Chris Moschovitis: Guarding the Digital Frontier
We are living in the digital age. We have been for over 40 odd years. Almost every function of living, almost every transaction of our lives is enabled and codified by bits of data. We tap and click and bills are paid, food delivered, assignments completed. And all this data is recorded, stored and exchanged at lightning speeds. It’s what makes our world go round.
Now, imagine the larger scale: corporations, governments, universities – the immeasurable amount of information that must be kept safe from hackers and viruses and cyber-criminals. That security is critical to our very survival. And, it’s a wonder how all these interconnected systems around the globe function seamlessly and without interruption or corruption.
At the forefront of this “behind the scenes” world that keeps our lives running is Chris Moschovitis, the founder, chairman and CEO of the Technology Management Group. Moschovitis is an Athens-born, New York-based cybersecurity consultant and IT expert who’s made quite the career out of helping major organizations ensure their systems are not only up and running but are protected and breach-proofed. His clients have included Bayer, The Atlantic Group, The National Institutes of Health, Time Out North America and numerous others across the fields of industry, education, and the non-profit sector. He’s also a board member of several foundations that promote gender equality and educational advancement in the technology field. To say he’s a leader in the field is an understatement. In fact, so much so that he’s even written two major books on the topic. And he holds several certifications in his field. We talked with Moschovitis to tell us more about his journey to success and leadership in such a vital and constantly evolving field.
Let’s start from the beginning. How did you come to the world of cybersecurity and IT technology? Was there a particular moment when you realized you wanted to specialize in this area?
I started the Technology Management Group (www.tmgr.com) in 1989 when I realized that the small and mid-sized market businesses could neither afford nor keep top Information Technology (IT) talent. We were the first to provide full IT outsourcing services that were flat-fee, predictable and comprehensive.
We were delivering cybersecurity services from the very beginning when me and my partner used to “collect” the computer viruses and research how to defeat them. Back then we were dealing with floppy disks and Lotus 1-2-3, but the principles of protecting confidentiality, integrity, and availability of data remain the same and at the forefront of our cybersecurity work every day.
Today, our firm leads the way in cybersecurity and privacy protection with our industry-first solution cyberCTRL (read: Cyber Control). CyberCTRL (www.cyberctrl.net) is a one-of-a-kind platform that offers an ultra-secure, cloud-based set of state-of-the-art tools that integrate Governance, Risk, and Compliance (GRC) with Security Orchestration, Automation, and Response (SOAR) and Extended Detection and Response services.
As technology evolves so must the sophistication of threats and hackers. What is the biggest challenge in meeting these needs?
The biggest challenge in cybersecurity is awareness. Everything hinges on your understanding that there are clear and present cyber threats every day you do business.
Worse: Your biggest threat is not the hackers. Your biggest threat is when you and your people acting out of ignorance miss the warning signs of an attack, assume that “no one is going to go after us…” and don’t train yourself and your people in fundamental cybersecurity awareness.
That is the biggest challenge, and it will remain the biggest challenge until everyone realizes that cybersecurity is everyone’s business and everyone’s responsibility: From the CEO to the mailroom, from the engineer to the clerk – everyone must play their part in securing the organization and their data.
Remember: You may be able to outsource the responsibility for IT and Cyber, but you can never outsource your accountability. In other words, you can have a nanny raise your kids, but you’re still accountable for their actions.
With the growth of cryptocurrency and blockchain technology, has this become a new frontier for cybersecurity?
“Frontier” is an excellent way to describe what is happening in the cryptocurrency space, especially since this “frontier” keeps getting pushed further and further out.
Blockchain technologies are the backbone for crypto and the not-so-crypto digital provenance world. Blockchain is, at its simplest, a highly sophisticated, immutable, and replicated ledger system. Once an entry has been made it cannot be changed by anyone.
This enables cryptocurrencies, of course, but it also enables many more things, such as immutable property titles, etc.
Blockchain is the engine that powers the cryptocurrency car. Where the car goes, though, that’s up to each driver. Some drive illegally. Many don’t.
The combination of many crypto technologies, including encrypted messaging, storage and processing have created not only the illicit crypto environments, but a lot of the dark web operations as well.
And then there’s social media which is a double edged sword. A place where we share so much data about ourselves but are also subject to the spread of misinformation. How do we navigate this delicate issue from a cybersecurity angle?
This is a very difficult question whose answer is partly made up by what we consider best-practices (don’t post your social security number!) common sense (don’t let the sketchy neighbor know you’re leaving for Greece for a month!), and the desire we all have to connect, to belong in a group of friends, share our joys and hardships.
The ideal answer from a cybersecurity perspective is to avoid posting on social media. Since this ship has sailed, the next best advice is to keep your accounts in social media as private as possible. Avoid using your real name, real birthdates, addresses, etc. The more you put out there, the easier it is for hackers to create a phishing profile to steal your credentials, violate your privacy and take your money.
Remember: If the food is free, you’re on the menu! All these free services are not free because of your blue eyes! They’re free because you’re not the client. You’re the product! All your data, actions, behavior, shared thoughts, etc, are very valuable and easily monetized. You are the product that social media sells to all that are interested in who you are, what you buy, and what you think.
Are there certain countries in the world that have become hotbeds for cyber attacks and cyber scams? There was North Korea hacking into Sony Entertainment back in 2018. And obviously Russia has been a source of this kind of activity.
Yes! There are several countries that are safe-heavens for hackers and organized cybercrime.
