12 Oct An Interview with Vice President of Product at OpenText Andy Mallinger
This interview is part of our Cybersecurity Insights Series, where we tap our partners and industry experts for the latest trends, thoughts, and predictions for cybersecurity and beyond.
As companies increasingly realize that their networks and sensitive information are vulnerable to cyberattacks (which are becoming costlier, more frequent, and more sophisticated all the time), they’re investing in cybersecurity like never before. This is why we reached out to Andy Mallinger to get his take on where the cybersecurity industry is going and how companies can protect themselves. Mallinger is the Vice President of Product at OpenText, so he’s up to date on the latest cyberthreats – as well as the most effective measures companies can deploy to prevent these attacks from succeeding.
Matt Lindley: How would you summarize the work OpenText does?
Andy Mallinger: The Webroot and Carbonite division of OpenText is passionate about protecting businesses and consumers from cyberthreats. We combat today’s most complex cybersecurity challenges and we’re constantly anticipating how to extend the value of our threat identification, prediction, and remediation to the connected world.
ML: How has the landscape of cyberthreats changed over the past several years, and what do you think it will look like going forward?
AM: The biggest shifts are the increased prevalence of threats that are more targeted and more dynamic. Targeted threats are constructed to attack specific companies or individuals, while the word “dynamic” describes threats that change frequently. Being prepared for zero-day threats – a term that refers to threats which haven’t been seen before and don’t fit any identifiable malware signatures – is more important than ever.
ML: Could you list a few of the dynamic threats organizations face?
AM: Employees used to know what malware files looked like and how to recognize them, but now all the copies are different – signature-based approaches don’t work. It’s more behaviorally based than ever before.
ML: The headlines are dominated by major cyberattacks on critical infrastructure, the retail industry, and so on. Why are companies still so vulnerable?
AM: While the cybersecurity industry continues to innovate, so do the hackers. And the systems businesses and consumers need to protect are more complex. The recent attacks on supply chains are a good example of how hackers find new ways to introduce risk into the ecosystem.
ML: What do you think hackers have learned from COVID-related supply chain disruptions?
AM: We used to say: “Hey, that’s coming from a company I know, so I can trust it.” But because cybercriminals can exploit security gaps in supply chains, material from legitimate entities can be compromised with malware.
IoT devices also pose a risk because many of them can’t be updated and they don’t have security software embedded. Because of the nature of zero-day threats, we update our product and we’re checking things in the cloud. Security software is embedded when our products leave the factory. I’m not sure how frequently malware gets into IoT devices, but if they can talk to your network through those devices, they can learn about what you’re doing, see your activity, intercept your messages, and so on. This could expose passwords and usernames and open you up to many more cyberthreats.
ML: What should companies be doing to reduce the risk of a cyberattack, and how can they mitigate the effects of a successful breach?
AM: Beyond cybersecurity training, which is the first line of defense against most cyberattacks, companies have to keep security software and operating systems up to date, evaluate the efficacy of security solutions, back up data to ensure cyber resilience, and understand what trends are affecting certain industries and user types – these are all part of reducing risk. We also have a VPN product for consumers, which is all the more important at a time when people will be working out of coffee shops, airports, etc.
ML: Could you talk a bit about building a cyber aware culture?
AM: A lot of times, a company’s biggest vulnerability is its people. Employees don’t realize that a message isn’t coming from a colleague, but an imposter. So they open that bad PDF file or Word document. This problem is even worse now that so many people are working remotely – most people aren’t experts at network security, so they’re opening their companies up to cyberattacks. Companies don’t just have to protect the data that employees are sending and receiving – they also have to protect who has access to what assets within the network.
The tools companies use to monitor and respond to cyberthreats are becoming more and more sophisticated – for example, threats can be automatically addressed without involving the security team. This idea of security as a service is a growing industry, because it’s such a complicated environment. It’s hard for companies to be experts as things continue to evolve and change rapidly.
ML: What makes OpenText unique? Which of your company’s principles should be adopted by other organizations?
AM: We are a leader in cloud-based cyber resilience. We focus on products and services that work, don’t require lots of computational resources, and are increasingly automated in their mitigation of threats.
ML: What’s the most common myth about cybersecurity you’ve encountered? How do you think it can be busted?
AM: Probably the myth: “I can recognize a scam.” Hackers are getting more sophisticated with targeted attacks – they’re personalizing those attacks, so it’s harder to know what’s legit or fake. Phishing attacks used to be totally obvious: they contained odd words, bad spelling, and so on. But they’re becoming much harder to spot. That’s why you have to hover your cursor over the link, ensure that the email address is correct, and check for warning signs every time.