Don’t collect more data than necessary — so many organizations think that the more data they collect the more value they’ll be generating, but in reality, it just creates more risks. Organizations need to remember that they don’t know what value they are going to extract from collecting excess data. In order to mitigate risks, it’s critical that businesses only collect the data that they need.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Mohan Koo.
Mohan Koo is the Co-Founder and CTO of DTEX Systems, the first and only Workforce Cyber Intelligence platform to put humans at the center of an organization’s cybersecurity matrix. With 20+ years of global experience, Mohan is a widely recognized thought leader in the cybersecurity industry. His particular interest in the intersection between surveillance and privacy led DTEX to become the first-ever security vendor to implement a “Privacy by Design” technology platform.
Thank you so much for joining us in this interview series! Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
A very specific story comes to mind that led me to pursue a career in cybersecurity. When I was very young, my dad had a private accounting practice where I would often help to fold fliers, drop off mail, etc. At the office, there was one room under lock and key that was filled with filing cabinets — each one had an accountant’s name on it and only they had the key to access their assigned filing cabinet. One day, I came in to find this room had been completely cleared out and went to ask my father what had happened. As I listened to him explain that we no longer needed the filing cabinets because everything went digital, it prompted me to ask an important question: “how do you know who is accessing what?”
As it turns out, the way my father responded was the way almost every business leader responded — “that’s a great question, it’s the age of computers, we don’t need to know, everything is digital now.” This response never made any sense to me and it’s what inspired me to pursue this career. How can you hire hundreds or thousands of people and not know what data they’re touching? It was clear security was an after-thought moving into the computer age, and it took a long time for the market to catch up. This is what sparked my passion for helping organizations to define a balanced security approach.
Can you share the most interesting story that happened to you since you began this fascinating career?
The journey we’ve been on since launching DTEX has been extremely interesting. After starting the company in Australia, we moved to London to build the businesses. I remember reading the paper and seeing this company called FireEye had merged to become the biggest cybersecurity company of all time and remember thinking to myself, what would it take for us to get to that point? Just six months after the FireEye IPO, we got the call from Silicon Valley saying the next wave in cybersecurity is human behavior. While the move from Australia to London had been seamless, our move to Silicon Valley was met with a huge learning curve and has been a journey we are grateful for.
Before the pandemic hit, being on the core team of a Silicon Valley investment required being located in the Bay Area. That’s changed since that time, so I’ve made the transition from Silicon Valley back to Australia. With everyone working remotely it no longer matters where you’re located, so long as you’re able to work during the hours required and be flexible towards others in various time zones when needed. It’s been interesting to watch that mindset shift over the past year and a half, not only within our own company but throughout the tech industry.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
There are so many people that I’m grateful for that have helped me get to where I am today, but one that will always stick out is a woman named Susan Andrews. Long before cybersecurity started to become mainstream, Susan worked for the Australian Government and was charged with finding interesting startups for the government to give funding to. With DTEX in its infancy, Susan listened as we articulated what we were planning to do with the company, believed in us and gave us our first real starting opportunity. Having someone believe in us and our vision at that time had a huge impact.
Additionally, my father has also had a big impact on my life overall and from a business perspective too. He has always been focused on building a real business that delivers value, so I’ve watched and learned from him. Because of him, I’m focused on building a business that can withstand anything over the long term, not becoming a fly-by-night company to grow at all costs. I’m grateful he instilled this value in me early on as it’s remained top of mind throughout every stage of this journey.
Are you working on any exciting new projects now? How do you think that will help people?
There are always exciting projects on the go when helping customers proactively prevent cybersecurity breaches and profiling root cause behavior.
