Michael Thompson, CEO of Enact Security, talks about ransomware, privacy laws and everything in between

This week we switch gears from our past few episodes and talk to a professional deep in the trenches of security, Michael Thompson, CEO of Enact Security. In between the laughs and jokes – parts of this podcast could double as a comedy routine – Thompson shares his perspective on security and the effects of the pandemic. And if we could put a subtitle on this episode, which I guess we can since it’s our podcast, this one would be “Sum of the Rambles.” But you must listen to the whole episode to find out what that’s all about.

And if you have only a few minutes right now, here are the highlights. But you must promise to listen to the whole episode later – you will laugh and learn – in the same 30 seconds.

Word for 2020 from a security perspective

After finishing his military service, Thompson found himself providing customer support for hardware and software and doing so for $6.38 an hour. He quickly learned that he enjoyed solving other people’s problems, and he worked his way up the ladder to technologist and systems admin. And he became even more fascinated with his job – and did lots of reading on the side. He found himself knee-deep in the “worm,” Code Red and I Love You issues of the early 2000s. It was during those hectic days that he realized the term for his passion – security – and became a security analyst, where he’s been happy to go to work and solve problems ever since. But the past six months have been unlike anything he’s seen before, and he responded, “Abominable,” when Gabe asked him to use a single word to describe 2020 from a security perspective, due to most companies’ working 100 percent remotely.

Ransomware is (still) a big deal

While focusing on security for the past seven years, Thompson sees most of the issues coming down to where people have data and what they do with the data. While ransomware was in the headlines years ago, Thompson says it’s still a major issue companies must plan for. Often customers come to him with what he calls the new boogeyman – a ransomware attack, which ties back to the implications of managing and protecting your data. He tells those who haven’t been a victim yet that it’s a matter of when – not if.

Many companies have stories that are similar to that of his recent client that had locked down data and set up backups with a third party. However, the backups weren’t valid and no one had checked the data integrity. Even more concerning, the client did not have a process for validating its business continuity plan for disaster recovery. When the company was attacked by ransomware, the employees were not able to quickly move to backups, because the backups didn’t exist. Thompson said the ransomware attack halted the client’s manufacturing, which meant huge losses.

A ransomware attack in the cloud?

When Gabe posed the $8 million question about when a cloud breach will happen, Thompson replied that we already have issues with unsecured S3 buckets, which are technically breaches in the cloud, but he expects a large-scale breach in the cloud from a major company in the near future. However, he thinks that when it does happen, people will finally pay attention to the warnings about cloud security from professionals who have, in Thompson’s colorful words, “been screaming from the mountains, standing on their soapbox and wearing a sandwich board with nothing underneath.” Yes, those were his exact words.