Get to know James Carder, CSO at LogRhythm, who has more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies; protects the confidentiality, integrity and availability of information assets; and oversees both threat and vulnerability management as well as the security operations center (SOC). Carder previously led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT).

Security magazine: What are the pain points CISOs face in remote work environments?      

Carder: COVID-19 caused a rapid shift for organizations operating on-premise to remote operation, spiking cloud usage and large parts of the workforce increasingly becoming users of SaaS-based services. This has, in turn, created new pain points for CISOs who are now struggling with the following top concerns:

1. Visibility and protection of the endpoint, how employees remotely access the corporate network and resources (e.g. VPN, RDP, etc.)
2. Visibility and protection of the user of the systems, whether that is by way of awareness training and education or by modeling their behaviors and alerting on suspicious activity
3. Visibility and security of collaboration technology and other critical business systems
4. Securing and compensating for new concessions that have been implemented to support business operations remotely
5. Monitoring for potential rapid changes to governance and security processes to best support a remote workforce

Unfortunately, even if companies previously had full visibility into their environments, that’s very likely no longer the case. Not only have the behaviors of a company’s entire workforce shifted, but companies have also never had to operate remotely at this scale before. Visibility, detection, monitoring and response technologies are major priorities for CISOs because vulnerabilities and cyberattacks cannot be identified and remediated if they cannot be seen.

Security magazine: How will security budgets change post coronavirus?

Carder: Unfortunately, due to the economic challenges stemming from the global COVID-19 health crisis, many organizations may face potential financial losses in the coming year. In the short term, the hardest hit industries will still acknowledge that they cannot short change their investment in cybersecurity. Security purchases can often have a three to six month selling cycle, and not until 2021 will companies realize the full impact of the pandemic on their finances, their workforce and their business. It won’t be until next year that we will witness reduced security spend.

On the other hand, if companies consider the fact that the volume of cyberattacks has increased amid COVID-19, it could reiterate the importance of investing in security. This could result in an increase in spend on security.

Nonetheless, security professionals will increasingly consider total cost of ownership (TCO) and value for the business, and seek out vendors who offer advanced licensing options and affordable costs. Security managers and CISOs must take on the responsibility of optimizing their security investment as it is not something organizations can sacrifice.

Security magazine: What keeps you up at night in terms of security and threats, and how do you see those evolving?

Carder: As someone who has been in the security industry for 20+ years, I’m always concerned if we have the visibility we need to detect, respond and mitigate threats to our company or, most importantly, to our customers. If we have a breach of our SaaS environment and lose customer data, it’s a significant risk and hit to our brand and our company. Ultimately, every security executive is measured by their ability to prevent breaches and have a defensible security position for the company when they do happen. If they don’t have the right things in place or missing elements, it could ultimately cost them their job.

Security magazine: What does the data breach landscape look like in the next six months?

Carder: We’re going to see a significant uptick, even more than we see today, in breaches of our remote employees. Many companies are loosening up the access to keep the business operational, hitting the “easy button” in some cases when they shouldn’t, which leaves them exposed. Additionally, collaboration technology and cloud platforms will be heavily targeted as they are being widely used across all industries. Organizations that offer the collaborative services, like Zoom, haven’t taken security seriously in the past resulting in several security incidents. As organizations that leverage these services are at risk, they should have a strong security posture to ensure they are secure.

Security magazine: What other opportunistic attacks – such as phishing scams – have you seen around COVID-19 so far?

Carder: Attackers are not using terrifically novel, new tactics during this time. However, there has been a significant amount of masquerading old attacks with a COVID-19 theme. For example, phishing attacks with URLs or domains and ransomware attacks that are COVID-19 related have spiked. They’re all traditional attacks that are being masked with what is timely to get the users attention and prey on their desire to seek knowledge about a rapidly changing topic. These masqueraded attempts have brought the security community closer with vendors freely providing threat intel on known domains, IPS and URLs. Companies have also introduced free capabilities to detect and respond to these attacks, and community channels to discuss and share information related to this, some even providing curated threat intelligence data for the members to leverage in their security operation.

Security magazine: What do you like to do in your free time?

Carder: There are many things that I used to like to do in my free time such as fish, golf, camp, workout, play and watch sports. However, I have a young family, with an amazing wife and two little boys (ages one and four), so my free time is dedicated to them. I’m slowly getting to sprinkle in some of my afore mentioned passions as the boys grow older, but everything still revolves around them. As a CSO or any security practitioner for that matter, you often spend way too much time on work than have free, so you’d better spend that free time wisely. You won’t get those years back with your family, so that is where I choose to spend mine.