However, I’m super excited by the new strategic partnerships that are building through our engagement with the Australian Cyber Collaboration Centre (A3C). Our new partnership with MITRE Corporation via A3C has enabled ground-breaking research into the evolving Insider Threat landscape, looking specifically at how Insider Risk has changed with the shift to remote working. This research has helped to advance our technological capabilities and will be hugely valuable to our customers. We are now planning a series of briefings for Critical Infrastructure entities across the Five Eyes, where insider risk has been identified as an urgent priority. We’ve also formed a strategic partnership with Splunk through the A3C, where we’re working together to accelerate time to value from the SOC.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Work-life balance is the most important thing, especially during this pandemic. It’s no longer just about managing your own personal work-life balance but being able to do that in accordance with others that you’re living with. In fact, this balance is where we’re heading with our product, PULSE. Using data to measure employee burnout and identify the signs like working long durations with high intensity, for example, is key to helping employees thrive. However, just like everyone is capable of checking the amount of screen time they use on their phones, most of us aren’t very good at using it. People need to get better at using data to align priorities and keep in check.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What most excites you about the Cybersecurity industry? Can you explain?
Historically, cybersecurity has always been a technology problem, when in reality, it’s a people problem. For the very first time, people are starting to treat cybersecurity the same way they’ve always treated occupational health and safety. I’m thrilled to see the shift in thinking finally moving towards this. Cybersecurity is a safety issue — it ties directly into what we do online and the vulnerability that results from sharing personal data with organizations that don’t protect it. People are finally starting to understand that cybersecurity is about personal safety, health, and well-being because all our data is out there now with our personal devices continuously recording information. DTEX has always put the human at the center of cybersecurity, and it’s exciting to be at the front edge of this as we see the industry start to do the same!
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
Looking ahead to the future, the biggest critical threat is nation-state actors or highly motivated terrorists. The only reason we haven’t had longer-term and more damaging catastrophic events from security breaches is not because people aren’t capable of executing them, it’s simply because they haven’t yet decided to do it. Back in 2010, a self-replicating computer malware, known as a worm, was released to infect and disable industrial control systems. This “Stuxnet” worm was able to hack into, control, and eventually disable an Iranian power plant — imagine what’s possible now, more than 10 years later. Bad actors and nation-states haven’t yet been motivated, but at some point, they will. How well we are monitoring critical infrastructure for insider risks to prevent the root cause behaviors that ultimately allow bad actors and foreign interference to take hold?
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
DTEX enables customers to detect root cause behaviors before they escalate into a breach. Often this involves preventing malicious actors from getting away with their intended crimes before it’s too late. In 2019, DTEX played a key role in detecting and preventing the theft of sensitive Australian citizen data by a Chinese national employed by a large Australian critical infrastructure entity.
In this case, our InTERCEPT platform detected unusual file search and reconnaissance activities by the employee, leading our customer to place them on a ‘persons-of-interest’ watchlist. Suspicions were confirmed when they subsequently downloaded personal documents including passports and other identification documents for specific Australian citizens. Australian Federal Police joined the investigation and engaged Australian Border Force officers to arrest the suspect as he attempted to board a flight to China with his family. His initial plea of ‘not-guilty’ was overturned when the DTEX evidence packet was submitted to the courts and showed clear behavioral evidence linking the suspect to the crime. Having attained a successful conviction with DTEX data alone and without the need for any additional forensic investigation, this case has become a shining example of how damaging insider threats can be detected and neutralized with the right combination of technology and best practice.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
From a DTEX perspective, we use our Workforce Cyber Intelligence platform every day. In my personal life, I just make it a point to practice basic security hygiene. I use multifactor authentication tools, am selective about the applications I use, and cautious about how I’m sharing personal information. It’s just about adopting the right practices, not necessarily the right tools.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
I’m working on a very interesting project right now helping the government in Adelaide, Australia address this question. We were tasked with building a cybersecurity ecosystem and one of the biggest gaps in national security turned out to be maturing security in small (0–200 employees) to medium (200–1,000 employees) enterprises. The problem with organizations of this size is, when it comes to determining solutions, they often don’t know how to address the problem, or they don’t have a budget to spend. The average SME doesn’t have a dedicated security person or even an IT person, it’s either an individual wearing multiple hats or an outsourced individual or team. Working with Telstra Enterprise, we identified that SMEs are prepared to spend about $10K per year on cybersecurity, where a provider would need $25–30K per year to deliver the product at a profit, clearly leaving a significant gap.
