The Gately Report: New Mitel CISO to Tackle Cyber Challenges Related to Unify Acquisition
Plus, millions are potentially impacted by Kaiser Permanente's data breach.
![Mitel CISO tackling security questions Mitel CISO tackling security questions](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt9e9103ec986ced83/662faea2afb935c1feae1f1c/Cybersecurity_Questions.jpg?width=700&auto=webp&quality=80&disable=upscale)
Konstanttin/Shutterstock
Channel Futures: Does your hiring signal a shift in Mitel’s overall cybersecurity strategy?
Bill Dunnion: I don't think so. I think what this does is it reinforces Mitel's commitment to security. Security is at the forefront of everything Mitel does. I'm not the first CISO inside of Mitel. Mitel is one of the industry pioneers. They've had this position with at least three predecessors that I'm aware of, so they've had this position filled dating back six or eight years. So I think that is a testament to how seriously Mitel takes security of their network and their products, and their environment.
CF: How will your previous experience come into play in this new role?
BD: Most recently, it was a very similar role at Calian. Calian is publicly traded and it’s a global entity not quite as large as Mitel. I spearheaded standards compliance there. I initiated and built, and helped to try to mature a security program for them. And a lot of those experiences are directly transferable to the priorities that we have here, especially when we're taking two programs, and we need to streamline them and merge them into one, so directly applicable.
CF: Is leading cybersecurity for a UC giant like Mitel different from leading cybersecurity for other types of companies/organizations?
BD: Yes and no; it's both. Security to me, information security, is a truly horizontal requirement. So endpoint protection, information protection and insider threat awareness training, it's all going to be the same regardless of whether you're in the UC space, a professional services space, a consulting space, a tech space or health care space. What changes is the hierarchy of the threats.
So if you're in the health care space, then privacy of personal information and health information becomes a higher priority, or at least a higher risk if something happens. I think what makes this job unique and challenging is going to be the global reach. Mitel has over 5,500 partners. They've got customers in over 100 countries. We've got a truly global presence, especially with the addition of Unify. And so to me the challenge is how you create one program that's flexible enough to handle all of the local legislation, legal requirements and compliance requirements in all of these different countries. So it's more about the size and the breadth of Mitel versus being in the space itself.
CF: What sorts of threats is Mitel facing? Who’s targeting Mitel?
BD: The threats are the same in every organization. I give back to the community. I lead a cyber MeetUp group here in Canada and I've been doing that for six years, so I've spoken to an awful lot of different organizations and one of the common themes is, "Well, I'm just X or I'm only this big, who cares about me?" And the answer is the threat actors, the cybercriminals that are out there, they don't really care who's on the other end of the email. They're just trying to see who they can ransom, who they can scam out of money, who they can convince through email attacks or phishing campaigns to buy gift cards and get cash.
If you have an email list, for $400 you can get access to a ransomware platform, so ransomware as a service (RaaS) is available on the dark side. So the threats I think are the same. You've got ransomware, you've got fear of breach, you've got fear of data exfiltration and you've got fear of IP exfiltration. And when you're No. 2 in the global communications space, UC is at the core of every organization's business operations. So an awful lot of sensitive information is going to go through these systems, whether it's voice, email, IM, text into every device. So really the threats are all of them, and the attackers are all of them. And at the end of the day, they're looking for either money or information. So I don't get a lot of sleep.
CF: In February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about two exploited vulnerabilities in Mitel MiVoice Connect. Is part of your role finding and eliminating vulnerabilities, and securing Mitel products, therefore keeping Mitel out of the headlines?
BD: I think it's everyone's job at Mitel to try to keep Mitel in the headlines for positive reasons. Mitel has a dedicated product security team and I've met with them a number of times so that product security team is really focused on identifying security issues in the product before they get released. The bulletins that you're talking about were minor. They were difficult to exploit. But the short answer is security is at the forefront of everything we do and my role as CISO is working with the product security team hand in hand to make sure that the products are as stable and bulletproof as possible.
CF: How is the ever-evolving threat landscape impacting your strategy in your new role?
