In an era where our lives are increasingly intertwined with technology, this annual event serves as a reminder of the ever-present threats and the collective responsibility to protect our digital landscape. IT professionals and departments are at the forefront of this mission, acting as the guardians of our digital realm. They develop and implement security measures, ensure data privacy, and educate users about safe online practices.
On our most recent episode of Inside the Sweeps we have Ryan King, System Engineer from Netsweeper, exploring the intricacies of cybersecurity and the vital role it plays in our modern lives, as we delve into the significance of IT’s role in Cybersecurity Awareness Month is instrumental in raising awareness, sharing knowledge, and empowering individuals and organizations to fortify their digital defenses, fostering a safer online environment for all.
Welcome everyone and thank you for joining us for another episode of Inside the Sweeps. It’s October, which means it’s National Cybersecurity Awareness Month. I get to know today’s guest as part of our Netsweeper team and some of our listeners might as well. But Ryan, why don’t you introduce yourself and tell us a little bit about your professional experience, that highlights the importance of cyber security.
Hey everybody. my name is Ryan King. Glad to be here on Inside the Sweeps. To give you a little bit about myself, I’ve been building computers since I was 12. My brothers and I, we’d like to game back in the days, so in order to do that, we built our own computers and that was always fun. Then I got my first job working in operations, and I ended up fixing everybody’s computers so well that the IT department came over and hired me on there as a junior tech. This was back in 1999/2000 era, you know, right before the Y2K stuff.
Things were a lot different than right; the Internet was not really a thing. We did things on 56 K baud modems, again a different time. So, I’ve kind of seen the growth of stuff. From there, I did a lot more of outsourcing IT work. I was in charge of kind of starting cloud computing. You know, we were doing RDP sessions for auto body shops, where we would kind of customize software for them to use multiple shops, one interface. I was a systems engineer, this was in the days of NAC, network access control, AV firewalls, all that fun stuff. So, I got my hands dirty with doing demos and making sure people knew how our systems work, we were doing deployments, big AV rollouts, that type of stuff, and then I decided to venture out into different areas.
Went to a mortgage banker, was IT manager, Director of IT there. From there, I went to a company called Esports Arena. Again, way different from mortgage banking, way different from a, you know value added reseller. And I was an IT Director for them, and we ran online tournaments, big production studio. You know, shifted focus but still I just love tech. I like AV stuff, I love security behind the AV stuff, but again my working there made my viewpoint change on a lot of things. Instead of everything being security focused, it was a lot more user focused, right. Ease of use, we’ll talk about that a lot kind of today, Alison, it’s just the ease of use versus security, right? I it’s a balance, it’s a scale. When somebody comes into your location, do you want them to be able to get on and play? Or do you want it secure? You know, you create policies around what you want. Now I’m here at Netsweeper, kind of doing the same thing.
So you kind of mentioned it being a lot different back then when we’re talking about 99/2000, but now I think cyberattacks are pretty common in today’s world or at least we hear about them a lot.
They can be serious threats to obviously, individuals, businesses, governments, schools. We’ve been given, I think with the internet, this amazing connectivity and convenience, but it’s also kind of opened a door I think to vulnerabilities and those who can be quick to exploit.
Why do you think cybersecurity awareness is essential for IT professionals today? And how have you seen it impact your time in IT?
That’s a fun question. I look at cybersecurity from a from a different perspective. Heck, there’s businesses all about cybersecurity. There are companies out here that will perform a penetration test for your company. They’re making money off of not fear, but cybersecurity, you want to make sure that they’ll do port scans, make sure that there’s no vulnerabilities, Adobe doesn’t have a back door or a remote vulnerability. So, I think from that standpoint, it is getting more prevalent but much more simplistic approach to things like that.
You have to look at motivation. If somebody is going to try to exploit vulnerability like, are they throwing out a huge net and just trying to get scraps? That’s one way of doing it or and that that would be just port scanning? Just take all handful of IP addresses, port scan, see if there’s anything that comes back. You guys would be surprised at the amount of tools out there for cyberattacks.
You can have a server running, that all it does is port scanning on any new IP addresses that are coming out. So yes, it is very scary if you get into those weeds, but at the same time, just protect yourself. You’ve got to make sure that your ports, that maybe have vulnerabilities, are closed. And a layer of security that the more programs or things that you can have running that detect different vectors and or prevent different vectors.
