Privacy Policy

Techerati Live – Interview – Otavio Freire

Techerati Live – Interview – Otavio Freire

NICKY PENNYCOOK [00:00:03] Welcome back, everyone. I’m Joined again by another great guest talking to us a little bit around security and cybersecurity. So, I’d like to welcome Otavio into the stream. Hello.

OTAVIO FREIRE [00:00:17] Hello, Nicky. How are you?

NICKY PENNYCOOK [00:00:19] Hi, I’m good, thank you. How are you doing?

OTAVIO FREIRE [00:00:21] I am well.

NICKY PENNYCOOK [00:00:23] Good. Thank you so much for joining us today.

OTAVIO FREIRE [00:00:26] Thank you for having me.

NICKY PENNYCOOK [00:00:26] You’re welcome. And so, first off, before we leave and some other questions. Could you tell us a little bit about yourself and what it is that you do?

OTAVIO FREIRE [00:00:34] Sure. My name is Otavio Freire. I’m the CTO and Co-Founder of Safeguard Cyber. We are a Digital Risk Protection Company. I would to like to say the leading digital company, but I am biased. So, you know there’s been an explosion of channels. The attack surface has really fragmented. And, you know, we’re the company that protects against attacks that are taking place in these channels.

NICKY PENNYCOOK [00:01:05] That’s great. Thank you Otavio. And so we’re obviously in the middle of a worldwide pandemic, has that sped up digital transformation do you think?

OTAVIO FREIRE [00:01:18] It has quite a bit. I mean, just think about your own, you know, our own personal lives. Right. We were thrown into living in Zoom and Slack and Teams and communicating with colleagues and friends over WhatsApp and WeChat and IMessenger and the list goes on and on of channels how we live this new normal. And look, the attackers are very well aware of this, right? If you think about email protection systems, it’s a 3 billion dollar per year industry. Most corporations have invested quite a bit in protecting email against account take over and spear phishing and all the things that can happen in email, file-based tax link-based tax memory-based attacks. I mean, these things B2C, these all things happen through email and they’re super well protected. Yet we all know that is a way. It’s still a ways away to get behind defences. Now, the reality is that digital transformation has enabled a lot more channels and fragments that attack surface and all these SaaS platforms that we live in. And if you’re you know, if your attacker, you know, door a, there’s super well protected. there’s a moat and there’s a great and I can’t get through and there’s guns and lasers, right? Turns out these other ones, there is no protections and there’s more data than an email and it’s a faster speed. And look, companies did have a choice, right? They broke glass, pushed everyone into this digital transformation dynamic. I mean, we have a customer who is a big retailer. You know, commerce is conducted through WhatsApp. The store people are interacting with customers through there, through WhatsApp as the primary channel. You don’t go into a store. You go into WhatsApp. And again, the techies all know this. And it’s just ripe for cyber fraud, crime. It’s a way to get into the corporation. So all these things are happening as we’ve seen.

NICKY PENNYCOOK [00:03:25] Yeah, absolutely. So, you talk about a little bit about things like WhatsApp there and how are channels like this helping in digital transformation or perhaps are they a hindrance? But what are your thoughts on that?

