Jim Taylor of Onclave Networks: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity
Prioritize and assess your cybersecurity strategy, solutions, and budgets. Based on assessing the risks, impacts, and current vulnerabilities will help companies prioritize cyber defense spending that’s proportionate to the overall threat. Prepare a ‘fast-track’ budget to address the near-term hardening of high-value targets that cannot wait for a multi-year optimization program.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Jim Taylor.
Jim Taylor is the CTO and co-founder of Onclave Networks, Inc. with over 30 years of experience specializing in development and infrastructure engineering. He authored two patents, one around Dynamic Cipher Key Management which is the foundation of Onclave’s Trusted Secure Communications platform and another on Blockchain Performance Enhancement. Before Onclave, Jim co-founded Advanced Paradigms, Inc. which grew from 4 principals to over 280 employees in 4 years. Jim has held positions with Vitro Laboratories, Unisys, and Microsoft. He holds a BS in Aeronautical Engineering from San Jose State University and is a commercial pilot, flight instructor and certified Airframe and Powerplant engineer.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
It all began with a conversation between the co-founders of Onclave Networks, Inc, Glen Gulyas, Alan Wade, and me as we looked at the rapid growth of Operational Technology (OT) and IoT devices. Our goal has always been to help protect critical infrastructures and power grids. We have developed a proven solution that is well-positioned to prevent breaches to critical infrastructure’s OT/IoT across all industries. I truly feel that there is strong purpose and goodness in what we can do.
None of us can achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
There are several people who supported me as I began my career, from professors in school to my family and friends. However, I would have to say that the most inspirational person in my life is my mother, who was an independent entrepreneur. I saw her struggle through a lot in life but always found a way to succeed. She inspired me to take on high-risk opportunities and to push myself to do and be better.
Are you working on any exciting new projects now?
We are constantly developing new features within the Onclave TrustedPlatform™ which are designed to make it a more disruptive technology. Our focus moving forward is on mesh networking, multiple blockchain ownership on a single device, and blockchain optimization.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What most excites you about the Cybersecurity industry?
If you have a solution that can prevent breaches from occurring, this will protect not only an organization’s network communications and critical data, but also people’s lives. Today’s devices and technology impact every aspect of our lives including the food we eat to the healthcare we receive. Critical infrastructure and organizations of all sizes are facing increased cyberattacks. It’s exciting to see that the cybersecurity industry is working together through partnerships and disruptive technology to help protect organizations across public and private sectors to make a difference.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
The very reason we built the TrustedPlatform™ was due to an acute awareness of what the potential threats for the future may hold — China, Russia, North Korea, and non-nation states. have all advanced their capabilities to penetrate and more effectively hack into security systems and IT infrastructures. Some of the critical threats that companies should prepare for are supply chain attacks, increased malware and ransomware, and exposure to OT/IoT attacks. The attack surface of networks is exponentially growing. There aren’t many effective solutions around Zero Trust using layer 2 microsegmentation that easily scales besides Onclave Networks that stays ahead of and protects against these sophisticated attacks.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Once the security breach is identified, an organization should take the device or systems infected completely offline to eliminate any opportunity of further exposure. The company’s cyber security lead working with their IT/OT leads should have an existing remediation and recovery plan that provides a checklist and guidance for specific types of breaches to follow. This includes performing audits and data fidelity checks on their critical data as an example. Concurrently, someone should immediately report the breach to their insurance provider, the FBI, and any other required agencies. The proper response is to be excessively communicative of the breach both internally and with customers that might be affected as well.
What are the most common data security and cybersecurity mistakes you have seen companies make?
Common mistakes include:
- A lack of diligence about passwords. This is one of the main issues companies face when dealing with data security breaches. Policies should be in place to ensure these passwords are changed after initial setup and then on a more regular cadence.
- Administrative permissions should only be assigned to one person and not a collective team, as this also increases exposure to security threats.
- The default settings on routers/switches are often not changed after setup which can be compromised.
- Additionally, the enforcement of patch management is critical for operating systems and applications. to fight against new viruses.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
The recent cyberattacks over the last couple of years prove the threat is extensive across all industries and continues to grow. With the exposure of notable breaches such as:
- SolarWinds’ supply chain software update breach compromised a vast number of clients in both government agencies and commercial businesses.
- Colonial Pipeline, one of the largest and most vital oil pipelines who became a victim to a ransomware attack that infected the pipeline’s digital systems and shut it down for days creating gas shortages and panic-buying.
- JBS, a major meat producer and global organization who suffered a ransomware and cyberattack shutting down its entire beef processing operations and impacting the supply chain
- City of Oldsmar’s water treatment plant that was breached involved a hacker who tried to poison the city’s water supply by increasing sodium hydroxide levels.
It is painfully apparent that the bad guys are deeper in our networks and endpoints than we thought. And these examples do not cover the increased cyberattacks to other critical infrastructure and organizations from remote work, ransomware, malware infections and phishing schemes that have impacted millions every year. We need to learn from these lessons and ensure that every organization acts to greatly improve their security posture to prevent breaches from happening — especially to critical systems, data and devices that could impact lives. Here are five recommended steps:
- Identify, document, and prioritize your cyber risks by taking account of all devices, systems and users that have access to your network. The Onclave TrustedPlatform™ can help identify all endpoints on your network.
- Raise cybersecurity awareness in your organization, establish clear security policies and train your employees of their personal security responsibilities (it’s not just the IT teams’ responsibility).
- Address legacy infrastructure, converged networks, applications, traditional IT solutions and plug-ins that create vulnerabilities especially with growing Operational Technology (OT)/IoT and remote access.
- Prioritize and assess your cybersecurity strategy, solutions, and budgets. Based on assessing the risks, impacts, and current vulnerabilities will help companies prioritize cyber defense spending that’s proportionate to the overall threat. Prepare a ‘fast-track’ budget to address the near-term hardening of high-value targets that cannot wait for a multi-year optimization program.
- Leverage the recommended guidelines to apply Zero Trust Architecture and Microsegmentation. The goal of deploying a Zero Trust framework in the enterprise is to create an environment where trust is never assumed, and that any request to move from endpoint to endpoint within a network must be continuously authorized and monitored. When Zero Trust architecture is deployed with microsegmentation, one can significantly reduce the attack surface and prevent breaches before they happen.
Overall, it starts with raising staff knowledge to a high level of vigilance to achieve better cyber hygiene. When it comes to network security vulnerabilities, identifying endpoints, security protocols, password security, awareness, and training — all of these contribute to a substantially higher risk of cyberattacks to an organization without discipline and action.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
I would love for people to accept individuals for who they are. We should all take a step back, not take everything so seriously, and be more forgiving, supportive, and kind.
How can our readers further follow your work online?
Onclave Networks Website: https://onclavenetworks.com/
Visit our website and download our whitepapers, read our news and articles, and sign up for our blogs
Twitter: https://twitter.com/onclavenetworks (@onclavenetworks)
This was very inspiring and informative. Thank you so much for the time you spent with this interview!