Gathering Threat Intelligence to Strengthen Security

Hi Hackers - it’s your BFF Amy Tom,

Picture this - you wake up, you make your coffee, you’re feelin’ great. You open your laptop and BAM - it’s locked and there’s a scary hacker message that tells you to call a number to access your files. It’s like a cheesy security training video BUT IRL? And it’s happening EVERY DAY? But on top of that, when you call the line, you’re talking to the support person of a hacker organization.

On this episode, Nour blows my mind when we talk about the logistics of hacking organizations. I never thought about the fact that cybercriminals have full-blown organizations, which means that they have admin people, accountants, customer service, etc. It’s WILD.

Nour and I also chat about threat intelligence and gathering data in order to make informed security decisions. In the age of Big Data and over-collecting information, I wanted to understand what we needed to look out for. But I’ll leave you to explore that on your own in the episode 😉

Stand up and listen in, Hackers! Nour Fateen, a Sales Engineering Manager at Recorded Future, talks to Amy about threat intelligence. They chat about the Threat Intelligence Lifecycle process of gathering data, analyzing it, and using it to secure your organization.

On this episode of The HackerNoon Podcast:

How did Nour get into cybersecurity? (02:00)
Where do people start when they want to set up their security stack? (07:06)
What kind of data do I need to gather to understand my organization’s state of security? (12:08)
How can people who have a technical background learn about cybersecurity? (18:02)
Wait, ransomware is a daily occurrence? (25:00)
Do big organizations create a ransomware budget? (31:50)

This episode is sponsored by Sonatype - the software supply chain security platform that reduces open source risk and minimizes exposure. Visit sonatype.com for more information.

Find Nour online:

Connect with Nour on LinkedIn: https://www.linkedin.com/in/nour-fateen-04024776?originalSubdomain=uk

Learn more on HackerNoon:

Read cybersecurity stories on HackerNoon: https://hackernoon.com/tagged/cybersecurity
Read about cyber threats on HackerNoon: https://hackernoon.com/tagged/cyber-threats
Read about this story written by a student, Aleksei Grokhotov, on HackerNoon about Threat Intelligence: https://hackernoon.com/what-is-threat-intelligence-used-for

Podcast Transcript

Machine-generated, please excuse the errors

[00:00:01] Amy: code smarter, fixed faster, and be more secure with Sonatype, the software supply chain security platform that is trusted by over 15 million developers. Sonatype helps developers to embrace code quality and open source libraries with confidence so that they can achieve. 10 times faster feedback loops. Yeah. 10 times faster feedback loops.

So visit Sonatype.com to learn more, anyways, onto the episode.

What's up hackers. Welcome back to another episode of the hacker noon pod. Do I sound more authoritative to you because I'm standing up podcasting and this is the first time I've done that. And I've heard that it makes you sound more appealing or more like presentive. So, you know, let me know how it's going, but I'm standing today.

Guys. It's a different vibe. But today on the podcast I have on newer fatigue, who is the. Sales engineering manager at recorded future. And we are going to talk today a little bit more about threat intelligence and cyber security, because he has a vast background in cybersecurity and helping. Businesses understand their threat landscape and better securing their or organization and their devices and their data.

So Nour, welcome to the podcast. How are you doing?

[00:01:44] Nour: Thank you for having me. Uh, I'm good. It's funny. You mentioned standing. I, my colleagues tried to get me to standing desks and I just try to do, they might need started to hurt, so I sat right back down. So I don't think that's.

[00:01:57] Amy: Yeah. Okay. I mean, I've also heard these things where like, people will get these, um, little treadmills for when they're like on meetings and stuff, and then they'll like walk while they, I don't think I can do.

[00:02:11] Nour: Uh, I don't have a muse or the patience for that. So I'm look, I'm all MRI, right?

[00:02:16] Amy: Yeah. I have the body of an 80 year old woman. I'm like, I cannot stand all day, but for one hour I am prepared to stand and present. So it's going to be. Awesome. Okay. So tell me more about you. How did you get to where you are

[00:02:35] Nour: today?