BD: The attackers are talking and sharing information all the time. Every time you come out with a new version, a new product or even the old products, especially the old products, there are vulnerabilities that are coming up all the time. So the approach that I take is going to be a balanced approach. If you look at the Center for Internet Safety (CIS) top 10 controls, it's like seven of them don't require technology. They’re process and policy, and it’s time and energy. Patching is time and energy. So maintaining a very solid cyber hygiene as a baseline is vital, and then staying on top of technology advances that can be used in our favor. So it's going to be equal parts that.
CF: Are you partner-facing in any way? If so, what do you want partners to know about you?
BD: It's very early days. This is week two. If you look at my background, I spent the first half of my career in the channel, supporting the channel and being customer-facing. So I would welcome that opportunity to help the global Mitel family improve their posture and help out any way I can. So it’s a little bit too early to tell, but I'd welcome the opportunity if it came.
CF: What do you find most surprising and dangerous about the current threat landscape?
BD: When you look at dedicated employees, they're wired to customer service. They're wired to respond. They're wired to go the extra mile especially at an organization like Mitel. And what's surprising and scary at the same time is the attackers know this, and they leverage that. They prey on employees' willingness and eagerness to do well and to help, and that sometimes flies in the face of good cyber protection. Gift cards are pretty basic, but it's ubiquitous out there, and so someone wanting to go the extra mile for their boss on a Friday afternoon, and they go out and they buy $1,000 or $1,500 worth of iTunes cards, and take the pictures and send it off. And they're thinking they're doing a great job, but the next thing you know, it's $1,500 the company is never going to get back. That's relatively minor, and it could be a lot worse than that. So I think it's how simple some of these attacks can be to do damage to an organization, and preying on people's goodwill is never going to go away and that's the hardest attack to protect against.
CF: How important is information sharing in the fight against cybercrime? What’s your role in that?
BD: You've hit a personal passion of mine. One of the lines that I always repeat is we know that the bad guys are talking and sharing information, and if the good guys don't talk, then we lose, so sharing experiences, sharing what works and what doesn't work, when you find out about an exploit that's going on, how do you post about that? So I think it's everyone's duty to share effective protection techniques. It's not necessarily vendor-based. It can be people, process or strategy. How did you find an attack? How did you remove it? So my role there, I think, is doing what's right by Mitel, and then sharing approaches and techniques wherever I can to help the Mitel community and the business community at large, to help ward off the never ending series of attacks.
CF: What are you looking forward to accomplishing in the months ahead?
BD: We've got two excellent organizations in Mitel and Unify that are coming together, and the global opportunity is incredible. So my priorities are, from a security program standpoint, how quickly I can identify or in effect merge these programs and enable the rest of the organization to do their job. Security, in my mind, is a business enabler. Customers out there want to make sure that their supply chain and their partners are protected and secure, and one of the easiest ways to do that is through standards compliance, so expanding our ISO compliance beyond the Unify family and into the rest of Mitel. If we're able to put that road map together and start executing it in the next one to three months, then I think that's a win.
In other cybersecurity news …
Health insurance giant Kaiser Permanente has begun notifying millions of its health plan members that the company was hit with a data breach in mid-April.
In a statement, Kaiser Permanente said it’s not aware of any misuse of any members or patient’s personal information.
“Nevertheless, out of an abundance of caution, we are informing approximately 13.4 million current and former members and patients who accessed our websites and mobile applications," it said. "We apologize that this incident occurred. Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications."
The information that may have been involved was limited to IP addresses, names, information that could indicate a member or patient was signed into a Kaiser Permanente account or service, information showing how a member or patient interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia. No usernames, passwords, Social Security numbers, financial account information or credit card numbers were included in the transmission to these third parties.
Narayana Pappu, CEO at Zendata, said the presence of third-party trackers belonging to advertisers, and the over-sharing of customer information with these trackers, is a pervasive problem in both the health tech and government space.