So, say you get an email, phishing email, and your spam blocker doesn’t catch it. That would be the first thing, right? You have a spam blocker. You’re going to catch 80% of that stuff, but what about the 20% that gets through? Well, that 20% that gets through, is your AV (anti-virus) going to catch it? Maybe, if it doesn’t catch it then will your content filter catch it? And that’s kind of the whole layered approach. If your content filter is more aware of the attack vectors and the sites that are going to be in these honey pots and stuff, then you’re going to get protected on that.
Well, I think we’re all like touched by digital technology every day and in one way or another, are there any major threats that you’ve come across or been impacted by in your time working in IT?
We’ve come across things where somebody you know tries to attack us. But you know, you’ll see them at the firewall level. So, you’ll be going through the logs and say, oh, somebody’s trying to DOS us, denial service attack, and it’s just from my standpoint, you can’t get scared of it, right? It’s going to happen no matter what. But if you’re scared, and then you’re hyper focused on that, and not doing the other things to keep yourself safe. So, I mean, I always say have good policies in place, have a plan. If this happens then then I’m going to do this as a remedy.
I think the biggest kind of examples are, I always say phishing, it’s all about social engineering because there is a social aspect of it, right? Oh, you know, how many passwords do you guys put in per day? Is that a lot or is it a few?
It’s probably like asking how many tabs I have open in my browser at a time. So yeah, quite a few.
So, an email that says you’ve been compromised, you need to change your password. That’s not uncommon. Because like you said, the day we live in is all Internet based. So, you’re going to be like, oh no, Bank of America is asking me to change my password. I need to click this link or because it’s a phishing email, I don’t even have a Bank of America account. Why am I getting this email? When I educate people, I educate my family because they’re always like, is this OK? I don’t know if I should click on this or not.
Even my kids, I’m like, well, think about what are they trying to do? Are they trying to get you to go to a website because they want you to spend your time watching that? I mean that is a motivation? So again, I know I’m kind of beating around the bush on this question. There hasn’t been many attacks that I wasn’t able to prevent just because I know what we need to protect, right?
Because there are next Gen firewalls out there that are already looking at that stuff because there’s companies out there that do pen tests, and I could just pay them, and they’ll do what a hacker would try to do to get into my network. But, if you understand the bottom line and you understand that maybe that pen test is saying that I need to patch this medium security vulnerability that I have, but I know that nobody’s going to be doing that, it’s less of a worry.
The big things first, and then make sure that I have a layered programs and applications that that I know how to use a, you know, they make my life easier. And it especially with next Gen stuff like chatGPT, there’s a lot more. I look at it them as all tools. They’re like a calculator. If you know the questions to ask, you’re going to be better prepared in order to make the policies that need to be there.
Well, you mentioned part of it is being aware and not necessarily being afraid. But you know people might read things, like I recently read there’s 2200 cyberattacks daily. So that’s basically one every 39 seconds, not every minute, every 39 seconds. So, someone might read that and that’s a bit scary. But it’s also showing, I think cybersecurity is super crucial and the significance continues to increase as technology changes, and there’s new tools. But what are some of the big myths out there that you think might trip people up or trip organizations up?
Oh, that’s a fun one. I’ll go back to my same thing, right? I mean people thinking that this cybersecurity is this big, looming monster. It is in a way, but it’s what you make of it? If you protect yourself, it’s not something to be scared of.
When you’re scared, that’s when you make stupid decisions, in my opinion, because you’re worried about something that may not even be a big thing. You’re talking about how many attacks there are. I know that I can protect myself from the technical aspects of cybersecurity, because I can have my firewall in place, I can have my AV in place, I can have my content filter in place? It’s the other things that I’m more worried about.
Because you know what? Let’s back up to the previous question right, you said when has things gone wrong? It’s always well, 90% of the times that I’ve been affected by stuff is all inside the company. All people that click something that they shouldn’t have clicked. Then it affected them, you have a worm going throughout your business. You know, it’s always that part. And why did that person click it? Because they were scared. I needed to change my password, they said that I got hacked and somebody was taking money out of my bank account, so I needed to change my password. Again, I look at threats and stuff different based on that. I don’t get scared, it’s just extra work.
If somebody clicks that and you don’t have a content filter that protects you from going to that site, that then is a honeypot and then expands your infection throughout your network. I’m more worried about teaching and educating people on that. Don’t worry about it, you don’t even have a Bank of America account, or Spectrum, or whatever it may be. I always tell people too, one of the most important parts is having a good password, or a good password management system. Because heaven knows like, I’m not going to say what I use, but I use a password manager because there’s too many logins. There’s too many logins for me and especially nowadays with APIs, and connectivity, and knowing that I can single sign on this guy, but then this app has now access to this. To me, that’s more scary because now you’re making it so that, if my single sign on gets hacked, then what?
