This is a transcription of our interview with Greg Edwards, CEO at Cryprostopper.
You can watch the full video interview here. Make sure to subscribe to our Risk Management Show via iTunes, Spotify or other major podcast apps. Just search using the keyword "Risk Management Show" inside your favorite app so that when interviews will start rolling in, you receive your notifications or podcast will download straight to your phone.
Boris: Hello ladies and gentlemen and welcome to our interview with Greg Edwards.
Greg is a CEO at Cryprostopper which provides ransomware protection by automatically detecting and stopping actively running ransomware attacks.
They are the world’s first digital security product to offer 100% ransomware protection. In addition, Greg also owns an MSP IT business that has been helping businesses recover from the land hurricane named Derechio that hit Cedar Rapids, Iowa, where he lives.
Greg, Thank you for coming to our interview today.
Greg: Thanks for having me Boris
Boris: With your background. I believe that we will have a really thoughtful conversation about cybersecurity, ransomwere and emerging threats. From fears of a Cyberspace based New Cold War between Global Powers to emerging fraud threats, to financial services, small businesses, consumers, the issue of the cyber security is likely to loom large over all technology discussions in 2021.
Greg, can you tell us a short story about your unique path in the cyber field and what you and your colleagues at Cryprostopper have been up to recently?
Greg: Absolutely. I previously owned an offsite backup and disaster recovery company and starting in 2012, we started seeing ransomware attacks, hitting our offsite backup clients, and actually between 2012 and 2015, 20% of our offsite backup clients needed a full on recoveries because of Ransomware. So I saw that escalation and that all really started because of the availability of Bitcoin which became available in 2012.
And if you look at the rise of Ransomware in cyber crime in general, it really all started to escalate at that point when the attackers could get paid completely anonymously. So with CryptoStopper, essentially what I was seeing is that antivirus was not able to stop it and it actually 77% of companies that are hit by Ransomware have up-to-date antivirus and is still today. And so what we created is a tool that detects and stops Ransomware after it's already running and does it in less than a second.
We use what's called deception technology to deploy Bait files throughout a network, and then monitor those Bait files and then take automated action to kill the Ransomware once it's running. So that's the background story, how Cryprostopper was started. It was really out of an absolute need that there wasn't another product in the marketplace that was doing that.
Boris: Interesting. This is actually a very special year, a year of a major disruption, mainly related to the global pandemic. And then we also have seen many cyber related incidents. Could you perhaps tell us your thoughts on what has gotten us to this point, that every CEO fierce Ransomware?
Greg: It really all goes back to that availability of cryptocurrency. So the fact that these attackers can now make millions of dollars from their attacks. Actually Garmin here in the U S was hit this past summer of 2020 and paid a $10 million ransom. So in the average ransom paid is now over $338,000.
What’s driven this is the ability to make millions and millions of dollars is actually more profitable now than drug trafficking. So a lot of the cyber criminals are former organized crime that used to be involved and more likely are still involved in the drug trafficking, but have now added Cyber cybercrime to their list of businesses activities.
Boris: On your website you stated that you guarantee a hundred percent protection. How can you guarantee to protect the companies against ransomware?
Greg: Our tool, every time it's deployed is completely random in installation of those deception technology files. So the attackers can't thumb print what we're doing. Each installation is unique, just like now almost all malware is unique, and that's why it's getting past so many of the antivirus solutions. We designed our solution to be unique to each installation so that the attackers can't thumbprint it and determine how we're doing what we do.
Boris: I remember the times when all software was on the premises, and one of the selling points of companys offering us a cloud solution was a promise of security and a reliable backup service. Now the same companies that moved their software to the cloud hear that they have to buy additional software to make them even more secure in the cloud and even on top of that, they have to buy some add ons for additional layers of protection. What is your opinion on this is why is that?
Greg: The biggest thing is the layered security and proper configuration. So I agree with you that years and years ago, when we were disconnected and didn't have the internet, and I I've been in the business long enough to remember those days and remember when everything was disconnected and just on individual networks. The Risk, wasn't nearly what it is today. So now that everything is connected and required to be connected because you really can't operate a business without internet connectivity today that's, what caused that.
And the configuration is the big issue and then adding that layered Security. So I absolutely believe that to secure all of the infrastructure within a business, you've got to have that layered security, and you've got to have a proper configuration.
Boris: I believe that nowadays many customers have been doing their cybersecurity with large vendors. Could you please elaborate more on that, what is your best type of customer and what is the unique selling point of your solution.
Greg: We actually focus on managed service providers that provide their service to small businesses. So small and medium-sized businesses are the end users of our product, but we distribute that through managed service providers. So those managed service providers, they essentially act as the IT company or the IT department for those SMB clients. Companies that are between 25 and 300 employees, which is the bulk of businesses across the world, and these managed service providers become that IT department and then they are tasked with creating that layer Security that gets installed and Cryprostopper is a part of that layered security.
Boris: Maybe without dropping the names, it would be interesting to know what you or your team have recently achieved that you are really proud of, how does it work in real life?
Greg: Well, a couple of things, just the fact that we stop Ransomware on a very consistent basis. We just had a law firm that we stopped a ransomware attack, and that would have devastated and shut down the company. And that's something that really, it's almost a non event now. So it isn't that big of a deal because nothing really happens. And that's what we want is boring Ransomware. So between that, and some of the advancements that we've made with our software are the biggest, things that I'm proud of right now.