Think about it: Cybercrime needs no guns. No getaway cars. No risk to life and limb. Only a computer. And, if you’re operating out of a “friendly” country, then so much the better! You operate with impunity.
North Korea, Iran, China, Philippines, India, Poland, Brazil, Germany, Nigeria, Russia and several of their old satellite republics, and most recently Vietnam and some choice war lords in Africa all are welcoming hackers and cyber organized crime in their territories. The reason is simple: Money – but, that’s not all.
Having an army of mercenary hackers in your territory gives you leverage over them. You don’t turn them in to Interpol, but… you expect some favors in return. You can turn your mercenary hackers into your hacking army in a moment’s notice and the targets change from bank accounts to the electrical grid.
Is there a particular industry that presents the biggest challenges in regard to IT management and cybersecurity?.
Any industry whose funding-challenged becomes a challenge itself when it comes to both IT and cybersecurity. Management justifies not investing in either on the lack of funds. Before you know it, the unprotected organization becomes either a victim or a staging ground for a bigger attack.
Education, non-profits, healthcare are all easy targets. Next up energy and infrastructure, especially in the U.S. fragmented and poorly regulated markets.
Finally, the biggest challenge is any organization whose leadership buries their heads in the sand and proclaims themselves “safe” on the grounds of their size, industry, employee count, or any other convenient excuse! Sadly, hackers don’t care about your excuses.
If your data is valuable, if you partner with other potentially attractive targets, then you’re a target yourself.
If your excuse is “we don’t have anything of value for the hackers” then my question to you is this: What kind of business do you know that generates no value? If it is of value to you, it is of value to hackers. Period.
If your excuse is “Nothing has happened to me/us yet” then I refer you to the Greek saying “The bottle goes back-and-forth to the spring many times. It breaks once.” Nothing has happened to you, yet, because your name isn’t up! It’s a long list, and your name is there somewhere and your turn is coming.
Ignorance doesn’t make you safe. It makes you a victim.
Is there a project that you’re particularly proud of?
We have been in business for over 35 years! During this time, we have partnered with some of the best businesses and best minds world-wide. We have learned from our clients just as much as we have contributed, and we are both humbled by the opportunity and proud for all our work.
We can’t divulge specifics, of course – client confidentiality prohibits us from doing that – but we are particularly proud of our non-profit work, as well as some of our massive projects with one of the top universities in the U.S., a Fortune-500 CPG, and one of the largest and complex energy concerns in the U.S. We are honored that they partnered with us, and proud of our deliverables.
You’re also an author of two major books in your field. Both critically acclaimed. What inspired you to sit down and add that hat to your list of accomplishments?
You’re too kind! The truth is I come from a long family history of journalists. My grand father, Polymeros Moschovitis was trained as an officer, became the right hand of Venizelos, and retired as the editor-in-chief of the major daily in Athens. My father, Jason, is one of the most admired journalists in Europe with years of service in the major papers and a long career in Greek television where he broadcasted the landing on the moon live, and retired after appointments that included being the General Manager of the public Greek TV station and a consultant to the nascent private media industry in Greece.
So, I guess, the writing bug was in me from the beginning. I enjoy writing, and I love being able to explain complex topics in easy-to-understand language. My books reflect that avocation, and I am honored that the critics agree!
In one of your books, you mention the distinction between privacy and cybersecurity. Could you elaborate on that in a few words?
That’s a great question and a not-so-subtle distinction! Cybersecurity is concerned with the Confidentiality, Integrity, and Availability of data. I always add Safety of people to the “C.I.A.” list as it is called, because you can’t divorce people’s safety requirements from a digital world that controls physical devices like cars, x-ray machines, and nuclear plants.
Privacy, on the other hand, is a complicated definition with significant cultural implications and influences. The best definition for privacy comes from Alan Westin, the “father” of privacy scholarship. In his book “Privacy and Freedom (1968)” Westin defined privacy as:
“Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”
Cybersecurity and Privacy share a lot while being very distinct in their mission. Cybersecurity is all about value protection as defined by securing the Confidentiality, Integrity, Availability of YOUR data.
What you do with YOUR data is a matter of choice. A choice that depends on what your definition of “privacy” is in your values, society, culture, religion, etc.
You hail from Athens. How about Greece? Have you worked with clients there? Has Greece – as it tries to expand as a service economy – provided opportunity for IT companies to grow there?
Indeed, I do! From Platia Amerikis, no less! Yes, we have partners in Greece that we work together to deliver on cyberCTRL’s promise. Greece is a hotbed of science, innovation, and discovery. Many people around the world don’t realize how “rich” Greece is when it comes to brainpower. The fact of the matter is that very few countries can stand toe-to-toe with the Greek capacity of hard work, innovation, discovery, and scholarship.
Sometimes this happens outside the Greek borders, as it was with cyberCTRL, but this doesn’t make it any less of a Greek achievement! Similarly, there is amazing science being performed every day in Greek companies and universities that not only define the field but expand it. It is no accident that the EU has ENISA – the European Union Agency for Cybersecurity – headquartered in Greece since 2004.
Although I cannot speak to the business opportunities in Greece or the politics surrounding it, I can speak loudly to the talent that exists within Greece. Some of the smartest, most capable, most hard-working professionals that I know in my 40+ year career are Greeks, and I have been privileged to work with them, learn from them, and contribute back.
I am blessed to be Greek. And nothing brings me more joy that to get an opportunity to work with my compatriots, be them in Greece, or any place on the planet!