22 Apr Who’s Securing The Humans
Safeguard Cyber is closing the social gap
Melbourne, Australia – Apr. 22, 2021
Breakneck business transformation over the past year saw many project teams left to pick and choose the tools that make them most productive — but as collaboration apps become “the new watercooler,” Jim Zuffoletti warns, unsanctioned tools are creating new weak spots where sensitive data can easily leak outside of the company’s protections.
Chat, collaboration, and social media applications typically haven’t been built with the same focus on regulatory compliance and data protection as purpose-built enterprise applications, Zuffoletti —CEO and co-founder of human-security firm SafeGuard Cyber — told Cybercrime Magazine.
This exposure leaves workers at every level vulnerable to fileless phishing attacks that often manipulate them into sharing sensitive information, or allowing it to be extracted from collaboration exchanges happening outside the conventional corporate security perimeter.
“The human is the last mile of communication, and is the greatest vulnerability,” he explained during the first episode of the HumanSec series, “but at the same time it is, if you think about so much of our economy, the essential element.”
“So if you do not protect the human and the way they want to work and communicate, ultimately any security scheme will fail.”
Whereas conventional enterprise collaboration platforms tried to maintain different forms of communication within a single integrated code base, today’s workers were either switching between different apps for different projects or communications modes — or leveraging vendor integrations between software partners.
Those integrations — for example, between Slack and Microsoft Teams, which were chosen as the two highest-risk integrations in SafeGuard Cyber’s recent Digital Risk Survey — function smoothly thanks to the API-based nature of cloud applications.
But as increasing integration sidelines conventional integrated productivity suites, content-security firms find themselves chasing many moving targets at once — making unsanctioned apps the security and compliance challenge most widely cited by survey respondents.
“One of the ways that organizations are most vulnerable — and they’ve started to see it — is via these digital and social channels,” Zuffoletti explained.
Closing the social gap
It’s a problem that Zuffoletti, along with long-time collaborator, co-founder, and CTO Otavio Freire, approached with an open mind as they set about defining SafeGuard Cyber’s value proposition in the runup to its 2014 debut.
“We geek out about the use cases,” he explained, ultimately focusing the platform on detecting well-defined and well-structured personal information, such as healthcare data, that could be picked out of conversations on social media and collaboration platforms.
As its technology improved over time, the scope of its scanning steadily expanded to “more idiosyncratic” information and — thanks to ongoing investment in what he calls “natural language understanding” technology –— the company has been picking up a steady stream of new customers in industries like financial services, pharmaceuticals, education, technology, and government.
“Understanding both the tone and the message that was posted on these platforms becomes really important if you’re trying to detect things like fileless phishing attacks,” Zuffoletti said. “These new use cases, and the adding of new industries, have really been the signposts along the way.”
A recent surge in demand from aerospace engineering firms has turned the company’s attention to that space — where massive volumes of intellectual property are increasingly being targeted by rivals from around the globe.
Recognizing the need to “play nice with the cyber ecosystem,” Zuffoletti added, SafeGuard Cyber has also been working with security-platform partners like CrowdStrike, with which its own platform connects to feed threat intelligence on an ongoing basis.
“We very much believe that we have to exist within an ecosystem of existing systems,” he explained, “so our ability to plug in and play nice, whether with identity or endpoint, means we can extend visibility and almost create an endpoint inside social media accounts or collaboration platforms.”
Protecting the human touch
While it delivers back-end security technology, SafeGuard Cyber’s ultimate goal is to help companies keep up with human problem-solving instincts — the same ones that pushed adaptation to warp speed during a year in which workgroups were separated and company priorities shifted dramatically.
The pandemic is, however, only the latest in a series of inflection points throughout a company history that has seen surges in online cybercriminal activity tied to events such as the Ukraine-Russia conflict.
“While there was kinetic warfare going on between the two countries, there was an active cyberwarfare taking place,” he said, “and one of the things that was notably associated with that cyberwarfare is that it wasn’t just about the infiltration of networks and classical cyberattacks.”
“The attacks were coming through, and were perpetrated, via platforms like social media — and that was a real eye-opener for us in terms of the transformation [of the threat].”
Similarly, he added, the global NotPetya attack “gave us the clear understanding that ransomware was a crime that could be perpetrated on a broad scale, and would be assessed against organizations’ greatest vulnerability — which often were the same digital channels and social media channels that were a way of getting into the organizations.”
The aggressive use of large-scale social engineering was proof positive that online conflict had evolved well past being about systems attacking systems, or people attacking systems.
Today’s vulnerabilities increasingly stem from people attacking people — and as an undergraduate Economics major and “social sciences kind of person,” Zuffoletti said, “in many ways what we’re doing at SafeGuard Cyber is a manifestation of other social theories, as they left the lab and ended up in practice in the real world.”
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.
Sponsored by Safeguard Cyber
In 2014, our founders realized businesses and governments were leaving the traditional security perimeter to adopt transformational digital and social media channels. They built SafeGuard Cyber as an intelligent system to systematically identify and take action against risks in these communication channels, at scale. We believe the security paradigm must shift to redefine these digital channels as the first line of defense. Today, we help companies detect threats in real time, defend their organizations, and automate information governance across all of their digital channels.