As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Anuj Goel, CEO and co-founder of Cyware.

Anuj Goel, Ph.D. is the co-founder of Cyware, a cybersecurity platform with a mission of enhancing cyber awareness and real-time sharing of intelligence and incidents to enable proactive identification and mitigation of threats. Previously, Anuj worked at Citigroup in New York as the head of global strategy and planning covering information security and anti-money laundering. Anuj is a Senior Member of the IEEE and has served as an executive committee member of the Financial Services Sector Coordinating Council (FSSCC). He holds a doctoral degree in Engineering and has earned several globally recognized cybersecurity certifications.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Well, this question takes me down memory lane. My upbringing happened in a very liberal and supportive environment. My parents always encouraged me to pursue my interests, which were mostly aligned with computers and technology. This occurred because of the consumerization of computer technology during the 90s, but what turned my fascination into passion was when virus attacks started making global headlines during those days. That was when I began exploring the world of cyberattacks, malware and viruses. My interest only grew further as I pursued my Ph.D. That’s how my interest turned into a passion and then into a profession over time.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

Having spent many years as a cybersecurity practitioner as a contributing member of large, enterprise cybersecurity teams, a few particular contributing factors give me this story:

First, I was able to get my hands on networking technologies in the early days of my career as a practitioner. My interest in cybersecurity grew with the advancement of network and endpoint security domains, the emergence of data protection and security monitoring, and even legacy technologies that we pulled apart to better understand how they could help us defend against advanced attacks.

Second, I saw first-hand how security teams were very siloed, and often this was due to governance structure within organizations, and then the tools they were managing.

Third, while it was critical to pursue threat intelligence very early on, it was a challenge to turn Indicators of Compromise (IOCs) into actionable data.

This gave me the inspiration to build a technology platform that unified security teams truly needed to pull together disparate tools and teams into a collaborative force, to enable a more streamlined operational flow and to power the operationalization and sharing of threat intelligence in a way that no one else was focused on in the industry.

Can you share the most interesting story that happened to you since you began this fascinating career?

By far, starting Cyware, with Akshat Jain, and witnessing its growth in real-time. And that is not just a one-time event, or a snapshot, I’m living it right now. When we founded Cyware, we had a vision to create a company that would form the keystone of the next-generation security paradigm. Building a company is not an easy task, especially when you want to solve the core security challenges of every type of organization. But we treaded this path with careful planning and started building our product stack. A year before the pandemic, we completely shaped our vision by building a virtual cyber fusion center that would bring all good actors together and help them put forth a collective defense against bad actors.

And then the pandemic happened. We all saw how threat actors massively targeted organizations who thought they were secure and were not prepared for such intensity of attacks. Our fusion center came to the rescue for these enterprises, as well as information sharing communities (ISACs/ISAOs) who were able to not only comprehend but visualize their threat landscape through actionable intelligence and take faster actions through our automation and response solutions.

Our hyper growth story was supported by two rounds of funding in the past 12 months from renowned investors — all within a short span of just 7 months during the pandemic. The combination of funding, three straight years of triple digit year-on-year growth (over 120% ARR growth in 2020) and 2x growth in clients and employees has only added more weight and credence to our vision. This has been an interesting journey, thus far, with some great experiences and learnings and we are looking forward to creating an even better story with what we have planned in our roadmap in the near future.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

I think it comes down to learning from your mentors, leveraging best practices and striving to consistently improve at everything you do. My mentors have always said to embrace what you can and study the way successful people solve problems and collaborate. Then, take your learnings and skills, and apply them with your own style to give back to those who ultimately will look to you for mentorship and help them chart their course. It’s always something that has stuck with me — know how to do it one way, but build your own brand and domain so you can feel like you aren’t just using someone else’s strategy your entire career.

Are you working on any exciting new projects now? How do you think that will help people?

I believe that every project at Cyware is exciting. That said, we are building the next version of our security orchestration gateway that would massively set the scale for connected technologies, and translate data and intelligence into an easily consumable, agnostic format for disparate security tools deployed by organizations.. Our AI-powered models do the rest of the work to help us make more tools more efficient by automating the workflow and ultimately the overall threat response mechanism.

What’s really interesting is we are exploring new use cases daily. We are innovating with our customers globally to uncover new uses for our product suite.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Coming from a security background, I am inspired by how successful security teams are able to correctly triage and respond to the threats based on real-time intelligence. As a leader of my organization, I am involved in strategic decision-making in all verticals, which might have overwhelmed me if I didn’t apply my security acumen of triaging and intel-driven decision making in my present executive role.

