Senior Cybersecurity Program Manager Sees Smaller Organizations Becoming Attack Targets
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security, cybersecurity and information governance to protect data and transactions at credit unions and other financial institutions.
Eder Ribeiro, senior cybersecurity program manager at TransUnion, knows smaller organizations, such as credit unions, are not immune from cyberattacks. His concern is that while cybercriminals have started to aim attacks at less obvious targets, many of those organizations with the bullseyes on them remain unaware of security vulnerabilities.
Ribeiro has led the Incident Response Forensics (IRF) team within TransUnion's Cyberscout over the last six years through thousands of cases ranging from unauthorized cryptocurrency mining, ransomware, web application and email compromises, and more. He has worked with over 1,000 organizations, helping them determine the nature of their security incidents and breaches, and then determining the best course of action to recover to safe operations. This includes how to comply with applicable legal entities and regulations.
Opening Windows
Ribeiro recalled his passion for technology began during the Windows 95 era when he enjoyed figuring out how operating systems worked and how computer games functioned. “A few years later, my parents and I moved to Rhode Island from Brazil. As a 12-year-old exposed to new technologies in the U.S., I became entranced by all things computing. Moving into the teen years, my interests took on more of an infosec feel as I began playing around with Windows XP, exploring computer infrastructure, taking things apart and putting them back together again.”
Ribeiro added, “Fast forward 15 years – through several degree programs, internships, and even a National Guard deployment to Kandahar [Afganistan}, and I’m standing up a digital response solution for Cyberscout, a small firm supporting the cyber-insurance industry.”
Along the way, Ribeiro graduated from Roger Williams University School of Law in Providence, R.I., where he earned both a Master of Arts in cybersecurity and a Juris Doctor. Eder also has gained 16 years of experience as a United States Rhode Island Army National Guardsman, where he led troops on a combat deployment in Afghanistan in support of Operation Enduring Freedom and currently performs duties at the state headquarters level.
Helping With Cyberincidents
Ribeiro joined Cyberscout in 2017 as a privacy analyst focusing on breach response where he saw the firm well-positioned to help companies get out of jams following cyberincidents. “Of course, having a law degree helped me spot the potential, too, as that background helps cement the joints between cybersecurity and the law,” he said.
Added Ribeiro, “You begin to understand the value of a proper investigation into how the bad guys broke in, as well as what they accessed or stole while in there.” What helped, he explained, was that his senior leaders also saw the possibilities and allowed him and a colleague to develop and launch a comprehensive digital forensics and incident response program.
“The program took off, experiencing double-digit growth year after year,” he said, adding that he is still the leader of the same program he helped start at Cyberscout.
Growing Needs
Ribeiro noted, “We now belong to the TransUnion family thanks to the 2021 acquisition of Sontiq (which had acquired Cyberscout earlier in 2021) and we are known in the marketplace as the TransUnion TruEmpower Incident Response Forensics team. The team is continuing to grow alongside the exponential pace of cybersecurity incidents experienced by every size and shape of company out there.”
The cybersecurity program manager pointed out they have staff all over the world, “from Rhode Island to Ireland to Australia, helping organizations recover from some of the most sophisticated cyberincidents imaginable. It is awesome to look back and think that my favorite master’s degree class — digital forensics — is what ultimately started the wild ride I am still on today.”
He operates in a multitude of levels, taking a “lead from the front” approach to fruition where he manages to handle a small portion of the IRF team’s cases in an analyst capacity in addition to his directorial, strategy and managerial duties. His expertise includes solution/product creation, program development and expansion, threat assessment, risk mitigation, security process improvement, privacy compliance and contract drafting. Eder is also a certified mediator in his with the IRF team.
Threats Causing Sleepless Nights
When asked, “what threats keep you up at night?” Ribeiro told Finopotamus, “The pervasiveness of the too-small-to-hack myth. Too many small-to medium-sized businesses (SMBs) believe they operate under the radar of cybercriminals, and that is simply not true.” He explained many fraud rings are applying a smaller-is-better, high-volume approach because SMBs often lack adequate resources to fight back against an attack, particularly a ransomware scheme.
“What’s more, cybercriminals have learned how to scale this approach by attacking third-party providers, like payroll and CPA firms, financial advisors and even IT managed services firms,” said Ribeiro. He added, “Break into one of those organizations, and you can eventually find your way into hundreds, maybe thousands, of others.”
He cited TransUnion’s analysis that showed 1,745 incidents originated from third-party data breaches in 2022. That is a nearly 220% year-over-year increase in these types of attacks.
Top Dangers to Credit Unions and Other FIs
“Insider threats continue to loom large as a unique risk to small credit unions and other financial institutions,” said Ribeiro. “It’s not easy to defend if the organization does not believe it can happen to them.”
Ribeiro explained the idea that an organization focused on improving the world is safe from the criminal element is not uncommon. “We see it all the time, particularly in people-centric organizations, like credit unions and other non-profits. However, not all people who commit criminal acts begin with that intention.”
He suggested there are crimes of opportunity, crimes of justification and many other categories of offenses that draw in otherwise “good” people. “The notion that non-profit leaders cannot become ensconced in such a scheme can stand in the way of establishing even basic internal controls. Without those controls, even a fairly entry-level employee could have access to members’ personal information, which is highly valuable and sought after on the dark web.”