Then I’m even in more trouble because they have access to 15 other logins. It used to be, I would feel safer saying your emails, your most important, well one of your most important passwords. Don’t make it “test 123” as your password, make it something long. Heck, put it in a sentence, make it something easy to remember for you, with caps and special characters. “I love this freaking password, it’s the best one in the whole world”, that could be your password. And then, you have a long password that’s not hard to brute force. Because the brute forcing a password, it’s just trying different combinations. But, now with the computers as fast as they are now, a single computer working on decrypting that or brute forcing that password. The longer, the more characters you make it, the harder it’s going to be to crack. Yeah, I went off on a tangent.
Well, you touched on a few different things like the passwords and talking a little bit about the layered security approach. So, you know, people think about cybersecurity breaches, and I think everyone can envision that being a potential nightmare. Financial loss, damaged reputation, or like you’re saying like leak sensitive information, I think is a scary one we do hear about frequently.
So, in a world where cyberthreats keep changing, can you tell us a little bit about the layered approach to stay safe and how Netsweeper’s web filtering fits into that strategy?
When I came on to Netsweeper, one of the greatest aspects that Netsweeper has is the ability to crowdsource a lot of… the way that we handle new URL’s, new websites, how many new YouTube videos are there per day? Think about that. There are a lot. In fact, there’s way more than YouTube is even able to categorize themselves. So, they managed to have their, not AI but a tricky algorithm, in order to find out what categorization they should be in.
The thing about Netsweeper that I love is our CNS. Our Category Naming Service that, when it finds a new URL, it’ll grab that URL, it scrubs it, it sees where it should go and then boom, it’s got a category. So, we do have malicious websites categories. But again, if you had a team of 100 people, only scrubbing through new URLs, they wouldn’t be able to handle it because there’s so many new URLs per day. You could just make your own domain, there’s a new URL. Throw up a new website, put some SQL injections in it. Boom, you have a vector of infection.
That’s one of the main things that I love about Netsweeper, was the reach. How many new URLs we categorize daily. In fact, almost every time that I look at it, the web proxy one is fun. There’s like 54,000 new web proxies that we get daily. But also again, it factors into all this stuff. Malicious infected hosts, that can’t change. A malicious website where it will scan and it runs it through the database of multiple different scanning engines, so you know that you’re going to have a layer of protection there. And again, I see Netsweeper as, not the last resort, but that should be the one closest to the problem itself. Netsweeper is going to be kind of at the bottom, near layer 7, and again, it’s all about attack vectors.
One of the things, we were talking about myths, is just people thinking that when they say I’ve been hacked, that that term bothers me a lot. That is a myth. A lot of the times you haven’t been hacked; you gave your password to somebody. You filled in a form that said, this is my email address, this is my password. To me that’s not hacking. Hacking would be something, akin to changing a URL. Knowing the way that URLs are formed and being able to manipulate that in a way that gets you around, a work around of some sort. That is a myth, you didn’t get hacked. You were scared. So, you entered in your password into that little box and now they have it. That’s not hacking. Script kiddies can do it. Script Kiddie is somebody that just buys a script, loads it on a server, and waits for the information to come to them. The smartest hackers are the best security guys, and you’ll hear this, it’s a known thing. You’ll go to hacker conferences; best security guys are the best hackers because they know about the vulnerabilities, and they know about the back doors, and they know about all that stuff.
Hackers is more, you know I look at those as a big corporation. Those big security breaches where, oh, my gosh, we got 200,000,000 records of people’s emails and passwords is unencrypted. And those are going to be more visible. You see them a lot more – Yahoo got hacked or LastPass got hacked. Whatever it may be, and those are more the targeted things. I know the data I need to protect and so I’m going to protect that data.
Well, we kind of touched on the layered approach, but you also mentioned one of the things like emails people receive within organizations being kind of a weakness. People will then click something. Do you see web filtering as helping support the human aspect of cybersecurity?
Yes. If you have some type of content filter in place that’s going to block malicious websites, then it gives it a sense of security. A sense of peace more. If you know that if I get fished and that person behind that desk does click that, I’m going to be protected because Netsweeper already knows about it, it’s already blocking the website before they even get infected.
