Mediaplanet caught up with Herjavec Group CEO and TV personality Robert Herjavec to discuss the big data evolution and its implications on cybersecurity for Canadian businesses and consumers.
What initially drew you to working in cybersecurity?
In 2003, I founded Herjavec Group by selling the first commercial firewall in Canada. I had a vision of selling a handful to the right IT buyer. At that time, cybersecurity was an IT challenge and a security breach being featured in the news would have been absurd. Since then, we’ve seen a monumental shift towards what we refer to as a cybercrime epidemic. Herjavec Group has grown to be one of the world’s most innovative cybersecurity firms, excelling in large, complex, multi-vendor environments.
What about your work excites you the most right now?
2020 has completely transformed the way businesses operate. Almost overnight, companies were forced to pivot and go completely virtual. Digital transformation is now a requirement for survival and protecting businesses in an ever-changing threat landscape is what motivates me day in and day out.
What’s the biggest challenge for the cybersecurity sector in keeping up with the ever-increasing amount of data collected in our world?
Cybersecurity is complex. You can’t just focus on protecting small bits of data, you have to look at all the linked components. Ten years ago, a cybersecurity practitioner could focus on something targeted like credit card data, health care data, or sensitive intellectual property and successfully protect these individuals and their information. Today, the cybersecurity industry has to continue to protect these targeted pieces of information, but also focuses on how all of this data comes together and is linked.
These small bits of data, when combined, now represent something much bigger: details like who someone is, what their preferences are, or where they’ve been. For instance, a person’s credit card information might be valuable, but information regarding intimate details about a person or a company are far more interesting to an attacker and also represent much more regulatory risk should that information be disclosed. As more data about everything comes into existence, the burden of protecting that information becomes more difficult and consequential.
With more data being collected and stored than ever before, what protections do consumers have a right to when it comes to how companies safeguard their personal information?
That’s a great question and we’re seeing some of this being codified into laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and EU General Data Protection Regulation (GDPR). In general, the world seems to be wrapping its head around the idea that if a company collects information about a person, that company must consider the risk of harm to that person when designing security controls. Security has to be considered from the beginning and reasonable security controls should be in place based on the sensitivity of the data that’s being collected.
Businesses must also afford the person who’s the “data subject” some rights, such as the right to be forgotten, the right to ask the organization to correct inaccurate information, and perhaps most fundamentally, the right to know what data the company is collecting and what they intend to do with that information. Consumers expect transparency and they also expect companies to provide due care for their information. Privacy laws like PIPEDA and GDPR are really a way of codifying that expectation and providing appropriate consequences for companies that are negligent.