Ian Thornton-Trump, Cyjax: “know your attack surface, and start to use intelligence to understand what threats are most relevant to your business”


When it comes to cybersecurity and online protection, many regional ISP and telco providers are very late to the party to defend against malicious actors, like in the case of Russian APT groups.

The COVID-19 crisis outlined the importance of the internet and computers. However, it also emphasized the importance of online security. One report showed that over 7.9 billion records had been exposed by data breaches from January to September of 2019. At the time, this represented a 118% increase from the previous year.

ADVERTISEMENT

Since then, data breaches and cybersecurity-based threats have shot up through the roof. Businesses have been forced to shut down, facilities to cease operations, and hospitals to turn away patients.

However, Cyjax is one firm committed to fighting against these cyber criminals and empowering other businesses through their innovations. Cyjax's unique approach to threat intelligence highlights the importance of staying abreast of the latest trends and technologies in cybersecurity

In a revealing interview, Ian Thornton-Trump, the Chief Information Security Officer (CISO) of Cyjax, goes into extreme detail about the world of cybersecurity. He looks back at the inception of Cyjax and shares insights gathered from his extensive experience in military intelligence and law enforcement.

How did Cyjax's concept come to life? What has the company's journey been throughout the years?

To understand the birth and evolution of Cyjax, we have to go back to 2012. Back then, cybercrime and fraud were issues mainly of concern to government organizations, police, intelligence services, and financial institutions.

Many businesses were unaware of the threats they faced. To help them better understand malicious cyber threats, Cyjax built intelligence tools and capabilities to support investigations and detect compromise early.

Over the past 11 years, cybercrime has expanded astonishingly, with professional ransomware and hacking organizations taking advantage of the abundance of online unprotected personal and corporate data. The arms race between threat actors and their targets continues – and we are here to support the good guys!

Tell us more about Cyjax! Describe your flagship service and what makes it unique from other products on the market.

ADVERTISEMENT

The overwhelming number of potential threats means organizations struggle to determine where to invest their cybersecurity budget. Recognizing that it's impractical to protect against every possible threat, Cyjax provides a threat intelligence tool, Cymon Portal, used by our customers' threat intelligence teams to identify the threats that pose the most significant risk to them.

In addition, we have an expert analyst team that provides insight to make the best use of our intel. Across the dark and clear web, there is a constant stream of cyber events, ransomware victims, compromised credit cards, and "chatter" about organizations, and the analyst teams sift through it all to highlight vital information and make actionable recommendations.

Transitioning from a former military intelligence agent to serving as the Chief Information Security Officer (CISO) for Cyjax is quite an impressive journey! Could you elaborate further on your experiences and shed light on any challenges you encountered during those years?

It's been quite a journey, indeed.

When I look at the career arc of a young cold war Intelligence Operator, a pre-war on terror Military Police Officer, and a short time in the Royal Canadian Mounted Police as a criminal intelligence analyst, the world was rapidly transforming. Still, the takeaway from those experiences was the top-notch training, mentorship, and support I received.

My last military job was as a brigade public affairs officer, and it was the missing link to improve my poor writing skills and become incredibly comfortable talking to people about complex subjects.

If it were not for my mentors, Jim, Tom, Steve, and Donna, I would not be nearly as successful as I am today. Applying data analysis and articulating the results—no matter the subject matter – has been the key to my success.

In the context of evolving cyber threats, how do you approach staying current with the latest trends and technologies in cybersecurity, and how do you ensure that your skills and knowledge remain up-to-date?

There’s a lot happening, but I read a lot, think a lot, and talk a lot. I take into account the strategic forces around history, religion, and geopolitics, and I’ve taken the writings of George Freedman and Peter Zeihan to understand geopolitical and macro trends and how they may impact state-sponsored threat actors and cybercriminals.

On top of that, I stay tuned into what’s happening in the world – think tank white papers and Department of Justice indictments are excellent sources of knowledge.

ADVERTISEMENT

But it’s also about surrounding yourself with a network of trusted advisors, credible, reliable people who can offer factual analysis. I am blessed with an Ops (operations) team filled with really smart people, led by an outstanding Head of Ops. Collaboration is key to a better understanding of not just "what may happen" but also "why that may happen."

The past five years have been remarkably eventful. How have recent global events impacted your field of work, and have you observed any emerging trends or new threats in the world of cybercrime?

100%!

I'm very much a strategic threat intelligence analyst. Economic and demographic trends will make for a dreary situation in the years ahead, with a significant portion of GDP shifting from import/export to combating the effects of global climate change.

This will impact elections, the power of the middle class, and fractures in the economic system – we see this starting in countries like Germany, China, and the UK.

Although some countries will be able to manage these crises, those under sanctions, embargoes, or fighting wars will find it challenging to get those extra resources to look after the populace at home.

