Security Expert Interview Series: Rick McElroy
Below is an interview with Rick McElroy who is Principal Cyber Security Strategist at VMware Carbon Black. Rick is constantly seeking out new information and redesigning his own approaches to information security. Previously, he held important positions like Chief Information Security Officer (CISO) and Director of Information Security in different organizations. In this interview, Rick shared his insights on malware trends and how companies can adapt their security to be ready for tomorrow’s malware attacks. Now, enjoy the full interview.
1. Firstly, thank you for taking part in this campaign. Can you tell us about your professional background and areas of interest, Rick?
I started in cybersecurity about 25 years ago after I transitioned out of the Marine Corps and into the technology world. This was before “cyber” was even a term. We called it Information Assurance back then. I kicked off my career on the offensive side of security, testing organizations during the dot-com boom and helping them better defend against what we were doing. After that, I began doing offensive and defensive work for the Department of Defense.
What I noticed was that the offensive side of cyber was too easy. We got in every time and there were far too few resources dedicated to defending against these attacks, so I decided to start building and running security programs. Eventually, I worked my way up to CISO. From there, that journey brought me to Carbon Black which was acquired by VMware in 2019.
At VMware, I focus on being a trusted advisor to global organizations and helping them to drive better security outcomes. I am truly interested in disrupting cyberattacks at scale and focusing my work on the people, process and technology needed to achieve that in the modern digitally transformed world.
2. As we noticed, you have been working as a Principal Cyber Security Strategist for over 5 years now. Could you please share with us what are the challenges that excite you in that position?
What excites me the most is working with our customers and prospects to fundamentally change how security is built and delivered in a multi-cloud world where work from anywhere is a true reality. I also enjoy bringing this collective wisdom to the cybersecurity community and the larger general public.
3. Let’s now talk a bit about malware. What key malware trends have been dominating 2021 and what should we expect in 2022 and years to come?
It’s no shock that ransomware has taken up the bulk of the malware headlines in 2021. However, when you start to analyze what the criminals are doing, you can see where this is headed. Criminals have begun the work of centralizing their nefarious “as a service” models, such as Ransomware as a Service (RaaS).
Business-minded criminals were able to create strategies that left them in a position to begin to dominate the cybercrime markets. The dark web criminal economy is now the third-largest in the world and the scale of cybercrime is now exceeding a trillion dollars annually.
We must understand the strategies in place for criminals to begin to thwart them. Moving into the future, I would expect ransomware actors to target firmware and include destructive attacks as part of their capabilities.
4. How can organizations adapt their security to be ready for tomorrow’s malware attacks? Please walk us through your top recommendations.
My largest considerations for tactical recommendations are the commonalities amongst malware and attacks. In almost every case, the attackers are inside of environments long before they are detected or launch a ransomware payload.
In almost every case, they will steal credentials (largely fueled by Active Directory) to escalate privileges and gain a deeper foothold. They will then perform the lateral movement or move amongst interconnected systems on the same network. In both cases of credential harvesting and lateral movement, there are well-known solutions to help thwart these types of attacks.
- Install and properly configure multi-factor authentication wherever you can. This technology does disrupt attackers attempting to steal credentials on a regular basis.
- Microsegementation properly implemented is a great way to stop attackers who may gain access to one system from then moving around wherever they want.
These two technologies work at the centre of what attackers want to do. We must interrupt their ability to steal credentials and move through the network unabated.
5. What are some new threats you have recently noticed cyber criminals pose?
A deeply concerning emerging threat is attackers utilizing both audio and video deepfakes to gain the initial access into systems. Simply put, phishing is morphing in real-time. Email still represents a huge risk to organizations, but as we’ve adapted new social and chat-based communication systems, the attackers have started to leverage these as well.
We have seen an uptick reported from our Incident Response partners on this phenomenon. Why send an email when I can have a deepfaked version of the CEO Facetime the CFO to have a wire transfer initiated? Why use email when I can deepfake someone from the help desk who then asks an employee for their password? In fact, the FBI issued a warning this year against the risks of synthetic content. Expect more of this.
6. What do you predict to be important trends in cybersecurity in the next 3 to 5 years? AI? Blockchain? Machine Learning? Zero-trust?
I think the most important trend in cybersecurity in the next 3-5 years won’t be any of these individually, but instead, a combination that is really focused on gathering the entire context of an attack and using blockchain for trust purposes. The ever-escalating cyber war will bring these technologies to bear on both the offensive side of cyber as well as the defensive side.
7. How do you stay up to date with industry news and updates regarding information security and technology? Feel free to share your top 5 sources with us.
I spend a ton of time reading and listening to podcasts along with watching security presentations. I highly recommend the following sources:
- David Spark and the CISO Series: https://cisoseries.com/
- VMware Threat Analysis Unit: https://www.vmware.com/security/threat-analysis-unit-tau.html
- Neal Bridges and the Cyber Insecurity community: https://www.youtube.com/c/cyberinsecurity
- Hak5 Team’s channel: https://www.youtube.com/c/hak5
- threatpost.com and Krebsonsecurity.com for the latest news
Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.