Over the last few years, cyber-attacks have become more and more prevalent across the United States and no doubt in the global news cycle. ‘Ransomware’ has become a household name and in short, found its potential to hold America and its businesses hostage.

From the attack on the JBS meat plants to the Colonial Pipeline, the correlative effects are clear and present to both small enterprises and multinationals.

The potential for digital warfare to spill beyond Russian and Ukrainian IP addresses should serve as additional notice that companies need to be thinking pragmatically and be on high alert.

Atlantic Data Security is a Cybersecurity solutions provider that manages, consults, and offers wholescale security protection solutions. Named the “Most Promising Cyber Security Solution Provider by CIOReview,” Atlantic Data Security can analyze all types of system configurations, then recommend, deploy and manage all critical security components of a company’s network.

Scott Kasper serves as the company’s CEO, herein addressing the challenges and opportunities inherent to the industry of cyber and to cyber stakeholders.

Please provide our readership with background on the steer and scale of Atlantic Data Security?SK: Atlantic Data Security has over 30 years of experience in the cyber security industry providing high-level cyber consulting and professional services to some of the world’s top corporations.  We also provide end-to-end value from architecture to professional services, managed services, post-deployment support, and consulting.

We have physical offices up and down the East Coast.  We partner with the leading suppliers of cyber technology to meet the ever-evolving needs of our clients.

The notion of quasi-‘State Capture’ through ransom-ware has captivated the media cycle as of late. Where are the pain points in an organization assessing their weaknesses against ‘phishing’-oriented and cyber-security threats?

SK: Phishing attacks are considered among the most challenging cyber-security threats faced by all organizations.  Regardless of how much you train your employees, or how cautious they are online, there remains a high probability that your company or agency will still be attacked.

Phishers keep developing their techniques over time and as long as there is electronic media, they will find vulnerabilities to exploit.  Ransom-ware attacks are becoming daily headlines precisely because they are so prevalent.  360-degree knowledge about your environment is the first step of being prepared for an attack.  Here’s our approach:

First, we conduct a Readiness Assessment.

A Readiness Assessment will improve your organization’s ability to respond to a ransom-ware attack quickly and effectively.  Our firm is made up of experts who have extensive experience in cyber-security and incident response (IR) plans.  We will review your IR plan, capabilities, and technologies. If you don’t have such a plan, we’ll help you craft one.  Our consultants will highlight gaps and identify areas for improvement to bolster your readiness and strengthen your overall cyber defense capabilities.

Here’s what we’ll do as part of our typical Assessment:

1.  Analyze relevant firewall and network device configurations for security weaknesses;

2.  Review user activity logging and audit configurations to prepare for a potentially broader investigative efforts;

3.  Review network and endpoint security monitoring solutions and processes;

4.  Evaluate email and web filtering options and configurations to prevent phishing attacks and malicious payload delivery;

5.  Review access and privileged access controls and processes; and

6.  Evaluate overall vulnerability and patch management controls and processes

Next, we’ll teach you to run a Ransom-ware Tabletop Exercise.

Performing the Ransom-ware Tabletop Exercise will improve your organization’s ability to quickly and effectively respond to a ransom-ware attack.   At Atlantic Data Security, we will design and facilitate a ransom-ware attack tabletop IR exercise.  We base the exercise on the many investigations our IR team will have performed to test your readiness by means of a simulated attack.

We also educate and train your teams to practice IR processes and workflows. It is important to keep up-to-date on modern day attack techniques to evaluate effectiveness in, and be ready for, real-world scenarios.

Where are the opportunities for industry growth in the arena of cyber security?

SK: At Atlantic Data Security, the opportunities for growth are nearly infinite.  We are building a generation of expertise in an area where real world experience is frighteningly rare in the existing talent pool.  While it is said there is a zero percent unemployment rate in cyber, that fact does not take into account the dearth of practically tested experts. We provide that real world experience because we’ve been there since the beginning.

Today there is an even greater need for top-level, defensive talent. With increased use of the cloud and the accelerating rate of people working remotely, the market needs professionals trained and experienced in keeping organizations safe.

Where does Atlantic Data Security seek to expand within the course of five years’ time?

SK: Atlantic Data Security is poised for vibrant growth over the next five years.  Towards the end of 2020, I was tasked with engineering our business practice to take fuller advantage of our primary resources – our consultants.  Atlantic Data Security’s long history and background puts us in the unique position of being one of the top cyber consulting firms in the world.

Like the business management firms McKinsey, Boston Consulting Group and Bain & Company, Atlantic Data Security is becoming the leader in cyber consulting.

As we grow, we are investing in 5 key areas:

Brand name:  Our brand is our promise to our customers. We see it as our responsibility to provide advice, guidance, and assistance to protect against cyberattacks with proactive, focused, industry-relevant threat intelligence. That’s why our name gives our clients the confidence that comes from knowing their business is secure.Strategy work: At Atlantic Data Security, we focus on strategy work, which is the cutting-edge of consulting work in the cyber industry.   We also partner with other leading cyber agencies and leaders to ensure we are providing the latest and absolute best advice and counsel to our clients.

Strong client relationships:  Advising and standing by our clients for over three decades, we have built very long-standing relationships. Atlantic Data Security has a history of client retention because we put tremendous value on client trust and on the quality and impact of our work.  We feel as though we are truly an extension of each of our clients’ team, and that is how we work.

Investment in personal development: Atlantic Data Security invests heavily in the professional development of our consultants. Some of our consultants come to us with years of experience, but that is never where the learning ends.  Our consultants have the opportunity to learn and develop many skills, both hard skills and soft skills, in a short period of time. Atlantic Data Security believes mentorship is essential and facilitates frequent peering sessions and exposure to best practices among all divisions.

Talented, smart people: Atlantic Data Security hires the smartest, most talented people around. Our clients know that when a consultant is working with them, they are not part of a training cycle or in the middle of a learning curve.  We have the most knowledgeable and professional consultants in the industry.

Lastly, in the era of en masse virtualization accelerated by COVID-19 social distancing, how can technology safeguard work-from-home employees of MNCs?

SK: There are a number of ways companies and employees can safeguard work from home especially if they are working for Multinational Corporations.  For instance:

For the Employer:

Use a Virtual Private Network (VPN).

The use of a VPN is a fundamental safeguard when users access the company’s network from home or a remote location. A VPN also allows for encryption of data, which adds a level of protection for information such as passwords, credit card numbers and other sensitive or private information. A VPN can also provide a level of anonymity through capabilities such as masking of location data, website history and IP addresses.

Implement Multi-Factor Authentication (MFA).

The simple principle of MFA is that an authorized user must provide more than one method of validating their identity. Even if a cyber attacker has obtained a user ID and password, MFA decreases the risk that an attacker can gain access by requiring an additional means of validation. Multi-factor Authentication uses something you have such as an authenticator app on a smartphone, something you are such as a fingerprint or something you know like a PIN number.

Ensure systems, software, technologies, and devices are updated with the latest security patches.

Employers should track the equipment to be used in a home environment and provide a means of updating software security patches.

For the Employee:

Prevent unauthorized users on company resources (e.g., laptops, mobile devices).

Employees should not allow anyone to access company resources, including family members.

Use only company-authorized devices for remote work.

Personal devices may not have the same level of security and privacy protections as company devices. If your company has a “Bring Your Own Device” policy, be sure that your use of a personal device is in accordance with that policy. This includes home printers and personal email accounts.

Dispose of company documents properly.

Review your company’s records retention and management policies, as well as information management policies, to ensure compliance. If you must dispose of hard copies of company documents, either shred them or securely retain them for proper disposal when you return to the office.