SBN

Why are “Secure” Companies Still Being Hacked?

Data Protection Gumbo Podcast Featuring Omar Masri, CEO of Mamori.io.

Despite investing significant resources in cybersecurity, companies are still being hacked. This podcast takes a deep dive into this topic, where Demetrius Malbrough, founder and CEO of Data Protection Gumbo, interviews Omar Masri, Mamori.io’s founder and CEO, about cybersecurity, data protection, and what it means to small, medium and large businesses.  

Here’s the link to the original podcast. Below is the video and the transcript.

Table of Contents

 

DEMETRIUS MALBROUGH:

Welcome to another edition of Data Protection Gumbo podcast. We’re here with another amazing guest today. His name is Omar Masri and he’s a software engineer and also the founder and CEO of Mamari.io, which helps businesses overcome the cost and complexities of cybersecurity, preventing attacks while meeting compliance and cyber insurance requirements. He is also a director of a data migration and security services company and is co-incubating a non-emergent transport services startup as well.

Omar, welcome to Data Protection Gumbo. How are you?

 

OMAR MASRI:

Good. Thank you very much for having me.

 

DEMETRIUS MALBROUGH:

All right, let’s start off with why Mamori.io and why did you decide to start it and just any information you’d like to share about the company that you’re building.

 

OMAR MASRI:

So Mamori.io was an idea born about a year or two before COVID happened. And it was really around – I used to do a lot of venture capital work and we worked a lot of startups. And obviously when you have a startup, you don’t have a lot of cash in terms to spend on security. But these small businesses had, in their desire to grow, they wanted to do businesses with larger companies that required security. It’s very expensive for a small or medium sized business to actually get secure. It’s kind of an idea of, hey, how do we simplify security?

Right now, it’s kind of sold and bought in little pieces and security experts have to put it together themselves, essentially, at every business. And that’s where the idea was born, because at the high level, security is actually pretty simple. All the compliance people say, hey, just do these eight things, do these ten things from a security expert perspective, right? But in practice, it’s cost prohibitive, actually. It’s impossible to actually implement those eight to ten things, right? And that’s where Mamori.io, that’s kind of our mission is to actually make it possible to implement the recommendations, and that’s where we are now. So, we developed things out and took the product to market about a year and a half ago, and it’s been well received. So it’s growing. So it’s good.

 

DEMETRIUS MALBROUGH:

Yeah, it seems like everyone is focusing and really getting laser focused and honed in on security and dealing with cyber risks and cybersecurity overall. I really want to get your perspective and opinion on cybersecurity and how the evolution has evolved, let’s say, since COVID-19, because COVID pushed everyone internal inside and everyone onto a network, right? Lots of companies had to spin up VPNs and everyone had to log in and do zoom meetings, et cetera, but I think it also did something to the way IT is protected or managed from that perspective. What’s your take on that, Omar?

 

OMAR MASRI:

You’re 100% correct on those technical challenges of just working from home. Everyone worked from home, even the hackers went home and started working overtime. Right? But actually, the biggest change is actually how risk was assessed in cybersecurity. Before COVID a lot of businesses just bought cyber insurance instead of actually implementing security. You got hacked, you’re sort of just paid, your insurance covered it. It was actually cheaper.

But since COVID the insurance industry has lost billions and they’re like, no, no more. It’s almost like I was talking to an insurance guy and he was like, look, honestly, before we were insuring drunk drivers and just paid them when they crashed, right? And we were happy to do it because they didn’t crash that bad. Now it’s like, forget it. Now actually to get insurance and actually you have to meet the requirements by the providers. So that’s kind of the first thing. So how risk is assessed changed. People actually have to actually be secure now, and that’s where everything changes. Now when you actually have to be secure, then the issues that you brought up before everyone’s now working remote, hacks are happening more often, so your teams are more distributed.

