Repelling A Ransomware Attack: Glen Day of NVISIONx On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Repelling A Ransomware Attack: Glen Day of NVISIONx On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware AttackAuthority Magazine Editorial StaffFollow12 min

read·Aug 5, 2022 --

Listen

Share

You first need to know what data matters most. Across the enterprise, everything is a target. Don’t get overly focused on just protecting regulated data. If you are a high-tech company, you

really want to protect your IP. If they target a high-tech company, they will likely get more money by selling their IP than getting ransom for customer privacy data.

Ransomware attacks have sadly become commonplace and increasingly more brazen across organizations of all sizes. Huge enterprise businesses, gas pipelines, universities and even cities have

been crippled by ransomware and forced to pay huge ransoms. What can a business do to prevent and recover from a ransomware attack?

In this interview series, we are talking to cybersecurity experts who has shared insights from their experience and expertise about the “5 Things You Need to Do to Protect Yourself or Your

Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Glen Day, Founder and CEO of NVISIONx, an innovative, smart data company that solves the

challenges as to why breaches continue to happen and what makes privacy compliance so difficult.

Founded in 2018, NVISIONx’s Nx Platform is changing the game to shifting business, Cyber and IT leaders by empowering them to better control their data (proactive) rather than the data

controlling them (reactive). The Platform broadens the focus beyond risk and compliance to include major cost reductions and identification of new value from existing information assets. By

visually profiling business and cyber data, our customers can better protect their most valuable data assets while also disposing of data liabilities that may be toxic or have no value.

Glen has extensive experience in both leading operational programs as well as being a trusted advisor to some of the biggest companies in the world. His extensive client and operational

experiences have shaped his perspectives to help him change the way companies see and manage data. Prior to NVISIONx, he spent more than eight years at Ernst & Young LLP (EY) as a

Cybersecurity & Privacy Partner with a strong emphasis on intellectual property (IP) protection and other high-value information assets.

As a retired US Navy Commander who specialized in Information Warfare, and as Los Angeles County’s first Chief Privacy Officer, Glen knows what it means to design and implement effective data

controls in very large and complex organizations. His professional experience and foundation have provided him with the operational focus and unique experiences to develop the strategic

vision for the Nx Platform.

Glen has a Bachelor of Science Degree in Applied Mathematics from the University of Southern California and obtained his Master’s in Information Management Systems from the Naval

Postgraduate School. He is passionate about helping business, privacy, and cybersecurity professionals make more informed decisions on what data to protect and what to purge.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how your career choices led to where you

are now?

After graduating from University of Southern California, I was commissioned as an officer in the US Navy and retired as a Commander in Information Warfare. I took a number of leadership

roles with Accenture Booz Allen Hamilton and later had the privilege of being the first Chief Privacy Officer for LA County. I was also involved in three other high-tech startups that were

acquired by AOL and Sun Microsystems. Throughout my career, I was always involved in dealing with massive data sets that were dispersed across very complex networks and applications. Data is

the bloodline that fuels everything- from strategic business decisions through some of the world’s most innovative products and services. Knowing how to best protect those digital assets is

my passion and we’re on a new journey to finally switch the game from companies being cyber victims and become victorious data defenders.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

Having led a number of cybersecurity operations in the military, I’ve had extensive exposure to a lot of highly sensitive data that included some of the nation’s most confidential

information. If this highly sensitive data was breached, the impact would be much more detrimental than a regulatory fine. Information security, as we called it back then, was in the very

early stages, but I realized that data security would eventually be crucial for every company. This epiphany allowed me to reinvent myself and transition from a strictly technical operations

role to one that could leverage my expertise in the commercial realm. It was indeed something that I evolved into rather than saying, “Hey, let me quit my day job and do this!” Initially,

it was more of a collateral duty that eventually became my passion in which I never tire of finding creative solutions to very complex cyber concerns.

Can you share the most interesting story that happened to you since you began this fascinating career?

I was working for a leading high-tech company during an $8 billion intellectual property sale to another global software company. The transaction had an aggressive acquisition timeline with

substantial financial penalties if it was not done right and on time. The opportunity was a massive data carve-out for about five billion files distributed globally across 13 different data

centers and then sorting the data in terms of the merger & acquisition agreement. Even though the data the core focus was on intellectual property (IP), there was also a need to address

legal contracts, business strategies, financial documents, employee data, etc. The goal was to determine which information belonged to our party and which to the other party, as well as how

much data was either useless or potentially legally toxic. Per the agreement, it needed to be done within 90 days. If it were not done within that time, there would be an $100 million

penalty for every month of delay after the deadline. Those search and classification challenges inspired the concept of “purge the junk and protect the jewels.” In the end, we successfully

completed the initiative with great success and ahead of schedule in which both companies accepted the final data disposition plan without concern and the deal was completed ahead of

schedule. This reaffirmed a model I had been conceptually working on for decades and finally got to prove its feasibility.

You are a successful leader. Which character traits do you think were most instrumental to your success? Can you please share a story or example for each?

You have to be a thought leader first. That’s something that many people assume — that they are experts in their field but many struggle to offer new insights other than best practices. That

leads me to my second point: you also need to have leadership acumen. You have to be a leader and have the capacity to personally step up and take point. You don’t get always get selected

and at times you have to just take the reins and say, “I’m going to work with my team members to do what it takes to achieve a certain vision that will deliver meaningful outcomes.”

Finally, you have to be a ‘people person.’ You can be the greatest thought leader in the world; you can have the greatest attitude, but if your people don’t trust you, if your people don’t

follow you, then there is no one to lead. So those are the three things that I believe make a true leader. Typically, if you do that, then you are going to build a phenomenal team around

you.