Yeah, so, uh, I, my name is Nora. I got to where I am. I, I left university. I, I didn't necessarily know I wanted to go into cybersecurity. I actually started my career at Cisco, uh, and that was more networking. So routing and switching and wireless and collaboration solutions and things like that. And then cybersecurity became something that Cisco became interesting.

Uh, not many people want us to do it. And so naturally I found it interesting because I always liked to go for something that's been more underrated. So I actually got into cybersecurity while I was at Cisco. I started to love it. And then by the time I wanted to leave Cisco, I thought, okay, well, why don't I take this one step further?

I joined recorded future way back in 2017. And I've been here ever since. So, uh, that's kinda how I got. Yeah. Yeah.

[00:03:23] Amy: So as I understand in your like sales engineering kind of role though, you're a manager now, but you must have spent a lot of time talking to people who do security at a high level, like CSOs or CTOs and things like that.

So with your job as a sales engineering manager, I imagine that you would have had to spend a lot of time talking to. The CTOs and CSOs and things like that, or people who do security out of our really high level.

[00:03:50] Nour: Yeah, absolutely. I mean, you learn that everyone is trying to figure out cybersecurity at the same pace and very fuzzy, a huge gap in knowledge.

And I think in cyber security, it's one of those industries that people kind of don't want to. That they are overwhelmed, but they are. And so there's a lot of ego and there's a lot of, and so you have to factor that in as a sales engine. Yeah. You don't want to make the person feel like there's so much for them to do that.

It can be overwhelming. And that's the biggest thing I've found in cybersecurity is that there's so much out there. Do not assume that the person you're speaking to. Their affairs in order because maybe they don't and they might be too shy to even bring that up to properly because our natural human instinct is to make it seem like we've got everything under control when we don't then that's, that's kind of what I've learned.

Speaking to security practitioners in different companies is that you just, you have no idea of what they're thinking and whether they do have things under control or not. It's completely up to the organization. Some are very good. Some need a lot of work,

[00:04:49] Amy: so, yeah. Wow. Okay. I am Simone. I'm smiling because I am thinking about.

Coming at cybersecurity, but from a business and sales perspective and that when you are a CDO or a CSO and you you're in charge of security for your whole organization. And it is this thing that has like so many different layers, you don't want to admit that you don't know what your

[00:05:14] Nour: exactly. And so who do you admit it to?

The vendors that's trying to sell you something, obviously not. Uh, they might take advantage of that effect. So who do you have to rely on? Maybe your community, maybe you don't

[00:05:29] Amy: and who can you trust also? Because it is security at the end of the day. So

[00:05:34] Nour: exactly. So who do you reach out to your community?

Maybe you don't have a very good community and you're maybe new to the CSO role, or you don't know that many people. Um, you don't have friends who are ex cops and, you know, former intelligence agency professionals, maybe you just don't have those contacts. So what are you going to do?

[00:05:50] Amy: Right. So then how can we as business owners better understand what we're working with?

Okay. The question.

[00:05:58] Nour: Um, I would say, I think we're very lucky right now that there's a lot of information about. So for instance, if you want to do anything in life, you're very lucky in the sense that you're maybe a Google search away from finding that out, right? There's no excuse anymore to not know what's going on in the world, because we have all the access to the information that, you know, on my phone, I can learn whatever it is that I want to learn that day.

So I would say dedicate a lot of time, either reading or listening to. The wealth of information that is out there. So there are some excellent podcasts out there. For example, there's one called cyber daily, which is excellent. For example, or podcasts like this, uh, you know, listen to people who work in the industry and read from the different sources.

So for example, ZD net, a bleeping computer, the registered. I mean, this is, these are like excellent publications that come out with good newsworthy articles every single day. So now when you, when you, when I, when I look at my Google news app, it's all just, you know, good cyber security updates. And then I get the headline and I get what's going on.

