In this Spotlight podcast* we’re joined by Andrew Jaquith, the CISO at QOMPLX to talk about how the COVID pandemic is highlighting longstanding problems with cyber risk management and cyber resilience. We also talk about how better instrumenting of information security can help companies get a grip on fast-evolving cyber risks like human-directed ransomware campaigns.
There has been much speculation about what the long term impact of the COVID 19 pandemic will be on the private sector. Already, business leaders and investors are betting that the forced, mass experiment in remote work will produce long term changes in how companies manage their workforce.
But one byproduct of the shift to remote work is already clear: a marked increase in cyber attacks on corporate environments that take advantage of employees’ anxiety about the virus and lax home office security.
Ransomware’s Dangerous Rise
Among the most scary of those attacks are so called human-directed ransomware attacks, which have sidelined sophisticated organizations ranging from the fin-tech startup Finastra to DMI, a cyber security contractor that counts the US space agency NASA as a customer.
What’s to be done? Our guest In this spotlight edition of the podcast, Andy Jaquith, says that COVID is exposing some rifts in corporate cyber security.
New Tech Meets Old Tools
While the ways in which organizations deploy and use technology has changed dramatically in the last two decades, the ways that they measure and account for cyber risk have not.
Andy is an amazing resource on all matters cyber security. A former Managing Director at both JP Morgan Chase and Goldman Sachs, he was also the Chief Technology Officer at the firm Silver Sky, a cloud-based MSSP.
In this conversation, Andy and I talk about how COVID is highlighting larger issues around cyber resilience. We also talk about Andy’s new company, QOMPLX, which is working to improve ways to instrument cyber security with an eye to improve both cyber defense and risk management.
To start off, I asked Andy about his storied tenure in the cyber security field including his work as an analyst for Forrester and his stint at the seminal cyber security firm, @stake. You can listen using the embedded player above, or by downloading the MP3 here.
(*) Disclosure: This podcast and blog post were sponsored by QOMPLX. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.