So essentially, it’s almost like infrastructure has become more complicated, access requirements have become more complicated and there’s more hackers hacking. Hacking has become essentially like hacking as a service type business. You can sell data. For example, I could go and steal some company data. There’s a market for me to sell that data and get some bitcoin. It’s like you have increased demand for theft, and you have increased invulnerability. And what hasn’t changed is the software of how to get secure hasn’t changed. It’s still sort of 1990s kind of design sort of stuff. It’s kind of like a perfect storm.

 

DEMETRIUS MALBROUGH:

So you’re saying software hasn’t changed that much since the 90s, which is that part of the reason why hackers are really succeeding, especially with things like ransomware. And they seem to be very successful nowadays with getting inside of corporate networks, sitting there for 30, 60, 90, 120 days and exfiltrating data. I mean, it’s a lot that’s happening right now. And you would think that they would maybe start to decline, that more the good guys would start building some solutions that no one is really capable of overriding or getting access to. But I guess what I’m trying to get at is, why is it [cyber attack] still on the rise? Do you have an idea as to and I know you mentioned the software part, but what are some of the challenges as to why it’s on the rise?

 

OMAR MASRI:

Yeah, so the key challenges are pretty simple. Right now, no one can actually follow the recommendations, that’s kind of like super high-level thing is no one can actually follow the simple recommendations. And here’s an example.

The FTC and NSA, they’ll say, okay, 2FA everything, right? That’s a simple recommendation. But in practice, businesses can’t 2FA everything right now. They can only 2FA, for example, they buy Okta or Duo, that’s 2FA their apps and maybe it’ll 2FA their SSH and maybe their RDP access, right? But how about their database access? How about the legacy applications that don’t support SAML? How about the OT infrastructure? How about just you have all these things that are sitting there, the file share, the network drive, right? You have all these things. You have a gap. It’s almost like people are buying a gate, but forget the fence. Or they have a fence, but they forget the gate. You actually have to follow the recommendation of 2FA everything. And that’s what Mamori.io helps you do.

We help you 2FA everything. If you have your Okta, you can still use that for your things that you have and then for the things that Okta doesn’t cover, for example, we do that as well. And if you don’t have anything, we do it all. So that’s kind of the first challenge is, it’s been impossible and sometimes cost prohibitive to actually implement the best practice.

 

DEMETRIUS MALBROUGH:

The human factor of us as humans trying to follow the best practices and recommendations and do things like 2FA. Where do you see AI coming into the picture and who’s going to win that race? Is it the bad guys or the good guys? Or maybe both will leverage, just from a security perspective to kind of do some of the good things to keep the bad guys out? Bad guys will probably use AI to do some of the bad things to get into a network. I don’t know who’s going to win that race, but I’m curious to hear your perspective on how does that play out.

 

OMAR MASRI:

The winner of that game, it’s all about wars. Visibility is key. Who can see, who can see, and who can’t see, right? When both sides are using AI, then the winner is the one who’s able to keep the other side blind. I think AI will have will play a big role. Now, the challenge for using or making use of AI is the data set, the visibility. So, for example, if you’re only collecting and analyzing your application access, but you’re not doing your network and your database and your file shares and your cloud drive access, if you’re not doing if you don’t have visibility over the full picture on your traffic of access, then your AI is kind of limited in what it can, the threats that it can detect and protect you from. I think AI will play a big role.

And our focus in that is to actually give the data set. For example, if you use Mamori.io, then in its entirety, you would have your DevOps access, RDP, SSH, Windows, you have your application access, you have your network access, any TCP access. It’s all kind of recorded, logged, and built into sort of like an analytical sort of machine learning set, which an AI can act on and find the patterns and stuff.

So I think AI is always needed, it always contributes. It helps find the anomalies and helps keep sort of getting thousands and thousands of alerts. You get a nice human readable risk score, right? So you can say, okay, here’s something I should look at.

