Blue Mantis COO Jay Pasteris On The Cybersecurity Threat: ‘We Are In A War’
Blue Mantis Chief Operating Officer Jay Pasteris says he is personally determined to help customers turn back the increasingly sophisticated global cybersecurity threats.
Blue Mantis Chief Operating Officer Jay Pasteris says the next-generation, cybersecurity-first service provider is on a mission to help customers protect themselves in the war against cyber terrorists.
“It’s incredibly important to me on a personal level and Blue Mantis on a business level,” said Pasteris in an interview with CRN. “We have the expertise and skills to help protect our customers so they can be more productive. It's super important to me that we help them understand where they are at risk and show them how we can help. This is World War Cyber. We are in a war. This is not just people in their mom's basement. This is nation-states attacking us. They are after our economy. They are after our businesses. They are after our intellectual property. This is how they are going to conquer America.”
Pasteris said businesses must step up, assess risk and protect their crown jewels. “You have to spend time understanding what your true risks are because that's where you need to spend your money,” said Pasteris. “That is what we preach to businesses all the time. Make no mistake about it. Your biggest risk is cyber. You have competitor risks. You have product risks. You have all these risks. But there is no doubt your biggest risk is cyber because it will affect the entire company.”
To that point, Pasteris said businesses are on the frontlines of the war against cyberterrorists. “There's no part of the military that is coming to the aid of businesses to go after these cybercriminals,” he said. “Sure we have some parts of law enforcement that do that. But business bears the liability. Business is on the front lines. We have to win this war! Our country is at stake! Our intellectual property is at stake!”
How has Blue Mantis’ cybersecurity practice grown over the last several years?
Think about who we were a few years back. We were GreenPages. At that time GreenPages was known for virtualization. They had a cyber practice, but that's not what they were known for. Three years ago we had two or three good people around cybersecurity and it was really more around advisory.
Fast forward to where we are now with the private equity investments which injected a lot of money into the business. They understand the cyber future and that it is a fast-growing area.
Fast forward to where we are now. I come on as the CISO at that time (April 2021). I bring in Jay Martin to our security practice. Jay and I had this vision that this should be our fastest growing business and it is today.
We are a truly an end-to-end cybersecurity first company. We are advisors. We are managed services and SOC (security operations center). We are professional services. We are procurement. We are incident breach response. That is huge. And we are post rebuild after the breach. We rebuild them in a secure way. So we take you from what you had with the view of let’s not see this movie again. Let's rebuild you with secure landing zones in the cloud. Let's rebuild so you have the right access controls. Let's rebuild so you have the right eyes on glass. Let's rebuild in a way so you segment so only things that should talk to each other talk to each other.
When we do that you know what good cybersecurity looks like at all times. So when good goes blip for a minute you know something is awry.
Our cybersecurity team is global now. We have folks sitting in the U.S. We have folks sitting in India. We have folks sitting in Canada. So we're on-shore, near-shore and offshore. That team is over 50 people now from the SOC team to professional services.
We have a really, really strong penetration test team. So customers can understand where they're weak, where they're vulnerable. We give them a roadmap on how to fix that. We walk them through that and handhold them. We give them a plan and then help them execute on that plan. We do red-teaming events with them.
We have seen our customers grow in size and scale, not just the amount of them but who they are. We have some of the largest big-name customers. We can do this in the commercial space, in the enterprise space, the public sector space and the private sector.
That security business is a complete 180 change from who we were three years ago to who we are today. We want to be known as the best managed and professional services cyber organization out there.
What happens when you get a call for security incident response?
We have a process that when that call comes in it triggers an alarm to the security team. We get an incident commander on it. That commander goes out and grabs the right people in the organization says, ‘I need these skills. I need those skills and I need these skills’ and brings those all together. We go and we talk to the customer. We figure out what's happening.
Usually in the beginning it's a rock fight and the bad guys are still in there. So we have to contain it, eradicate it, and rebuild.