We are currently working on a pilot project with Telstra as the provider that aims to close that gap. By building the right cybersecurity stack for these small businesses and negotiating price points with vendors for that segment of the market, we’re able to collectively reduce the gap and provide a suitable offering to uplift the resilience of the SME. It requires collaboration at all levels, both state and federal government, service providers and security vendors all coming together for the greater good.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
You don’t have to be a cybersecurity professional to recognize anomalous behaviors and activities. Some examples of this include working strange hours, accessing files that aren’t pertinent to an employee’s job description, and transferring or moving files. Any behavior that strays from the norm may be an indicator that something is amiss, which is why it can be so hard to detect. With workforce cyber intelligence capabilities and a proportionate increase in transparency of user behavior, organizations can proactively pinpoint unusual employee behaviors to quickly determine an employees’ intent, backed by evidence when needed.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
The most important thing a company can do to protect itself actually happens long before the incident occurs. The number one thing that organizations get wrong is their communication strategy. Nobody expects a company to be breach-proof, but everyone expects you to be ready to respond quickly and engaging confidently with all the right stakeholders to ensure a strong protective outcome for everyone involved. To sum it up, having a cyber preparedness plan is the holy grail, and when done right, can actually end up painting you in a better light than before the breach occurred.
From the beginning, DTEX has baked in privacy-by-design across all of its product development, so none of these new privacy measures have impacted us. In fact, when GDPR came around, we were already 100% compliant since the balance between surveillance and privacy has always been a key focus for us. Other organizations have not given privacy nearly as much thought or attention as they have security, and big tech might be the worst culprit of this. Historically, they follow the privacy guidelines as needed and extract every other piece of data they can. This isn’t the right way to approach the system, so these privacy measures are changing the landscape dramatically.
What are the most common data security and cybersecurity mistakes you have seen companies make?
The most common security mistake that employers make is with their people by not fostering an engaged workforce. When employees don’t feel trusted or valued, this often leads to bad behavior which in turn leads to cybersecurity breaches. Hackers don’t hack computers; they hack people. An un-engaged workforce opens the door for outside attackers to find a way in through employees.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
1) Strive for an engaged workforce — you want your employees and contractors to feel trusted, valued and do the right things. The more willing a company is to drive this engagement, the fewer breaches it will have by default. There is no security solution or tool that can provide more for an organization than its own people can. Humans are the new firewall — they can either be your greatest asset or greatest liability — the choice is yours.
2) Understand your employees — understanding your employee behavior and the context around it is key to tightening up your cybersecurity and data privacy. In today’s ‘new normal’ work environment, thwarting Insider threats is harder than ever. Insight into the who, what, when, where and how employees and third parties interact with data, machines, applications and their peers as they perform their responsibilities, is more important now than ever before.
3) Don’t collect more data than necessary — so many organizations think that the more data they collect the more value they’ll be generating, but in reality, it just creates more risks. Organizations need to remember that they don’t know what value they are going to extract from collecting excess data. In order to mitigate risks, it’s critical that businesses only collect the data that they need.
4) Don’t retain data longer than necessary — retaining data longer than needed only exposes your company to additional costs and security risks.
5) Know your supply chain inside and out — the recent SolarWinds attack is one of many that highlights the growing risk of third-party partners. As businesses continue to become more reliant on external providers to enable remote and hybrid work, the risk associated with supply chains is growing at an unprecedented rate. Being able to view the entire insider threat kill chain is more important than ever before.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
The biggest change I can make for the world is to influence the employer community to understand that the best way for a business to drive profitability and reduce risk is through an engaged workforce. An organization’s biggest asset is, and always has been, its people. Engaged workforces that feel trusted, valued and protected are going to deliver the best result with the least risk. I truly believe that it isn’t about the technology, it’s about people. Companies that go that extra mile will shine through.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!