Are you working on any exciting new projects now? How do you think that will help people?

Right now, we are focused on helping companies to gain greater data visibility to better understand their massive data stores to make better decisions of what to protect and what to purge. A

key part of that is creating a complete and actionable view of their data. Not some of it, but all of it. This involves having business leaders and cyber teams work together to protect what

matters most.

This starts with a data-first approach and helping business professionals become their own data analysts in identifying which data is most valuable, where it’s stored, and who should have

access. Once they iron out those details, this informs the cyber team how to reconfigure data protection controls based on this crucial business context. When controls have the proper

business rules, they work more effectively and with dramatically less false alarms. This is how data protection is done right and more proactively.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

I have been dealing with cyber-attacks in large, complex companies for a few decades. I’ve seen the evolution of ransomware and other sophisticated malware attacks upfront and the

detrimental impact that it has had. I’ve had close experiences with companies who’ve been forced to play the game of “Okay we’ve just been hacked and are demanding massive payments in

bitcoin to avoid further pain, now what?” Ransomware in particular was always supposed to be mitigated much in the same way as if a natural disaster, fire or earthquake had occurred. Retire

the affected system, restore from backup and bring it back online to continue operations. The fact that at times it’s easier to pay the ransom than to recover from backup data is a clear

sign that companies are struggling to better control and understand their massive data stores.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page, let’s begin with some simple definitions. Can you

tell our readers about the different forms of ransomware attacks?

Today’s ransomware attacks are typically multi-faceted and often well-planned. They’ll either encrypt your data in place or say, “if you don’t pay the ransom, I’m going to post it on a

public site like WikiLeaks.” They may also delete the original files or databases and store a copy somewhere else — truly like a ransom. In either case, they will then add pressure for a

timely payment to include threatening to publicly shame the affected company or release other cyberattacks such as denial of services attacks that prevents access to their websites The

hackers are highly motivated and will continue to create new ways to do very bad things. It’s also hard to say that even if you pay the ransom, you can now trust the data that was

manipulated by the untrusted source. The hacked data may have been tampered with including having new ransomware for a follow-up attack. You paid once. Why wouldn’t you pay again?

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

I think anyone who stores valuable data should be concerned about no longer having access to it. If that data were to get posted on WikiLeaks, would companies have a reason to be concerned?

That is the litmus test. Ransomware attacks have now become a billion-dollar business. The bad guys are taking a business approach to optimize their returns. They are now looking at your

cybersecurity insurance policy to determine what’s the maximum ransom they can get out of the business or their insurers.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

I don’t know what the police can do. The practices that corporations should implement around backing up their data are the same things that individuals should be doing. These leading

practices have been shared with both corporations and individuals for decades.

When it comes to corporations, they pull out the incident response playbook. The first questions will be, “What just happened? What data was compromised? Where are they now? “ Their whole

playbook is to identify, contain, isolate it so that it does no further damage. But then, as they do this, they also notify the legal team. Legal has to tell the communications team as well

as the board members. It becomes a reputational concern because, more than likely, this will be in the media for the wrong reasons.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

Figuring this out in the middle of the breach is not the best time. The attack has occurred, and the damage has been done. What you should be thinking about is, “There may be an attack

tomorrow, what should I do? Can we actually recover? Is our plan in place feasible?” What many companies are doing now is “smart backups.” That is, doing what they need to do to recover and

get back in operation — instead of backing up everything. It’s important to determine what those critical functions and processes are.

Should a victim pay the ransom? Please explain what you mean with an example or story.

That is absolutely a business determination and there is no one answer that fits all situations. If you did what you needed to do and can recover, you may not need to pay the ransom.

However, if they took data that they can effectively publicly post and the repercussions of that being shared is huge, then probably you may want to pay. Again, this is a business risk

decision that should have been played in prior war gaming practices.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

Most companies have actually done a good job to put in malware detection tools. However, cyberhackers are really sophisticated in their attacks. The first truly secure way to counter that is

to focus on your most sensitive data and then ensure that it’s closely monitored and well-protected. However, many companies are overwhelmed by their large data stores and take an

impossible “protect it all” approach which never works.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

You can’t force the government to regulate a business strategy — that would be overreach. But what the government can really do is share threat intel and viable solutions as well as give

more examples of what companies should be doing versus general guidance. They should be industry specific as well as small business specific, so you are not treating the small companies with

limited resources like a Fortune 100 that should have much greater resources and capabilities to deal with this.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need to Do to Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story

or example for each.)

You first need to know what data matters most. Across the enterprise, everything is a target. Don’t get overly focused on just protecting regulated data. If you are a high-tech company, you

really want to protect your IP. If they target a high-tech company, they will likely get more money by selling their IP than getting ransom for customer privacy data.Back up strategically

and intelligently versus backup everything. Because when you need to recover, it is a time critical event, and if you are not backing up the data in a timely way to recover from a disaster,

then you are going to pay the cost one way or the other.Test the backup — not just through using tabletop exercises. You should actually have planned failover tests to truly get the

confidence that if one system fails, you can reliably recover.You need to know that you have the proper controls in place to detect an event from happening early.Monitor and be vigilant.

There are numerous ways, early in the cyber kill chain, to detect and then contain an event from happening. The attacks never happen overnight. The bad guys are there for weeks, if not

months, collecting the intel and preparing for the exploit before executing the actual breach. You are a person of enormous influence. If you could inspire a movement that would bring the

most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

My biggest thing is, know your data and don’t be a data hoarder. Keeping everything forever can come back and bite you.

How can our readers further follow your work online?

For more information, please visit www.nvisionx.ai

This was very inspiring and informative. Thank you so much for the time you spent with this interview!