Every day this happens. We see these we see these multiple times a month.
What are the predominant breaches right now?
Ransomware is by far number one. We probably see five of those a month. But that's not the only vector. We see things where organizations didn't get ransomware but they get data exfiltrated or they got compromised credentials and there is anomalous activity going on and handle it before they get ransomware.
But the bad ones are the ransomware events. We see at least four or five of those a month that we get called on where the customer is down and out. Many times it is a new customer for us. They didn't have a managed SOC or they were doing it in-house on their own and they didn’t have the right visibility or team skills.
How many were of these ransomware events were you seeing a year ago compared to the five now?
So we were seeing maybe one or two a month a year ago and now we’re seeing five a month. If you look globally the attacks have grown 140 percent in the last five years. Nobody is exempt.
So are you acquiring new logos with the cybersecurity practice?
Yes at a very rapid clip.
What do you see with regard to customer indecision around what to do to protect themselves?
This is overwhelming to people. Think of the 50 to 60 different attack vectors. People are asking – ‘What do I do?’ You have to move the dial. In business not all things are equal. You have to look at what are the crown jewels of your organization and look at how to protect those at all cost and then move out from there.
This is all about what are your crown jewels and how do you protect them and do you have visibility into that when anything changes there. You need to have that visibility and a true business resilience plan around that. You have to move out from there to the least important things. You can’t do it all at once because it is overwhelming. You have to be myopically focused on how do you protect the crown jewels of the organization.
You have to have best practices in place. You have got to do things like MFA, complex passwords and segmented networks.
You have to spend time understanding what your true risks are because that's where you need to spend your money. That is what we we preach to businesses all the time. Make no mistake about it. Your biggest risk is cyber. You have competitor risks. You have product risks, You have all these risks. But there is no doubt your biggest risk is cyber because it will affect the entire company. It will affect regulations. There'll be legal ramifications. There'll be lawsuits. There will be fines and sanctions by regulators.
Does all this get back to Blue Mantis’ position as a cyber-first organization?
We are cyber-led. It affects all our other practices. It affects networking. It affects application development. It affects data center.
What is your message to your customers as far as technical excellence?
I would put us up against any cyber team out there. We are not only technical experts. We are cyber experts. We have former DoD guys on staff. We have guys with security clearance on staff.
Randy Becker on our team has some of the hardest certifications you can ever attain in the cyber world. We are true cyber-experts We have great leadership. We understand the space. We understand the technology, and we understand what's happening in the world of the bad guys. We truly can bring all those pieces together for you and we do that at that scale.
We not only have great internal talent. We have great partnerships as well. So we can really make a difference for an organization whether you are trying to have the day to day operations handled. We are phenomenal with visibility and eyes on glass 24/7 with a SOC.
We are phenomenal at assessments telling you where you need to improve on cybersecurity: telling you how to do that, giving you roadmaps and then doing the e professional services work. And we are exceptional when the breach happens. We come in, calm the waters, eradicate the breach, and rebuild.
What are examples of the customer situations where you have rebuilt?
We have handled hundreds of incidents where we have helped customers restore their business, get back online and back to a productive environment where the customers feel they are more secure and safe.
What is the average financial loss from a ransomware attack?
The average financial loss from a ransomware attack has grown in five years from $600,000 to $3.7 million.
What is your call to action to customers to get a handle on this?
My message to customers is understand your business risk. It's all about risk. You have to truly understand what are your crown jewels. You have to understand what is the risk to your business and then what you need to do is put a plan together. No plan is foolproof. There is nothing that says you're not going to get breached. A plan is you have got to try to prevent it at all costs. But when it does happen you have got to be a well-oiled machine so you are back online the same day. That is what we do.
We have the conversations and do the table top exercise. We help businesses understand true business resiliency through business impact analysis.
If you are a customer of ours and you subscribe to our services then you know if you get hit you have the right things in place and you will be back online working within 24-48 hours.
How important is knowledge of the customer’s environment in making them secure?