Maybe I might click and figure out more, but there's so much out there. There's really no excuse to not get yourself up to speed with what's going on right now. You're just a Google search away. Really.

[00:07:10] Amy: But the thing is it's like Barry overwhelming. So imagine, I mean, hopefully small businesses or businesses, big businesses, especially, but small businesses have like at least some kind of grasp on their security at least to start with.

But imagine being a small business owner in today's landscape. Um, having to set up your whole security posture, like where do you start? Um, and with all of the different security vendors and products that are available on the market today, and like, considering that you don't want to overcrowd your network and, uh, let all of these different vendors into your environment.

So like it, where do we start? Is, do we need encryption? Do we need network security? Are we looking at endpoint security? Do we just need data? Like

[00:07:57] Nour: what? Good question. Okay. So let's think about the absolute fundamentals. Okay. So let's say if you were to buy a house, you need the absolute basics. You need a lock on the door, you need locks on the windows.

You need some sort of fence, maybe an alarm system. Those are absolute basics. The equivalent of those in cybersecurity is basic network segmentation, firewall link endpoint agent. Uh, some sort of basic antivirus may be the ability to perform vulnerability scans, maybe IDs slash IPS, a good proxy, a good gateway.

So I mean, those things you'd be surprised how many clients don't want to focus on those basics, but then want something really extreme. And that's like asking for, you know, a SWAT team to monitor your house 24 7, but you don't even have the front door. At night when you leave. So you need to focus on the basics before you even graduate to the, the higher, the caliber of, of, of cybersecurity, weaponry, and defense mechanisms that we have out there.

So basic basics basics are proper segmentation, uh, access control, who can go where, uh, at what time, basic firewall and IPS, vulnerable to scans endpoint agent. And, uh, a good proxy. I'd say those

[00:09:08] Amy: are the absolute basic. Yeah. So, okay. So after we get past that then, right, like making sure that we have those just the basic network, segmentation, encryption, et cetera, what kind of information do we need as we grow?

And as we increase our security and our security intelligence. Yeah. This is

[00:09:28] Nour: when things got interesting. So now that you've graduated from those basics, then you can start to gather. Information or intelligence from other places. So you can collect intelligence from a source, right? And then you can implement that intelligence somewhere.

So for example, you are looking at a long list of IP addresses in your firewall, and you're not even sure which one to block, which one to pay attention to which one to investigate, you need some sort of external opinion on those. You can gather intelligence and then the intelligence comes to you, uh, fresh it's timely, it's accurate.

It's um, it's trustworthy, it's transparent. It's traceable. And then you can start to say, okay, well, thanks, intelligent source. I now know that maybe this IP address and that IP address are the ones that I need to focus on because those are command control servers, for example. So now I know out of the thousands that I would have otherwise just had to Google on my own.

And that's actually what some security practitioners do. Now I don't have to do that. I can just look and I can stand for which ones are actually. So that's when things starts to get really advanced, really interesting. So just like a country might gather intelligence and then act on behalf of the country, based on that intelligence companies can do the same.

So you can gather intelligence, you can, uh, consume that intelligence and then you can understand, okay, well maybe I need to fortify this area of my network or. Uh, these are the threats that I was missing every day, but they were actually quite important to me or actually I was wasting my time on spreads.

That weren't important. So it's very, it's very useful and actually quite game-changing to be able to bring in intelligence and then apply it locally within your environment. And it sounds like it's an advanced, but if you think about the everyday world, we do that all the time. We gather intelligence all the time.

We make intelligent decisions every day. You know, for example, I live in London, the weather is extremely unpredictable. I check the weather every day before I leave the house. So I know if it's going to rain or not, I've just consumed intelligence. And then I've made a smart. Why don't we do that in cybersecurity.

We never look outside for a source of intelligence. We always just kind of look within the network trying to figure things out, but maybe there's a good opinion elsewhere that we can get. That's how I would describe

[00:11:41] Amy: it. Okay. And, but in the age of data and data gathering, and there would be angle way too much to parse through.

