Making IT Outstanding 484-535-3600

Cybersecurity has never been more critical. As technology continues to advance, so do the threats targeting our data, systems, and infrastructure. In this interview, Rick Carpenter, Vice President at Open Tier Systems, shares his insights with Carlos Gonzalez Shanel on the evolving landscape of cyber threats, the role of AI in defense, and the crucial need for proactive security strategies.

With decades of experience in IT and cybersecurity, Rick offers valuable perspectives on the challenges businesses face and how they can better prepare for the risks ahead. Whether you’re a small business owner or part of a large organization, this conversation is a must-read to understand how to safeguard your digital assets in an increasingly complex world.

Carlos: Rick, let’s start by learning more about you. I know you have a degree in cybersecurity and extensive experience in IT. Can you share how you got into the field?

Rick: Sure! I started working in IT during college at William & Mary in 2002. A friend recommended it, knowing I liked solving problems and fixing things. I joined the IT team there and worked through my college years, even staying on after graduation to help with a significant network issue caused by a computer worm. That experience set me on the path. Shortly after, I moved to PA to work with an IT company founded by friends of mine. Eventually, they said they’re never going to get rich in IT, so I bought them out and took over in August of 2005.

In those days, being in IT was all about making systems faster and more efficient. I ran the company, Beyond Development, from that point until merging with Open Tier Systems in 2023.  In 2020 I went back to Villanova and got my Masters in Cybersecurity, to make sure that I wasn’t falling behind the times. The landscape has changed over my twenty years in IT. Support without security is incomplete. The threats are more existential.  You can’t just repair a problem, you have to proactively prevent attacks, because the consequences are devastating.

Carlos: When did you notice the shift to cybersecurity becoming critical? We’ve been hearing about cybersecurity for years, but it seems now more important than ever.

Rick: Back in the early days, dealing with a virus was more of a nuisance than a real threat. You’d clean it up, maybe reformat a system, and recover data if you had backups. But things changed drastically around 2014 with the rise of ransomware. Suddenly, if your data wasn’t backed up and secure, you could lose everything.  If you were lucky, you could navigate the wild west of obtaining Bitcoin and paying the ransom and hope the “Eastern European” attacker was motivated to provide the decryption key. 

Getting Bitcoin in that era was entirely on the terms of the Bitcoin holder.  Some methods involved depositing cash into a bank then sending a photo of you holding the deposit slip within 60 minutes or driving to NYC to load hundreds of dollars into a reverse ATM. After seeing the first attack in the wild, we pivoted our focus to stopping these attacks before they happened. After that initial wave, our active clients rarely saw a ransomware attack thanks to our new proactive measures.  I like to joke that the rise of ransomware is why when people ask me what I do, I say “I sell insurance.”

Carlos: You successfully paid a ransom? Before people realized paying the ransom wasn’t worth the risk anymore, what was your experience dealing with ransomware? Can you share an example?

Rick: Yeah, the first time we encountered this, the client paid the ransom, and we received the decryption key, which worked. However, the issue was that the exploit used for the attack had been resold while we were waiting for the key. A second attacker came in and re-encrypted the data before we could restore everything. Fortunately, we had backed up the encrypted data the night before, so we were able to decrypt the backup and recover the information. The challenge was that we knew how the exploit worked but couldn’t close the vulnerability because we needed to keep communication open with the attacker. From then on, we prioritized identifying and closing vulnerabilities immediately, even during an active incident. Early ransomware attackers maintained “customer service” lines. Nowadays, most of the negotiation on ransomware attacks is handled through professional companies…if you’re lucky.

Carlos: It sounds like nobody pays the ransom anymore. Instead, insurance plays a significant role. How has that changed the landscape?

Rick: Today, many businesses rely on cyber insurance to cover ransomware incidents. Insurance companies have mechanisms to negotiate ransoms and handle payouts. This has led attackers to target industries like healthcare and critical infrastructure because they’re more likely to have large policies. It’s become an ecosystem, with insurers working with negotiators and forensics teams to resolve incidents. But relying on insurance isn’t enough. Companies must still invest in robust security measures.

Carlos: Compliance is another important topic. How does it tie into cybersecurity?

Rick: Compliance frameworks like PCI for payment systems or HIPAA for healthcare mandate robust security measures. Companies must segment their networks, restrict access based on roles, and document everything. Failing to comply can lead to fines, reputational damage, and denied insurance claims. For instance, if a business claims to have a disaster recovery plan but can’t produce it during a breach investigation, insurance might not pay out. Compliance isn’t just a box to check, it’s foundational to protecting sensitive data.

Carlos: What do you think are the biggest mistakes people are making right now when it comes to cybersecurity? I guess ransomware and other kinds of attacks can often be prevented with the right tools and education.

Rick: Yes and no. There’s an axiom in the industry: it’s not an “if” you’ll experience a cyber event, but a “when.” Year after year, reports like the Verizon Data Breach Investigations Report (DBIR) show that 75% of companies experience some form of email or ransomware attack. So, if you’re a business that hasn’t faced a malicious cyber-attack, you’re likely in the top 2% of organizations that are heavily investing in security resources.

