Digital risks never stop growing. From ransomware to credentials stuffing and targeting a remote workforce, there’s a new threat to cope with every week. Camille Charaudeau highlights some of the industry sectors that CybelAngel serves focusing on its product offerings.
1. Tell us about your role at CybelAngel. What are the digital risk protection issues and innovations you work on in a typical day?
Digital risks never stop growing. From ransomware to credentials stuffing and targeting a remote workforce, there’s a new threat to cope with every week. This is clearly a curse for all of us relying on digital transformation to succeed. But these ever-changing challenges are what keeps me energized. Heading Strategy at CybelAngel means I focus on anticipating what threats may come next. I also have many conversations with partners, customers, and practitioners about what might cause the greatest amount of damage to their business, brands, and reputation. Additionally, I work on aligning our teams, from Product & Engineering to Sales & Marketing, so that we are always hitting the ground running.
2. What are some of the industry sectors that CybelAngel caters to?
Some of the largest industry sectors we serve include pharmaceutical, financial services, telecommunications, consumer and luxury goods, and manufacturing businesses. We are growing significantly in these markets across an expanded geography as 2021 begins.
3. In general business terms, can you describe a few examples of use cases for CybelAngel’s services?
At the heart of what CybelAngel provides is situational awareness of evolving digital risk issues for business leaders, in a prioritized fashion. This perspective lets our customers act before cybercriminals targeting their enterprise can be successful, or there is unchecked consequences on their business, brand or customers.
No two customers are the same, but there are similar use cases. For example, we can discover if an employee is accidentally sharing source code or other intellectual property on social media sites or third-party repositories where trade secrets can be stolen. This is a serious issue for companies trying to fight malicious or counterfeit imposters of their products.
We also help companies find Internet of Things (IoT) types of devices that may be installed in their facilities that – unbeknownst to security teams – might be leaking data or offering an entry point to threats like ransomware. We provide early-awareness of risks requiring senior business, operations and security leaders’ attention and help frame their digital risk decisions.
4. What are some of the unique lessons you have learned from analyzing your customers’ needs and behavior?
Cyber risk management is a moving target. We recognize that many organizations have multiple security products, policing things like network perimeters and employee laptops, for example. Yet, because of how business has transformed, less and less of their “crown jewel” data lies within their walls, solely under their control. The lifeblood of their data lies in cloud services, with business partners or is connected to fleets of devices – whether that is vehicles, bank kiosks, or connected healthcare equipment. This reality fundamentally tests traditional security thinking.
Our customers tell us that, from a technical perspective, they do not always have the luxury of being able to apply their own encryption technology, for example, across every device or partner handling their data. This means it even more difficult to prevent third-party data exposure. There is a greater premium on the service we provide spotting urgent, emerging threats outside a company’s walls.
5. In CybelAngel’s recent “Full Body Exposure” research, you scanned millions of IP addresses to discover some 45 million exposed medical images. Can you elaborate on the significance of this, particularly during a pandemic?
We discovered the stunning scale of these exposed medical images in a fascinating six-month research project. Ultimately, it proves two truths about cyber risk. First, regulatory compliance is important but it alone cannot protect data. Second, once you begin storing and sharing data in ad hoc fashion, you can irrevocably lose control.
On the first point, we all know health data and electronic records are subject to rigorous privacy requirements the world over, but that does not square with the fact we found all these exposed files with personally identifiable information across the Internet. It proves that even if you are a medical office deemed “compliant,” you still need to monitor for areas where you are leaking files.
The second point is true for any organization – cloud services and connected storage devices are cheap and powerful. That is a boon for productivity, but can become a data security nightmare if your organization is inconsistent in how these adhere to your security policies, including how it uses these technologies’ built-in encryption and security features. Too often these are never engaged or turned-off.