Boris: I would love to hear your personal opinion. What is a commonly held belief as it relates to cybersecurity and especially Ransomware in particular that you are strongly or even passionately disagree with?
Greg: So there’s no one silver bullet to stop Ransomware. I know that even owning Cryprostopper and owning a product that stops Ransomware, it still takes a full layer of defense because there are other problems, other cybersecurity crimes that can happen and devastate businesses too. So it's the fact that every business needs a fully layered security solution, and it needs to understand what that is.
So CEOs and boards need to educate themselves and understand what their IT department or what their managed services business is doing for them. They don't need to become cybersecurity experts, but they need to make sure that they understand that what's being done and what that layered security on their network looks like.
Boris: For example, if we take a life of a risk manager. If there is one thing that risk managers should start doing right now that they are not doing currently, what would it be?
Greg: I'm making the assumption that they're all doing this, but really looking at the individual business units within the company and where are those business units driving their revenue from, and how is technology affecting that. So if any one piece of the technology is taken down, whether it be by Ransomware or some other attack, or the data is breached, and exfiltrated, what is that risk to the business?
And I think that today, cybersecurity is a certainly a more prevalent risk than any other kind of disaster. It is certainly became more prevalent in my offsite, backup and disaster recovery companies that I previously own. We were doing more recoveries because of cyber attack then because of natural disasters, hardware failures and employee mishaps. Ransomware and cyber crime was more prevalent than all other things combined.
Boris: I would like to ask the same question, but another way around. What should risk managers stop doing right now that they are doing currently?
Greg: I think just looking at insurance as fixing the problem, because that does not fix the problem of cyber crime. It helps to mitigate it, but it doesn't fix the problem.
Boris: Because there were a lot of a cybersecurity insurance that you can buy but what will you really get?
Greg: The thing about a cyber liability insurance is that you really have to understand and look at the policy. So from a risk manager standpoint, they need to understand what the different kinds of cybercrime are that can affect to them. And then what are the most prevalent and what is the cyber liability policy that they're purchasing? What are the individual limits within that policy and making sure that it's broad enough coverage that there aren't going to be exclusions,
Boris: You also have been helping your community at Ceder Rapids, Iowa to recover from the land hurricane Derecho, that happened last summer? Could you please elaborate on this topic?
Greg: From a risk management standpoint, this was something that even my self being in the disaster recovery business was something that I did not look at as a potential risk for our area. We're in Iowa, which is right in the middle of the US. And we don't have hurricanes here. I mean, there's hurricanes along the coast and I've helped, companies prepare for hurricane season what they need to do to be able to relocate and run their business somewhere else, but have never had to do that here in the Midwest and in Iowa.
And this land hurricane that hit was called Derecho, basically was hurricane speed winds. So a 110 mile an hour a sustained winds across about a 40 mile swath. And it went to it directly hits Cedar Rapids, Iowa, which is a community that I live in and took power out for 97% of the residents, myself included. And I was without power for six days.
And lots of the community was out without power for two weeks. And so the thing that companies had prepared for here was if their building had a fire or some other type of disaster, that they could go and work from home, recover to the cloud, or utilize their cloud services and work from home. Well, that wasn't an option because no one had power. And so for myself, I being in the industry and I was pretty well-prepared and within about two hours had my generator up and running and was back online and was able to work completely cloud based.
So it really wasn't a problem for me, but I helped lots of other businesses figure out how they could get their employees back up and running. And really, what it ended up being was lots of people going and working from hotels, which during a pandemic was not the easiest thing either. So it was devastating in the disruption to businesses. So from a risk management standpoint, something that I've re-evaluated and looked at, okay, what happens if an event like that happens again, because there's other things that could take power out for an extended period of time in a large area.
Boris: As an entrepreneur to entrepreneur, what is the most important lesson that you have learned through your years of entrepreneurship?
Greg: For me, it's really being transparent and honest with my employees. And that's something that I feel like companies and CEOs have not done in the past as we progress forward and the new generation of employees that are coming on board, they do not respond well to “just do your job”. We have to be as CEOs transparent across the company.
And what I mean by that is that as the CEO that I'm available and that all of the other managers in the company are available and transparent and everything that we do.
Boris: Fantastic. Have I missed some questions that you would like to add to the Interview?
Greg: I think that when really looking at what the biggest risks that I see for business today and what risk managers need to be thinking about is everything that you've thought about in the past, and then add cybercrime to that and understanding what are the most prevalent and most damaging risks to a business, and how does that affect them? So right now, a business email compromise is the most prevalent with Ransomware being number two.
And so really understanding how those first two top things from a risk management standpoint can affect the businesses that you're working with. And what would that devastation within the company look like and how do you mitigate that?
Boris: Fantastic. Thank you. Greg for talking to you with me today, and I wish you a great success with growing your company and as a private individual with your community that you helped. Perhaps we can come back in a few months and see the progress with your company.
Greg: Yes, we've actually been making lots and lots of progress from the Derecho as a community. We're pretty well recovered from that. And as a company with Cryprostopper we were seeing explosive growth already in 2021. Thanks for having me on today.