Flagright CEO Baran Ozkan On Rethinking Cybersecurity And Online Privacy

Updated on: September 21, 2024
Roberto Popolizio Roberto Popolizio
Updated on: September 21, 2024

Whatever you know about protecting your online privacy, cybercriminals probably know that too, and are already finding new ways to breach your defenses and steal your sensitive data.

It’s hard for everyday people like me and you to always be on top of threats, vulnerabilities, emerging trends, and overly complex cybersecurity concepts without going nuts. Not to mention the hidden truths no one talks about…

In this new interview series by Safety Detectives, I am talking to cybersecurity experts and business leaders who share untold truths and actionable insights from their experiences that will help you be more aware and more effective in protecting your sensitive data while keeping your sanity.

Baran Ozkan, co-founder & CEO of Flagright, is a visionary leader dedicated to revolutionizing AML compliance, risk management, and fraud prevention. Under his leadership, Flagright has developed a leading AI-native AML compliance and risk management solution that enhances the security and operational efficiency of financial institutions through an API-first, no-code platform that drastically reduces compliance integration time to just one week.

Baran’s expertise includes driving innovative solutions at Blue Cross Blue Shield in the healthcare insurance industry and making notable advancements in complex data structures and real-time systems at Zalando and Forto. He also successfully led product development at TransferGo, serving over 3 million users, further enhancing his focus on financial crime compliance.

🏆 Recently, Flagright has also won several awards on G2:

  1. Best Results in the Anti Money Laundering category for Summer 2024
  2. Most Implementable
  3. Highest User Adoption
  4. Best Support
  5. Easiest To To Business With
  6. High Performer

They were also recognized as ‘One’s to watch’ in the Chartis RiskTechAI50 ranking.

What are the most overlooked cyber threats that you see affecting end users in your industry? What makes threats particularly concerning?

Social engineering attacks (especially targeting employees of financial institutions) are definitely one of the most overlooked threats in the financial industry, and they are getting increasingly sophisticated. Cybercriminals are no longer just focusing on end users but are instead infiltrating through unsuspecting employees who have access to critical systems. These threats are concerning because they bypass traditional technical defenses, relying on human error, which is harder to predict and prevent.

📈 Two recent cases of social engineering attacks in the financial sector:

  1. In 2022, the Internet Crime Complaint Center reported over 21,000 business email compromise (BEC) complaints, resulting in losses exceeding $2.7 billion.
  2. In September 2023, the Scattered Spider group utilized social engineering tactics to gain access to attack MGM Resorts International. The atack disrupted operations and resulted in an estimated $80 million loss in revenue over five days.

The misuse of AI and machine learning by malicious actors is another significant threat. While AI is a powerful tool for improving security, it can also be weaponized. For example, AI can be used to create deepfake identities or automate sophisticated phishing attacks, making them more convincing and widespread.

What are the best ways to prevent and react to these threats?

Prevention starts with education and awareness. At Flagright, we emphasize the importance of continuous training for employees to recognize and respond to social engineering attacks. Regular phishing simulations and security awareness programs are crucial in building a culture of vigilance.

Additionally, conducting regular security audits and updating incident response plans can ensure that teams are prepared to respond effectively when a breach occurs.

For reacting to threats, speed is key. Implementing real-time monitoring systems, like those Flagright offers, can help detect suspicious activities as they happen. Automated response systems that isolate potential threats before they escalate are also essential. \

What are some things that people should STOP doing today because it’s damaging the safety of their data, and they don’t realize it?

Relying solely on passwords as the primary defense mechanism is a critical mistake. Password fatigue often leads to weak passwords or the reuse of the same passwords across multiple accounts, which makes it easier for attackers to gain access to sensitive information.

Another bad habit is neglecting software updates. Many people don’t realize how important these updates are, as they often contain patches for security vulnerabilities.

People should also stop ignoring the importance of secure backups. Without them, a ransomware attack can be devastating, leaving victims with no choice but to pay up. Here’s how to securely back up your data:

  1. Encrypting backup data renders the data unreadable without the correct decryption keys. This protects against unauthorized access, especially if data is stolen or intercepted. Modern backup solutions typically include encryption features, but make sure to manage your encryption keys securely: they still represent a vulnerability.
  2. A third-party key management service to store your encryption keys separately from the encrypted data. This reduces the risk of both being compromised simultaneously.
  3. Obscure your backup data instead of storing them in easily accessible file formats. One way is using specific backup software that does not expose backups as standard files on the operating system.
  4. Implementing immutable storage options, where backup files cannot be deleted or altered once written, provides an added layer of protection. This is particularly useful against ransomware attacks, as it prevents malicious actors from deleting backups.
  5. Apply the 3-2-1 Backup Rule. You keep three copies of your data on two different storage types, with one copy stored offsite. This approach ensures redundancy and protects against various types of data loss, including physical disasters.
  6. Restrict access to backup data. Only personnel who need access for their roles should have permissions, if you want to minimize the risk of internal threats and accidental data exposure.
  7. Regularly verify backups by restoring data to ensure that the backup process is functioning correctly and data can be recovered when needed. This should be part of every company’s routine maintenance.
  8. Physical backup media, such as tapes or external drives, should be securely stored using solutions like fireproof safes. Additionally, store your backups in a separate location from the primary data to mitigate risks from local disasters.
  9. Keep copies of your important data on computers or servers runing a different OS than your main systems.  This way you create an air gap, further protecting against ransomware that targets specific OS vulnerabilities.
  10. Backups should be an integral part of any organization’s disaster recovery plan. This includes having clear procedures for data restoration in case of a cyberattack or data loss incident.

What are some things that people should START doing today that they’re currently not doing to protect their information?

Multi-factor authentication (MFA) should be a standard practice for everyone. It adds an extra layer of security, making it significantly harder for attackers to gain unauthorized access, even if they manage to steal a password.

Additionally, individuals and businesses should start prioritizing encryption for sensitive data, both in transit and at rest. This ensures that even if data is intercepted or accessed without authorization, it remains unreadable.

Finally, start adopting a zero-trust mindset, where no user or system is automatically trusted, regardless of whether they are inside or outside the network perimeter. Regularly verifying and authenticating all access requests is crucial.

What common cybersecurity beliefs and practices do you passionately disagree with? Why?

One common belief I strongly disagree with is the idea that cybersecurity is solely the responsibility of the IT department. Security is everyone’s responsibility, from the C-suite to the front-line employees. Every individual in an organization plays a part in protecting data and systems.

Another misconception is that small and mid-sized companies are not targets for cyberattacks. This couldn’t be further from the truth. Cybercriminals often view these companies as easy targets because they may lack the robust security measures that larger enterprises have in place.

📊 43% of cyber attacks in 2022 were aimed at small businesses. Only 14% were prepared to defend themselves. On average, 1 out of 10 small businesses suffers a cyberattack every year, of which 60% go out of business within six months.

Sources:
https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2021/01/Cyberwarfare-2021-Report.pdf
https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

What other gaps do you see in the current state of cybersecurity awareness available? What can be done to improve that?

A significant gap is the lack of tailored cybersecurity education for different roles within an organization. The one-size-fits-all approach to training is ineffective because it doesn’t address the specific challenges and risks that different roles face. We need to develop targeted training programs that are relevant to the responsibilities of each individual.

Another gap is the underestimation of insider threats, whether intentional or accidental. Improving awareness of these threats through case studies and scenario-based training can help organizations better prepare for and mitigate these risks.

What emerging technologies, trends, and new threats do you believe will have a great impact in the next 5-10 years? How do you plan to adapt to these changes?

The rapid evolution of AI will have significant implications for financial crime compliance and cybersecurity. AI’s dual nature means it will enhance security defenses while also enabling more sophisticated and automated attacks. As financial crimes become more complex, driven by these AI advancements, organizations need robust solutions that can keep pace.

At Flagright, we are at the forefront of this transformation as the modern standard for financial crime compliance. Our AI-native approach enables financial institutions to monitor, detect, investigate, and report suspicious activities with unprecedented accuracy and speed. By embedding AI into the core of our operations, we empower our customers to stay ahead of evolving threats, reducing the risk of financial crime and cyber threats.

We’re continuously refining our platform to ensure it remains resilient and adaptable to the changing landscape. Our focus on leveraging AI for real-time monitoring and detection allows us to provide a compliance management system that outperforms traditional approaches in both efficiency and effectiveness. As financial crime threats evolve, our commitment is to provide the tools that financial institutions need to safeguard their operations and protect their customers.

How can our readers follow your work?

Website:  https://www.flagright.com/

LinkedIn:  https://www.linkedin.com/company/flagright

X: https://twitter.com/FlagrightHQ

About the Author
Roberto Popolizio
Updated on: September 21, 2024

About the Author

With over 13 years of experience in managing digital publications, Roberto has coordinated over 5000 interviews with the biggest names in cybersecurity, AI, cloud technology, and SaaS. Using his knack for communications and a growing network of cybersecurity leaders, he provides newbies and experts alike with beyond-the-fluff online privacy tips, and insider perspectives on the ever-evolving tech world.

Leave a Comment