The result will be more cyber and "regular” crime, not to mention an increased effort to take from the prosperous West to sustain a regime or government with a vastly different political agenda. I wrote a paper on "The Geopolitics of Cyber '' many years ago, and its observations are looking likely.

In a recent interview, you shared your foresight and predictions on Russia’s digital movements. Given the speculation on Russia's cyber strategy, how do you foresee their approach in engaging with cyberattacks against the EU, US, and its allies? What outcomes might they be aiming for?

Russia always appears to be pretty "thug-life" on the world stage. I'm a big fan of characterizing the current Russian philosophy of "If it's bad for the West, it's good for us!"

But in the words of one of my best friends, Lisa Forte, Founder of Red Goat Cyber Security, "If you think something is black and white, you have not gone deep enough."

ADVERTISEMENT

It rings very accurate. Russian resolve in Ukraine is not getting any better, and there are "cracks” beginning to show. But at the same time, the West's resolve to support Ukraine seems to have more than meets the eye.

And as we get closer to election season, more ransomware, espionage, and disinformation are expected to enhance Russia's chances of gaining more favorable Western governments.

On top of this, Russia will accelerate espionage, disinformation, and cyberattacks, which irritate the West. The sudden destabilization of the Middle East by Iranian proxies opened a geopolitical second front where a fractious conversation around events in Palestine has created the perfect opportunity for Russian disinformation to operate in.

This allows the Russians to focus on their own objectives without as much scrutiny while diverting Western resources in another direction.

As you may have heard, a recent cyberattack targeted the internal systems of the Ukrainian telecom giant Kyivstar. In light of this incident, do you anticipate the possibility of similar attacks in the future? If so, which sectors do you believe could be the following targets for such cyber threats?

I 100% believe in the possibility that further critical national infrastructure (CNI) attacks will soon be perpetrated by Russian-backed threat actors. While the national and international telecom providers have benefited from years of efforts to improve security postures and deploy security technology, many regional ISP and telco providers are very late to the party to defend against Russian APT groups.

Russian threat actors have three intentions when it comes to cyber campaigns, and it makes sense that CNI is in the crosshairs:

  • Firstly, undermine the confidence of the citizens in the government by conducting successful attacks against national, regional, and local governments and the companies that are part of that supply chain.
  • Secondly, identify industries and flagship companies to demonstrate dominance over those industries to assist in psychologically demoralizing the country's brand reputation.
  • Thirdly, make life for the target population more miserable, uncertain, and fearful by diminishing confidence in national security's ability to protect the populace.

The adoption of artificial intelligence (AI) and machine learning (ML) in cybersecurity is growing rapidly. Can you explain how AI and ML are being used to improve cybersecurity and what challenges there are in using these technologies?

AI will certainly augment cyber defenses, perhaps even tackling the tough problem of defending against social engineering attacks. But true AI insight is a way off yet – neural networks like DeepMind are cost-prohibitive.

ADVERTISEMENT

Human analysts still hold the most expertise, so they will always be needed to supply context for AI answers. AI cannot, for example, find the lost, forgotten, end-of-life applications and infrastructure commonly referred to as technological debt and do something about it.

AI and ML adoption to enhance or make operations more efficient is on every organization’s radar, and properly deployed, it can lead to significant ROI. Having said that, adopting AI and ML for business operations comes with business risk as it can be unpredictable and adds complexity from a security perspective.

In these early stages of mass adoption, I predict lots of embarrassment and potential losses with organizations moving too fast into AI without analyzing the threat models AI poses.

In contrast to the previous question, what potential harmful effects could arise from these technologies? Is it also conceivable that AI and ML might be exploited for cybercrime?

AI and ML within the cybercriminal world match the same technology in cyber security products. Let’s not forget that the tools that are being used by businesses can be accessed by cybercriminals for illegitimate purposes.

As more software vendors integrate AI to enhance their services, unbeknownst to them, criminals are hiding amongst their customer base and using these tools to enhance their illegal activity.

From your perspective, considering the current landscape, what proactive steps do you believe everyday internet users can take to enhance their personal security? What specific tools or practices would you recommend for securing our devices in this day and age?

Use intelligence to know and understand the threats you or your business face. On top of this, apply best practice security approaches such as:

  • Layered defenses, including content delivery network (CDN), web application firewall (WAF), and endpoint detection & response (EDR).
  • Look for "quick wins" in the adoption of zero trust, but remember that while zero trust might not prevent a data breach, it should help massively in figuring out how it happened and what the threat actors did.
  • Audit your infrastructure and address any legacy technology exposed to the internet.

What lies ahead for Cyjax? What can we expect its future to look like?

ADVERTISEMENT

We’ve been experiencing substantial growth, and we’ll use this to continue developing innovative approaches to threat intelligence.

Our customers can expect rapid prototyping, enhanced analysis, and a deeper understanding of what has become an increasingly dangerous online environment for enterprises.