What am I looking for?

[00:11:51] Nour: That's a really good question. So you need to first figure out what your priorities are. Okay. So is my priority. To help my poor SOC analysts. Who's having to go through ticket after ticket, after ticket every day is not my priority. If it is, then I can apply the intelligence to that person and I can make it very bespoke to them.

Is it the fact that maybe I'm seeing a lot of fake websites being generated with my logo on them? So for example, if you're a Nike or if you're a. Or Amazon every single day, someone is trying to create a fake page with your logo on it. And that has maybe troublesome for you. And it creates a lot of fraud and maybe it's swindling a lot of your customers.

So maybe that's a priority. Okay, well, that's brand focused, so we're going to apply it to brand. So you need to know what your priorities are as a business. Think about what is the absolutely. Doomsday scenario that could occur for your business and then apply the a and then apply a priority to that. So I might go to a client and they might say, all right, well, um, our brand is our number one priority, and we need to stop people trying to log in in these fake webpages.

That's a priority, and that is what would make or break the business. So then now we can plug intelligence to that, but to some companies that you've never heard of when they don't even engage. And users, that's not a problem because nobody is logging into them. Maybe their priority is working with other suppliers.

We get our steel from a supplier in India, and we need to make sure that their networks are secure because if they're breached, then they could make their way into our network. So there's different priorities for different people. So you really have to know what it is. That is a priority to you first, and then you can apply the intelligence accordingly, if that makes sense.

[00:13:28] Amy: Yeah, no, definitely. And now let me ask you this. What kind of people are the people who know how to do this stuff?

[00:13:37] Nour: Um, I would say. The good thing about intelligence is that it has to be very easily consumed. So if you're any level of security practitioner, you should be able to ingest and consume the intelligence that is given to you.

And if you cannot, that's a sign that you're receiving bad intelligence, right? Because it shouldn't require anyone special to action. So for example, both you and I understand. That a command and control server is bad, right. Or a company commander control IP address is bad. So if we see that. All we need is the proof.

And then we can action it according to me. But if I just told you, Hey, Amy, you know, this IP address was, was bad a week ago, and I'm not sure what malware pointed to, and I'm not sure what it did. That's not very actionable. That then requires me to be a specialist to investigate. That's not very good. So to answer your question, in theory, you could be any sort of security practitioner and be able to consume intelligence.

That's a sign that your intelligence provider is doing their job, because if they're not, then they're making it even more difficult for you. So I hope that I hope that answered your yeah,

[00:14:43] Amy: definitely. Um, and the reason that I kind of asked that too, is I think that in a lot of small businesses, I'm starting insecurity.

The security kind of falls on like the it manager, right? Like, and so you do you one, do you think that you have to be a security practitioner in order to understand and parse through this information and also not wait? That was the only. Yeah,

[00:15:10] Nour: I think so. Let's rewind late nineties, early two thousands, even up until maybe the late two thousands going into 2010 cyber became a priority.

Okay. You have a bunch of, of it staff and your. And you hire them to run the network and just the day-to-day routing and switching and wireless. And then one day the business decides that cybersecurity is a priority and you didn't have the time to go out and hire someone specifically. So you took one of your it guys or girls, or maybe two of them.

And you said, all right, you too, you're in charge of security. It security or sorry, network security. Now those two have to figure it out because they're not sure they don't come from a security background. They don't know where to start. So these people have had to develop skills over time and figure it out just like the rest of us.

So to answer your question, yes, I do think you need some specific security knowledge because networks security is not the same as just network admin in it. They're not the same thing in both worlds. Trust me. I used to be at Cisco. You had the network admins that were very good and excellent route intelligent what they did.

And they're very good at segmenting networks. And they're very good at creating networks and, and building and architecting entire giant networks for companies. It's not the same as securing a network. There are two very different schools of thought ideas. Now that I think about it, you'd want to merge those two worlds so that the architect of the network also knows how to secure it.