“Once shared, advertisers have used this information to target ads at users for complementary products (based on health data); this has happened multiple times in the past few years, including at Goodrx,” he said. “Although this does not fit the traditional definition of a data breach, it essentially results in the same outcome - an entity and the use case the data was not intended for has access to it. There is usually no monitoring/auditing process to identify and prevent the issue.”
Darren Guccione, Keeper Security’s CEO and co-founder, said the pervasive nature of online tracking technologies and the potential risks they pose to personal privacy underscores the critical need for individuals to prioritize safeguarding their online information.
![Keeper Security's Darren Guccione Keeper Security's Darren Guccione](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb7ee2ff23778f991/6525c7b4df06b532a6259c46/Guccione-Darren_Keeper-Security.jpg?width=700&auto=webp&quality=80&disable=upscale)
Keeper Security's Darren Guccione
“While the data leaked in this breach did not include highly sensitive information like usernames, passwords or financial details, users may feel violated knowing that information about interactions with their trusted health care provider was shared with advertisers without their knowledge or consent,” he said. “Fortunately, there are some options to reduce the amount of data collected through your online accounts, including adjusting your ad settings to opt out of targeted advertisements and turning off permissions wherever possible.”
NCC Group’s latest monthly report shows ransomware attacks in March continued to break records for 2024, with global levels of ransomware attacks increasing from February. The total cases rose to 421 from 416 in the previous month, up 1%.
Year-on-year ransomware attacks in March decreased in targeting by 8%, going from 459 to 421 attacks compared to March 2023, which was largely down to the mass exploitation of the GoAnywhere Microsoft vulnerability, which ransomware gang CL0P claimed responsibility for before going silent until its major MOVEit exploitation in May.
Despite the year-on-year decrease in targeting, the record-breaking 2024 monthly targeting increase indicates activity will likely increase in April as well as the remainder of the year, according to the report.
Among other findings in the report:
Ransomware gang RAGroup increased its activity by over 300% since its last known attacks in December 2023, entering the top three threat actors for the first time.
There was a 67% increase in ransomware attacks launched by cyber gang Play between February and March of this year.
Ransomware attacks targeting technology organizations increased 41% between February and March.
Financial services saw a 64% increase during the same time period.
Cybercriminal group LockBit 3.0 continued its eight-month reign as the most active cybercriminal group, responsible for 20% of all March incidents. Play came in as second most active, accounting for 14% of attacks, and RAGroup was in third, with 11%. Black Basta, Medusa and Cactus were in fourth, fifth and sixth positions with 32 attacks (11%), 22 attacks (8%), and 20 attacks (7%) respectively.
Matt Hull, NCC Group’s global head of threat intelligence, said it’s evident ransomware attacks aren’t slowing down any time soon.
![NCC Group's Matt Hull NCC Group's Matt Hull](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5f1fa491db3b5134/662fbbdf605d027804278ad1/Hull_Matt_NCC_Group.jpg?width=700&auto=webp&quality=80&disable=upscale)
NCC Group's Matt Hull
“We are seeing what were once less-prominent ransomware gangs like RAGroup now increasingly getting closer to major players, such as Lockbit,” he said. “This has not only led to a massive shake-up within the ransomware landscape, but an increasing number of attacks that the public needs to be vigilant about. While we’re seeing an increasing amount of law enforcement action taking down these major threat actors, our readers still need to be cautious of these groups making a comeback, just like Lockbit. As ever, we’ll continue to monitor these groups and the wider threat landscape to make sure we’re sharing all the latest information as soon as we can.”
NCC Group’s latest monthly report shows ransomware attacks in March continued to break records for 2024, with global levels of ransomware attacks increasing from February. The total cases rose to 421 from 416 in the previous month, up 1%.
Year-on-year ransomware attacks in March decreased in targeting by 8%, going from 459 to 421 attacks compared to March 2023, which was largely down to the mass exploitation of the GoAnywhere Microsoft vulnerability, which ransomware gang CL0P claimed responsibility for before going silent until its major MOVEit exploitation in May.
Despite the year-on-year decrease in targeting, the record-breaking 2024 monthly targeting increase indicates activity will likely increase in April as well as the remainder of the year, according to the report.
