CIO Influence Interview with Aaron Bugal, Field CTO, APJ at Sophos

“Asset inventory and management are key to starting off on the right foot toward a holistic ZTNA model.”

Hi Aaron, please tell us a little bit about your role in the company.

How did you arrive at Sophos?

I’ve been fortunate to be part of the Sophos family for nearly two decades now. My journey began in 2006 when I joined as a Senior Sales Engineer. Over the years, I’ve been deeply involved in helping our customers, especially in the Asia Pacific and Japan (APJ) regions, to understand, deploy, and effectively use our next-generation cybersecurity solutions. My role has since evolved, and I recently transitioned to the position of Field Chief Technology Officer for APJ in early 2023.

October Cybersecurity Awareness Month: Top 50 IT and Security Professionals Share their Strategies

My core responsibilities lie in ensuring our customers adopt cybersecurity as a service, providing them with insights into the ever-evolving threats in today’s digital landscape, and advising on the best defense mechanisms against these threats. My work also takes me beyond our immediate customers, as I often engage with business leaders, security professionals, and journalists, both as a media commentator and public speaker. I always aim to shed light on the latest technologies and strategies required to keep organizations secure. It’s been a rewarding journey, and I’m excited about the value I bring to Sophos and our stakeholders every day.

How has Sophos changed the opinion of CIOs and CISOs regarding MDR services in the last 2-3 years?

Sophos’ Managed Detection and Response (MDR) solution provides proactive protection against evolving cyber threats, detects and mitigates advanced malware and ransomware attacks, prevents data breaches and unauthorized access to sensitive information, offers real-time threat intelligence to stay ahead of emerging threats, and ensures compliance with industry regulations and data protection standards.

When delivered as a premium service this not only enhances the cyber resilience of the protected organization through augmenting its security services, but it also enables the business to focus on its core offerings and functions rather than getting bogged down in daily security noise.

First introduced in October 2019, Sophos has seen great success with its launch of Sophos MDR.

Top 15 AWS Cloud Migration Partners You Can Rely on for Total Digital Transformation

Recently reported on 1 May, Sophos is already processing more than 150 million alerts from nearly 30 other security providers – growing its customer base by 33% in 6 months. The service now protects more than 18,000 organizations worldwide and has doubled in size year-over-year as the industry’s most widely used MDR offering. This is a testament to how CIOs and CISOs understand the value that MDR has brought to organizations over the past few years.

C**************! Sophos Central recently turned 10! Could you tell us about its unique features and capabilities?

Thank you! We’re thrilled about hitting a 10-year milestone with Sophos Central. Over the years, it has evolved and stood out as a premier unified console for managing our various cybersecurity solutions.

Here are some of its distinct features and capabilities:

Unified console:

Sophos Central provides a single pane of glass to manage a diverse range of our products, making it easier for administrators to have a comprehensive overview without the need to switch between different platforms.

Synchronized security:

It brings together endpoint, network, mobile, email, and encryption into a coordinated system, offering better visibility and easier response to incidents.

Rich reporting and analytics:

Sophos Central equips users with detailed insights and reports, which are instrumental for businesses to evaluate their security posture and take timely actions.

Granular role-based administration:

It allows for customized access depending on the user’s role, ensuring that the right personnel has access to the right tools and information.

Global threat intelligence:

With SophosLabs integrated, our users get real-time information on global threats, ensuring they’re always a step ahead of potential security incidents.

Flexible deployment:

Whether you are looking for an on-premise, cloud, or hybrid solution, Sophos Central offers the flexibility to meet the unique requirements of every organization.

In essence, Sophos Central is not just a management console; it’s a holistic platform designed to streamline, enhance, and simplify the entire cybersecurity management process. Over the past decade, we’ve continuously refined and expanded its capabilities, and we’re excited about what the future holds for our users.

How has Sophos Central delivered on its promises in the era of generative AI-powered ransomware attacks?

It’s evident that generative AI tools, such as ChatGPT, have had both positive and negative impacts in the digital realm. While they’ve enabled better content creation, they’ve also been exploited maliciously, as we’ve observed a surge in enhanced scam lures built using these tools.

