This National Cybersecurity Awareness Month, what message do you have for fellow business leaders?
If I can emphasize one thing it’s that cybersecurity isn’t a luxury, it’s a necessity.
I went on the record saying that 2021 will be the most profound year in cybersecurity in our global history, and it’s no secret that the challenges we’ve faced in the cybersecurity community so far this year have been unprecedented and demanding. While we’ve seen a huge shift over the past year in prioritizing cybersecurity within corporations and even at the federal level of government, we’re still not where we need to be.
I’ve got a question for business leaders – if you’re not investing in a Managed Security Services Provider, a team that’s solely dedicated to the day-to-day defence of your infrastructure, why aren’t you? An investment in cybersecurity is an investment in your employees, your customers, and your company’s reputation.
Today, cybersecurity isn’t just a way to protect and prepare an organization for a potential threat, it’s one of the best business drivers an enterprise can have in its arsenal.
Should the everyday individual be concerned with the topic of cybersecurity?
Absolutely, and I mean every individual. It’s been wild to see the digital transformations happening across all industries over the past few years but think about the progressions when it comes to social media. I mean, we’ve got Gen Z-ers making millions on social platforms like TikTok and Instagram – think what would happen to their self-created businesses if something were to happen to their accounts.
Enterprises and organizations are not the only ones at risk when it comes to cyber-attacks, and that’s a mentality we need to emphasize. A lot of people say, “Why me? I’m just an everyday person. What would a hacker want from me?” Hackers don’t discriminate. They don’t care if you’re a 16-year-old on TikTok, a small local mom-and-pop shop, or a multi-million-dollar enterprise, if you’re online, you’re at risk of being targeted.
Education on good cyber hygiene and safe internet practices need to be prioritized at home, in schools, and in corporations of all sectors and sizes. Just like you previously mentioned, October is Cybersecurity Awareness Month, and at Herjavec Group it’s our goal to provide everyone with resources, tips, and training on how we can all do our part to be cyber smart!
As our ecosystems continue to accelerate their digital and cloud transformations, what steps can government take to ensure we improve security outcomes?
Innovative, modernized, resilient, agile, and citizen-centered transformations are what governments need to focus on. We must break away from outdated methods and perspectives – especially in government sectors. Cybersecurity is constantly evolving, and it’s imperative we evolve with it. The same way you can’t try to make old business models work in conjunction with new technology, archaic methods of cybersecurity won’t cut it when defending against modern threats.
When it comes to digital transformations, cloud computing is going to be huge over the next few years, and for most, this is a fairly new concept to grasp – it’s complex and the vulnerabilities and threats vary depending on the specific needs and uses of each organization and individual. Therefore, hiring top industry talent is a crucial step that governments need to be taking.
Over the course of the past year, it’s been great to see governments putting more resources into cybersecurity, because like I mentioned, it’s not a luxury, it’s a necessity! Governments need to tap into external ecosystems to support their digital transformation needs by working with the private sector and cybersecurity firms.
With the rise in nation state and ransomware attacks, we’ve seen throughout the course of the pandemic, there’s too much on the line. The best way to protect our citizens, our data, and our nation is to modernize our cybersecurity approaches and build a more resilient, scalable, and secure infrastructure.
Cybersecurity is often seen in terms of the cost of mitigation. How is this perception changing and how can businesses leverage cybersecurity as a primary business driver?
A resilient cyber-defence system is an expectation from a customer standpoint in every industry, and it should be from a business standpoint as well. When it comes to business, it’s all about the customer. It’s your job to build that trust and ensure your customers feel secure. If there’s a choice between a company with a resilient cyber-defence program and one without, who do you think the customer is going to go with? The worst time to decide how to handle any kind of cyber-attack is after it’s happened, so you need to make sure your customers know they’re in good hands if something happens and their personal data is on the line.
The perception of cybersecurity as a business driver is changing in a positive way, but we need to continue to drive that home. You should always be thinking about what you can do to build trust with your customers. So, not only should you deploy a cyber-defence program within your business, but you should also educate your customers on exactly what having a resilient cyber-defence program means:
What having a resilient cyber-defence program means
Assure them that their personal and financial information is secure
Inform them that their online platforms, websites, apps, and other data are protected under the most advanced security, with the best identity and access management practices, a strong incident response strategy, and managed detection and response in place.