As an IT director, you almost need to have some type of policy in place for the just in case moments. So, I know that I’m going to be a little bit more protected from all of the port scanning, that type of stuff, and then I have my AV that’s going to make sure that if somebody brings in a USB drive, and that’s another thing, somebody does bring in the USB drive and plugs it into the system and opens that executable. What’s one of the first things that happens? A lot of the stuff nowadays, they’re going to call back on the internet. So, if you have a content filter that’s URL driven, or even IP driven, or even protocol driven, we can block all that stuff. We know about it. And if you know those unused ports or those unused SSHs or SSL, whatever it may be, if you know that none of the programs that I use on my network are going to be affected by this port, just lock it down. And then, when I was way back in the day, one of the best ways of securing everything that I saw, it was only allows, a block all only allow. And if you think about it from that aspect, that’s a way more secure. Again, do you want ease of use, or do you want it secure?
If I have a company that can only visit 10 websites and that’s it, I’m going to be way more secure. The vector of attack is way smaller. But, if one of those ten sites does get infected by something, that’s when you need to worry. But again, we were talking about kind of USB devices, then the callbacks. If you plug it in and you’re infected with something, first thing it tries to do is go call back and it gets blocked, they’re dead in the water. Sure, they can infect that computer, but the minute it tries to spread to other things, even locally, they’re going to have a hard time doing it.
Let’s shift gears a little bit and look at cybersecurity in an education setting. You know, we work with a lot of different kinds of organizations, but working here Netsweeper I’m sure you engage with numerous school customers that we have. And I think modern education relies heavily on constant use of digital information, there’s assignment student, teacher communications. And I think a big one online learning has, especially come to the forefront since the pandemic. How can schools and educators, do you think, make things like data efficiency, reliability and obviously most importantly cybersecurity are on point for them?
I would take the same approach. Make sure that you have your three main key categories of firewall, you know AV, and content filter. And then, all the other things are extraneous. They’re essential to your, if you think of the schools as a business, what is the business that you’re in teaching kids. So, you want to make teaching kids the easy part.
You want a teacher to be able to open up a YouTube video that they deem is good and show it to their class in an easy manner. You don’t want it to be blocked or anything like that, and that’s where Netsweeper shines is, we can allow that. We can have a teacher have the controls to be able to allow a website that they want to teach from.
Again, there’s always going to be inherent weaknesses when it comes to that, and people always have to remember that, if you let a teacher say choose a website that may have been infected with something, that could run into its own problems. But again, then we have the malicious websites categories.
So, no matter whatever tools we give, we always want to make sure that the security is on the top of that because we want to allow your business, which is the school’s education in this, we want to allow that stuff and only keep out the bad stuff. It could be businesses, hospitals, schools, it doesn’t matter, you always have to look at what the goal is and make that easy for the people that are running it. The policymakers to make it make sense for them. So, whether it be in a hospital, in education you want to make it easy for them. They shouldn’t even see the filter, it should be so secondary and that way they have a good experience and they’re like, I’ve been to too many schools and even my kids where they over block, I can’t get to this, I’m trying to do a research paper and I can’t get to the site that I’m trying to get to. That’s the problem where content filters can’t suffer.
But again, if you have the tools in place and the CNS, the categorization engines doing their jobs, you need to worry less about that, and you’re going to be on top of it. There’s so many tools that Netsweeper has to be able to just run a quick report for an IT director. One of the things that I would have done. I’ve never actually worked in a school, and that’s my next forte after Netsweeper, is going and working for school just to kind of broaden my horizons. I’ve been in the banking industry. I’ve been in this, that, I always like learning new things. But, if I was to go there, I would love to have Netsweeper in there because I can look at the request logs, I can create a report that says show me all the denied requests, and of those denied requests, what’s going to be at the top? The things that are getting blocked the most. That’s a site that we want to allow it, and that’s the whole policymakers. This is less the IT director and more like what the Superintendent wants for their school. Do you want to allow this, or do you want to block it?
If you’re giving them the right tools in order to do their job and say, hey, we’ve had, you know, 50,000 requests to here, is this something that we may want to allow the students to have? Is it causing them headache? Is it causing the teachers headaches? You don’t want teachers to have headaches, you want them happy. And the best way to have that is not to over block.
Well, and you spoke about, I guess the balance between do you want the security or the ease of use. It’s tricky finding the sweet spot between letting everyone loose on the internet in an organization and then keeping things secure. I feel like that’s a difficult balance to strike. Do you think that’s one of the most common challenges organizations face with cybersecurity?
110%. And people, but you get a different IT director and again it depends on the experience that the person has had. I see it that way because that’s my experience that has molded in my brain into thinking it’s this way, and I haven’t had anybody make an argument to change my mind on that. It’s like I just see it as a scale. You know, and you can be in the middle of, you know, a scale can be balanced, between ease of use and security. The second you start tipping that balance, in one way or another, your upper management has to know. So, you have to make sure that they’re aware, that’s the delicate balance of IT Directors, of IT managers, is making sure that the higher ups know that changing this policy is going to put us more at risk. Or changing this policy is going to make us more secure. Does that make sense?
Yeah. Do you think there’s any other common challenges when it comes to cybersecurity that I IT professionals face when it comes to cybersecurity? Or do you think those are kind of the biggest like that’s the biggest one, the balance?
Yeah, there’s other things. Again, I look at things very simply. So, I’m like a one and zero guy. I’m a yes or no. And it’s in that aspect, I’m always about the balance nature, but at the same time there are other things. I am of the mindset that I think centralization is bad, you don’t want to have all your eggs in one basket. I’d much rather like the decentralized approach to things. All these things are different, right? If you’re talking about just security, the problem is you have to look a little bit past that. The chess moves. You have to look at if the security fails, how am I going to get my data back?
And that’s where I’m talking about more the, do I want to have all of my eggs in one basket, or do I want to spread that out, so, I don’t lose everything. And it goes into a bunch of different stuff. You can talk about disaster recovery plans. If the building burns down, how am I going to get my data back? There’s a lot of that stuff that is on the technical side that you need to think about, but it’s all about policies, and it’s all about making the correct decision for your specific need. And what I’ve found is over the years, every need is going to be different. So, every company that I worked for has had different ways that they prioritize things. Is the most important making money, or is the most important making the client happy, or is it a combination of both? Is our focus more on data protection, or is our focus more on looking good in the social aspect? Is that how we make money? Because again, there’s a lot of different motivations of companies.
The security balance between ease of use and not keeping all your eggs in one basket, would be kind of what I focus on. And then again, then it’s just listening to people and listening to what their needs are. We work with a lot of schools, so we work with a lot of people who have certain needs, certain checkboxes that they need to make sure our checked. What I always like to do is present you with, hey, there’s five different ways we could do this. What is the way that’s going to work best for you? And then making sure that they’re educated, and they know if I do it this way, what are the pros and what are the cons? You just need to talk to people. You just need to make sure that they’re getting what they need.
So for it being National Cybersecurity Awareness Month, do you think that’s your advice to fellow IT professionals when it comes to cybersecurity?
Make sure your policies are the way your company wants to run. Make sure that you’re posturing yourself, and again, don’t make promises that you can’t keep. One of those promises is, make sure that you partner with companies that do good and not just sell you on either vaporware, or not enough reporting, or whatever it may be, there’s so many companies out there that are just trying to dumb down their product because they don’t think that you can handle it.
And again, I like I’m one of those that I like more information. I want to know what I’m getting into, and I want to have the tools and Netsweeper has that for sure. I could just look at my request logs and see all the traffic that’s going through my network. That’s handy!
It seems like it’s about having the awareness, you know having the tools, and being aware, but not necessarily afraid, really helps put you in the right mindset to keep yourself secure.
And I’ve seen too many directors and stuff being scared and the fear shouldn’t drive you to make decisions, especially when it comes to your business and security. It shouldn’t drive you. I mean, there’s how many ransomwares attacks? Make sure that you have your stuff in place to where I can recover that data that got lost, and then you’re not worried. If you have the policies in place, you’re not going to be scared. But again, make sure that you have the plan and policies in place so that if something does happen, you have the best remedy, or the best solution to remedy the problem. Because so they encrypted one of my desktop computers. Well, I have a backup shot of it yesterday, so I don’t care, I’m just going to reimage, so you lost a couple of word documents, that’s OK because we can rebuild.
We can make it better, faster, stronger. And again, it’s with anything. Cybersecurity, it’s a daunting… I hate the word because it’s, so it brings fear into people. It should bring more of a feel of I have the things in place that I don’t need to worry about this right now. And then if something does happen, I already have a plan for it. It’s just protecting yourself; it’s making sure you have those three key ingredients and then we can make good pie.
Well, as we wrap up, I just want to say a big thank you for taking the time to come and chat with me for Cybersecurity Awareness Month and be able to share your insights that you’ve had over quite a few years. But, before we say goodbye, are there any closing comments or thoughts you’d like to leave me and our audience with?
Be good and be kind to each other. I think that’s it’s super important, especially you know it’s just good to get the word out, to say hi to people, smile to people, and be a good person.
I think that’s a good thought to leave us with. Well, thank you Ryan for joining us today. We really appreciate it.