OTAVIO FREIRE [00:03:40] No, they’re definitely helping. You think about human interactions. Now, we live in a world where most industries were built around interacting with their customers and partners face to face. Well, that’s all gone. You know, they had these huge budgets of for events for marketing purposes still available. And they looked around and said, you know, we need to be innovative. You know, not by choice, but for survival purposes. If we don’t innovate, we die. Right? For example, the pharmaceutical industry all built around pharmaceutical rep meeting a doctor. Well, turns out they can’t do that anymore. So WhatsApp becomes, you know, a replacement to that dynamic where you can communicate, share information, share files, share links with your prospective customers and existing customers. So WhatsApp and WeChat has been actually the solution for business in the world we living and everyone broke glass, right? And jumped on it because speed was of the essence. Well, now okay, we’ll now they’re starting to realise they need to catch up on the security stamp’s around those decisions. And, you know, WhatsApp is definitely a channel. But in Asia, WeChat is another example of a large platform that folks are collaborating. 3 weeks ago, only three weeks ago, WhatsApp rolled out in Brazil, actually payments and transactions. Well, think about, you know. Well, that’s a great thing. Get me wrong. But look, we don’t like what great opportunity for attackers right now. I can impersonate someone and try to do a transaction. I can impersonate a corporation, is very easy to do things and pretend to interact with you. And then a guy like this is not novel. The old is new again. This all happened. This all existed in the email world, right? Pretending to be some sort of email alias or a corporation will create up some social engineering story to ultimately get you to click on the link or open up a file. You bait you into some action. It’s just all taking place now, and these channels, they’re just more sophisticated. In fact, they have more options for social engineering that in email because they can build a full profile that could tell you a story of who they are and where they came from. They can look at all your friends and create trust by friending your friends first. These are all the things that  we see, right? So, you know, our job is to disrupt the skill chain. That’s what Safeguard Cyber does. We looked at all the steps that are involved in these attacks into these channels. And it takes place in Twitter DMs. It takes place in LinkedIn DMs. Again, the email analogy is great, right? A Twitter DM is equivalent to an email. A LinkedIn communication is equivalent to an e-mail. So how do I get to get to a point that I can send you DMs in Europe? You know, you trust me and you are receiving them. That’s a social engineering portion. You create a fake account. You pretend to be someone, say, hey, Nicky, you know, wouldn’t it be great for you to hold this big podcast? You know, we’ll pay all the airfare and we’ll have you over and pay your own honorarium. You know, I create a company that looks great. And I invite you to connect. It’s really hard these days to say what’s real and fake on social media, as we all know. So you accept and by accepting now, they can send you private messages and they can say, hey, here’s a link we were talking about. Look, this doesn’t happen in theory, we stop these types of attacks every day by the hundreds just for one customer. So it is ultimately justice prevailed as email attacks. And, you know, I don’t think that “C cells” are fully aware. And the reason that they’re fully aware is because they don’t have controls in these channels, right? Outside of put in a platform like Safeguard Cyber place. You don’t have visibility to these attacks, so you don’t know what’s taking place. And privacy also gets in the way of, you know, monitoring for attacks on these channels. Yet if they go through, guess what? You’re behind corporations defences. So we know, we understand who the attackers are. We’ll tell you if they’re real, they’re fake, a synthetic account. We investigate files and links that are shared through you, through all these channels from Slack, through Messenger, through Facebook, private messages, through WhatsApp, WeChat. We look at all the possible channels you’re on. We strip them if they are a menace to you. Know, avoiding that that these attacks take place so we can actually quarantine. We’re not just there to tell you that you’ve been attacked. We actually stopped the attack realtime.

NICKY PENNYCOOK [00:09:17] Wow. That’s great Otavio. We talk a lot about attacks and obviously most of us are remote working at the moment. Are we are left open to more attacks? Are their ways that we can be predict protecting against this?

OTAVIO FREIRE [00:09:36] Yeah, the work from home is interesting, right? I like to use the analogy that we all used to live, you know, corporate lives behind a moat in a drawbridge and behind big tall walls. And we were all sent out to the village, with work from home. So we’re out there to fend for ourselves. It’s just the unfortunate dynamic. So I think, you know, you can never disregard the power of education and awareness. You know, that’s something that we always do. The user is always the first line of defence. Be smart around who you’re connecting with. Of course, understand the links. Be clever of social engineering. Be smart about social engineering attempts. It might be taking place. These are all things that we can do as a user. You know, watch your Cloud settings, watch your social media settings. And there’s a lot of good advice inclusive of on our website you can go and see some great advice. We just tried to educate the general population about.the attacks taking place. And it’s not just us. The FBI is involved in education and other government agencies as well, in law enforcement. So first things we can do personally. But just like antivirus, right? Ultimately, you have to be aware. But you stole the antivirus software on your computer. A solution like ours provides that layer of protection. So we’re going to investigate all that’s taking place with your footprint of all your digital channels that you participate in, provided by the corporation or personal. And stop these attacks, right? Effectively extending the perimeter, extending that motin drub region, high wall we talked about, to you, to your home. And that needs to be done. You know, you can’t live. You can only have protection if you’re behind a corporate firewall, where you travel in your accounts that you have have to offer that protection as well. So in short, two levels, user education and then a strong platform behind it that follows you wherever you are is really how we see. We you know, we can be of help.

NICKY PENNYCOOK [00:12:05] Yeah, definitely. I think user education is definitely very, very key point thing. Unfortunately, that’s all we’ve got time for now. And thank you so much for joining me Otavio and “hopefully we’ll have chat with you soon”.

OTAVIO FREIRE [00:12:21] Thank you, Nicky. Take care.

NICKY PENNYCOOK [00:12:23] Thank you. So we will be back soon with our next guest.