Among other findings in the report:
Ransomware gang RAGroup increased its activity by over 300% since its last known attacks in December 2023, entering the top three threat actors for the first time.
There was a 67% increase in ransomware attacks launched by cyber gang Play between February and March of this year.
Ransomware attacks targeting technology organizations increased 41% between February and March.
Financial services saw a 64% increase during the same time period.
Cybercriminal group LockBit 3.0 continued its eight-month reign as the most active cybercriminal group, responsible for 20% of all March incidents. Play came in as second most active, accounting for 14% of attacks, and RAGroup was in third, with 11%. Black Basta, Medusa and Cactus were in fourth, fifth and sixth positions with 32 attacks (11%), 22 attacks (8%), and 20 attacks (7%) respectively.
Matt Hull, NCC Group’s global head of threat intelligence, said it’s evident ransomware attacks aren’t slowing down any time soon.
![NCC Group's Matt Hull NCC Group's Matt Hull](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5f1fa491db3b5134/662fbbdf605d027804278ad1/Hull_Matt_NCC_Group.jpg?width=700&auto=webp&quality=80&disable=upscale)
NCC Group's Matt Hull
“We are seeing what were once less-prominent ransomware gangs like RAGroup now increasingly getting closer to major players, such as Lockbit,” he said. “This has not only led to a massive shake-up within the ransomware landscape, but an increasing number of attacks that the public needs to be vigilant about. While we’re seeing an increasing amount of law enforcement action taking down these major threat actors, our readers still need to be cautious of these groups making a comeback, just like Lockbit. As ever, we’ll continue to monitor these groups and the wider threat landscape to make sure we’re sharing all the latest information as soon as we can.”
New Mitel CISO Bill Dunnion will address cybersecurity challenges created by his company acquiring Unify, formerly the UCC services businesses of the Atos group.
Before joining Mitel, Dunnion held IT and cybersecurity leadership positions at Calian, 2Keys Security Solutions and Bell Canada. In his most recent role as Calian’s senior director of corporate cybersecurity, he oversaw the development, implementation and operation of its corporate cybersecurity program.
Mitel completed its Unify acquisition last October, a move that Mitel says creates a “global powerhouse in unified communications (UC).” The transaction cements the combined company with a No. 2 position in global market share for enterprise UC, and increased regional leadership with a No. 1 position in EMEA and more than 10 individual countries.
Mitel also extends its position as the “global market leader” in multi-cell digital enhanced cordless telecommunications (DECT), in addition to securing the “market-leading position” for DECT in EMEA, Latin America and 19 countries, it said.
New Mitel CISO Has Previous M&A Experience
Combining the two companies “absolutely” creates cybersecurity challenges, Dunnion said.
“I've been fortunate enough in my career to be involved with a number of mergers and acquisitions, and whenever you're bringing two established organizations together, there are definitely challenges and opportunities when you go to integration,” he said. “So you're dealing with different cultures. You're dealing with different approaches, backgrounds and processes, and you need to work to create a single strong team again, and security is no different. The Unify program, they do a lot of direct selling. They've got a very established security program, which is excellent. They're ISO 27001-certified and have been for a number of years. The heritage Mitel environment has its own tech stack, and its own policies and procedures. So one of my top priorities is bringing these two cultures and environments together into a single program.”
![Mitel's Bill Dunnion Mitel's Bill Dunnion](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt41e1a550da70bcc0/662fad2507af7a13c17e086a/Dunnion_Bill_Mitel_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
Mitel's Bill Dunnion
Dunnion’s role involves all aspects of information security for the combined Mitel and Unify corporate position.
“So included in that would be things like compliance to security standards, network security, incident response and cyber awareness training, weaving all of those into a comprehensive and complete program for the new, combined Mitel corporate entity,” he said. “So by extension, because our partners connect to Mitel's online systems, keeping our core network and our core systems safe in a way also keeps our customers and our channel partners safe.”
Scroll through our slideshow above for more from Mitel’s new CISO and more cybersecurity news.
About the Author(s)
You May Also Like