Company description:
Procopio is a full-service business and litigation law firm serving small to mid-sized companies as well as large multinationals, serving client’s needs through every stage of the business life cycle. The firm is committed to thoughtful problem solving and improving their client’s bottom line. With more than 150 attorneys based in San Diego, Silicon Valley, Phoenix and Austin, serving clients around the world, Procopio is passionate about knowing each client’s business and helping that client grow. Their global reach across Asia and Latin America further expands international partnerships and cross border capabilities. Procopio is focused on what’s important to its clients–providing smart, innovative and practical solutions in a cost-effective manner.

Senior Leadership:
Thomas W. Turner, Jr.

Managing Partner
James G. Perkins
Chief Operating Officer
Chief Compliance Officer

Founded: 1946

Brief history of firm:
Founded just after the conclusion of World War II by four leading legal minds in San Diego—Tony Procopio, Alec Cory, Harry Hargreaves and Manny Savitch—the firm was on the leading edge of San Diego’s postwar boom of economic development. The four partners from the beginning instituted a culture based on actively listening to clients and applying detailed attention to serving their legal needs. They also encouraged collaboration across the firm, and the family feel at Procopio has led to an exceptionally low level of attrition. The firm has also grown exponentially, with more than 70 attorneys by the start of the 21st Century and more than 150 today. Now the largest independent law firm in San Diego, Procopio has expanded to offices in Del Mar Heights, Silicon Valley, Phoenix, and Austin, covering more than forty practice areas, and representing clients around the world, including Asia and Latin America. Yet it continues to provide a detailed level of focus on client needs at rates 30 to 40 percent lower than many of its larger competitors.

Core principles:

  • Commitment to Service: It’s Procopio’s pledge to always go above and beyond. Providing the best possible client service is engrained in our culture.
  • Passionate People: Procopio believes the key to its success is in its people and their passion. Procopio employs some of industry’s most skilled and experienced lawyers, many of whom have worked at the world’s largest national and international firms.
  • Adding Value: Its lean operational model allows it to provide winning solutions without the big overhead typically seen with large international firms. Procopio is committed to understanding each client’s business while building a long-term relationship.
  • Driving Innovation: From its in-house startup incubator to its cutting edge electronic storage systems, Procopio’s innovative and entrepreneurial mindset helps clients stay ahead of their competition.

Tech-related emphasis:
Reflecting the innovative technology spirit of San Diego entrepreneurs, Procopio has long had an active practice in the tech sector, and its offices in Del Mar Heights and Silicon Valley reflect that focus. Procopio runs a LaunchPad incubator in its Del Mar office, part of Procopio Business Advisors, an arm of the firm that woks with entrepreneurs to grow their businesses focused on sustainable growth and/or becoming an attractive acquisition opportunity.
The firm’s active Intellectual Property Practice Group is active in tech industries, from patent prosecution, litigation and licensing to trademarks, copyrights and trade secret protection. Procopio has an active Technology Transactions Practice Group negotiating, drafting and implementing tech contracts while protecting its clients’ intellectual property positions. Procopio also has an Emerging Growth and Technology Practice Group focused on numerous fields including information technology, telecommunications, life sciences and clean-tech.

Locations:
California:

    • San Diego (downtown)
    • Del Mar Heights
    • Silicon Valley (Palo Alto)

Phoenix, Arizona
Austin, Texas

Reason for CyberTECH membership:
Procopio was one of the first law firms in cyberspace, dealing with data breaches, encryption patents, IoT data protection, HIPPA compliance, ecommerce, IP issues, cybersquatting, unfair competition, take-downs and online terms and conditions. As cybersecurity issues continue to grow in importance, Procopio is there.

Notable tech-related anecdote:
For decades, Procopio was active in the entrepreneurial tech environment of San Diego and California more broadly. That has manifested itself with the founding of Procopio LaunchPad in 2012, an incubator for and initial investor in technology start-up companies, committing valuable real estate and business support services to promising startups. Procopio Partner Bill Eigner serves on CyberTECH’s board of directors.

Recent notable transactions:

  • Managed the sale of an Internet security company to a private equity firm for $50 million.
  • Worked with a technology start-up with a capitalization of $500,000 to ensure a sale to a large public company for $180 million.
  • Secured the founders of a medical software development company’s stock sale to a private equity investor for about $60 million.

 

Attorneys practicing on tech-related issues:

William Eigner, Partner


Noel Gillespie, Partner


Marina Lewis, Senior Counsel


Megan McCarthy, Attorney

Contact info:

 

  • Website
  • Contact: Patrick Ross, Senior Manager of Communications and Marketing
  • 619-906-5740

 

MEMBER SPOTLIGHT: VUEZ
CyberTECH Newsletter

VUEZ

VUEZ, pronounced as “views,” the French term for “view,” is a live media tech company that will give consumers and business professionals the ability to broadcast live, dynamic, and compelling video from anywhere in the world on all platforms.

