Periodically, The Cipher Brief profiles an up and coming leader in the cybersecurity and national security fields. This week we introduce you to Angela Knox, the Senior Engineering Director at Cloudmark, a network security company. Computer Business Review recently named Knox as one of the five top women leading the way in cybersecurity. Knox tells us about her job, and how she thinks cybersecurity is at a pivotal moment.
The Cipher Brief: Could you tell us a little bit about your background, and how you got started in cybersecurity?
Angela Knox: I came into security mostly unintentionally. I was in the email space—more on the email software functionality side of things—at a company called Critical Path. I started working for Cloudmark after I received my MBA. I landed here because I knew people who worked at Cloudmark, but I got interested in the whole idea of protecting people and keeping them safe from malicious actors. That was back in 2005, so anti-spam was a pretty big issue at that point.
Now, people think of their email as fairly safe because the anti-spam companies tend to do a pretty good job of keeping a lot of it out of their inbox, but there are still issues like phishing and malware. If those get through, and you are clicking on a link or are tricked into giving up your user name and password, it can really have a huge impact.
TCB: Broadly speaking, how has the cybersecurity industry changed since you entered the field?
AK: It’s definitely changed a lot, mostly because technology has changed a lot in that time, and you have many more avenues where malicious actors communicate with you. Social networks are more widely used, personal data is readily available, and the attack space is wider. You’ve also got a more sophisticated black market for data collection. So if people click data by phishing in particular with currencies like bitcoin, they can go on black markets to sell that data. It’s just really about the technology – as the technology has improved for all of us to use as consumers and businesses, it has improved for the malicious actors as well.
TCB: Computer Business Review recently listed you as one of the top five women leading the way in cybersecurity. Why do you think women are under-represented in the field of cybersecurity, and what can be done to change that?
AK: I think that it’s partly a marketing exercise – that is, making cybersecurity seem like it’s a career that is open to women, especially teenagers in high school, who actually think technology in general and cybersecurity in particular is available to them. It tends to be seen as kind of a “geeks in a basement” type of role, and it seems like it’s not really friendly to women. But it’s actually a fun career, and it’s really great to be helping people.
The big thing that I’m interested in seeing is more of the work that is being done to encourage high-tech careers in technology, computer science, and security as career possibilities right from high school and that are available to all minorities—not just to kids from well-off families or well-off communities. As we do that, we’ll see more diversity in the industry.
TCB: You’ve said that cybersecurity is at a “pivotal moment.” Why?
AK: Because of the increasing size of the attack surface. There are just so many more opportunities for malicious actors to get access to people, whether it’s by email and phishing, or by social networks. Technology is such a normal part of our everyday lives and our everyday work lives. People seem to go, “oh, I got an email. I’m super busy, so I’m just going to click on the link and not really think about where it’s leading me to.” That’s why I think it’s at a pivotal moment, because there’s so much of it in our lives and it’s everywhere. It’s just a large attack surface.
TCB: What are the most common types of cyber-threats, and what do companies need to be doing, at a minimum, to address them?
AK: The one that everyday employees are dealing with the most is phishing via email, because that’s the point where an employee can come into contact with a malicious actor or accidentally download something into the system that shouldn’t be downloaded. Other than that, it’s physical access, like letting people into your building when you shouldn’t be letting them in.
TCB: What advice would you give to companies trying to stay ahead of this evolving threat? How much cybersecurity is enough?
AK: The important thing for companies to do is to really think about what they have got in terms of data and systems that are critical to them. For example, are they storing credit card data, are they storing social security numbers, are they storing email addresses for a significant number of people? Any time that you are storing data that is valuable to malicious actors, you need to take stock and note where that data is, as well as how valuable that data is, and how much pain it could cause you if other people got ahold of it.
Once you’ve figured out where that data is, start working with security vendors or trusted advisors to think about how much investment you should be putting into protecting data. Then make sure that you’ve got systems in place that will both protect and monitor your data so that if something has gone wrong, you’ll know that you need to investigate.
TCB: Shifting focus to your work at Cloudmark, can you tell us a little bit more about Cloudmark and what your role is at the company?
AK: Cloudmark is a messaging and network security company, so our focus has been protecting against phishing, spam, and viruses in the messaging stream and the text messaging stream like SMS. We also have a DNS (Domain Name System) security product.
My role at Cloudmark is Senior Engineering Director, and I oversee the algorithms that figure out malicious emails and phishing attempts in real-time. I also oversee threat research.
TCB: There’s a lot of discussion right now in the media about the security of email and other messaging systems. How much of a cybersecurity threat is there, and what are the vulnerabilities in email systems?
AK: One of the vulnerabilities of email systems is that encryption is something that we added on top of email. Email was designed to be originally shared on government networks and with researchers, and it was assumed that it would go over secure channels. It is only now that it is becoming very uncommon for email to be encrypted in the cloud and to be encrypted on disks.
The ability to break into a system and read everything that’s on it is pretty high in most cases, unless you have gone to extreme measures to encrypt the data. With proprietary systems that are owned by a single company, they tend to try to encrypt the data all the way through in order to be more secure. It’s the open nature of email, and the fact that you can get an email from anybody in the world to anybody else in the world, and they’ll figure out the path by which it needs to go that tends to mean that you have to trust all the players along the way in regards to everything staying encrypted.
TCB: Are there specific things that either individuals or companies can do to better protect their email systems or their messaging systems, apart from what they are already doing to address the broader cybersecurity problem?
AK: They need to be running good anti-spam and anti-virus technology. They also cannot assume that just because they’re running good protection technology, that some of their end users won’t get infected by viruses. They need to be monitoring their firewalls and reviewing their intrusion detection systems. There is protecting your data that is in your email and making sure that you’re keeping that safe and what’s being sent around within your company is not open to other people reading it. And then there’s making sure that the data that’s coming in is not causing your employees to give away credentials or get infected. It’s making sure that you have both of those angles covered.