 

DEMETRIUS MALBROUGH:

Right, okay. And what are you seeing? Is there a trend around what hackers and what bad guys are actually getting in and kind of taking over? Is there one thing you’re seeing over the other? That maybe it’s something simple or maybe it’s something complex, but I’m thinking it’s simple.

 

OMAR MASRI:

Yeah. The trend right now is going for companies that have sort of richer data sets. Right? For example, there’s more attacks happening around the healthcare industry because they have patient information. And typically medical industry hasn’t really been a big buyer of, compared to banks and telcos and electricity companies, they buy every security product in the market. Hospital groups traditionally aren’t big IT buyers. And they have a lot of partners they integrate with. They integrate with their transporters, they integrate with their dispatchers and people who supply their medicine. All these people have all this, they share all this data. There’s a lot of little moving parts and hackers are like “ooh”, a lot of little moving parts. Companies don’t all have the same granular of security. Easy target. They’re kind of seen as a soft target.

Another target is consulting companies. Consulting companies always feel like, hey, I’m a consulting company, I don’t have to buy security, my clients are secure. But then clients give the consultants VPN access, so then all that jazz. Then hackers now are attacking consultants because they have all the connections to all their customers.

So that’s kind of the change that’s happening. Hackers are getting a bit smart going for the data and also insider threat. People are just stealing it and selling the data when they’re about to switch jobs. Right? I’m leaving my job tomorrow. Hey, what can I steal and sell it for some extra bitcoin?

 

DEMETRIUS MALBROUGH:

Yeah, it’s fascinating. I never thought about the consultant angle that consultants do have access to lots of clients and they have access to multiple different businesses. And so if you get access to the consultants data, then you probably can get access to some of their third party vendors as well. That’s pretty fascinating, pretty unique. Do you have any war stories around things being broken into? You don’t have to share names.

 

OMAR MASRI:

Yeah, there’s heaps. It’s been in times we’re helping out little nonprofit, talking with a small business, little nonprofit organization, just helping them out with some stuff. And we’re sitting there watching it and looking at the database, and I told him, I think someone’s attacking your system right now because they’re encrypting your files. I’m like, unplug your machine. Go right now and tell the guys, just unplug your machine. This is about maybe ten years ago, but a lot of cases like that, you see hacks happening in action, people snooping around, or when we track we usually try to track people scanning, doing scans.

When you detect people doing a lot of scans, you kind of know that’s what’s happening. But yes, that’s kind of been the worst, where I actually saw ransomware hacker actually trying to start to encrypt data. And actually that’s a misconception that most people, when people buy security, they usually… the hard thing is you get marketed so hard from every vendor that sells little features – hey, buy my little feature and protect your application and you’ll be protected from ransomware. Big misconception.

Hackers don’t attack apps. Ransomware hackers. They attack your databases. They attack the servers that actually have your files right to ransomware.

[Related: Ransomware Prevention Best Practices: A Layered Approach]

 

DEMETRIUS MALBROUGH:

Wow. Okay. And I’m curious to know what your approach is with Mamori.io and how you guys approach it. So this is a cloud based SaaS solution, right?

 

OMAR MASRI:

No, a lot of the people actually have air gapped environments. We sell it on an annual subscription, but we’re not a cloud solution. All your traffic stays in wherever your network is. If you are cloud deployed, then your Mamori server is inside your virtual private cloud. The idea is that it’s deployed inside your network. You can put one in the DNC if you want, and then you use the modules that you want, and we have every module that you would need. You have your ZTNA (Zero Trust Network Access) module, your PAM (Privileged Access Management) module, your DB PAM (Database Privileged Access Management) module, your database activity module. So it’s about 10 modules, your Workflow module, which is the one that actually people buy less, and it’s the one that the reason why many companies fail their ISO 27001 compliance, which is the access management. SailPoint is bloody expensive, simple as that, right? So we have all the modules you use, kind of what you want, enable the things you want, and pretty easy to install. It’s just a simple docker install.

