Interview with Chief Technology Officer Brian Wagner about Data Breaches & Cyberattacks
Courtesy of The Motivational Speakers Agency, we were thrilled to sit down with Brian Wagner to learn his top tips for preventing a cyber-attack.
Brian is a Chief Technology Officer and the former Head of Compliance at Amazon Web Services. In this exciting and exclusive interview for UK Business Blog,
Brian reveals the leading cause of data breaches, his proudest professional achievement and what makes businesses vulnerable to cyber-attacks.
What is your top tip for businesses wanting to protect themselves against cyber-attacks?
“I think the absolute top tip, it’s easy to implement and realistic, use a password manager.
“I think a lot of the breaches that we see now are commonly used passwords or passwords that are leaked on the Internet. That’s probably the absolute number one easiest way to prevent a breach.
“Another one is to be vigilant about emails. So phishing, if you’re not familiar with the term, is a way to get people to send information, either their username, password or bank details. We’re talking about businesses, so when someone gets fished, it’s typically for their credentials, and then someone uses those credentials to log in.
“So, there’s really not one individual action, but just be sceptical of phishing emails.
“I think one more useful tip for businesses is, everybody is using third party services these days. Everything is a subscription, you pay monthly for just about every software we have, and there are logins everywhere.
“If you enable multi-factor authentication and you do lose your password to somebody, if they don’t have that second factor of authentication, then that password is effectively useless.”
What is the leading cause of data breaches in business?
“Sadly, it’s human beings.
“Humans are trusting by nature, something that is just ingrained into our being. With phishing, people are the weakness. Before email was a big thing, the exploit would be something more physical. For example, you walk into a front office and say, ‘I’m late for a job interview, can you please print my CV?’, and then they hand over a USB stick and that’s the thing that breaches it.
“I think to answer your question, people are unfortunately the weakest link in any organization when it comes to data security.”
What has made businesses more vulnerable?
“The difference between working in an office and working from home is that in the office, you are using a known network in a known space. It varies from business to business, but I guess, it’s at least predictable. It’s expected. You know where the perimeter is.
“When you work from home, the perimeter is dissolved. Think of it like a Castle or fortress, you protect the walls. When you’re in the walls, theoretically, the people inside the walls already have some level of trust because they wouldn’t be there if they weren’t trusted.
“Same goes with an office. It’s like, ‘well, if you’re here, you’ve passed some level of trust’. Maybe someone recognizes you and you say, ‘oh, I know that person’, but without that perimeter anymore, the attack surface is exponentially larger and there are more opportunities for attack.
“If someone wants to attack a business, I’m generalising here, if you want to attack a business, you have to breach the perimeter. But now, when you want to attack a business, every individual person who is no longer within that perimeter and working remotely is now a target. So, you go from one to many targets, which makes everybody more vulnerable.”
What did your role entail as the Head of Compliance in Financial Services for Amazon Web Services?
“The financial services industry is regulated all over the world, right? Every single financial institution in the world is regulated by multiple bodies. The point of that role was to create pathways for those financial services to use [Amazon Web Services].
“They needed to figure out how they could leverage AWS cloud services to benefit their business and their customers without compromising their safety and security.
“So, my job was kind of twofold. One, was to give them that path or show them that path, because usually financial institutions are a few years behind technology, because if you’re a bank, if you’re an insurance company, you don’t want to be using cutting edge technology because it’s not embedded. You don’t know how safe that is and you have to protect the assets of your customers.
“When you move to the cloud, it’s a very different experience. There’s a lot more control, but with control, comes more areas to fail. So, it can be a very risky pursuit for these companies.
“Like I said, my role is twofold. One was to show them what they could be doing differently in order to maintain or increase their level of security, then the other side was in-house.
“If we had an institution that had requirements we could not fulfil, we would look at their requirements, look at what we offer, and if we don’t match then find out how we can. We would ask, ‘is this going to be a sensible change for us to make or a sensible addition to our services’, and ‘who else would benefit from them?’.”
What is your proudest professional achievement?
“Proudest professional achievement, I like that question.
“I think it was actually my very early career as a software engineer. I grew up in the Midwest, which is an automotive area, and I was a contractor at Ford Motor Company. I think I was like 20 years old or something like that, and the problem they were trying to solve was the Ford Focus car.
“If you look at the actual list of all the parts that go into a Ford Focus, it is like 300 parts. If you look at all those parts, you’re seeing the same car in three different continents or countries – they did it by continent.
“So, three cars, three different continents, the bill of materials only had 20% similarity. How are you building them? Completely different, and they were trying to reduce the differences.
“I was tasked with facilitating that problem. So, I created a piece of software that allowed engineers for these different car platforms from different regions to basically collaborate and say, ‘right, here’s my bill of materials’. And it would ingest all of those, check the master database and say, ‘this is the part that’s needed here, match these up’.
“That created about 80% similarity on these vehicles across three different continents, which I thought was pretty cool.”
This exclusive interview with Brian Wagner was conducted by Mark Matthews for the UK Business Blog.