That's an ideal world. And I think as a profession, we need to converge to the same point where it's not, oh, I am, I'm a firewall. Oh, sorry. I'm a, I'm a wireless expert. I only know wireless, but then I know how to secure wireless. There should be the same person. Maybe I'm wrong, but I think it would cure the biggest problem we have in cybersecurity now, which is shortage of talent.

And if you grabbed all those network professionals and you educated them in security, you'd have a very powerful workforce that we just don't have in cybersecurity right now. Right.

[00:17:12] Amy: And as someone who has gone through this and learned the processes and. You know, security. How would you suggest that these network admins learn aside from podcasting?

[00:17:24] Nour: That's a good question. I spoke at, um, like, uh, uh, cybersecurity for the, uh, for the, for minority community here in the UK. So they, they hosted an event where it was, um, it was, uh, being black in cybersecurity. So it was promoting. Um, uh, from minority backgrounds to be in cybersecurity and to choose it as a background.

And I got the exact same question and I said, and I still say this all the time, which is you are one online course away from being a cybersecurity professional. And that is it. You are one good cybersecurity course from being a way to understand being, sorry, let me say that again. You're one cybersecurity course away from being able to understand.

Security principles. And if you know how networking works, you've already done about 50% of the work and that's it. So comp Tia security plus, uh, CIS SP um, what's another really, really good one. What am I thinking of? CISP and there's another one. These courses are online and you can study them for free.

It's all on YouTube or it's all on maybe some course that you can follow online. So you are one online course away from understanding cybersecurity. And I really mean that because I trained security sales engineers, and I have to train them in cybersecurity. And I know, and I've seen it for a fact. You are, it is that accessible if you want to understand it and learn it.

And I really mean.

[00:18:40] Amy: Yeah, definitely. All right, cool. So the other question I have for you is that like, as your career has progressed in cybersecurity over like, you know, say the past, like no six, seven years or something like that, um, however long it's been, how would you say that your conversations with your customers around security are changing in the sense of like, what are people caring about?

[00:19:04] Nour: Rudy? Good question. Okay. So I would say. First of all people are getting the average maturity of the person you speak to in the industry has become. Uh, much, much better. So, and by maturity, I mean, are their priorities well-placed and do they really get the bigger picture of cybersecurity? That's what we mean by maturity, right?

Um, a low maturity. I don't know what the, what the proper way to say that is, is that someone who's maybe fresh to cybersecurity is frustrated. Intelligence doesn't really have the pieces together in their head. And then a very mature client or prospect is someone who really understands that it has a fully fledged.

Up and running. They've got all the best tools, the most advanced tools, things like that. So back to answering your question, what have I seen? That's changed. Um, clients have become a lot more mature and they are starting to get the bigger picture intelligence. Isn't the niche of a niche of a niche anymore.

It's becoming a bit more of an obvious choice and. In any cybersecurity function, you need good intelligence, which is good because that took a long time to educate people on. Um, you are seeing a lot of people focused still on the most extreme events that can occur in cybersecurity. So I always use this example being targeted by a nation state sponsored group by government like Russia or China being targeted by them is like a lightning strike.

Okay. It doesn't happen very often. And when it does there's very little, you can do it. Okay, because it is just a forced and it comes out you, and it's not as explosive as a lightning strike, but it's it's as inevitable. And so

[00:20:40] Amy: probably when it hits it's too late,

[00:20:43] Nour: it's too late. Exactly. Exactly. So there are so many other things that can happen to you in your 24 hours in the day that are much more likely than being hit by light.

Right. And so in cybersecurity, if you plan. For, for, for just protecting yourselves against apt groups, you're basically preventing your planning for the most rare unavoidable high-risk scenario. When there are so many other things you could have protected yourself against in that same day, like opportunistic ransomware, like phishing, like misconfiguration within your.

