I am pleased to be able to speak with Jon Loew, CEO of AppGuard. Jon can you tell us about what your company does in the cyber realm and also a bit on your own background?
Thank you for the opportunity to participate in this interview, Chuck. AppGuard provides autonomous endpoint security for organizations around the world. Our technology has been proven effective in both the public and private sector, and features many revolutionary attributes. As a non-practicing attorney, I have a unique perspective into the concerns, and vulnerabilities related to cyber-risk for law firms.
Can you elaborate on some of those attributes?
Happy to. Firstly, our technology is described as autonomous because our software requires minimal updates and can function without any connection to the internet. It knows all it needs to know the moment it’s installed, so your laptop could be disconnected from the internet for 2 years. Plug that thing back in now and it will block zero day malware today (Obviously if a client has added new applications, we need to update policy settings to accommodate these as well). Next, the size of our software is less than 1MB at the endpoint, which is a fraction of competitors software. Lastly, because our software needs minimal updates, there is no CPU degradation (and certainly no file scanning).
Clearly, the legal industry is being targeted by cyber-attackers because they possess valuable financial records, IP, and medical data. This past year, LOGICFORCE surveyed and assessed over 200 law firms located throughout the United States. They found that every law firm assessed was targeted for confidential client data in 2016-2017 and approximately 40% did not even know they were breached.
From your unique perspective as both a cybersecurity executive and an attorney, what are the special challenges the legal industry in protecting data?
Law firms and associated attorneys play a special role in our ecosystem. We expect them (and they are expected) to hold our information in the highest confidence. We expect our communications to remain private, and we engage in conversations with them we would often not have with anyone else. While most enterprises are worried about protecting their OWN confidential info, law firms have to worry about dozens or even hundreds of companies’ confidential information. Further, Law firms will do almost anything to protect their reputations as trusted advisors. Lastly, Law firms have certain obligations that many other industries don’t currently have. Ethics rules that apply to the practice of law require a firm in some cases to notify ALL of their clients if data has been extracted from their enterprise regardless of how much data was extracted, and regardless of whether that particular client’s data was extracted. This can be devastating to a law firm. Hackers know all of this, and Law firms are starting to realize they are in the cross-hairs.
Cybersecurity, at its core, is risk management of people, processes and technology. In the legal community a practice is often multi- office, multi-device, and usually under a minimal IT and HR budget. Can you share how your AppGuard products and services are designed for the distinct law firm eco-system.
If you combine this with the fact that most law firms don’t have robust IT departments, they are unfortunately ideal targets for hackers. Many are relatively unprepared for attacks, and the reward for the adversaries are a high stakes bounty, the firm’s IP and confidential client data! Our software’s autonomous nature makes it extremely easy for even the most limited IT staffs to manage. Additionally, many firms (and their people) are also often spread out geographically, with confidential information sitting on endpoints (i.e. desktop, laptop, home office, etc). Once AppGuard is installed on these endpoints, the users are free to travel between offices, to and from work, do work on the road, and feel confident that they will not fall victim to a hack. IT managers can also feel comfortable knowing that their attorneys don’t need training for our software – with AppGuard on their endpoints they would not be able to detonate malware on their devices, even if they wanted to, let alone by accident.
2017 was a scary year with an upswing in global ransomware, phishing, and DDoS attacks in industry and government. From your review of the emerging cybersecurity threat matrix for 2018. What do you predict will be the top trends coming our way too watch?
We believe that the threat to small and large businesses will continue to grow, while many of our competitors play catch up. Attackers will increasingly use more advanced capabilities, develop new threat vectors, and devise malware that is even more “stealthy” in nature. This is particularly worrisome to many CISOs because the only thing more concerning than being breached is not knowing how long the breach has been on-going. Ransomware will continue to grow as a preferred method of attack because of the quick reward associated with it, and the anonymity of crypto-currency. All the training in the world will still not prevent a user on your enterprise from being tricked by professional tricksters. Companies will need to re-think the type of protection they are using, and will begin to utilize lesser known technologies as more well known vendors continue to allow breaches. We wish everyone a safe, hack free new year for 2018. But if you want to ensure a positive outcome, you should probably install AppGuard on all of your endpoints.
Thank you, Jon. It should be noted that Jon asked me to add a “smiley emoji” after his final answer because he knows it was a shameless plug for AppGuard. I’d say it was an effective one.