SafetyDetectives spoke with Curtis Simpson, CISO of Armis. He spoke about the challenges of being a CISO, what Armis offers businesses, and cyberthreats that target IoT devices.
Can you tell me about yourself and how you came to Armis?
I’ve been with Armis for 3 years now and joined the team after being a customer and early advocate of the company, the unparalleled Armis offering, the extensive business and security value that the offering helped me unlock, and the political capital that I was able to establish as a result.
It was a couple years before joining Armis and after over 15 years of building and leading global information technology and security programs that I realized it was time for a change. I broke into information technology to help enterprises solve business problems and manage business risks at scale through the creative use of technology and integrated services. After nearly 20 years of enterprise experience, my challenges were mostly political in nature and I was personally feeling greater fulfillment through the time I was spending advising the community at scale. I realized that the next step for me was to bring value to many enterprises by applying my decades of enterprise experience back to a solution and/or service provider in support of companies and their leaders around the globe.
When assessing the portfolio of solution and service providers that had been most valuable to the companies I’d worked for, the programs that I’d built, and the business leaders and functions that I supported and enabled, I rapidly realized that my desired next step was clear. Armis had unlocked more business value than any other service or solution in my stack and, the team had been nothing but a partner from the very beginning.
The rest is history.
What are some of your biggest challenges as the CISO?
The challenges are also what make the role so exciting and compelling for me personally. A CIO/CISO within a technology company typically wears many hats spanning many areas of internal and external responsibility. On any given day, one must tap into leadership, technology, project management, sales, marketing, product, and other honed capabilities in support of the business and its customers.
This can be head spinning at times but, the ability to deliver business value on so many fronts is a true privilege and keeps me motivated each and every day.
What is the Armis platform, and why is it so crucial for any business?
The Armis platform offers leading asset intelligence technology designed to address the growing threat landscape introduced by the ever-expanding network of connected assets. Our real-time, passive, continuous protection provides our customers with full contextual visibility into all managed and unmanaged assets across IT, cloud, IoT, and more. We serve a wide-range of industries and verticals, including healthcare, critical infrastructure, manufacturing, retail, financial services, and beyond. Given the rapid pace at which that’s evolving today, it’s critical that business and IT leaders implement modern and flexible systems that safeguard and enable what matters most to the business and even help the enterprise shift dollars from tech debt to innovation to accelerate the transformation.
Armis unlocks this visibility and value at scale within today’s most complex public and private sector operations and is helping customers deliver cyber-resiliency based operations in support of their transforming enterprise and in protection of the brand along the way.
What are the biggest cyberthreats or risks when it comes to IoT devices? and how can someone protect themselves and their data?
Digital transformation combined with the pandemic and shift to remote working have accelerated the rate in which new non-traditional assets are being connected to business networks, expanding the cyber asset attack surface significantly. In fact, it’s expected that by 2025, there will be approximately 27 billion non-traditional connected assets (e.g. IoT devices). From robots in warehouses, MRI machines in hospitals, or point-of-sale terminals in retail, everything is connected to the enterprise network and therefore exposed to cybercriminals.
Industries have rapidly adopted IoT. This includes healthcare organizations that rely on connected medical devices to monitor patients and provide critical care. The manufacturing industry adopted digital transformation strategies to advance their industrial control systems (ICS) to improve efficiencies. Energy and utility providers rely on voltage regulators and smart switches to deliver services and resources safely. As a result of this growing landscape, these organizations are easy targets for malicious actors and hackers who are opportunistic and eager to deploy cyberattacks, like ransomware, to disrupt service in the hopes of making a quick buck. In fact, according to Verizon’s 2022 Data Breach Investigations Report, ransomware has continued its upward trend with an almost 13% rise – an increase as big as the last five years combined.
In order to protect themselves, it’s essential that organizations leverage technology that provides real-time, continuous protection to include deep visibility into all the assets on their network. Gaining complete network visibility can help organizations to address the new threat landscape that connected devices create. Ultimately, the rise of IoT devices is a great thing— helping businesses to increase efficiencies and provide new forms of connectivity. Making sure that security is top of mind for organizations across industries is critical to be able to really harness the benefits of IoT.
What should the average person or small business do to protect themselves from ransomware?
Data security is critical for businesses and individuals alike. As mentioned above, anything that’s connected to the network could be potentially introducing risk, so it’s important to stay on top of regular updates and patches for any device with internet connectivity. This starts with visibility into what assets are connected and many modern home network hubs can help enable this visibility in a user-friendly manner – if you can’t see an asset, you can’t protect it.
A few additional and equally important recommendations are as follows:
- Remember, connected devices in the home can include laptops, desktop computers, tablets, mobile phones, smart watches, smart home hubs and other smart home devices (e.g. switches, lightbulbs, thermostats), televisions, and anything else that you connected to the network over Wifi or an ethernet connections.
- Periodically check for updates for your connected devices and apply them when made available using software and manuals made available by the manufacturer.
- Ensure that you’re running up-to-date antivirus / endpoint protection software installed on all PCs on your network while ensuring that the software that you select enables “memory protection” capabilities.
- Change the default password on any and every device you connect to your network and on your network router, cable modem, or other home network equipment.
- Unsure how to do so? It’s often easiest to just look on Youtube for how to secure and/or change the default password on any smart device that you’d like to connect to your network (or that’s already been connected and should be secured).
- Backup your important information to a service that is not on your network or highly isolated and running on a different platform than the computers used to regularly connect to and navigate the Internet.
- Take advantage of reputable, well known online storage and collaboration solutions to make this easier; including guides that they’ve written on this topic in recent years in response to the significant uptick of remote work.