Mark Allen, Head of Cybersecurity at CloudCoCo: “It’s alarming to witness the extent to which deepfakes can be weaponised”

If you don’t find yourself nodding agreement with Mark Allen, Head of Cybersecurity at CloudCoCo, during this interview then you need to ask yourself some hard questions. In particular, are you – and your company – taking the threat of cyberattacks seriously?

Consider deepfakes, says Mark, who describes how one attack used “deepfakes to mimic senior board members during a video conference call, leading to fraudulent transaction approvals”. One of his suggested remedies is to bring back face-to-face meetings; the solution doesn’t have to be complex or cost thousands of dollars.

In fact, this whole interview acts as a play-by-play guide on how to keep your business safer in 2024. “There’s a pervasive over-reliance on tools as a cure-all for security issues, but often it’s the user who’s duped into granting access initially,” Mark explains. “Even with these in place, we observe that breaches can remain undetected for long periods, with the tools themselves being leveraged by attackers to establish a successful foothold within IT systems.”

We strongly recommend you read his words carefully, because they could not only save you a lot of angst in the long run but also time and money. But don’t expect a simple fix. “It’s like a complex chess move,” he says, “where each step is coordinated to form a resilient and dynamic defence system.”

So why listen to Mark at all? He has all the usual vendor-led training qualifications when it comes to IT platforms, but the foundation of his expertise lies with his extensive experience working closely with engineering teams, understanding what works, and bringing that technical knowledge to real-life scenarios.

And if you want more, Mark regularly delivers sessions on cybersecurity to industry professionals at CloudCoCo’s CloudVision event series.

Could you please introduce yourself to our audience and share how you ended up working in cybersecurity?

I’m Mark Allen, a seasoned professional with 18 years of industry experience under my belt. At 43, I’ve worked within various IT disciplines, ranging from WAN and networking, to pioneering thin technology solutions. My career to date has been extremely diverse, encompassing core IT infrastructure with a focus on multicloud environments and virtual on-premises solutions.

My area of expertise extends to data management and restoration, where I’ve tackled complex challenges to secure data integrity. In terms of cybersecurity, I’ve provided consultancy services bolstered by third-party support, ensuring comprehensive protection strategies that align with organisational governance and cultural nuances.

Throughout my career in the MSP space, I’ve been committed to demonstrating how IT can drive significant value within businesses. I’m often having complicated discussions about backup solutions, moving on to the more critical aspects of disaster recovery (DR) as digital threats evolve. The conversation has now naturally shifted from natural disasters and theft to the more insidious cyber-attacks, which heighten the reliance on robust DR solutions.

As the threat landscape has transformed, my focus has now gravitated toward how to best protect and restore systems in the wake of cyber incidents. This shift didn’t just alter the nature of my work with customers, but expanded my understanding of data management, emphasising the importance of stratifying data layers for restoration based on how critical they are to business operations.

With cyberattacks becoming increasingly common, my role now centres around cybersecurity and all that it entails. However, it’s my comprehensive grasp of the entire IT platform that enables me to offer informed security advice, ensuring that the whole IT estate of an organisation is safeguarded. This holistic perspective is not just about defence, but about fostering resilience, ensuring that businesses are prepared for, and can swiftly recover from any security breach.

What are some cases of deepfakes being used that particularly concern you?

It’s alarming to witness the extent to which deepfakes can be weaponised. Particularly after the actors’ strikes — a key point of which was the worry that studios would use AI to generate content with an actor’s likeness and not pay them for the privilege — the necessity to authenticate user identity has never been so critical. The ease with which criminals can now harvest identities from social media and employ them in deepfake technology to deceive individuals is unsettling.

A notable incident that caused great concern involved the use of deepfakes to mimic senior board members during a video conference call, leading to fraudulent transaction approvals. This type of deception shakes the foundation of our security practices. Typically, visual and audio confirmations serve as a final checkpoint to prevent fraudulent mispayments. However, deepfakes have the potential to bypass this safeguard entirely. The unsettling reality is that even with diligent verification, deepfakes could override our best defences.

In response to these threats, adopting a zero-trust policy within organisations has become vital. Additionally, there’s a corporate responsibility to educate users on how their data might be exploited. As contentious as it may sound, the reality we’re facing is that for certain critical decision-making stages, the most reliable form of verification may very well be in-person meetings.

Senior business leaders must engage with security advisors early to establish a base for breach forensics, enabling informed decision-making in the event of an incident. Building a foundation of trust with users, and fostering a culture that emphasises the importance of questioning and confirming information is essential in supporting the security measures we implement.

Also, it’s crucial to maintain a robust breach response plan. Understanding the different types of breaches, along with ensuring comprehensive insurance coverage, is paramount. Each organisation must be proactive, not only in defence but in anticipation of potential breaches, ready with a response plan that mitigates risks and ensures operational resilience.

Worth a read: Why Identity & Access Management (IAM) must be your primary security layer

What do you think are the best approaches to combating deepfakes?

Combating deepfakes is a huge challenge that requires both individual vigilance and comprehensive corporate strategies. From my perspective, as mentioned above, the adoption of a zero-trust mentality within the user culture is essential. Encouraging face-to-face meetings, particularly at critical junctures of engagement with third parties, has proven invaluable. Despite the flexibility and convenience offered by remote work, we must recognise and preserve the security benefits that in-person interactions provide.

