Alexander Schlager is the Executive Director and Chief Product Officer of Security Services at Verizon Business Group.
As lead for Verizon’s Security Services product organization, and due to his background in computer sciences, telecommunications and business administration, as well as 20 years of experience—Schlager has expertise in a wide range of disciplines in Information Communication Technologies (ICT). Schlager joined Verizon in 2012 as Country Manager for the DACH region, and prior to that held various positions at T-Systems and Cisco.
In this exclusive Q&A interview with Blockchain.News, Alex Schlager tell us more about his beginnings, the rise in cybercrime throughout the COVID-19 pandemic and keeping 5G networks secure.
Could you tell us a bit about your beginnings in the technology space and your journey with Verizon Business?
At the age of eight, I started to learn to code BASIC. I had a Commodore 64 and while I used it predominantly for playing games, I started discovering that you could use it for other purposes as well. As I grew up and got deeper into coding and development, I started my career as a developer. In those days, the role was called “programmer.” I did a lot of mainframe automation projects and then, somehow, I ended up working in networking.
So, while working as a developer, the internet came about. At the time, I was still living in Austria. Once the internet boom started, that seemed much more interesting than coding and developing. So, I pivoted and worked at one of the first service providers in Austria, and then pursued the networking technology path which led me to Cisco, where I worked as a technical instructor and consultant.
After that, I moved onto to Deutsche Telekom, where my focus was around IT operations, offshoring and outsourcing. I spent almost six years managing large global outsourcing and offshore productions deals. I moved around the globe with my family — Japan, Malaysia, England, Germany. I ultimately joined Verizon in 2012, managing the company’s Central Europe organization. In 2017, I was asked to look after our global security portfolio.
Could you briefly describe your day to day role at the company?
I lead Verizon’s Security Services product organization with responsibility for delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, and energy and transportation sectors. I spend the bulk of my time speaking with customers and my teams where we’re trying to find cutting-edge ways to proactively reduce security threats and lower information risks to organizations.
How does cybersecurity on a 5G network differ from previous architectures? Could 5G create worse threats for enterprises and companies?
I think a healthy degree of concern is always appropriate, but one of the big differences with 5G is that a lot of the learnings from 3G and 4G when it comes to security have been embedded into the 5G architecture. The standard, which was created by the 3rd Generation Partnership Project (3GPP), is really centered on security. So, there is a large number of new capabilities and architecture concepts that have been built into 3GPP, and therefore into 5G, to help network transport be inherently more secure. 5G also enables Zero Trust, which, put simply, is the concept that no component of the network can execute any action or transmit any data to another entity without being authenticated first and authorized to do so. Additionally, 5G incorporates comprehensive encryption standards and encryption methodologies, so data is secured and encrypted in transit.
5G itself doesn’t introduce new risks; it is simply a means of transporting IP traffic. However, enterprises need to understand the risks associated with the new use cases that 5G enables. The advent of 5G, is a perfect opportunity to abandon our historical approach of building security from the bottom up and hoping that it’s good enough. It’s time to really flip the logic and say "I want to start with the use case; I want to determine the risk exposure and the worst-case scenario that that use case presents. How do I protect these use cases with an effort proportional to the risk, and how do I enable a very fast and effective detection capability?” If you look at all these new use cases, they represent a lot of potential disruption for private citizens—and for corporations, because consumer trust is paramount. And we will not achieve consumer trust if we can’t demonstrate that we can detect compromises and protect those 5G-enabled environments accordingly.
In March, Verizon announced three new solutions in its security suite. At that time you said the growth of the company’s security suite comes at a time where the threat of cyber-attack is looming over most aspects of our digital lives? Could you expand on this sentiment?
I think we can agree that the threat from cybercriminals is very real. If you haven’t been the victim of a cybercrime, you probably know someone who has. Threat actors have become so sophisticated that it's now possible to fool even a savvy executive. The challenge facing CIOs is that there are more than 3,000 vendors today in the cybersecurity-space making similar promises. If you’re a CIO, you would ideally look to be able to quantify the return on your security investment. But that’s where the industry often falls short.
We therefore not only invest time into the technical, operational and service related capabilities of a product, but equally focus on the outcome in sense of quantifiable results towards one’s security posture and risk exposure.
Could you also give us a brief overview of the three solutions?
- Verizon Managed Detection and Response is a service which leverages analytics and behavior modeling to help organizations quickly identify potential cyberthreats and trigger a respective response, whereas such responses are being increasingly automated in order to reduce time and improve cost.
- Verizon Identity leverages blockchain technology and enables users to proof and store identity credentials in a secure “digital identity safe” on their mobile devices, which can be easily – and securely - accessed and validated, potentially eliminating the need for passwords.
- Verizon Machine State Integrity also leverages blockchain technology and sources operational data from decentralized machine environments to offer clear, actionable insights on potential compliance and security issues. Machine security is a complex challenge - a single weak entry point that is exploited by a cyberattack could lead to complete infrastructure breakdown, and if that infrastructure is a power grid, a manufacturing plant or a smart city environment, the result could be catastrophic. By ensuring the integrity of a device we create assurance that the machine’s data has not been tampered with.
- Finally, the Verizon Rapid Response Retainer (RRR) assists enterprises in a post incident / post breach situation, were proper documentation, forensics, recovery and restoration as well as implementation of adaptive protective measures are paramount. There is a time critical chain of events that companies should work through and RRR is the service that guides customers through this process.
Has the Verizon’s business roadmap for 2020 been altered or derailed by the COVID-19 pandemic?
If anything, the pandemic has made the need for a robust cybersecurity structure even more important. Remote workforces have created cyber security risks and advised businesses to focus on strengthening defence structures. A rapid migration to the cloud to enable a remote workforce had created a much broader attack surface for cyber criminals to look for ways into an organization. Pre-COVID-19, cybercriminals were successfully using tried and tested methods to obtain data. It goes without saying that if these tactics worked in a stable business environment, they have been working even better in an era of unprecedented disruption.
Based on our observations we have seen the use of these common threat actors increase:
- Continued increase in error: Human error is often seen as a major cause of security incidents. Faced with major disruption, increased workloads as a result of decreased workforces, and of course, for many, the distraction of in-house family members and home-schooling, there is no wonder that more errors have been reported during the pandemic.
- Focus on stolen credential-related hacking: This has now been exacerbated by the large number of employees working from home requiring ongoing remote access and workstation maintenance. Business IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office. This has widened the number of remote targets for cybercriminals to target.
- Use of ransomware is spiking: These involve the copying and posting of data (either partially or entirely) publicly online.
- Phishing emails play on emotions: Phishing has always been a popular cybercrime tactic. Prior to COVID-19 credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches. Combine this attack success with uncertainty, fear and the need for COVID-19 information, then you will understand why phishing emails containing the words "COVID" or "CORONAVIRUS, “masks”, "test”, "quarantine" and "vaccine” were found to be widely used within this time period.
Cyberattacks are no joke in the modern world. While everyone has probably experienced some annoying but mild virus on their PC or accidentally clicked on some spam malware, cyber threats and attacks have evolved and are universally recognized as significant challenges for enterprises with serious financial and reputational consequences. The COVID pandemic has seen a significant spike in cybercrime targeting huge companies like Microsoft, Facebook, Twitter and even state and government services.
As the world moves to low latency of 5G and accelerates even faster than its current dizzying cyber pace, experts like Schlager and his team at Verizon will continue to be crucial to maintaining the safety and operations of corporate and business ICT architecture.