Founder/CEO: Jay Ringgold
Co-founder/President: Victor Ross
Product/Service: Multi-level, mobile-media production
Founded: 2016
Expected launch: January 15, 2017
Website: www.vuez.com
Location: 1185 First Avenue, Suite #103, San Diego, CA 92101


Quotable: “The killer aspect of our product is a media production studio in your pocket. We allow users to effectively communicate using live and on-demand video on our platform. It gives the user the ability to use our patent-pending dynamic media creation tools, which to allow them to distribute and store their digital memories.

“In addition, we will offer our own original TV programming with original series, as well as giving viewers the ability to watch syndicated TV shows and movies.” – Jay Ringgold

Notable trends/ideas: “The trend in our field is mobile media, via video platforms, is set to surpass traditional TV networks by the year 2018. That means more and more users are turning to mobile devices to obtain their source of content, whether it’s live video or on-demand video, this is becoming the norm in today’s media industry.”

Bios/backgrounds:

  • Jay Ringgold is a strategic tech serial entrepreneur with more than 20 years of experience with progressive tech ventures. A native San Diegan, he has built web technologies for National Lampoon, Inc. magazine and related tech ventures. Jay has teamed with various celebrities, including Grammy Award-winning performer Ludacris, and helped launch MyGhetto.com, which grew to over 600,000 active members.
  • Victor Ross has over 30 years in the investment industry in various corporate leadership roles. He also served for eight years as a fiduciary with the San Diego City Employees’ Retirement System, along with 15 years as a business owner and partner. Victor also has extensive experience in community service and with San Diego-based athletic foundations.

Contact info:

  • jay@vuez.com
  • 844 327 6900, ext 5001

VUEZ IS LOCATED WITHIN NEST AT X-HIVE, THE DISTINCTIVE COWORK SPACE AT 1855 FIRST AVENUE, SUITE 201, SAN DIEGO, CA 92103.

To inquire about available space, contact Darin Andersen:

  • darin@cyberhivesandiego.org
  • 619-341-4036

Company description:
Mintz Levin, established in 1933, is a versatile Am Law 100 law firm with over 500 lawyers serving clients worldwide. Applying a cross-disciplinary team approach, we bring attorneys from many different yet complementary areas together to address the rapidly changing legal and regulatory requirements of a wide variety of industries, including Technology; Financial Services; Health Care; Life Sciences; Energy Technology; and many others.

The firm’s major practice areas include Antitrust; Bankruptcy & Restructuring; Corporate & Securities; Employment, Labor & Benefits; Environmental Law; Health Law; Intellectual Property; Litigation; Privacy & Security; Public Finance; Real Estate; Tax; and Technology Transactions.

Mintz Levin’s eight offices are strategically located to meet the evolving needs of our clients. In addition to seven U.S. office locations in San Diego; San Francisco; Boston; Los Angeles; New York; Stamford, CT; and Washington DC, Mintz Levin has an office in London.

Chief Executive Officer/President:

Robert Bodian, Managing Member
Since 2009, Mr. Bodian has served as Managing Member and head of litigation section in Mintz Levin’s New York City office, which has grown to nearly 90 attorneys, and one of the top 100 law offices in New York, since being established in 2000. As an experienced litigator, Mr. Bodian is valued by clients for his judgment, tenacity and calm demeanor. Mr. Bodian has an extensive background in the areas of employment and commercial disputes, financial services, insurance, securities, real estate and banking.

Founded/launched: 1933

Brief history of firm:
What now has grown to eight offices and 500 attorneys all started in Boston during the height of the Great Depression, when two young entrepreneurial attorneys met for lunch and laid out a vision for what they wanted their new law firm to be: An innovative practice dedicated to its clients and their success.

The heart of the firm is our founding partners’ guiding principle of providing excellent legal services in an atmosphere of mutual respect, dignity, and tolerance. This has been our foundation ever since we opened our doors in 1933.

Our eight offices might look different, but throughout the world you’ll find the same can-do entrepreneurial spirit at Mintz Levin. It’s our defining characteristic. And it’s our job to help our clients grow.

Location: 3580 Carmel Mountain Rd #300, San Diego, CA 92130

The firm’s mission:
Mintz Levin’s singular focus on excellence is the foundation on which the firm was built more than 80 years ago. It remains the driving force in everything we do — from representing a client in bet-the-company litigation, to standing up for victims of domestic violence. We set the highest standards for ourselves because we know what is at stake for our clients. And we are proud that, as a result, we’ve built decades-long relationships with Fortune 500 companies and individual entrepreneurs alike. We have helped establish and grow some of the world’s finest life sciences and technology companies.

Reason for CyberTECH membership:
To stay current and connected with the San Diego-based Cyber community.

Notable tech-related anecdote about firm:
For decades, Mintz Levin has provided creative and entrepreneurial counsel for tech companies of all types and sizes and covering the full spectrum of legal services. We understand the legal issues that tech companies need to address to maximize their potential.