At Sophos, we understand the evolving challenges these AI-powered threats bring.

Everyone needs to be cautious and discerning with what they encounter online, especially u********** content.

Latest AMD Report Finds, AI Development Outpacing Current IT and Security Readiness

Basic principles such as pausing to validate information, seeking assistance in case of doubt, and always erring on the side of caution, play a significant role in identifying and thwarting these AI-generated scams.

On Sophos Central’s role in this era, we’re deeply invested in AI research and its applications in cybersecurity. Our dedicated data science teams are working tirelessly to harness AI in strengthening our defenses against the sophisticated techniques employed by cybercriminals. We’re not just reactive but also proactive in our approach. By understanding and adapting to these emerging technological threats, Sophos Central has been delivering on its promise of providing top-notch cybersecurity solutions in this challenging era.

While the broader impact of AI in scams is still unfolding, the importance of vigilance cannot be overstated. With rapid technological advancements, potential targets like retirees become more vulnerable. Our goal at Sophos is to ensure that as the threat landscape changes, our protective measures evolve to offer robust defense mechanisms to all our users.

Data encryption followed by a security incident is at an all-time high.

What does your recent report on the ransomware trends say about the correlation between data attacks and encryption?

The Sophos State of Ransomware 2023 report highlighted that 76% of ransomware attacks resulted in adversaries successfully encrypting data — a peak since we began this analysis in 2020, and a pressing concern in today’s digital landscape.

Interestingly, paying ransoms doesn’t necessarily offer relief.

Organizations that did so almost doubled their recovery costs compared to those restoring from backups. Moreover, paying the ransom led to protracted recovery times. 45% of organizations relying on backups restored their operations within a week, whereas only 39% who paid the ransom achieved similar speeds. Though ransomware attacks remain consistent at 66%, we’ve observed that encryption rates have surged post-pandemic. The driving forces behind these attacks are primarily exploited vulnerabilities, accounting for 36%, and compromised credentials at 29%.

A concerning trend we identified is the ‘double dip’ method, where not only is data encrypted but also stolen, as seen in 30% of such cases.

The education sector also emerged as a prime target, with nearly 80% of both higher and lower education institutions falling victim. It’s alarming to note that 46% of affected entities paid the ransoms. Larger corporations, especially those with revenues exceeding $500 million, were more inclined and potentially influenced by specific ransom-covering cyber insurance policies.

In essence, our findings underscore that ransomware remains a formidable challenge. But the silver lining lies in critical proactive precautions such as strengthening defenses, maintaining security hygiene, and ensuring vigilant 24/7 threat detection. Rapid detection and response can significantly alter the outcome, and the effectiveness of human-led threat hunting and swift action cannot be overemphasized in this context.

Which industries are at the highest risk, according to Sophos report? How can Sophos thwart these attacks?

If you look at the data, we see a greater number of successful attacks carried out on the manufacturing, educational, and healthcare-based verticals.  Stopping these attacks postmortem is all too easy and typically points to failures in basic cyber hygiene not being adequately performed. Missing patches, poor cyberculture, and lack of effectively tuned technical controls provide easier access to cyber criminals.  Sophos’ defense, if applied in these scenarios, not only would have identified the attacks as they were initially forming against their targets but also identified the risks and issues prior to their exploitation. This is a key benefit of Sophos Managed Detection and Response. Being able to collate cross-vendor data and correlate it into meaningful and actionable intelligence to prescribe preventative maintenance and corrective actions to mitigate risk. And, if need be, identify and neutralize an active attack if one forms.

According to your assessment, which organizations are at the pinnacle of the highest levels of cybersecurity full-proofing?

No industry is ever completely safe against cyberattacks; however, healthcare is at particularly higher risk compared to other industries due to its access to sensitive data. This information can range from patients’ health data to their payment details, which, when centralized in a single location, can be equivalent to cybercriminals hitting goldmines upon a successful attack.

