Interview with Damir Brescic, CISO for Inversion6, a cybersecurity risk management provider that offers custom security solutions, based in Cleveland, Ohio.
Hi Damir and thanks for taking time today to answer some questions. First one, tell me a little about yourself and your journey to your current role.
I’ve been in corporate IT for about 25 years, mostly in financial services but also time in manufacturing. I did a lot in the IT operations space, from being a program manager to a delivery manager and eventually rising to a PMO leader. That’s when I really started to get involved with cybersecurity, as my team managed cyber projects and I helped set up cyber programs and portfolios. Then as aspect of regulatory compliance started popping up and PCI compliance was introduced, and I was hooked on cyber as my future. I did one of the very first PCI initiatives for the insurance company I was working for at the time. They wanted senior level folks to manage it, so I took it on. Over the last ten years, I’ve moved up the ranks in cybersecurity—as director of security, then a deputy CISO, and the last two years I’ve been CISO, currently at Inversion6.
Can you tell me a bit about Inversion6?
Inversion6 is part of True West’s family of companies, based on the west side of Cleveland. The Inversion6 organization is a cybersecurity risk management company that provides tailored solutions to our clients, as well as access to the innovative technologies we work with. I’m on the consulting side, providing the CISO service, but we can also provide tailored solutions as well as products aspects to our clients.
What are some of the challenges that you face regarding cybersecurity and serving your clients?
I think one of the biggest challenges is some of the security aspects that clients aren’t aware of. We primarily work in the SMB space that doesn’t always have a strong IT presence and may not have a cybersecurity team. Oftentimes we notice a lack of employee security awareness training, especially around some of the most common and current tactics and techniques utilized by threat actors. For example, using outdated software, unpatched systems, weak access controls.
The need to use multi-factor authentication or privileged access management systems to add roadblocks for threat actors trying to get into the system are tools the client may not have considered using. That’s where Inversion6 comes in. We’re the ones that will do the assessment of your security and then provide thought leadership to help develop a strategy. We show the reason to have good cyber hygiene and what that entails, such as having a strong incident response plan, having monitoring and detection systems to ensure you aren’t being breached, or being able to do vulnerability scans on a regular basis.
How do you track the risks your clients face?
We work closely with them to identify the gaps in their systems, and then we categorize those gaps. It’s fundamental risk management 101. We do an assessment to identify the likelihood of a particular type of risk occurring and then determine the potential impact of that risk. We work with our clients to prioritize the gaps and develop a risk-based strategy based on the highest to lowest threat levels and then develop a strategic roadmap to remediate the gaps and mature their maturity posture.
What are some of the most common misconceptions your clients have when it comes to cybersecurity and the threat landscape?
That they may not need all their tools. For example, they have an endpoint protection platform on their workstations, but they may not be using it on their mobile devices. They also might not be using it to protect their servers. They may see the strengths of preventative controls but don’t see that detection tools that are an absolute must. They aren’t always aware of the threat intelligence aspects of cyberattacks. Look at what happened recently with MGM casinos. That was a ransomware attack that started from a call to the help desk. The attackers did their homework to gain enough information to sound legitimate to the help desk. Here’s the flip side: the help desk person didn’t do anything inappropriate because this is what they were trained to do. So, we need to make sure that the help desk person is trained up to ask better questions, such as assigning employees unique identifiers that can’t be found anywhere else. We would educate our customers to tweak their current preventative controls to make them harder to crack.
Are you planning any new services or have any product releases that will help you to better serve your clients?
We’re what’s called a VAR (value added reseller). We’re a reseller. But we do have some really interesting partners that we’re working with that I’d love to tell you about. A big one my clients ask about all the time is vendor email compromise. We have a product called Abnormal that integrates with the client’s cloud email platforms and removes malicious emails for them. Because so many companies are moving to cloud computing, we have two products we offer – App Omni and Grip Security. App Omni is a SaaS-based detection and monitoring application, while Grip Security is an identity-based detection and authentication tracker. The final product I like to talk about is called Horizon3, which is an automated pen test. This tool does automated pen testing quarterly for about the same price as bringing in a team to do an annual pen test.
My last question for you—it’s hard to predict the future, especially in cybersecurity, but what do you see as the industry’s greatest challenge in the coming months and years?
Since Covid, we’ve seen ransomware attacks morph into what I call the Four Horsemen of the Ransomware Apocalypse. It started with traditional ransomware, and then when Covid hits, there’s not only an absurd number of new strains of ransomware out there, but attackers have changed tactics to double extorsion. Then comes ransomware-as-a-service kits. So, ransomware attacks will continue to evolve. I also think we need to pay greater attention to APTs (Advanced Persistent Threats). Even as our tools continue to advance, threat actors are also advancing just as quickly. And of course, we need to stay on top of AI and machine learning and how threat actors will use that technology to surprise with new attacks.
By Sue Poremba
Twingly offers a Dark Web API that provides access to over 16 million posts, articles, and documents each month from the Tor network, pastebins, Telegram, as well as various marketplaces, forums, networks, and free speech platforms. Additionally, Twingly offers a News API with over 3 million daily news articles from 170,000 active global news sources.