Nothing is more important than executive support in these situations, and this support will help breed a culture for cybersecurity.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
I would have to go with people reading more books. Reading books seemed to have lost its luster with all our other entertainment options. I think society would benefit greatly if we all spent more time reading and less time watching Netflix or on social media.
How can our readers further follow your work online?
You can find us at https://www.throttlenet.com. Many resources are available, including our blog, webinars, and TNTV! Sign up for our newsletter to keep up to date with us! If you’d like to connect with me, you can do so on LinkedIn @ https://www.linkedin.com/in/leefers/
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.