 

DEMETRIUS MALBROUGH:

Okay, you said docker install.

 

OMAR MASRI:

Yeah. So we deploy using docker so you don’t have to have a swarm or anything. It’s just you stand up at Linux or Windows HyperV, and then you just run the command and it’s installed literally in five minutes. So, yeah, it’s available on docker hub. You just can do the pool and it starts up and you can start using it.

 

DEMETRIUS MALBROUGH:

Sounds pretty fascinating. And as far as the future and looking in your crystal ball. Where do you see things headed?

 

OMAR MASRI:

So I think I don’t know if you remember back in the day, it used to be corporate BI (Business Intelligence) and then the Tableau and Qlik came out and there was a new market segment for self service BI. So I think what’s going to happen is, the big trend in cybersecurity isn’t going to be a single feature. It’s not a better AI or better 2FA or better PAM or better DAM (Database Activity Management). It’s more about all in one – “I’m tired of buying from ten different vendors and taking two years to integrate it. I want a single solution that deploys in a week or even a day and I can just start using it.” That’s kind of the big trend. And it’s got everything baked in there. So I think the all in one self service thing is going to be happening. Because traditionally, my history is we build productivity tools. So I don’t know if you heard in the US, you would heard of Quest software.

 

DEMETRIUS MALBROUGH:

I have, yeah.

 

OMAR MASRI:

The products like Toad and Spotlights and all those database tools. So we developed them out of the Melbourne lab when I moved to Australia. We made a little Oracle product and we got bought by Quest before they went IPO. This was like 1999, back in the day. Really what we focused on is allowing people who aren’t experts to do things that experts can do. And Cybersecurity needs that right now. It’s just too hard to implement, for any business to implement security because there aren’t enough experts to do it properly.

Mamori.io is designed to be very similar in that sort of philosophy of a productivity tool. You don’t have to be a cybersecurity expert to just stand up a Mamori server and start using it. In fact, you don’t even have to know all the compliance things and craziness, just use it. So actually, if you just want to be more productive, you could just use it. If you’re a DevOps team, for example, just use it. And for the small folks and in that spirit of the Quest tools, for small teams, it’s literally free. We don’t charge for small organizations.

 

DEMETRIUS MALBROUGH:

And what’s small [company size], how many people [to get Mamori Cybersecurity for free]?

 

OMAR MASRI:

Like 20-30 people. That’s usually like a small medium business.

 

DEMETRIUS MALBROUGH:

Right, okay, nice. That’s good to hear because they need security, like, really bad.

 

OMAR MASRI:

Well, that’s right. When you look at the stats in the US, there’s 40 million small medium businesses in the US. Some large number. I can’t remember the exact one. And that’s right, they’re all getting hacked and they’re getting ransomware for 5, 10, 20 grand. Right. And for them, it’s a big deal. Right?

 

DEMETRIUS MALBROUGH:

Yeah, I agree. So, yeah, I appreciate all the information that you’ve provided and let’s begin to wrap up here, and a question that I typically ask most of the guests on the show is, what’s on your nightstand. What do you read before you go to bed or what are you reading?

 

OMAR MASRI:

I’m re-reading. My son’s in high school now and he’s learning the Age of Enlightenment. So I’m reliving my early days of philosophy. I love philosophy and stuff. So Camus, Candide, Voltaire, Rosseau. But apart from philosophy, books and technical stuff, what I really like to read is I’m a manga geek.

 

DEMETRIUS MALBROUGH:

Okay. All right, nice.

 

OMAR MASRI:

Well, how about yourself? What have you been reading?

 

DEMETRIUS MALBROUGH:

Me? I’m more of a self help. I can’t get enough continually striving to think that there’s something that either I don’t know about myself or about my environment that can help me live better, to be faster, to be smarter, to be more holistic, to be a better father, just to be better overall. So I have a ton of books that I am always reading at the same time, which may not be that effective, but I love to keep books around because depending on how I feel, I can just grab that book and get some insight from it. So, ferocious reader.

