The world of cybersecurity is a complex and dynamic landscape that permeates various sectors, serving as a shield against the persistent threats faced by interconnected organizations.

This multifaceted domain encompasses diverse practices and approaches that can significantly vary across different areas, including governmental, public and private sectors. Consequently, a resilient and adaptable approach to cybersecurity has become paramount to protect the critical assets of organizations, institutions and the nation as a whole.

“When you’re in the federal government, you have all these well-documented rules that you have to follow,” said Mark Bowling (pictured), chief information security and risk officer of ExtraHop Networks Inc. “The maturity of the business practices is much higher in the federal government, particularly like in the FBI, which is part of the intelligence community.”

Bowling spoke with theCUBE industry analysts Lisa Martin and Dave Vellante at the Fal.Con event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how the government, private and public sectors differ; how social engineering can lead to huge data breaches; and how ExtraHop places a strong focus on both reputation and client protection. (* Disclosure below.)

It takes just one

Very recently, the MGM and Caesar hotels in Las Vegas were hit with a hack that put multiple computer systems out of commission for hours.

This hack was achieved almost exclusively with the use of social engineering, which accounts for a large majority of all cyberattacks. All the attacker has to do is go on LinkedIn, find information and call people until they find a “soft nut to crack,” according to Bowling

“I find it shocking that enterprises that have the kind of money going through them…that they wouldn’t have more mature processes to train or to create awareness in their personnel,” he said. “If you’re somebody who can answer the phone and give out information that can cause the entire enterprise to be compromised, they should at least be trained up and they should have the kind level of awareness and the level of operational maturity that they can see this type of activity coming and take the appropriate action.”

Ransomware is one of the largest concerns across enterprises everywhere, with ransomware attacks having the ability to cause massive disruptions, data leaks and monetary loss. Bowling shared some sage advice for those seeking advice about ransomware and whether it’s worth it to pay the ransom.

“Why don’t you pay the ransom up front? And when you pay the ransom up front, why don’t you have effective backups, and why don’t you have effective security?” he asked. “Pay the ransoms ahead of time and implement the type of effective security and get the effective training for the personnel so that you reduce your surface attack area and you reduce your human failure factor.”

The conversation ended with the group discussing ExtraHop and how it assists its customers with their cybersecurity needs.

“If you’re going to do some security, you want to start with risk management. You don’t just do physical security and cybersecurity out of the box,” Bowling said. “You take a look at what are your risk factors, what can you afford to lose, what can’t you afford to lose?”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Fal.Con event:

(* Disclosure: ExtraHop Networks Inc. sponsored this segment of theCUBE. Neither ExtraHop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE