Providing industry leading IT security services has always been a core aspect of Nucleus’ mission and we are continually evolving our IT security offering to ensure we remain at the forefront. As part of this ongoing evolution, we have recently launched our dedicated Cybersecurity Division and we’ve appointed long time team member, Wayne Chow, as our new Director of Cybersecurity to lead this team!
We sat down with Wayne to ask him some questions about IT security and how our clients and prospective clients can work on the health of their cybersecurity posture. The new year is a great time to evaluate where you are with your cybersecurity efforts and to determine if you have the right roadmap in place.
An Interview with Wayne Chow
Wayne, what would you say is the largest resistance in small to medium sized companies investing in Cybersecurity.
Well, cybersecurity CAN be costly to your business so there is a bit of resistance there. That said, I am a true believer that the cost of not investing in protecting your company far outweighs any kind of cost that would be associated with putting in preventative measures to keep your information, and your client’s information, safe. Loss of intellectual property and client data could result in millions of dollars and downtime for the organization.
We sometimes hear from our clients, “Oh we don’t need that level of security – we’re too small for anyone to care to hack in to our systems.” Well that’s simply not true. The effort that it takes to break in to larger enterprises these days is a slow game for hackers. Attackers may have to spend months or years trying to figure out systems before they succeed at an attack. Now with sophisticated software and brute determination, hackers target small and medium sized businesses with bots. Small to medium sized businesses don’t have that same level of due care as the larger corporations have. So, while it may be a smaller payout, it’s low hanging fruit and an easy win for an attacker who can preform these wins multiple times over easily. This makes anyone thinking if cybersecurity is worth the investment to really sit down and think about what would happen if someone attacked their business and what would be the ramifications and knock on effects to you, as a small to medium sized business, if that were to happen.
What is a ‘vulnerability’?
A vulnerability is any vulnerable point of contact that an attacker could pry in to systems and crack codes, obtain private information for fraudulent use, take control of your accounts, or conduct any other criminal activity related to your technical space.
What are some examples of vulnerabilities and where can they be found?
As an example, the most current vulnerability, which happens to be one of the most extensive reaching ones, has been named Log4Shell. You’ve most likely have heard about this one on the news and what the ramifications of this vulnerability are. More of this new vulnerability can be found here, and by reading our most recent blog on the matter here.
What is multi factor authentication (MFA) and why is it important for a company to make sure they are using it in every aspect of their organization?
Today just having a password isn’t enough to protect your accounts and infrastructure. With the advancement of computers and processing, millions of passwords can be brute forced to log into your account within a very short time. Passwords these days can also be found in leaked databases on the dark web and as such a new method of authentication is required to ensure you are identified as the correct person logging in. Multi Factor Authentication (MFA) is currently considered the minimum security stance now when trying to protect your credentials from being used by someone else. When MFA is used correctly, only you have the secondary authentication method to prove you are the correct person using the credentials entered. By adapting and onboarding this authentication method, it doesn’t matter if someone tries to enter your leaked credentials as they will not be able to get in. MFA also provides you with alerts that you may have had your credentials compromised at some point and then provides you the opportunity to change them.
What if a small to medium sized business has their own internal IT department, but just doesn’t have the expertise/ability to bring their cybersecurity to an optimal place? Can Nucleus help and how so?
Nucleus can help augment and work with your current IT staff to provide a better security stance. We all know that day-to-day IT can be overwhelming and in most cases we find that the on premise IT department is overwhelmed and puts security matters on the back burner. Nucleus can engage in a vCISO (Virtual Chief Information Security Officer) capacity to ensure the right IT security program is in place and that there’s a defined IT security roadmap. We have a lot of experience in co-managed scenarios, working along internal IT teams, augmenting, and extending their capacity.
Do you need cybersecurity to obtain business insurance? How can Nucleus help with this step?
Yes, in this new remote-first-workforce-climate, there are certain requirements that must be in place before an Insurance company will sell you cybersecurity insurance. Nucleus can help you navigate through these requirements to obtain the insurance you need to safeguard your business. We’ve see a lot of applications get denied over the last year, however, we’ve worked with our clients in these specific instances to deliver security initiatives to satisfy the requirements of insurance companies.
What are we doing at Nucleus to ensure we are keeping our clients safe today?
Clients who have adopted Nucleus’ Managed Security Services are covered by our multi-layer approach with an array of software, products, and services. There is no silver bullet solution to protect your business, gone are the days that just a firewall is enough. It takes multiple layers of security, these include but are not limited to:
- Email filtering
- Identity Management
- Next Generation Anti-Virus
- SOC Services
- Network and Traffic Monitoring
- Anti-ransomware monitoring and prevention
Explain social engineering and how it affects the IT world?
Not all attacks are digital and in some cases attacks revert back to the basics of human interactions, to gather info for malicious cybersecurity attacks. Social engineering uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
What is Security Awareness Training, what is the process, and how can it help businesses stay protected?
Security of IT Systems are only as strong as the weakest links and in some cases this is the result from a lack of staff training on cybersecurity matters. Security Awareness Training is continuous training to help keep your staff up to speed with the latest tactics and innovations from cybersecurity threats and hackers. Having staff understand and successfully identify what social engineering or a phishing attempt looks like could mean the difference between a breach to your organization or keeping your business safe. If you would like to learn more about our Security Awareness Training programs and how Nucleus can help, check out our recommended blog at the end of this interview or get in touch!
Who is Wayne Chow?
Here’s where we get to know Wayne a little more! Not only is he Nucleus’ new Director of Cybersecurity, but when he’s not working he’s enjoying time in his cycle community going the distance:
Wayne, what get’s you jazzed about 1. technology & 2. the world of cybersecurity?
Cybersecurity and Info security are becoming the forefront of IT and are now a main staple of any organization building out a new or existing infrastructure. I’m super excited to jump onto progressive technologies as I feel this is where new ground is being made in IT.
I am excited to move into a new chapter of my IT career and looking forward to developing and honing my skills to build out this new division for Nucleus. I excel and learn when I am challenged.
Where did your interest in the world of IT begin? How did you begin your career?
Video games and the the curiosity to figure out how everything worked. I was always taking apart all my toys to figure out what made them move and tick and this curiosity lead me to the world of IT and I’ve never looked back since.
My interest in programming and computers lead to my education in this field and eventually helped me find my first role in IT as a tier 3 support analyst within one of the BC provincial government branches.
What is your mission as the Director of Cybersecurity?
To ensure that Nucleus is at the forefront of the cat-and-mouse game and to ensure we have the right tools in the battle against any threat where attackers want to breach our clients businesses.
When you’re not at Nucleus what are you doing? What is your favourite sport?
When I have spare time, I try to get out and do some road cycling with friends and riding clubs.
What kind of road bike do you have and what gadget excites you the most about road cycling?
I have a carbon fiber road bike and the cool gadget or technology on this bike is wireless electronic shifting.
Most KM’s clocked in a single ride?
Favourite bike route in B.C?
A round trip ride to Whytecliff Park with a loop around UBC.
Traveller or Homebody?
If you could pack up and travel somewhere tomorrow where would you go?
Peru or New Zealand
Have you done any bike trips around the world? If so where?
Not yet but I would like to cycle the Paris to Amsterdam route.
Ability to stop or freeze time.
If you loved this blog and want more information about our Cybersecurity Division and Cybersecurity Assessments then check out another recent blog we wrote called “Assess & Educate Your Employees About Phishing Attacks“.