On a corporate level, the ability to work remotely should not compromise security measures. Implementing a zero-trust strategy, supported by Multi-Factor Authentication (MFA), is essential in safeguarding identity verification processes. While MFA provides a layer of protection, the sophistication of deepfake attacks — which can facilitate the unwitting sharing of user credentials — demands even more extensive defensive protocols.

This is why I always advise businesses to deploy advanced Endpoint Detection and Response (EDR) tools as another layer of defence. These systems are not just for data analysis — the critical decision lies in whether to manage the response internally or collaborate with external partners to mitigate risks. It’s imperative to prioritise strategies that focus on minimising disruption at the individual user level, rather than allowing a single point of compromise to escalate into a business-wide crisis.

Additionally, broader educational efforts must scale with the maturing business compliance landscape. As a firm fortifies its training and effective user actions, we should also extend this education to the personal domain. After all, the risks businesses face from deepfake exploitation are often mirrored in the home and family lives of their employees. By addressing these challenges at both levels, we can work to create a more resilient ecosystem against the threats posed by this type of attack.

What are the biggest cybersecurity challenges those in leadership roles are facing?

One of the biggest challenges leadership faces within cybersecurity is finding the equilibrium between utilising effective security tools and accurately interpreting the data they yield, all while sufficiently educating our employees. The dilemma lies in offering enough flexibility to show faith in their workforce against implementing stringent, trust-no-one infrastructure protocols.

There’s a pervasive over-reliance on tools as a cure-all for security issues, but often it’s the user who’s duped into granting access initially. Even with these in place, we observe that breaches can remain undetected for long periods, with the tools themselves being leveraged by attackers to establish a successful foothold within IT systems.

Effective cybersecurity demands that these systems are deployed where the users are — at the edge — so immediate action can be taken to isolate and address a compromise on an individual level, preventing the threat from spreading across the entire network. Generating alerts is one thing, it also requires a coordinated team effort to interpret and act upon these notifications. These teams must have the capability to disconnect compromised devices swiftly for in-depth analysis, ensuring the safety of IT infrastructure before they’re reconnected.

Above all, consistent and proactive user training is just as valuable as any technical solution. It’s essential to stay ahead of potential attack methods through ongoing education that’s based on actual threats. Navigating this constantly evolving landscape of educating, equipping and empowering employees, while maintaining the agility of our response, is undoubtedly one of the most challenging aspects of leadership within cybersecurity.

Worth a read: James McQuiggan, Security Awareness Advocate at KnowBe4: “Ironically, attack methods have remained unchanged over the past twenty years”

What are some prevention strategies you believe every business should adopt?

In my opinion, every organisation needs to cultivate a robust cybersecurity environment, and that starts with a basic zero-trust strategy at its core. Deploying MFA is non-negotiable — it’s the front line in ensuring that users are who they claim to be.

But it’s not just about having one solid wall. A layered security approach is key, with each layer designed to thwart different aspects of an attack, thereby significantly lowering the overall risk of compromise. It’s like a complex chess move, where each step is coordinated to form a resilient and dynamic defence system.

Training is also key — both user and cultural, embedding a mindset focused on protecting the business’s intellectual property. This means being mindful of even the simplest actions, from the location of a conference call to the information shared in instant messages and emails. It’s a holistic strategy that integrates protective thinking into every facet of an employee’s work life.

Perhaps most critically, there must be clear and transparent communication regarding security incidents. The current culture tends to surround compromises in embarrassment, whereas openness is far more effective — it demystifies breaches and transforms them into learning experiences. Nine out of ten times, it’s not the user’s fault — they’ve been cleverly tricked.

Knowing that the company has a response plan can empower users and bolster the collective defence. Being forthright about protocols — from the immediate steps following an accidental click on a malicious link to the comprehensive quarantine and forensic analysis, followed by remediation and safe reintegration — ensures everyone knows their role and feels supported through the process. This proactive stance does not just mend vulnerabilities, it builds a culture of trust and resilience that’s indispensable in today’s digital world.

What’s something that has drastically changed about cybersecurity since you first got started in the field?

Since my career began, I’ve watched the field morph into an increasingly complex battleground. Despite the evolving tactics and technologies, one constant remains — it’s often the user who inadvertently becomes the breach point.

Back when I started, cybersecurity was largely a reactive discipline. Firewalls and antivirus solutions acted on intelligence provided by vendors, a perpetual game of catch-up that involved constant updates and patches. We operated under a paradigm that, if we just fortified our defences enough, we could stop the attackers at the gates.

Today, the cybersecurity landscape has shifted to a more proactive stance. We’ve come to understand that breaches often occur not because our defences are weak, but because users are tricked into granting access. Now, the focus has shifted to monitoring changes within our systems once access has been obtained — changes that could indicate more insidious activities are taking place.

The sophistication of tools like EDR, Security Information Event Management (SIEM), Security Organisation and Response (SOAR), and Extended Detection and Response (XDR) has grown immensely, providing a depth of information so granular that it often requires specialised knowledge to decipher. The interpretation of data from these systems is so extensive that security services have evolved to a level where either you need to become an expert in these areas or have ready access to one.

Moreover, many tool providers now suggest that to fully leverage the complex functionalities of these products, a dedicated service is needed. This is where AI has become an invaluable ally, assisting in sifting through vast data and offering insights that even the most trained eye might miss. AI’s ability to analyse and learn from data patterns at scale means we can identify and respond to threats with precision and efficiency that were once unimaginable.

The cybersecurity sector today is a far cry from where it began. It’s a field where the strategic deployment of advanced technologies and expertise come together to proactively protect an organisation’s crucial IT infrastructure.