We have represented leading-edge companies across all of their life cycle needs,from early stage through growth capital to M&A transactions and IPOs, and addressed such issues as privacy, data security, and raising capital online. Our clients include companies in the FinTech, AdTech, EdTech, Internet, security, robotics, media, and social media sectors, among others.

Recent notable cases:

  • Managed and responded to a major, multimillion-record data breach for a leading global marketplace processing nearly 100 million activity and event registrations and more than $3 billion in payments annually
  • Represented a media company in its loss of 200,000 subscribers’ personal data. We negotiated a multistate FTC resolution, helped to set up call centers and prepare breach notices and avoided regulatory and enforcement action.
  • Provided Safe Harbor certification, guidance on global privacy issues, and advice on general privacy issues (including PCI-DSS) to a multinational diagnostics and IT solutions provider with 15 locations.

Leadership bios:

Cynthia Larose, Member
Ms. Larose is a member of Mintz Levin’s Corporate Practice, Chair of the Privacy and Security Practice, and a Certified Information Privacy Professional. She has extensive experience in dealing with the international, federal and state regulations related to the use and transfer of information, behavioral advertising, data security breach compliance, incident response and response planning, and data transfers in the context of mergers and acquisitions and technology transactions.

Brian Lam, Associate
Mr. Lam has extensive experience in patent litigation and intellectual property matters, as well as privacy and data protection matters, particularly as to data aggregation, network security, and technology transactions. Beyond counseling on compliance, incident response, and data privacy and protection, Brian has advised on technology-centric agreements, licensing issues, open source software licensing, vendor agreements, and hosting agreements, and analyzed patent portfolios for potential assertion or freedom to operate.

Contact info:

  • 3580 Carmel Mountain Rd #300, San Diego, CA 92130
  • P: 858.314.1500
  • F: 858.314.1501
  • www.mintz.com

Company description: Proficio is a provider of managed detection and response services. Its innovative approach to managed security service delivery is changing the way organizations defend against advanced threats, achieve regulatory compliance, and prevent security breaches. Proficio’s ProSOC service provides highly accurate, 24×7 security monitoring and alerting, advanced threat detection, and automated response services. Proficio is the trusted managed security service provider for some of the world’s leading utility, healthcare, industrial, and consumer-focused organizations.

Top executive: Tim McElwee, President/Chairman of the Board

Founded/launched: 2010

Location: 3264 Grey Hawk Court, Carlsbad, CA 92010 (corporate headquarters); Singapore and Sydney, Australia (international offices)


Quotable: “Enterprises are spending more on security products and tools, yet unfortunately data breaches continue at an unprecedented rate. Organizations need to more accurately identify critical events and automate their response to attacks and suspicious behavior to contain and remediate threats before they result in a damaging security breach. Our managed security services leverage advanced analytics, threat intelligence, and orchestrated incident response to provide our customers unrivalled cybersecurity protection.” –Tim McElwee

Company slogan: “Managed Detection and Response Services Leader”

Recent milestone: (Nov. 28, 2016) Proficio raised $12 million in a round of funding led by Kayne Anderson Capital Advisors, L.P., a leading alternative investment management firm focused primarily on the middle market in North America. The funding comes out of the firm’s Kayne Partners Fund group, which backs high-growth technology enabled businesses. The company plans to use the investment to expand its global geographical presence in the Americas, Asia Pacific and Europe, and introduce new cybersecurity platforms and services.

Latest news: (Feb. 20, 2017) Proficio announced it has enhanced its ProSOC service offerings to help healthcare organizations more easily meet U.S. Department of Health & Human Services (HHS) HIPAA compliance. Proficio’s new HIPAA Compliance Insight service enables hospitals and healthcare organizations to be prepared when faced with an audit with well-defined processes, procedures, and documentation to quickly visualize and address their compliance posture, while effortlessly implementing accountability.

HIPAA compliance is an ongoing process, and regulations will continue to change as new risks become apparent. To help healthcare organizations navigate this evolving regulatory landscape, Proficio’s HIPAA Compliance Insight service includes regularly scheduled HHS compliance meetings hosted by Proficio, with investigations where needed to meet HHS requirements, detailed personalized reports that include the section and regulation mapped to specific

Notable announcements:

  • (Dec. 15, 2016) Proficio partnered with CrowdStrike, the leader in cloud-delivered endpoint protection, to help customers deploy comprehensive security technology and services to protect their digital assets from the endpoint to the cloud.
  • (July 4, 2016) Proficio was named the winner of the Singapore-based CIOHONOUR Award in the Managed Security Services Provider (MSSP) category for Enterprise Security. Award-winning firms are selected on the results of a poll of over 500 IT decision-makers in Singapore.
  • (June 28, 2016) Proficio was added to the Cybersecurity 500, which salutes the world’s most innovative cybersecurity companies. The firm is listed in the category of Managed Security Providers.
  • (May 25, 2016) Proficio announced the opening of its new headquarters and Security Operations Center (SOC) in Singapore. The new state-of-the-art SOC is a center of innovation and deliver advanced cyber security services. Located in The Signature in Changi Business Park, the new center is triple the size of the previous facility and supports the rapid growth in Proficio’s global customer base.

Leadership bios:

  • Tim McElwee, President/Chairman of the Board
    Tim is a senior executive with over 20 years of experience in building, operating and growing information technology companies. He has held multiple executive positions, including CEO of Imperito Networks, the first cloud-based VPN software company; and at Phoenix Technologies (Nasdaq PTEC) and Ramp Networks (acquired by Nokia). Tim has co-authored multiple patents and has a proven track record of launching new companies, leading highly successful global organizations, and creating shareholder value.
  • Brad Taylor, CEO
    Brad has 20-plus years of experience in the enterprise software, security, and networking industries as a senior executive in sales, marketing, business development, acquisitions, operations, and venture capital. He has built and managed multiple sales teams as a VP of Sales and assisted in two highly successful IPOs with RSA Security (RSAS, now EMC) and ArcSight (ARST). In addition, he has helped several companies get up and running to successful sales and market positions as a VP of Worldwide Sales/Marketing/Business Development for companies including eIQnetworks, SOA Software, and AirTight Networks.

Contact info:

  • 800-779-5042
  • info@proficio.com
  • website

DRONE AVIATOR ASSOCIATION

Launched early this year, the Drone Aviator Association (DAA) is a membership portal, the industry’s first drone-only trade organization that advocates for drone users. More than six million drone users are expected by 2017, continuing a 30% year-to-year growth rate. Benefits of DAA membership ($50/year) include FAA registration, access to certification courses, and insurance products to limit the inherent risks of flying a drone.

Founded: 2016

CEO: Egbert Oostburg

Product/Service: Drone user trade organization

Website: www.droneaviator.co

Location: 1185 First Street, Suite #103, San Diego, CA 92101

Quotable: “This industry is evolving and accelerating at an astounding rate. With the advancements in drone technology over the next 12 months, we won’t even recognize where we are today. It’s going to be a fun ride.” – Egbert Oostburg

Notable trend: Apple has partnered with China-based DJI, the world’s leading drone manufacturer, to challenge GoPro’s supremacy in action photo/video capture. Priced at $1,400, the Phantom 4 drone features autopilot, auto-follow and object-avoidance capabilities. Phantom 4 will reportedly integrate closely with Apple’s iOS ecosystem, allowing users to view and even control their drone via an iPhone or iPad.

Contact info:

  • eoostburg@droneaviator.co
  • 858-365-3430

DRONE AVIATOR ASSOCIATION is located within NEST at X-Hive, the newly-opened CoWork space at 1855 First Street, Suite 201, San Diego, CA 92103.

To inquire about available space, contact Darin Andersen:

  • darin@cyberhivesandiego.org
  • 619-341-4036

MiPOV TECHNOLOGIES

Product/Service: A cutting-edge wearable device that enables users to share their point of view via a social-mobile app

Founded: 2016

Location: iHive @ NEST, 1855 First Street, Suite 103, San Diego, CA 92101

Website: www.mipovtechnologies.com (under construction)

Co-founder/CEO: Nick Phillips
Co-founder/CFO: Joseph Felix

Quotable: “The MiPOV Technologies Team is composed of five University of Kentucky graduates with diverse backgrounds spanning from business to mechanical engineering. Relocating to San Diego in mid-August will allow our startup to get a foot in the door and position ourselves where we aren’t just another tech company.” – Nick Phillips

Notable trend: Forbes recently estimated that 123 million wearable devices will be purchased in 2016, generating $14 billion in total revenue. This figure is projected to increase with a Compound Annual Growth Rate (CAGR) of 32%, reaching 411 million devices and $34.2 billion in total revenue by 2020. In addition, it is forecast that worldwide social media use will increase to 2.2 billion by 2018.

Contact Information (Nick Phillips):

  • 859-757-3466
  • nickphillips@mipovtechnologies.com

JANUARY 2017 MEMBER SPOTLIGHT: SaaSMAX

putting the right products in the hands of B2B customers.

On the one hand, this means enabling SaaS companies (Security as a Service) with business intelligence, matchmaking and channel management tools, so that they can quickly pinpoint which IT resellers to work with and recruit them. On the other hand, it means empowering IT resellers to identify, aggregate and bundle the right SaaS products for their customers, within a straightforward white-label web store. For both parties, it means managing recurring billing and commissions, and tracking referrals.

In doing so, SaaSMAX broadens the base of prospective SaaS customers, lowers customer acquisition costs, enables faster time to market and enables new recurring revenue sales that compound over time for SaaS companies and IT resellers alike. Currently, SaaSMAX, the marketplace is experiencing its strongest growth and demand in cloud-based cybersecurity solutions.

