Neovera CEO: Cybersecurity In Regulated Sectors Is A 'Continuous Process'
Cybersecurity professionals are stressed. They are even more so when in heavily regulated industries. Neovera's CEO and founder talks about the unique cybersecurity challenges in regulated industries.
CISOs and other cybersecurity professionals are experiencing unprecedented burnout, according to a 2023 study by Devo Technologies, which found that "83 percent of IT security professionals admit they or someone in their department has made errors due to burnout that have led to a security breach."
Research firm Gartner, in its Peer Community survey last year, found that 62 percent of IT leaders primarily responsible for cybersecurity had experienced burnout at least once, with 44 percent reporting multiple instances.
In addition to the daily stress many cybersecurity professionals face, stress levels can increase for professionals in industries that are heavily regulated, such as health care and finance.
Finance security professionals also have had to navigate another recent hurdle: the Federal Trade Commission's update last year to its Safeguard Rules, requiring extra provisions for securing customer information.
Taking that all into consideration, it's not far-fetched to surmise that many security professionals, especially those in an industry like finance, need additional support and resources.
That is the type of service and support Neovera helps provide, said founder and CEO Scott Weinberg, who also addressed the challenges security professionals face in highly regulated industries.
"We're an enterprise managed cybersecurity and IT services provider. And we have a very strong focus in highly regulated industries," Weinberg told MES Computing.
Neovera's platform offers cybersecurity and managed infrastructure.
"We've specialized in in providing cybersecurity testing services, penetration tests, vulnerability scans ... technical and cybersecurity type audit services, primarily, again, for the financial industry ... although we have some clients outside that, [including] biotechnology, legal, legal trust companies," he said.
The company, however, focuses on regulated industries like finance because "that's where we think we can help our clients the best," Weinberg said.
Neovera upped its cyber resiliency capabilities with its acquisition of 10-D Security in August 2023.
"We acquired them because of their capabilities in penetration testing and vulnerability scanning. They do a lot of what we call 'offensive security,'" Weinberg said.
10-D Security Senior Director Jeremy Johnson explained the security approach the company takes.
"One sort of project that we can work on is with the network defenders at a particular organization, whether that be health care or a financial institution, and perform some of these attacks that real-world hackers do in real time with them ... kind of sitting there with us at a keyboard virtually or in person. So they can not only see how this is done, but then we can, in real time, put the things in place to prevent attacks," Johnson said.
Cybersecurity Is An Ongoing Endeavor
Weinberg also touched on the current biggest challenges for organizations in regulated sectors and how securing those sectors is an ongoing endeavor, he said.
"It's a continuous process," he said, adding that ransomware, email phishing, and "social penetration" attacks remain significant security challenges for customers.
"There's been some really interesting stories that IT folks have told me ... [someone will] walk into a bank and pretend to be somebody that works there or a cleaning person. And before you know it, they have access to a lot of the equipment," he said.
Neovera, he said, also focuses on the midmarket as those organizations are often more resource-strapped.
"When you're looking at the smaller banking—community banks, regional banks—and when you're looking at these hospital groups, they're probably the most vulnerable because they're not spending as much as their big brothers are. ... They just don't have the personnel with the expertise that they need to be able to safeguard themselves," he said.
He explained what Neovera offers to help these businesses.
"We have our own Security Operations Center. ... We do several sessions where we will monitor all the devices at the institution, we do all the log collection, we collect all the events, and then we're monitoring 24x7x365. And then not only do we do the monitoring, but in many instances we will also do the remediation. A lot of firms that have security monitoring, they stop at the notification, they'll just notify their customer, but they don't really do the remediation. Remediation and incident responses are one of the things that we do."
Neovera can also help with compliance, he said.
"If it's on the infrastructure side, then we certainly help with that ... In addition to security, we also have a private cloud. ... We've done project work for some extremely large banks in terms of helping them encrypt all their data at rest, across all of their branches, all their facilities, globally."
Weinberg said that Neovera's platform works with core public cloud platforms and that most of their customers are on Microsoft Azure, Amazon Web Services or Oracle Cloud.
Neovera is also using Oracle AI to integrate artificial intelligence features.
"We're definitely doing more than just scratching the surface with AI," said Weinberg. "When you're monitoring for events [you need to be] able to correlate [security] events, understand what these events mean and how to respond. [We're] using AI to help us in our response." He said AI's ability to perform predictive analysis has also been valuable.
The 'Fractional CISO'
One recent study shows that despite the litany of regulations, the health-care and finance industries are most vulnerable and most targeted for cyberattacks.
Some even argue that security professionals in these sectors spend so much time trying to satisfy regulations and being in compliance that they have less time to deal with cyber incidents.
"We do a lot of what we call governance and risk compliance," Weinberg said. "So there are lots of regulations related to health care, related to financial services. And if you think about some of those organizations, they don't always have the right protections in place. What we like about our acquisition of 10-D is they're the guys behind the scenes that are trying to understand where the weaknesses are, then we're the guys that can help them understand what those weaknesses are once we find them and then we can put things in place to help prevent them."
Are these industries over-regulated?
"There certainly a lot of regulation," Weinberg said. "I'm not going to say it's over-regulated ... but certainly there's a lot of regulation."
"That's why we see in the industry a lot more recognition for the virtual CISO, for example ... a fractional C-level security officer. Because a lot of these institutions, either they don't have an in-house [security expert], or they don't know how to interview for one and hire one. They don't feel like they have the expertise to do that."
That lack of in-house expertise or the lack of resources to hire and train security professionals pose a challenge for smaller and midsize organizations.
"It's hard to keep up. [with] all the new rules and regulations and the penalties that go along with noncompliance," Weinberg said, adding that's why he sees Neovera as a security lifeline for smaller and midmarket organizations, particularly in heavily regulated industries.
With Neovera, organizations are working with an "external provider who focuses on those regulations and the technology to help them adhere to [them]," he said.