Last Month in Security Episode 007: Former DHS Undersecretary Mark Weatherford

In this edition of the Halcyon video/podcast series Last Month in Security, host Anthony M. Freed and panelists Ben Carr and Steve Salinas are joined by Mark Weatherford, VP of Policy and Standards at Gretel, Founding Partner of Aspen Chartered Consulting, who was formerly Deputy Undersecretary for Cybersecurity at the U.S. Department of Homeland Security.

We jump into the discussion with some recent news that fallout from the 2023 MOVEit exploit campaign fallout included the leak of 1000’s of companies’ exfiltrated records – including Amazon (2.8 million records), MetLife (585,000 records), and HSBC (280,000 records).

It was previously reported that ransomware operator Cl0p had compromised an undetermined number of victims with the exploit, although it is unclear how well they were able to monetize the attacks.

This comes on top of insurer Coalition releasing their 2024 Cyber Claims Report: Mid-Year Update which found that while the frequency of ransomware attacks slightly decreased in early 2024, their severity intensified as claims rose significantly. The report noted a 140% increase among businesses with over $100 million in revenue, with ransomware attacks now driving 18% of all cybersecurity claims.

Mark provides some keen insights into what this means as far as the relative maturity curve of the ransomware economy, how much more growth can we expect given the success of the RaaS model in enabling less skillful attackers, and whether the US government’s response being largely limited to the issuing of guidelines and frameworks is adequate.

We then take a look at mass data exfiltration events that are now a part of nearly every ransomware attack, such as the National Public Data attack that exposed 2.7 billion records and the Change Healthcare (UHG) attack that exposed the private data of 100 million people, and how potential legal and regulatory impact following an attack in essence is re-victimizing victim organizations.

For example, Lehigh Valley Health Network recently agreed to a $65 million settlement following a class-action lawsuit over a 2023 data breach, Enzo Biochem was ordered to pay $4.5 million to New York, New Jersey, and Connecticut following a 2023 ransomware attack, and the City of Columbus is facing a class-action suit following a ransomware attack that compromised the 6.5 TB of data including personal information of city employees.

We know that ransomware operators are clearly after sensitive data, and we know determined attackers will get in sooner or later. So, is every organization that handles private or regulated data basically on notice that when they are targeted by attackers, they will also be targeted by regulators, then they also will be targeted by shareholders and/or customers?

Is this a constructive approach to the ransomware problem? Can we do better?

About Our Guest:

Mark Weatherford occupies so many important positions, it's hard to know where to start. He is VP of Policy and Standards at Gretel and Founding Partner of Aspen Chartered Consulting, as well as sitting on the Board of Directors and Advisory Boards for dozens of leading and emerging cybersecurity and technology companies.  

Mark also has an extensive background in executive-level cybersecurity roles, showcasing a distinguished career in both public and private sectors. He has served as Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation (NERC), and Chief Information Security Officer for the state of Colorado.  

In 2008, he was appointed by Governor Arnold Schwarzenegger as California’s inaugural Chief Information Security Officer. Later, in 2011, the Obama Administration selected him to serve as the Deputy Undersecretary for Cybersecurity at the U.S. Department of Homeland Security.

A former naval officer with expertise in cryptology, Mark played a pivotal role in advancing the Navy's cybersecurity capabilities. He served as Director of Navy Computer Network Defense Operations, Director of the Navy Computer Incident Response Team (NAVCIRT), and led the establishment of the Navy’s first operational red team, demonstrating his commitment to enhancing cyber defense strategies.

Your Hosts:

Anthony M. Freed, Halcyon Director of Research and Communications: Freed is a strategic communications leader, award-winning writer, publisher and podcast producer who was previously a freelance security journalist leading headline-making investigations that included the Symantec NAV source code leak, the mass compromise of US government agency account credentials, the denial-of-service attack that took down WikiLeaks, and more. Freed is also the principal researcher who produces the quarterly Halcyon report Power Rankings: Ransomware Malicious Quartile - Inside Data Extortion Attacks.  

Ben Carr, Halcyon Advisory CISO: Carr is a Security & Risk Executive and recognized thought leader with more than 25 years of results driven experience in developing and executing security strategies. Carr has served in global leadership roles at advanced technology, high risk, and rapid growth companies such as Ericsson (Cradlepoint), Qualys, Aristocrat, Tenable, Visa and Nokia. Ben has served as a member of the Board of Directors for organizations such as IT-ISAC and NTXPKUA. He is an advisor for Noname Security and Syn Ventures and has previously served on Advisory boards for Living Security, TruStar, Mimecast, Qualys, and Accuvant.  

Steve Salinas, Director of Product Marketing: Steve is a seasoned product marketing professional specializing in crafting messaging, launches, targeted content creation, analyst relations, and being the "voice of the customer" when working with product management. Over his 20 year career, Steve has developed the ability to translate complex technical capabilities into relatable value-based messaging that educates the audience, leading to many successful product launches and millions of dollars in revenue.

Subscribe to the Show:

• Apple Podcasts

• Spotify

• Amazon

• Podcast Index

• Podcast Addict

• Podchaser

• Pocket Casts

• Deezer

• Listen Notes

• Player FM

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.