Like someone using their corporate credentials to sign up for something that isn't corporate, like Mike Flowers online, or creating a Spotify account. All of those things can have way more impact on an organization, but they're just not as high-profile as an APD attack is. So back to your question. And the reason why I mentioned this is that I think as a cybersecurity community, we need to realize that there are way more everyday risks that deserve a lot more attention than just apt attacks.

[00:21:48] Amy: Ransomware specifically is a daily risk, a

[00:21:52] Nour: hundred percent because it's opportunistic, right? Just like if I was to go into the streets and start stealing iPhones in London, there's this really, there's this trick that everyone does. So it's very common. You're standing on the street and a cyclist will just come zooming by and grab your phone out of your hand.

Very common in London. Okay. Um, that is very common, but it's also very opportunistic. The guy on the, on that. Doesn't isn't targeting use specifically. They're just looking for a phone

[00:22:19] Amy: out there. They're just casting a wide

[00:22:20] Nour: net because casting a wide net rent somewhere is the widest net out there right now.

It is so opportunistic and this, and sometimes clients say what ransomware affects my industry. That's a non that's a non-question because it's, it doesn't matter which one targets your industry, because even if there was a true. It's probably just random and it's probably by coincidence. Ransomware operators are opportunistic by nature.

They are financially motivated. They do not care if it's Amy or if it's new, or if it's my grandmother, as long as that person can pay, that's what they care about. So they don't care if it's at the largest pastor manufacturer in the world. Or if it's Airbus or if it's Microsoft, they don't care. As long as that person is going to pay up.

That's what the, that's what they're looking for. So that's what I feel I still haven't seen when I speak to clients is that there's, there's this still, this assumption that ransomware is targeted and they can predict it by focusing on specific grants and where families. And I just don't think that's the case.

Yeah.

[00:23:20] Amy: Well, in this conversation, how would you differentiate between malware and ransomware?

[00:23:26] Nour: It's an umbrella term, ransomware as a type of malware. So malware has any software that maliciously targets your computer. And then ransomware is just a subset of that. So I would say

[00:23:39] Amy: like specifically the comp, like malicious actors who go into an organizations, network ransom, some piece of data or whatever, ask them to pay in order to release it.

And that's a daily occurrence. Wait. Okay. So like our people are criminal just being like, Hey guys. So like we've got some of your data now.

[00:24:02] Nour: Absolutely. Amy, it's that simple. Honestly, it can happen. It's so opportunistic. If you leave a port open, they are going to discount for that port and then find. It's like leaving one of your doors open in the house.

And if someone drives by they're going to go through that door, or if you use, if they, if they send a phishing email and someone falls for that clickbait, that's a perfect entry. So they don't care who clicks on that link. It was looking for someone who's done.

[00:24:29] Amy: I understand that. And I understood, I guess I really do understand like the frequency around somewhere, but I never let thought about what happens on the other side.

Like, so do these cyber criminals actually. We'll have to then like email companies and be like, Hey, we have your data.

[00:24:47] Nour: So do you usually in image, so look, let's talk about this. So your desktop will change to an image and then there'll be, yeah. So, so the desktop image, it depends on the ransomware

[00:24:59] Amy: Foundry, but usually the, of like remote lock or something.

Exactly.

[00:25:04] Nour: And then the desktop. Wallpaper that you have, we'll say, Hey, your files have been encrypted. You need to contact this email address or contact us on telegram or, or whoever or whatever channel they might choose with a unique identifier so that we can identify you. So this is it's as professional as reaching out through.

I dunno your, uh, your, your, your phone bill company, right? They're targeting so many people that they don't even know who you are. They're like, oh yeah, you're Amy. Okay, cool. You owe us $50. Oh, oh, you're Nike. Yeah. You owe us $3 million. So this is an enterprise. They run it like a business and they have customer support.

They have help desks. They have people you can reach out to it's run like a professional business and it's opportunistic. So it happens every. Single day guaranteed.