We understand our customers. We understand their businesses. We understand what they're trying to achieve. We understand the business outcomes they want. Our motto is assess, modernize, and manage. If you're doing those things with us you have a partner that understands your business. So therefore we can help construct programs, teams, technologies, processes that get you back online real fast.
As for the cost, we are doing it in a managed way. You’re spreading that cost over the life of a contract. It is not holy cow I'm waiting for the big bang thing to happen and then all of a sudden fork out all this money.
By the way, you may have cyber insurance but if it is a nation state attack cyber insurance the majority of time does not cover that. You're on your own.
How many new logos are you getting from word of mouth with regard to your cybersecurity prowess?
We are recognized unequiviocally now as a cyber company. We get called all day every day on cyber questions, new cyber initiatives, new assessments, new remediations new programs. All day every day we are doing that work.
How do you feel about that Blue Mantis reputation as a cybersecurity leader?
We’re really proud of that. When I got hired here three years ago I said that unequivocally this would be our fastest and best practice. Fast forward. We did it.
What was the key to executing on that plan?
I came from a background of cyber. I worked at Veracode. Before here I worked at the New England Journal of Medicine where I was the CISO. I worked at some really large organizations that had massive impact on the world where I was responsible for cyber. So I understood the vision and I understood where we needed to go.
Now helping customers understand that and bringing the right people in like Jay Martin and Pete Harris. Randy Becker was already here. These are phenomenal guys. Really professionally, technically astute cyber experts. Then we continued to build that team. That made all the difference.
A lot of times customers pay the ransomware. Why is that?
Most pay because they're trying to slow down the information getting ou.t
What does Blue Mantis recommend?
Each one is different and regulations are changing whether you are public or not public.
What I will tell you is you're dealing with the devil when you pay. I've seen organizations pay and the information still get sold to other ransomware groups that use that information again. You're negotiating with terrorists. We try not to negotiate with terrorists.
Are there any trends in terms of who is getting hit by this ransomware?
We’re seeing more of the mid-size, commercial and smaller companies (getting hit). Ultimately the bad guys want data. With AI the more data they can get the more sophisticated attacks they can do, the more they can correlate that data, the more they can get new companies (to attack) and the more money they can go after. With AI they can correlate all that data way faster than they could in the past and they can make it very personal. So they are doing much more targeted and easier attacks. So they are increasing the velocity of how fast they are breaching companies.
You are now doing an annual cybersecurity symposium. Why is that important?
It’s incredibly important to me on a personal level and Blue Mantis on a business level. We have the expertise and skills to help protect our customers so they can be more productive.
It's super important to me that we help them understand where they are at risk and show them how we can help. This is World War Cyber. We are in a war! This is not just people in their Mom's basement. This is nation states attacking us. They are after our economy. They are after our businesses. They are after our intellectual property. That is how they are going to conquer America
Private businesses are on the frontlines of that war. There's no part of the military that is coming to the aid of businesses to go after these cybercriminals. Sure we have part of law enforcement that do that. But business bears the liability. Business is on the front lines. We have to win this war! Our country is at stake! Our intellectual property is at stake!
How do you feel about the future of the battle to stop ransomware and cybersecurity threats?
I'm very optimistic about the things we're doing and how we're handling it. What we see is the growth of our cyber practice and how we can continue to help organizations.
We are also training veterans who are coming out of the military to get certified in cyber. Our goal is we want to deploy them to Blue Mantis and companies around the country.
What’s the first thing a customer has to do to get a handle on this?
You’ve got to do a business impact analysis. You got to do an assessment looking at everything from networks to cloud to applications. Then we need to do a pen test to find out how vulnerable you are.
When you do penetration testing what percentage of customers do you see at risk?
One hundred percent of customers are at risk. I have never seen a customer yet that does not have risk. What we do is assess, modernize and manage.Then we go back and reassess, looking at what we accomplished over the last 12 months…We are constantly measuring business risk.