In addition, SaaSMAX’s new proprietary business intelligence tools for profiling and matchmaking IT resellers are being adopted by major IT enterprise companies as a separate offering known as PartnerOptimizer™.

Chief Executive Officer: Dina Moskowitz

Founded/launched: 2013

Location: 7770 Regents Road, Suite 113-129 San Diego, CA 92122 (most of the team works virtually)

Quotable: “SaaSMAX is the platform that finally enables the rapidly growing SaaS sector and the established IT Consulting sector (The IT Channel) to Cross the SaaSm together. We are leveling the playing field for B2B cloud software (SaaS) companies who need to go to market and resell through IT Consultants like the big guys do, while making it easy and profitable for IT Consultants to identify,bundle and sell the right SaaS solutions to their clients.” – Dina Moskowitz

Notable trends/ideas: Cybersecurity is top of mind to SaaSMAX’s IT Resellers and the IT Channel in general, who are responsible for keeping their business clientele protected from cyber threats and attacks. To accommodate this trend and the growing demand, SaaSMAX has been assembling an arsenal of Security-as- a-Service products and is setting IT Consultants up with “white-label” cybersecurity web stores, complete with quote-to- cash billing.

Leadership bios:

Dina Moskowitz, CEO: Dina Moskowitz has been a leader and consultant to cloud-based, SaaS and other technology companies throughout her career. Prior to SaaSMAX, Moskowitz was CEO and founder of Critical Digital Data Solutions Inc., which developed cloud-based data storage solutions. She has earned many awards and recognition in the IT Channel, and serves on the Vendor Advisory Council at CompTIA,the Board of the Small Business Web, and the Foundation Board of Seacrest Village Retirement Communities.

Clinton Gatewood, Vice President, Reseller Partner Development: Clinton Gatewood brings a broad range of professional experience, from serving in the US Army, to extensive sales, marketing, channel and business development experience in the IT space. Clinton was VP Corporate Development for Zenith Infotech, LTD, during which time he built channel distribution for their enterprise network management solutions, recruiting thousands of channel partners.

Ted Finch, Chief Channel Marketing Officer: Ted Finch is one of the top channel and marketing experts in the high-tech industry, having launched over 450 products into the channel for over 200 vendors, including Microsoft, HP, Adobe, Corel, Intel, and many others. He has consulted with over 170 Fortune 500, mid-sized and start-ups including several storage software and hardware vendors.

Ted Cole, Enterprise Liaison, SaaSMAX PartnerOptimizer Ted Cole has over 35 years of leadership and execution in channel management, program development, sales and operations with a solid record of achievements. He was honored as a Channel Chief for eight consecutive years by CRN for consistently advocating, promoting and executing effective channel partner programs and strategies across ADTRAN and the industry at large

Interesting Facts: Most people and companies do not think about their “IT Consultants” as belonging to an industry sector, or how they actually impact and contribute to the economy. However, there are actually 140,000 firms and an additional 199,000 sole proprietors that are part of the industry sector named “The IT Channel,l” responsible for reselling as much as 80% of hardware, software and IT services in the US ($400B+) annually, according to research by CompTIA, the leading industry trade association for the IT Channel. The largest enterprise technology companies, such as Microsoft, Intel, IBM, HP, etc., go to market through the IT Channel.

Contact Info

  • info@saasmax.com
  • (800) 748-7650
  • Twitter: @SaaSMAX
  • www.SaaSMAX.com

KPBS-FM Radio (NPR)
Interview with Darin Andersen
Chairman/Founder, CyberTECH

Host: Maureen Cavanaugh
Topic: Impact and aftermath of global WannaCry Ransomware attacks

Intro (Cavanaugh):
Organizations across the country have been bracing for an expected wave of “hacker attacks” this morning, after a so-called “ransomware attack” disrupted businesses on Friday. But the software attacks seem concentrated on Asia today, perhaps because businesses closed earlier on Friday due to the time difference. The U.S. has not seen much of this current attack, which is transmitted by email and locks users out of their computers and threatens to destroy the data if a ransom isn’t paid.

Joining me today is Darin Andersen of CyberTECH in San Diego. Darin, welcome.

Andersen: Nice to be here again.

Q: This ransomware is called WannaCry. Do we know where it originated and who is responsible?
A: This has been a tricky one, in terms of what we call “attribution,” that is, determining where the source of the hack came from. We’re not sure. There are certain investigation paths that are now open – Russia, China. This one might also have some connections to the U.S., Canada and Brazil.

Q: Russia’s Vladamir Putin and Microsoft’s Brad Smith both have pointed to the NSA, the National Security Agency, as the origination of this particular ransomware.
A: Yes, this ransomware definitely has some aspects included in some of the so-called “kits” produced by the NSA. Clearly, we can see in the attacks that some of the tools were used as part of the overall attack.