[00:25:57] Amy: Interesting. Okay. I find that fascinating. I never thought about like the logistics,

[00:26:07] Nour: because think of the money involved whenever those high, high surface. So these people, they are running a proper business. And so, and there's a lot of money involved. So Hey, you want to make sure that you. Psychologically tended to, to your victims so that they feel kind of like a Stockholm syndrome and they pay you because you're being so nice about it.

And do you want it to be accessible? So if they want to reach out to you and say, okay, maybe I couldn't get the payment to go through, how do I do this? How do I go to this link? Do you want in Bitcoin? Do you want end? You know, you need to be able to communicate. So the legit exactly. You used the right word, which is logistics.

Which people don't understand or sorry, it might not be as well known. Yeah.

[00:26:45] Amy: Yeah. How do you think they decide how much they're going to ransom

[00:26:50] Nour: for? So good. That's a really good question. I, I don't know. I, first of all, we've seen ransoms go up steadily, so our operators are getting a lot more brash with the run spins that they're winning.

So I remember a time where $1 million was a lot. Now we're seeing like 5, 6, 7, 10 million. Exactly. So, and I think, I think they know eventually who their target is. So they're not going to ask you or me for like $10 million, but they'll ask for an enterprise

[00:27:17] Amy: for it. Right. But like on the low end, what kind of.

Bigger. Are we talking like, are people actually going to ransom for 50

[00:27:25] Nour: bucks? No, no, no, no, no. You want to make it worthwhile because they have great service that they can use. They want to pay for the developer's time. They want to pay for the infrastructure. Maybe the VPNs or proxies they're using.

There's a lot of running costs behind this. Um, so they want to cover those costs and they want to make a living. So if you think about it, you and I, our salaries or the people listening to this, think about yourself. That's what that person is trying to make from that ransom. And they want to make it 10 times over because maybe they need to collect it from so many people.

So let's say I'm on the low end. If you target a medium-sized business, I bet the ransom will be at least a million, right? 800, at least, at least larger companies gone. I mean, it goes up to 17 right now. So. Yeah. Yeah.

[00:28:14] Amy: Okay. Imagine though, wait, imagine you're in a job interview and they're like, tell me about your previous positions and you have to be like, I, I worked at the help desk at a criminal organization.

Yeah.

[00:28:30] Nour: Now you've turned a new leaf and now you've realized that very unlikely, very unlikely. But that would be, I would say, I wouldn't say, think about this. How much did I say around some was on the higher, like 20 million,

[00:28:45] Amy: right? Yeah. 1720.

[00:28:47] Nour: Okay. It wasn't a drop in the ocean for large enterprise and yet.

Cybersecurity budgets aren't as big as they need to be. So you're not willing to spend the couple of million that it takes every year, but you're basically opening yourself up to 10 X that in ransomware payments and regulatory fines from your local government. But there's now for example, I think in the UK, Or w I don't want to get this wrong.

So some governments now enforce a law where if you suffer a cybersecurity breach, you then have to pay a fine. So you've paid ransom and you need to pay the government of fine for even being breached because you didn't have proper cyber security. So it's a cold. So this is the thing that we, we need to understand as an industry is that you might think that all these cybersecurity solutions are expensive, but think about how much you'll have to pay.

Eventually, if you have to pay ransomware rats, plus the fine to the government, it's a no brainer. Right. So why take that risk when there are so many other risks that you're not taking, right? Yeah.

[00:29:48] Amy: Do you think that big company is like, you know, Nike or something who experienced ransomware frequently have budget set aside.

To pay him for ransom.

[00:30:00] Nour: Um, I think they have budgets set aside for any sort of risk mitigation, so they must have, um, contingents in the market. See, what's the word I'm looking for? Um, you know, break this glass if

[00:30:13] Amy: you're gonna,

[00:30:16] Nour: oh, I'm sure. There's. Um, and th there's money set aside for disaster recovery. So that's the word I was looking for disaster recovery.

So I'm sure there's funds for that. And then ransomware will just eat into that disaster recovery.