I would recommend that we learn to identify our priorities (as Intel Analysts are able to find high score threats) and reduce the noise (as Intel Analysts reduce alert fatigue). Be really good at the core elements of what you are building, or striving to build. Keep your vision within striking distance, and not something that you can’t ever achieve. Cybersecurity is all about getting better than what came out 18 months ago. Improvements and enhancements can be achieved simply by enabling capabilities at the speed of business.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

New challenges arise daily. The attack landscape has shifted substantially to much more damaging outcomes. SolarWinds. Colonial Pipeline. Kaseya. The challenge in cybersecurity is that you have to adjust almost immediately to what you are seeing and experiencing. And to win, you want to get ahead of what you see. That is why we are very focused on operationalizing threat intelligence to be automatically curated, shared, consumed and distributed. The fight is real. It’s a real-life good vs. bad fight, and we continue as defenders to make strides, but the threats are very real if organizations and individuals feel they cannot be targeted. Rapid iteration vs. the drive for perfection. Because we have to make adjustments based on threats, customer environments and needs, and demands from partners — we live by the mantra that in software, we know we’ll have to always iterate, and we know that it’s never a perfect, or finished product. So we respond to critical customer demand to innovate and iterate quickly, but with precision.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

Ransomware + supply chain together has really become one of the “double whammies” of attack tactics. Ransomware payments have skyrocketed this year alone, and since ransomware was first introduced in 2014, payments have exceeded 60B dollars globally. This does not include remediation costs, new software costs, massive patching efforts, etc. So ransomware is very costly.

Second, attacks on the software supply chain are having a ripple effect across many different organizations, where we’ve seen that simply by sharing systems and/or data can serve as the root cause of extreme spikes in risk. Why? Attackers are using connections that companies have with other companies, or third-parties to execute attacks wherever they find exploitability. This means that vetting vendors is no longer just a procurement process, it involves security. It means that doing business with companies who aren’t as conscious about cybersecurity makes you a target regardless of what your SOC looks like. It’s scary.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

It’s not about a singular breach, and sure there are anecdotes, but those are truly proprietary in nature. What I recall is more in line with a consistent effort to get smarter, faster and more intelligent ahead of POTENTIAL attacks. I spent much of my time when I was still in the financial services industry on the strategic side of cybersecurity where I worked with global teams on operationalizing threat intelligence. This was one of the most critical initiatives because of how teams were segregated globally and functionally. The more that the global team could collaborate quickly and easily to gain an upper hand to leverage indicators and observables, the better we could get ahead of threats — that was exactly why I set out to build Cyware, so we could address what I saw as a major gap in security operations technologies.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

We use a bevy of third-party cyber solutions, and the way we add to our own cybersecurity model is we select best-of-breed solutions for security monitoring, endpoint, network, and email security. We also use our own solutions and monitor and respond to threats within our own Cyber Fusion Center. This is us building out a best of breed model, consistently monitoring our cyber posture, and improving at every turn, while eating our own dog food to also improve our own security.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

Great question. One of the core challenges smaller teams and mid-sized companies have is they don’t think they can afford advanced cybersecurity tools. We’ve developed a solution for these teams that is easy and simple, but gives them an enterprise-level output. We are breaking new ground on this solution for the mid-market.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

This is all about threat intelligence. There are many different forms of threat intelligence, or indicators of compromise (IOCs). Specific industries like healthcare or finance look for specific indicators when they analyze threat intelligence, just like energy and utilities likely look for certain trends in threat data. This is one of the most critical components of cybersecurity that Cyware focuses on in terms of getting it right for our customers so it’s simple yet powerful in taking up a collective defense against motivated adversaries.

Typically there are conditions like simple misconfigurations, default settings, unpatched software that will always plague organizations, often as much as human error, where employees are still prone to click-baited phishing attacks. The variables are innumerable really, but shared threat intelligence is truly the X factor in firms getting to a more proactive approach to cyber.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

It’s all about your customers. Period. Anything that impacts customers in any way, as a cybersecurity vendor and trusted adviser to customers, you take seriously, and you do anything you can to protect them the way you state you will based on product or service claims.