Q: How serious hass this attack been?
A: Well, what’s serious about this one is that it’s global in nature and ransomware is an insidious type of malware that locks up your computer by encrypting data contained on that computer. And usually, the hacker asks for some form of ransom, usually in the form of bitcoin. And what’s tricky about this one is that it’s very broad-cased – about 250,000 computers worldwide that we know about, across multiple countries. And I suspect that the computer numbers will come in much higher.

Q: If indeed, the National Security Agency developed this kind of malware, how did anyone else get their hands on it?
A: Well, just a few weeks ago, there is a big release of NSA hacking kits by WikiLeaks. That’s the connection that some people are suggesting – that tools released in that WikiLeaks leak led to some of the tools used in this attack.

Q: Now, many companies, especially in Europe, were bracing for a second wave. Why do you think that hasn’t really happened?
A: It could be because the adversaries are doing a “proof of concept” review, a common tactic just like in almost any other business enterprise, kind of trying out “version one.” They may be trying to figure out: Can they actually attack globally? What systems were affected? Clearly, the perpetrators in this case were pretty good at obfuscating their attribution. We have some clues. I think we will find out where this came from. But right now, things are a bit up in the air.

Q: Why do you think the U.S. hasn’t been affected so much by all this?
A: We’re getting better at detecting and fending off ransomware attacks. Smaller and mid-sized businesses are the ones that find themselves most susceptible to these kind of attacks. Or, I should say, most larger companies have gotten better. The thing is, you don’t necessarily hear about who’s been impacted. Because if someone is going to pay a ransom, they may not want to let that be known.

Q: Apparently, a software patch against the malware was issued by Microsoft. The question that computer experts are asking is: Why hasn’t that been installed by more users?
A: Well, it’s always a question of what I call, “malware and security hygiene.” And companies just get behind in those release cycles and leave their computers unpatched and therefore, leave their computers vulnerable.

Q: Do you know of some companies that have paid ransom?
A: Yes, there were reports of some hospitals and universities in town that actually had paid. But I would say that certainly Fortune 500 companies, many mid-sized companies across America are actually finding it easier to pay the ransom. Which, by the way, could be as little as $20,000 to $30,000. The attackers know where that right request price is. And a lot of times it’s much easier just to pay that cost, than to bear the burden of losing all your data.

Q: When you say organizations “in town,” do you mean here in San Diego?
A: Yes, I was referring to San Diego. But we work on a national basis, and we’re definitely seeing similar attacks across the country and throughout the world. And I tell you that companies are definitely paying to make them go away.

Q: Besides making sure that you’re updating your software, what other precautions can you take, just in case this WannaCry ransomware shows up here?
A: You want to make sure your computers are patched and updated. That your employers are fully trained – because what’s happening in many cases, what’s starting these attacks is some type of phishing. So keep your eyes open. Look for small differences in your emails, like if you’re getting a request that “I must have something now.” Take that extra minute to check it out. Call the person that the email pretends to be from. Make sure things are copasetic.

Q: I’ve been speaking with Darin Andersen of CyberTECH in San Diego. Darin, thanks a lot.
A: Great to be here again.

“Midday Edition”
Interview with Darin Andersen, Chairman/Founder
March 8, 2017 

Topic: WikiLeaks releases what it calls CIA trove of cyber-espionage documents
Maureen Cavanagh (host): Joining me is Darin Andersen. He’s a member of California’s Task Force on Cybersecurity, chairman of CyberCalifornia and chairman/founder of a cybersecurity company. Darin, welcome.

Q: The cybersecurity world wasn’t really surprised by the information in this leak, was it?

A: Not really. We’ve seen some WikiLeaks for quite a while now, starting with the Chelsea Manning documents, for example. So it wasn’t too big of a surprise.

Q: You talk about “depth of scrubbing” – that area being somewhat of a revelation in this WikiLeaks stuff. What does “depth of scrubbing” mean?

A: Well, what I mean is, the level at which you scrub depends on the level at which you see a threat occurring. As the threat level goes up, you may dig a little deeper into the data. And I think that’s what may have happened here. It may have triggered these latest dominoes. The CIA is looking more actively and harder than ever – because the threat level for the nation is increased.

Q: Is there anything in this information that indicates that the CIA is using this technology on Americans, here in the U.S.?

A: What you have in this latest set of WikiLeaks is the expose of the CIA’s “cookbook” for how they actually hack into accounts. What they do is they have a series of tactics and techniques that they use to break into different kinds of accounts, be it smart phones – they’ve been able to exploit both Apple and android phones – traditional laptops and servers, as well as some new devices, the “Internet of Things,” what I like to call the “live-ables,” “wear-ables” and “drive-ables.” What’s new about the information is there’s definitely information being gathered on American citizens. How that information is used, foreign and domestic, is what’s in question.

Q: Are there laws that prevent the government from snooping on average U.S. citizens?