One of the biggest misconceptions we’ve encountered is that smaller companies believe they aren’t a target. People often think, “I’m too small; they’re not interested in me.” But the reality is different. Hackers aren’t fishing with a rod and specific bait; they’re using a net. They’re looking for specific vulnerabilities and exploits that exist across a wide range of systems. For instance, a vulnerability in a specific router model or software version can be exploited, and once that exploit is discovered, it can be sold to other malicious actors who will use it to deliver ransomware. It’s essentially ransomware-as-a-service. The process is automated, and you don’t need to be highly skilled in hacking to take advantage of it — just know where to look.

Carlos: Why do you think some people aren’t prioritizing cybersecurity, despite the growing number of threats?

Rick: It all comes down to money. A lot of people think the investment isn’t worth the cost. There’s a tendency to underestimate the risk, especially if you haven’t been personally affected by a cyberattack. It’s like when you’re young and make poor health decisions, thinking, “It won’t happen to me.” Similarly, when people don’t know someone who’s been affected by a cyberattack, they don’t prioritize it. We often hear people say, “I’m super careful about my security,” but we remind them that the annual spending on cyber incidents (ransoms, insurance, recovery, etc.) is billions of dollars. A lot of the attacks are outside of your control. Take the famous Target hack, for example. Target did everything right in securing their systems, but the breach occurred because their HVAC vendor was compromised. Many times, the attack vector is something you don’t directly control. Even organizations that are diligent about cybersecurity must also be vigilant because their third-party vendors or partners can pose a significant risk.

Carlos: With AI becoming more prevalent in cybersecurity, do you think it will help protect organizations or make them more vulnerable?

Rick: It’s a double-edged sword. AI can certainly improve protection, it allows for faster detection of threats, more sophisticated tools, and better defense mechanisms. But at the same time, attackers are using AI to their advantage as well.

AI can process enormous datasets quickly and learn from them. One of the largest datasets out there is people’s usernames and passwords. The average person has 119 passwords, and many use the same password across multiple accounts. If your LinkedIn password from 2018 was compromised in a breach, a malicious script can take that password and try it across other services, like Amazon or Gmail. Without multi-factor authentication (MFA) in place, hackers can easily gain access to your accounts.

A great example of this is an article on an attack on Wired journalist Mat Honan from 2012.  An attacker wanted his Twitter account. They then used publicly available data to use his email to get the last four digits of his credit card, which they then used as a second factor to reset his iCloud password and eventually hijack his email account, delete his iCloud and capture the twitter handle. This kind of attack shows how interconnected everything is online. With single sign-on services from platforms like Google, Microsoft, and Facebook, getting compromised on one account can lead to a cascade of breaches across multiple services.

Carlos: In a world where so many systems are interconnected, how can people protect themselves?

Rick: The most important thing is recognizing that you are never fully immune to attacks. Even if you have strong security measures in place, the attack could come from an external party — like a vendor or even through a vulnerability in software you don’t manage directly. Education is key. Employees should be regularly trained to recognize phishing attempts, and organizations should invest in robust cybersecurity infrastructure. Implementing multi-factor authentication everywhere is essential. Having a password manager to ensure you’re using unique, strong passwords across different sites is also a good practice. Additionally, regularly patching and updating systems is crucial. And remember, cybercriminals are resourceful. With the internet being global, an attack can originate from anywhere in the world. So, businesses need to treat cybersecurity as a constant, evolving process, not just a one-time investment.

Carlos: It sounds like the cyber threat landscape is becoming increasingly complex. How do you see things evolving in the years to come?

Rick: The landscape will only get more challenging. As AI continues to evolve, it will become both a tool for defense and a weapon for attackers. We will need to be more proactive in identifying threats before they escalate, leveraging AI to improve defense mechanisms, and constantly refining our security practices. The key to success will be agility, the ability to adapt quickly to new threats as they emerge. At the same time, it’s crucial that individuals and businesses understand that cybersecurity is not just an IT issue. It’s a broader business risk, and the consequences of not addressing it can be severe. Whether it’s financial loss, reputational damage, or legal implications, the stakes are higher than ever.

Carlos: What solutions do you recommend to businesses, including small businesses with limited budgets, to strengthen their cybersecurity?

Rick: The key to cybersecurity for businesses of all sizes is a defense-in-depth approach, which involves multiple layers of protection. Start with the basics: implement two-factor authentication (2FA) everywhere, as it’s an easy and cost-effective way to secure accounts. A password manager is also crucial for generating and storing unique, complex passwords for all devices and accounts. Even small businesses can afford this solution, and it significantly reduces the risk of password-related breaches.

Beyond the basics, we use Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) systems, such as SentinelOne and Blackpoint Cyber, that add advanced layers of security. These systems monitor activity 24/7, flagging suspicious behaviors like unauthorized logins or unusual travel patterns, which helps catch attacks early.

Planning and preparation are equally important. I recommend businesses run regular security drills and disaster recovery simulations. These exercises ensure that employees know how to respond to potential breaches and help businesses refine their recovery strategies. Backups should be frequent, secure, and part of a well-thought-out recovery plan to minimize data loss in case of an attack. Whether it’s a cyberattack, fire, or natural disaster, having a solid plan for recovery is essential to minimize downtime and ensure business continuity.

Carlos: Thank you for your insights. It’s clear that cybersecurity needs to be a top priority for everyone in today’s digital age.

Rick: Absolutely. Cybersecurity is about preparation and layers. It’s not a matter of if you’ll be targeted but when. The best defense is a proactive one—train your employees, implement strong security measures, and plan for recovery. Cyber threats evolve, but with the right approach, businesses can stay one step ahead.