HammondCare, one of Australia’s most innovative health and aged care providers, is acutely aware of the threat these types of attacks pose, as well as the increasingly complex and sophisticated methods being used. It is also aware that it is crucial for healthcare providers to have rigorous levels of control and governance over their patients’ sensitive data, and for real-time, managed security to provide constant vigilance over their systems. This is why it uses Sophos MDR to help defend its network and data 24×7.

What kind of preparation and infrastructure maturity does an organization need to build a ZTNA-centric cybersecurity framework?

What are the other ways that you would like to propose to the CIOs and CISOs?

Asset inventory and management are key to starting off on the right foot toward a holistic ZTNA model. Understanding what devices and the users operating them, what applications and services they access, and methods in identifying typical behaviors are integral to foundational changes to how we network.

ZTNA enabling technologies provided by vendors who have deeply rooted security functions and ties into a multitude of authentication and authorization platforms (identity providers ideally) can help promote ideal and secure access to shared and decentralized information. Constantly evaluating multiple facets of a user and their devices ensuring healthy security posture, sanctioned application use and access, embedded instrumentation, and telemetry, back to a security platform that is constantly monitoring for both internal and external abuse and threats will make for a robust foundation as you journey into a true zero trust environment.

Could you tell us more about the role of AI technology in the cybersecurity landscape?

What’s your roadmap?

AI (Artificial Intelligence) has revolutionized the way IT security professionals think about cybersecurity. Newer AI-powered cybersecurity tools and systems have the ability to support providing even better data protection against threats by quickly recognizing behavior patterns, automating processes, and detecting anomalies.

AI can monitor, analyze, detect, and respond to cyber threats in real time – primarily monitoring and analyzing behavior patterns. Using these patterns to create a baseline, can detect unusual behaviors and restrict unauthorized access to systems.  AI can also help to prioritize risk, and instantly detect the possibility of malware and intrusions before they begin.

When implemented properly, AI can serve as the engine for security automation, which frees up the time and resources of employees by automating repetitive tasks. AI can also reduce the occurrence of human error by removing humans from a task or process.

The need for always-on security operations has become imperative. However, the complexity of modern operating environments and the speed at which cyber threats enter an environment make it almost impossible for most organizations to successfully manage detection and response on their own. That’s where MDR comes in.

AI and ML are already transforming the way security operations centers (SOCs) deliver MDR and other managed security services.

By leveraging these technologies, SOCs are strengthening their MDR capabilities, operating with greater efficiency, and achieving stronger resilience in the face of ever-evolving cyber threats. AI can help improve the speed and accuracy of MDR by taking on more of the heavy lifting in 24/7 threat detection and analysis.

Your take on taking InfoSec and DevSecOps innovations pertaining to the Healthcare and Government infrastructure

I worry about healthcare providers, especially those that serve the masses in the public hospital space as they have a need to openly share information within their environments quickly and without friction. This open method of operation has increased risk to healthcare providers as we move deeper into the information age – our most sensitive facets of information collected and stored within healthcare providers make for a juicy opportunity for cybercriminals.

Information security is integral within healthcare providers. Complacency is inexcusable within the industry as there are regulations and laws around how medical information needs to be handled. While there is a critical need to focus on core business (healthcare provisions and services), having an equalized level of cybersecurity prevention is equally important.

The continual development of better security operations within healthcare is a great way to highlight the benefits of how a fast-moving and critical industry needs to have cyclic security functions that are largely autonomous yet deeply informative when required.

Focusing on the core deliverables of the business and being able to evolve security functions without needing to drastically alter the flow of business is a sign of great ‘shift left’ practice being adopted and implemented by the cybersecurity service provider.

What I mean by ‘shift-left’ is that security has become a culturally important business unit within the provider coupled with a blend of security design. In terms of process and technology, it has worked its way into organizational functions and systems. It’s a great example of how things need to be within an industry, and it makes for a sound template to take into any vertical and adapt for better cybersecurity outcomes.

Thank you, Aaron! That was fun and we hope to see you back on CIO Influence soon.