A: There are privacy laws that do exist, and historically, Americans have had an expectation of privacy that’s somewhat unique to the Western world. Europe values privacy more strongly. Americans, I would argue, give away our privacy by clicking that checkbook to get the latest application. But in the Far Eastern countries, there’s really not an expectation of privacy. So yes, there are laws that do protect U.S. citizens and our privacy rights. A lot of that comes through the SEC and credit reporting agencies that have to lay out their ability to look into our personal information. And the government has guidelines, as well.

Q: I’ve read that the espionage hacks described in the WikiLeaks dump are things a lot of hackers might be able to do. You wouldn’t need the CIA to come up with it.

A: You know, we’ve seen tactics and techniques that are familiar to us. Don’t forget that we are battling with foreign adversaries, nation-states that are well-funded, extremely motivated to take our intellectual property, steal our national security security secrets and compromise our defense. So the CIA would – and does — rationalize this kind of activity as defensive, or in some cases, an offensive response. Typically, only the U.S. government employs and deploys what I would call “offensive” cybersecurity tactics, which is what’s described in this WikiLeaks “cookbook.”

Q: What’s the difference?

A: Well, typically, we play a lot of defense in this country. I call it the “100 Door Problem.” We’re trying to defend 100 doors, while nation-state adversaries and hacktivists are trying to find that one open door, that one way to exploit and find a way in. The offensive is the opposite of that – where you’re actually looking at your adversaries’ systems that are trying to break into your systems. So you’re playing defense to protect, and playing offense to go on a more aggressive tact.

Q: So far, the CIA has not responded at all to this latest WikiLeaks information. How much credibility does WikiLeaks have in the cybersecurity world?

A: I think it’s a love/hate relationship. Again, they expose tactics and techniques that are pretty familiar to us in the business. We are aware of their capabilities. As you may recall, it was a private company, an Israeli company, that was brought aboard to broke into the iPhone in the San Bernardino massacre. Again, the private world is familiar with many of these tactics and techniques. But I think what’s novel here is that it’s another big display of information to the general public, that the government is watching.

Q: Since ordinary hackers can already breach security on some phones, TVs and computers systems and so forth, what can people do to protect themselves?

A: I like to propose and suggest what I call practicing good cyber hygiene. It’s the simple things of changing your password regularly, don’t share your password to the Internet with your friends. Out-run the person who’s hopefully behind you with the bear behind him. You’re what I call the “hard target” and others are the “soft target.” So if you outfit yourself by keeping your passwords updated, by updating your software to make sure that any security holes are being patched, you’ll have a much better chance that hackers will move on to somebody else who’s more vulnerable.

March 7, 2017

INTERVIEW WITH DARIN ANDERSEN

Host: Ernie Brown

Topic: WikiLeaks’ massive release of highly sensitive documents that allegedly reveal the CIA’s covert, global use of software designed to hack smartphones, computers and internet TVs around the world. The release is regarded as a serious setback for U.S. intelligence agencies, which use cyber- hacking to carry out espionage against foreign targets.

Q: We’re joined by Darin Andersen, chairman/founder of CyberTECH, a San Diego-based coalition of tech-inspired companies. Darin, do you think we should be surprised about all this?

A: Well, it’s true that the involvement of the CIA, the NSC and other government agencies in such covert actions has been well-known for a long time. But I’d say the extent, the depth, may be surprising to some.

Q: Do you think this will cause damage to the intelligence community?

A: I would say that probably among the public, this has some impact on their comfort level with the government in general, especially with the Intelligence community. I think we all have to look across government now and suggest that there are certainly questions about our government’s ability to prevent leaks. But in particular with the Intelligence community, there’s definitely some loss of confidence. This isn’t the first time this kind of information has come out. For many people, this reinforces the fears they may have about our government.

Q: Where did they get this information?

A:  That’s hard to say. It may have been  through a physical breach, but I suspect that you had a leak here by somebody who’s an insider that’s passing along sensitive information. Alternatively, they might have broken into government systems, which is not unprecedented, but in this version seems unlikely. If you look at any of the information provided by WikiLeaks, a good deal of it comes from insiders. Bradley Manning would be a good example of that – the leak of tens of thousands of classified documents to WikiLeaks.

Q: Is it possible anymore to keep secrets at the governmental level?

A: Within the government, ironically, is where a lot of secrets are kept, because they have a very strict system about how they information- and knowledge-share within their organizations. What we’re seeing more and more of, is people because they consider themselves to be conscientious objectors, they’re starting to leak this information out to watchdog organizations like WikiLeaks. You’re always going to have those activists that put this information into the public domain, and actually think they’re doing the right thing by doing that.

Q: Is there a way to stop that from happening?

A: Yes, there’s a way to stop it, of course. You could, for example, make penalties for sharing that kind of information very stringent. You could put them in the brig. You could put very harsh consequences into law. But the reality is, there is forces in government who regard this as part of our democracy to leak out this kind of information. Then there’s another school of thought inside our own government that thinks this type of information needs to be protected and that it can damage our own personnel and our own national economic well-being.

