Cybersecurity with Evgeniy Kharam | E195

Cybersecurity threats and best practices.

On today’s episode, Jason is going to talk to cyber security expert, Evgeniy Kharam. They talk about general concerns around cybersecurity and best practices both for end-users and for the company supplying these services.

Episode Highlights:

  • 01.07: Evgeniy works full time in the company for Herjavec group, being around almost 20 years and they are a cyber security company that focuses on cybersecurity only, and they have enterprises on a variety of talks. 

  • 02.19: Jason says security is almost always the first thing that people mention when talking about potentially looking at a new software vendor or whatever it might be, and it comes from fear.

  • 03.14: Evgeniy explains that ransomware is basically somebody who was able to get access to your environment. Your environment could be your service or IoT devices or your gas station tanks. 

  • 04.46: Small businesses usually don’t spend a lot of time and money on security because they think, I am a very small nobody will care about me, but they all still rely on computers and networking infrastructure, says Evgeniy.

  • 06.12: Jason talks about how Accenture was attacked, and they basically said that they were able to restore from backups and there was no leakage of client information.

  • 07.11: Evgeniy points out that they always have different scales of cyber security controls for protection. She asks if you run a small business and this business is acceptable to the public and people walking in back and forth, but you never lock your screen, then what is the point?

  • 09.01 Jason says the reality is that these attacks tend to come from overseas in jurisdictions that don’t really care. He quotes a Russian hacker magazine where they had publicly said they have the best hackers.

  • 10.40: With cyber insurance, there are quite a lot of rules and regulations. When do you need to disclose what happened to you? Depending on where you live, we have problems as well, says Evgeniy.

  • 12.37 Evgeniy says that we do certain things in our house because we get used to it, and we don’t understand that the same applies to cybersecurity. 

  • 13.47 Jason says you are able to have different unique complex passwords for every website so, if one thing gets hacked, only the one thing gets hacked, not everything else.

  • 15.02: Jason asks, in small medium besides businesses who are users of technology, to talk to me about best practices for protecting themselves. 

  • 16.25: Evgeniy says, if you create your own software, you also wanted to have an MFA for the users or in the majority of the cases, if you can pass the authentication to LinkedIn, to Google then people can utilize this way to connect to you and you not going to be saving their credentials. 

  • 17.38: Evgeniy affirms, API security is an integrated part of any creation of applications you have right now. 

  • 19.10 As per Jason, you will not get a top expert in cyber security on your initial starting team to make sure that you are safe from day one in most cases. 

  • 20.25: Security is a confidence game, and if you have a massive security breach, the amount of egg on your face is a large enterprise going forward is enormous, says Jason.

  • 23.41: Jason points out that making an email look like it comes from another company is very easy. 

  • 24.10: Jason says there is no full delegation of your diligence, you have to take responsibility for basically being your first line of protection. 

  • 24.59 Jason explains why when you look at a marketing website, the first thing as a sales pitch is not security.

  • 25.28: Evgeniy says the biggest challenge in the cyber security industry is definitely the amount of information we have, and we just don’t have enough time to be aware of everything. There is so much going on daily that it is just impossible for one person to know everything. 

  • 26.23: Security is a mindset altogether that should be applied everywhere, and it is something that you need to be aware of as many possible challenges. 

 

3 Key Points:

  1. In small scale business, you want to have an antivirus or EDR and protection response or EPP and word protection on all your devices, at least if or when somebody will get into not having such an easier time to affect your system, says Evgeniy.

  2. The most common form of getting into people’s systems without authorization is human engineering.

  3. There are a variety of tools on the market, something called US dynamic access through the channels that will basically validate what can be done with your website, what can be done with the APIs from your website.

Tweetable Quotes:

  • “I am afraid of change in different things and securities. Kind of this thing they throw out there, and most people don’t even know how to detect the right answer.” – Jason

  • “We don’t manually run finance. We don’t manually run cases, we all do it on the computer.” – Evgeniy

  • “There’s a lot of information support lines for hacker organizations.” – Evgeniy

  • “There are definitely attacks that are based on just hacking through code absolutely.” – Evgeniy

  • “There are certain things you need to do to make sure you do the basic stuff. Like password management, two factor authentication, not to write your passwords on sticky notes.” – Evgeniy

  • “Human engineering reusing passwords were using simple passwords, and it has never been easier.” – Jason

  • “It doesn’t matter what innovation we’re talking about, security plays a role in all of it.” - Jason

Resources Mentioned: