Cybersecurity attacks are rampant, with more and more businesses being hit every day; it’s imperative that companies take steps to protect themselves. Don’t know where to start? Andy Katsigiannis, Director of IT & Customer Service at ADD Systems, believes the best first step you can take to protect your business’ security is understanding vulnerabilities. In this all-new ADDcast episode, you’ll learn more about the importance of cybersecurity for every company and gain insight into key steps your business can take to mitigate the risks with ADD Systems’ own, Andy Katsigiannis.
You can subscribe to the ADDcast at any of the following locations, or read the transcript below.
Apple Podcasts / iTunes: https://podcasts.apple.com/us/podcast/add-systems-addcast/id1604865113
Spotify: https://open.spotify.com/show/1atj72i5AnIwTJDBFD9DzX
Amazon / Audible: https://music.amazon.com/podcasts/df7c9f4a-8a3f-431f-8787-50eee85b2bcd
Castbox: https://castbox.fm/channel/id4744519?country=us
Stitcher: https://www.stitcher.com/s?fid=677438
Anchor: https://anchor.fm/addsystems
Brian: Welcome to ADDcast. I’m ADD Systems’ Multimedia Specialist, Brian Cohen. Cybersecurity threats are real and they’re always evolving. An attack can greatly impact a company through lost revenue, customer perception, IT consultants, and even ransom payments. Businesses need to protect themselves by staying educated and taking proactive steps to recognize and address vulnerabilities. Joining us is Andy Katsigiannis, Director of IT & Customer Service at ADD Systems. Andy, thank you so much for joining us.
Andy: Thanks, Brian. Very good to be here.
Brian: First, can you start by telling people a little bit about your role at ADD Systems?
Andy: Sure. I’ve been with ADD since 2005. I oversee the IT group and the Customer Support group. The great thing about working here is diversity. All of us in the support and IT group have an open door policy so on a day-to-day basis you can be involved in one thing and then switch gears to another. One of the hot topics nowadays is cybersecurity.
Brian: Now, with that hot topic in the IT world and in business in general, what are some of the threats out there that businesses need to be aware of?
Andy: Ransomware. That’s going to be the biggest threat. You’re hearing about it all over: morning news, nightly news, social media. It’s everywhere from pharmaceutical companies, hospitals, health care, to public companies. You name it, everyone is vulnerable to this type of attack. The biggest one, as of recently, was the Colonial Pipeline back in May of 2021. This really caught the attention of a lot of people in our industry.
Brian: Now, what are some of the misconceptions companies have when it comes to IT safety overall?
Andy: I think the biggest misconception is questioning the validity of cybersecurity or the belief that it won’t happen to your company. Hardening a network to prevent attacks from threat actors takes a lot of time and planning and with that comes financial buy-in. It can be easier to see the value of investing in a tire for your truck because you can feel and touch that tire. When it comes to cybersecurity, investing in applications to protect your business is just as valuable. Hardening your exterior and interior network with next-generation firewalls that control applications by users, using two-factor authentication within your domain to prevent any type of lateral movement, and next-generation endpoint protection like carbon black antivirus are all examples of applications that are valuable because they will protect you. I feel that once we know what to put out there for everyone, then people can appreciate the buy-in for these types of products to protect our businesses.
Brian: Since COVID struck in March of 2020, companies all over the country transitioned to a hybrid format. Has that hybrid environment introduced any security issues that companies should be on the lookout for?
Andy: Well, you always want to be on the lookout for everything. The threat actors will, unfortunately, always be one step ahead of everyone. What we have to do to prevent that is to make sure we are updating our software and our operating systems with the latest security updates. These include VPN client updates as well. The maturity of the hybrid approach is that you use a secure VPN client in your business network. If that VPN client is not up to date and not using an add-on product like two-factor authentication, then your business will potentially be compromised.
Brian: Now with the world of technology constantly evolving, what are some of the ways that companies can try to keep ahead of this curve?
Andy: It’s really just keeping your ear to the grindstone. I follow a ton of IT forums and a lot of different niche websites. With that said, ADD Systems has such a great customer base that we’re able to bounce ideas off of each other. If I’m dealing with a customer, that can spin off into different conversations about what they’re doing to harden their network. We support such a vast customer base that it really is great to have these types of conversations to see how everyone else is approaching it. I believe ADD Systems is doing the right thing after having these discussions – we’re hardening our network, and it’s good to see that everyone else is taking similar steps like getting firewalls to protect their end users, making sure their VPNs are up to date and using dual-factor authentication.
Brian: Now, considering the different industries that ADD Systems is involved with, is there a one-size-fits-all approach? Or is the process of properly securing companies industry-dependent?
Andy: That’s a great question. It really is a one-size approach. Not every network is going to be cookie-cutter and we can scale it down to everyone’s needs, but the hardware appliance that we put in to protect your network from the exterior facing network threats, like dual-factor authentication, is going to be the same software for a small business and a Fortune 500 Company. They both use the same products to protect their network.
Brian: The older, let’s call them legacy applications, become more susceptible to cyberattack issues. How can companies know when the right time is for them to upgrade out of those legacy applications?
Andy: Microsoft has an end-of-life server 2008 operating system, Windows seven. The workstations and servers that are still running in a production environment do not have the extended support from Microsoft and are not going to get security updates from Microsoft. Will that pose a threat? Absolutely. What the customer should do is work with their application vendor to make sure that when they do plan on upgrading and migrating to a newer modern operating system, their application will be compatible with that operating system.
Brian: What are some of the proactive things businesses can do to protect themselves?
Andy: Educate, educate, educate, and then take a step back. You can put all of the hardware in place, devise a disaster recovery plan, and implement dual-factor authentication (which is by far my favorite product in defending a malware attack); however, we have to take a step back and realize the human factor of it. People are the biggest security risk for our corporate network. As I mentioned, the threat actors will always be a step ahead of everyone. We have to be able to educate our staff so that they can realize the difference between a legitimate email and a spear-phishing email because that one time that a user gets click-happy and clicks on a link that they think is from a legitimate user, when in fact, it’s coming from a threat actor, the floodgates have opened.
Brian: Cybersecurity isn’t just about the IT department. What are some of the ways companies can educate their employees about these threats so they don’t accidentally introduce a risk to the entire network?
Andy: There are many products out there that deal with educating and preventing these types of attacks. One of the companies that we personally deal with is a company called KnowBe4 that offers great training lessons. They’re easy to follow and we’re getting great feedback from our employees about it.
Brian: Can you give an example of how such a service like KnowBe4 has helped in a real-world scenario?
Andy: Yeah, sure. Most recently, one of our CSRs was able to detect an email that came in from one of our customers. Keep in mind, our CSRs get well over 100 customer support requests daily. This one email that got picked up looked particularly odd with about 10 attachments on there and was from a real person from this organization. The CSR brought it up to the ADD Systems IT group, and the IT group said “If you think it’s suspicious and you haven’t clicked on it, call them up and say, ‘Hey, did you send this over?’”. Sure enough, we called up the client, and the client had no idea what we were talking about and realized then that the account was compromised. Thanks to the knowledge she learned from KnowBe4, she was able to prevent and mitigate an attack against our domain and then stop the strength from this customer.
Brian: Now, Andy, you’ll be hosting a webinar on security with Fuels Market News next month on March 17th. Can you give us a little preview of what we can expect to learn?
Andy: Sure! I’ll have the opportunity to speak about security issues in even more detail than we covered today. We’re going to be talking at length about threats and ways to protect our businesses.
Brian: Excellent. Andy, thank you so much for joining us today.
Be sure to register for Fuels Market News webinar with Andy and Alex Diaz, IT Manager at Bottini Fuel, to learn what you can do right now to protect your business. Register for the webinar today. To keep up with the latest happenings at ADD Systems, visit addsys.com/blog or connect with us on social media via LinkedIn, Facebook, Instagram, Twitter, or YouTube. If you have any questions about ADDcast, feel free to reach out to us at addcast@addsys.com.
Leave a Reply