Q: I know we’ve seen so many businesses get hacked, Sony, famously, was hacked a couple of years ago. Are people now taking this more seriously, that no matter what your security systems are, there may be a way to get that information out?

A: I think people are taking things more seriously, but I put a caveat on that. I think people feel somewhat helpless to do much about it. So while it’s closer to the middle of their radar, it’s not necessarily something they think they can do much about. And I think, historically, we believe in government as being the “fix” for this, if not their employer. I think people are understanding more and more that, if they want to protect their own identity, that they have to take matters into their own hands. By that, I don’t mean any vigilantism. I just mean that people need to start to protect their own security, by practicing good cyber hygiene, by doing things to protect themselves, things that make them more strongly protected than the person next to them.

Q: It’s interesting that the government would be looked at as the answer to all of this, when you consider that the Pentagon was hacked, the State Department was hacked, the White House, the IRS – all the government agencies, to some extent.

A: Yes, I would say that historically, there’s the belief that government could do anything, right? The government could take us to the Moon. The government could defend our borders. The government could protect our power overseas. But I would say, more and more, that confidence in our government maybe has eroded and our personal security has followed suit.

Q: Does the CIA need to start over again and come up with new ideas, now that this information is out there?

A: Well, that’s not going to happen. So really, we have the deck of cards and the hand that we’ve been dealt here. What we need is a reform movement within the CIA. But the biggest change needs to occur at the macro level: What is our expectation for security and privacy as citizens? Do we have the right to expect that our government, our employer, other institutions, will actually look after our security? Or is it something that we have to take care of ourselves? Like preventing forest fires. Fastening our safety belts. These are public-social issues that individuals have to contribute to — for the well-being of our society.

Q: What can we do as individuals? What should we do?

A: Well, we can practice our own good cyber hygiene. What I mean is, it’s like out-running the bear that’s chasing you. And there’s somebody that’s slower than you between you and that bear. What I mean is, by changing your passwords, by not giving your passwords away, by making sure your data is not at-risk, that you’re careful about what on-line services you use. That you’re attentive to what emails that you answer, so you’re not getting phished or scammed in some way. There are all things we can do as individuals to protect ourselves. The new area of threat is the Internet of Things – what I like to call the “wear-ables, live-ables, drive-ables” – all those things are connected to the Internet and to our lives. The things we’re driving, the things we’re living inside of. Those things have serious security vectors. We’ve heard recently about cameras that are home-based that have been hacked, about baby monitors, the smart vehicles that we drive all have vulnerabilities, even our medical devices. So we have to demand from our leadership that there’s a public-safety expectation that should come along with that – that my car shouldn’t be able to be driven off the road and into a ditch. And that the manufacturers of these products have some obligation in that.

Q: Would you take a lot of these products off-line?

A: I don’t think that’s possible. We’re part of a global economy now. We don’t product all the innovative products in the world. We have competition in Europe, especially in Asia. And those products are innovative because they’re connected up to the Internet. And we’re creating, let’s say a smarter infrastructure of devices – things again that we live, wear and drive –  are becoming more knowledgeable, smarter, and more customized to what we use. It’s really hard to put the genie back into the bottle. Now, we have to be more attentive to how we build our own security posture and also how we protect those devices and make good personal choices.

Q: Who’s winning this battle these days? The hackers? Or the people trying to protect themselves from the hackers?

A: Clearly, they hackers are in the lead right now. They’re highly motivated. In some cases, they’re highly funded. There are many hacker “types” – whether they be state-organized and government-funded adversaries. Or it could be “hacktivists” who have some political agenda that they want to settle with the West, that they want to  change our way of life. And you have just plain criminals – they’re either funding the first two activities or they’re trying to create financial gain for themselves. So they are highly motivated and highly skilled – they have busted out of the shadows and it’s now a global industry. And we should expect a great deal of hacking activity from our adversaries, foreign and domestic.

Q: Speaking of adversaries, is WikiLeaks in bed with the Russians?

A: I think you would have two or three different arguments about that. Nobody really seems to know. If you look at (Julian) Assange’s past, to his situation of not being locked up in an American jail, that you could argue that the Russians have some hand in that. Whether it’s the Russians or the Chinese, that gave him some shelter in a time of need. Maybe there is a kind of  allegiance, some sort of alignment, with the policies of those governments.

Q: I suppose that the person who leaked this information from the CIA knew that once it got out there, that the Russians would pick it up at that point. What do you think their motivation would be?

A: Well, the Russians are extremely sophisticated hackers. In some ways, I consider them more technically adept than our Chinese adversaries. And their motivations, which go back now many generations and decades, are about de-stabilizing our way of life in order that their way of life could actually predominate and have a larger impact on the planet. It’s about changing the balance of power, realigning the global vision – from one that looks decidedly West to one that looks decidedly East.

 

                                                                       ###