 

OMAR MASRI:

That’s good. Do you have any particular one in mind that you read last?

 

DEMETRIUS MALBROUGH:

There is a stoic book, so it has different clips in it from Marcus Aurelius and Epictetus, some of the other Roman emperors, et cetera. And it’s like a daily, daily read which gives you every day, there’s a piece of advice. So I try to do that early in the morning as the first thing. And then I’m also reading some podcasting books, how to make profit off of your podcast and kind of learning how to do things a lot better. So those are the ones that are currently on my desk now.

 

OMAR MASRI:

Yes. So it’s funny that you mentioned the stoics. About 80% of the folks who are into, or self reflect, end up being stoics. Yeah, Marcus, all that stuff. So actually, my son’s very similar. He picked it up on his own. But funny, that’s the first thing you mentioned because I was going to ask.

 

DEMETRIUS MALBROUGH:

Yeah, I stumbled upon it and it just stuck out at me and think his name Brian with London Real. He has a YouTube channel and really big guy online, and he was posting clips of it and I decided to buy it as well. So it’s been helping me also. But, yeah, I really appreciate you being on. And as I mentioned, I’ve learned a lot of insights and also some best practices around keeping data safe and secure and learn a few things about Mamori.io. How can the listeners maybe go and check out your software or anything else that you would like to kind of close out with?

 

OMAR MASRI:

Sure, just go to Mamori.io and then from there, it’s got all the links and videos and data sheets. And you can also download and install. So you can set up a little box in wherever your cloud machine or your on-premise and then just download it and install it and send us an email and we’ll help you configure it, simple as that. So if you’re a small business, it’s free and there’s no need to run naked anymore on security if you don’t have a lot of cash or experts, right? You can’t use that as an excuse anymore because it’s free.

 

DEMETRIUS MALBROUGH:

No more excuses. Yeah, that’s M-A-M-O-R-I.io.

 

OMAR MASRI:

Which means defense in Japanese. So it’s like those little amulets.

 

DEMETRIUS MALBROUGH:

Mamori.

 

OMAR MASRI:

Mamori. That’s right.

 

DEMETRIUS MALBROUGH:

Well, Omar, thank you again for being a guest on Data Protection Gumbo. Make sure that you also go to LinkedIn, take a look at the Backup and Recovery Professionals LinkedIn group that I run, there’s about 25,000 plus professionals out there, so a great place to network and have conversations with your peers about storage and backup and recovery and security as well.

 

OMAR MASRI:

All right. Thanks, Demetrius.

 

DEMETRIUS MALBROUGH:

All right, folks out there, stay safe and make sure you back up often.

 

How Mamori.io Cybersecures Your Business

Mamori.io has a free, all-in-one cybersecurity solution that protects your network, database, and applications. If you have a firewall and endpoint security implemented, Mamori is the ONLY solution you’ll need to achieve cyber resilience.

With our free solution, not only do you pay nothing for licenses, your overall training and implementation cost is minimal because our solution is extremely easy to implement and configure.

Additionally, we offer cybersecurity services for businesses that lacks the time and expertise to deploy cybersecurity solutions. We can help deploy our all-in-one cybersecurity solution on your infrastructure (self-hosted) or on our infrastructure (as a managed service). This is ideal for businesses who don’t have the expertise or time to deal with all the cybersecurity complexities, such as implementation, maintenance, and monitoring.  

If you’re a small business concerned with cybersecurity cost, deployment and maintenance, Mamori.io is your best option. Get started by requesting your free license here.

*** This is a Security Bloggers Network syndicated blog from Zero Trust Data Security Blog - mamori.io authored by Victor Cheung. Read the original post at: https://www.mamori.io/blog/2023-5-why-are-secure-companies-still-being-hacked