Many organizations for example, are impacted by ransomware attacks, and they pay the ransom — 60B dollars in ransomware payments globally and counting. However, if an attacker encrypts the entire set once and then encrypts it all again with a second strain, an organization might have to pay twice. So in essence, because ransomware attacks are so rampant, many organizations determine they want to pay the ransom but it’s not that easy, and it’s never guaranteed because attackers hold the cards, and they can double-encrypt data.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

These are examples of the EU in the case of GDPR, and CCPA in California where they are trying to protect PII, and they are trying to establish regulations around organizational and personal data integrity. These have impacted businesses in a few ways. For one, it’s been a forcing function for organizations who are doing business in the state of CA, or in Europe, where they are enforcing the protection of business and individual data so that it remains private, and so that it’s not available to malicious actors to sell on the black market, or to make attempts to compromise that information. I can’t say for certain if it’s been helpful, or if it’s reduced risk tangibly — we truly focus on cybersecurity.

What are the most common data security and cybersecurity mistakes you have seen companies make?

The number one mistake is thinking about cybersecurity like a giant wall or some impenetrable entity. Attackers study, analyze, and test target systems at potential victim organizations to see where the lowest-possible hanging fruit exists to enable a successful, untraceable attack. They understand what defenses organizations have in place, like network and endpoint protection for example, and they identify methods to reverse engineer against it. So the biggest mistake I see is mindset.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

On the one hand, yes, unequivocally. There are risks incurred with most or all employees at home. Many companies have invested in better protection that is cloud-based, yet can monitor endpoints and user behavior. Advanced MDM solutions have also come in handy for administrators to maintain control remotely over software downloads, acceptable use, etc.

On the other hand there are a number of fundamentally different variables companies have to contend with — mainly using unsanctioned WiFi connections and if company-issued laptops and mobile devices aren’t locked down, browsing inappropriate sites can lead to malware infections, which can open up a gateway to a vulnerability that can lead to an exploit that can produce an entry point to other systems.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

Situational Awareness: The security landscape is evolving at a very fast place and there is no dearth of resources available for nation-state actors who are actively upgrading their skills and tools. For any organization to have a sound security and privacy approach, they must be aware of what’s happening in their operational environment for which they need to start consuming and analyzing threat intelligence.

Monitor Supply Chains: We have all seen how SolarWinds and Kaseya attacks opened up a pandora’s box for organizations when it comes to cybersecurity. As I mentioned previously, vetting vendors is no more just a procurement process. It is a core part of the security paradigm/strategy for any organization and it does not have to be a one-time process. We must continuously monitor the security compliance of our vendors and in fact go a step further and share intelligence with them so they are better secured and, in turn, we are better secured.

Automate what you should and not what you can: With threat actors going on a blitzkrieg over the last year, security teams need to move away from slow, manual and laborious processes towards more automated and collaborative workflows. This does not mean that we should automate everything. For example, most of the organizations leveraging threat intelligence have still not reached a maturity level where they can automate all response actions such as blocking any threat indicator that is flagged as malicious. A false negative alert can lead to operational downtime and have cost repercussions for the organization. This can be overcome through fusion of human intelligence with automated workflows for situations that require critical decision making.

Compliance isn’t everything: Achieving bare minimum compliance is good but the show must not stop there because threat actors don’t choose their targets based on the compliance score of organizations. Security teams must start thinking from the mindset of threat actors to identify attack pathways for reducing their exposure to successful attacks. Security is not a cost, it’s an investment.

Collaboration, Get all hands on the deck: Any sound security strategy must not limit security responsibility to only a select group of individuals. Although security teams lead the battle on this front, every individual within an organization must be involved as a stakeholder. In fact, organizations must look beyond their own perimeters to collaborate with their vendors, clients, and peers with shared sectoral interests through information sharing communities to achieve collective defense. Always remember, the majority of the attacks don’t involve new tactics because that is a cost for the attacker. We must continuously calibrate our security approaches and strategies based on intelligence-driven threat assessment for which information sharing is critical.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

Helping people become more cybersecurity-aware and actually doing something proactive to help protect our global economy, critical infrastructure, and human lives is what I am striving for. I want to change society’s behavior when it comes to cybersecurity. There is the concept of a global collective defense that we apply at Cyware that could help more broadly. People need to take it seriously, and people need to be proactive about how they can play a role in protecting our global economy. I would love to leverage our approach at Cyware in terms of how we enable threat intelligence sharing as well as automated threat response to help a broader subset of the population become more cyber-aware, and build in defenses into commonly used/hacked apps like social media platforms, for example, which would hopefully lead to more security-aware end user behavior, alongside more automation down to individual/consumer threat response. It’s a pipe dream, but I would love to democratize cybersecurity for the masses.

How can our readers further follow your work online?

They can follow us at Cyware.com, where they can read our news and consume useful resources such as our blog posts and threat intelligence feeds. I’d also love to connect on LinkedIn.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!