[00:30:28] Amy: And then there'll be people at some point sitting at a boardroom and then being like, guys, we only paid six, a million dollars around some this year and great work, everyone.

[00:30:40] Nour: For now until ransomware payments get a lot more.

I get a lot more

[00:30:44] Amy: expensive. Yeah. Oh my gosh. This is wild. My mind doesn't pull out

[00:30:49] Nour: and, and, and now think about this. We only know about the ransomware victims that have actually come out and disclosed their breach, or the ransomware operated themselves have disclosed that there are so many ransomware.

And haven't even publicized because either their local government doesn't force them to, or they just don't want to do it for the reputational damage that it might cause. Right. So we're just working with what's publicly available, but there's so many other ransomware attacks that probably aren't, haven't been publicly disclosed that you would never know about.

[00:31:19] Amy: Yeah, exactly. We go back to the original point. Like I'm the CTO. I don't want anyone to know. I don't know what I'm

[00:31:24] Nour: doing. Exactly. You don't want. Exactly. Exactly. So there you go. Yeah.

[00:31:29] Amy: Wow. Okay. Yeah. So there's so many different layers of security and so many different things. It's just like so hard to wrap your mind around everything.

I feel the CTO CSO job must be so hard.

[00:31:42] Nour: It isn't, it's an intense job, but it's. Like anything in life, you have to boil it down. Sorry. You have to just, you know, really distill it down to its fundamentals. And when you do, then you realize that cybersecurity is all about from. Yes. Okay. Having advanced tools is very important, but I really think that fundamentals are the absolute core of cybersecurity.

Just like a castle or a house. You know, there's so many things that are so basic that could prevent a lot of the things that might occur.

[00:32:11] Amy: Yeah, definitely. Okay. Awesome. So, okay. Final question though. We touched on this a little bit throughout. What would be your recommendation for a business owner who has.

Oh my God, I don't know what I'm doing with my security.

[00:32:26] Nour: Uh, so they're starting from scratch, starting from scratch, or are they, and so like, let's

[00:32:31] Amy: do this whole podcast again. Um,

no. What is your final piece of advice for somebody who is just starting out with their

[00:32:43] Nour: security? With our security program? I would say, I would say, find another Seesaw and speak to them and ask them what. 'cause that's that's, that's also just a trick in life. You know, if you're ever going to do something new, find someone who's done it.

It's like getting that answers to the test before you sit the exam. So reach out to a peer and who you feel is the benchmark that you want to get to and ask them, what are you doing? And let them explain to you the importance of fundamentals. Good cybersecurity. Um, Uh, team people, uh, good tools, advanced tools that you need, uh, the importance of maturity and educating yourself, let them trust a peer explained to you what is really important so that you don't go and learn things the hard way you can just learn from someone who's already been down that road.

Yeah,

[00:33:34] Amy: definitely. Great advice. Amazing. Okay. Thank you very much for joining the podcast. Newer, if we want to find you online and what you're working on, where can we

[00:33:44] Nour: look? Yeah, absolutely. So, first of all, thank you so much for having me. Um, you can find me on LinkedIn move, full team. Um, you can also check out recorded future, which is the company I work for.

We're an intelligence provider. Um, the intelligence provider, I should say. So, uh, well, you can check out a record, a future.com. It's a, it's a really cool source of, of, um, of just cybersecurity intelligence. In general, we have a cyber daily, which is a daily newsletter that we send out for free, uh, which was actually a very good place to get up to speed with what's going on in cybersecurity.

Um, and, uh, yeah, that's, that's, that's how you can find.

[00:34:19] Amy: All right. Awesome. I will put those links in the show notes. If you guys want to go check it out, and if you want to find hacker noon, you obviously can find us at hacker noon on all of the social channels, as well as on hacker noon.com and for now, stand up, present your meeting, do your thing.

I am here. I support you. I feel your standup energy and we are all ready to crush it until next time. Day weird. And I'll see you on the internet by after noon podcast.