Explain what would happen if a breach was to occur, and what role an external cybersecurity team plays in responding to an incident and mitigating damage including theft of personal customer data.
Transparency is key. A lot of people may not know exactly how cybersecurity works and what can happen if there isn’t a secure structure in place. Cybersecurity isn’t just an IT problem, it’s something that everyone needs to care about, and as a business leader, it’s your job to drive that home and sell it.
18 years on from the founding of the Herjavec Group, what has your extensive journey to the top of the cybersecurity and entrepreneurship worlds taught you?
When it comes to cybersecurity, I’ve learned that the only thing that stays the same is constant change. Change in environment, threat landscape, technology, threat actors, solutions – you name it. We must always be looking for what’s next and continue to scale to the needs and demands of our customers and environment. Successful cybersecurity will always require a method that balances an innovative, cutting-edge approach with data-driven, proven best practices.
When it comes to entrepreneurship – dream big, and once you’ve done that, dream bigger. But also know that dreaming alone isn’t enough. Be willing to put in the work to make those big dreams a reality. If you know me, you know I love cars and I love golf, but give me a free afternoon and I’d rather work than race cars, play golf, or do anything else.
I mean look at those numbers. It’s been 18 years of persistent hard work, sacrifice, and dedication to get Herjavec Group to where it is today – it doesn’t happen overnight. But if you’re willing to put in 120% day in and day out, there’s no limit to what you can accomplish.
In the ‘State of Ransomware 2021’ report, the average cost of recovery associated with a ransomware attack in 2021 has nearly doubled since last year. Why do you think ransomware attacks have become more targeted and sophisticated?
In simple terms, ransomware attacks have become more targeted and sophisticated because the events of the past 18 months have combined to create the perfect cyber threat storm. Cyber criminals aren’t dumb. They’re motivated by money and can see a predatory opportunity when it presents itself. Unfortunately, ransomware is both a lucrative business for skilled hackers and the perfect malware to take advantage of situations like the pandemic and the rapid digital transformation that most enterprises and individuals experienced. As technology continues to become more advanced, so do hacker’s methods of attack.
The pandemic has opened doors for hackers – they take advantage of vulnerable situations like COVID-19. With so many of us working remotely, we don’t have the same protections we once did in an office building. We’ve seen a transition of larger scale, more generic automated attacks to more personalized, hands-on targeted attacks. Take phishing emails for example – all it takes is clicking on a link or an attachment for your data to be compromised. Simple yet sophisticated methods like this take advantage of the fear surrounding the pandemic and the growing attack surface due to remote work environments. As a result, the frequency and cost of ransomware attacks have skyrocketed.
For businesses concerned about the destructive potential of ransomware attacks, what do you suggest is the best response to active incidents and their prevention in future?
A huge misconception when it comes to cybersecurity is that having a resilient cyber-defence program and team in place will eliminate any risk of a breach occurring. The truth is, there is no such thing as a perfect cybersecurity program. This is to say that even with the most resilient program in place, there is still a risk of a breach. What differentiates a truly comprehensive cybersecurity program is not only its ability to prevent an attack, but how quickly it is able to detect, respond to, and remediate a successful attack. Like I said before, you can’t figure out your strategy on how to handle an attack after it’s already happened, you have to be prepared 24 hours a day, seven days a week, 365 days a year.
When it comes to cybersecurity, humans need to be trained. I always say individuals can either be your greatest first line of defense or your weakest link. Business leaders need to make sure their teams are properly educated so every person on their team at every level of the organization practices good cyber hygiene and knows how to identify and deal with a potential breach. Employ awareness training for your teams at least a couple of times a year. Make sure your employees know how to spot a “phishing” email and other malicious activity. And implement companywide policies and processes so everyone knows exactly what to do if they experience a breach. From an individual standpoint, it’s important to stay on top of mundane tasks. Run regular data backups and antivirus scans on your devices, make sure you’ve got multifactor authentication set up on all platforms you have access to, update your passwords regularly, and always be on high alert.
When it comes to links and attachments in emails, ask yourself a few key questions before engaging:
Do I know the sender, and if I don’t, was I expecting an email from a new address?
Are they asking me for personal information or data?
Do I really need to click on that link or open that attachment?
The more prepared each of us is, the more protected we will be.