6. Regarding CybelAngel’s latest offering, what is important to know about your Asset Discovery and Monitoring services?
You provide a great value when you can alert a customer to critical leaks of their known data sources. However, the ROI is multiplied significantly when you have the ability to discover assets leaking that the customer was not even aware of previously: like “shadow IT” devices employees install, dormant cloud accounts still containing live data or HelpDesk software your team might have added to assist remote workers. This is what our new Asset Discovery and Monitoring capability is all about and I’m excited for it. Now, we can distil an even more valuable sense of what a customer’s true digital footprint is, and spotlight the risks.
7. What are some of the common pain points that your customers commonly approach you with?
The need for better situational awareness beyond what layered, more inward-facing security tools tell them is a massive pain point with so many dimensions to it.For example – sometimes we alert customers to the fact that sets of login credentials to their network are found for sale in the wild. Other times it’s a server they did not know about, which is publicly visible and at risk of being scraped by data thieves. Both scenarios introduce risk requiring immediate but different actions.
Another common pain point is the need to better visualize and document cyber risk management for C-Suites and Boards. Security pros often have a hard time showing “security is happening.” Our platform logs the priority queue of risks and actions taken, to show that the security team’s action, at a certain point in time, prevented or dramatically minimized a certain consequence.
8. Can you give us a sneak peek into some of the upcoming product upgrades that your customers can look forward to?
Our customer will see a number of upgrades coming their way.
To deliver always more value, CybelAngel is extending their scanning coverage. This means investments in cloud buckets and applications identification, scanning new IoT devices, detecting more OT protocols. On the Dark Web, CybelAngel will be adding new channels, forums, and marketplaces as the hackers’ threatscape is always evolving.
CybelAngel listens to our customers. We are taking their feedback combined with our market intelligence to give our Digital Risk Protection Platform a major facelift. Customers will find additional value in dedicated activity dashboards and enhanced incident reports, allowing for both operational and strategic reporting. They’ll be presented with custom views, based on use cases of interest and keywords monitored. They’ll also get access to raw detections and data processing pipelines to get a comprehensive picture of their digital risk exposure.
Lastly, CybelAngel will strive to become an even more open platform, focusing on APIs and connectors to major SIEM, SOAR, ticketing systems, integrating further in the technology stack of our partners and customers.
9. How will you encourage tech professionals to choose cybersecurity as their career path?
Cybersecurity is a fascinating and extremely relevant field for anyone who enjoys tackling new problems, collaborating with a community, and experimenting with how other disciplines such as machine learning and data science can be applied to tackle big objectives. Most importantly, I tell people that cybersecurity needs as much diversity as possible – across languages, backgrounds and career insights. This is not solely a world for engineers and developers – if you have studied business processes, emerging technologies, communications or the psychology of people and teams, you can find work in cyber risk, as well.
10. Which is the one cybersecurity breakthrough you will be on the lookout for in the upcoming year?
It is hard to focus too much on any one breakthrough, because the face of cyber risk moves so quickly and there is room for so many innovations. More than a single breakthrough, I think the ongoing balance between tasks that automated, AI–driven platforms, versus diverse human analysts, must lead is fascinating and promising. It can be imperceptible, but we are only able to accurately uncover so many millions of files and the risk they present, based on content, context and relationships, because our team excels at optimizing machine learning and the art and science of human analysts and researchers.
11. What is the one quote that has stayed with you throughout your professional life?
“Under-promise and over-deliver.”
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.
Camille Charaudeau
Vice President of Strategy at CybelAngel
Camille is the Vice President of Strategy at CybelAngel. He works closely with CybelAngel’s strategic partners and customers as well as market analysts to ensure the platform meets their needs and to anticipate future ones. As a digital native, Camille has spent years growing and helping technology companies thrive in fast-paced, scale-up environments. Before joining CybelAngel, he led Strategy at 360Learning, a NY-based EdTech company. And led Sales at Cedexis, a Portland-based B2B scale-up acquired by Citrix. Camille graduated from the Ecole Polytechnique and HEC Paris. Camille enjoys climbing, hiking, and fencing in the most exotic places he can find.
