Cybersecurity is a top priority for businesses, with spending on products and services expected to exceed $1 trillion by 2021, according to Cybersecurity Ventures’ 2017 Cybersecurity Market Report. October is Cybersecurity Awareness month – so I decided to pick the brain of my good friend and industry expert, Larry Letow, CEO of Convergence Technology Consulting, to get his take on the future of the industry.
Are breaches the new normal? It seems like there’s a new one every week. Are we getting numb to it? Or are we just getting started?
We are very much at the beginning of these breaches and hacking acts. Though it might seem like one is happening every week, millions of attacks are happening each hour and with a sad percentage of them being successful in some manner. Companies are spending millions of dollars to perform penetration and vulnerability tests to gain a glimpse into what intruders can see, and then remediating any holes in their infrastructure hoping to prevent attacks in the future.
How are you seeing things change at the board level when it comes to an organization’s cybersecurity posture?
The board is now realizing their fiduciary responsibility and that they are no longer immune to the cyber risks backlash. This is also true at the executive level. Target was the first example of this and it still remains true with Equifax – executives are being terminated with board approval due to major cyber successful attacks.
Let’s talk about outsourcing vs in-house for Cyber and InfoSec: Where have we come from, where are we now, where are we headed?
I think a hybrid approach is the new model. With so many new tools and information, it is tough for an organization to take that on without any outside assistance. We started with firewalls as our security layer of protection (let’s build the wall and keep people out). Recently, products like intrusion detection and data loss protection have been added to our environments for security. We are heading towards a direction where all traffic will run with through a secured external third-party infrastructure before being “approved” to be sent to the intended user.
What’s the biggest myth you see out there when it comes to cyber?
“Our employees would never steal from us… We trust them 100% and they care about us…”
How does the C-Suite need to evolve to stay ahead of the curve? Is it even possible to stay “ahead”?
I don’t think you stay ahead – you need to be active and always in the “game” of cyber. Companies are playing a defensive game, so you can never let your guard down and think you are secured enough.
What are 3 cyber buzzwords you’d like to see die?
Here are three buzzwords that make me laugh… “Honeypot,” “Phishing,” and “Trojan Horse.”
What are 3 quick cyber safety facts you’d like everyone reading this to know?
- Insider Threat is the most feared of all cyber-attacks. More organizations suffer greater damage from an inside attack vs. an external attack.
- The best method of prevention is education. Don’t click on emails from people you don’t know, and even if the name at the top of the email is known, you should still look carefully at the email address as spoofing happens each day.
- Mobility is becoming easier to attack. People can listen to your conversations and attach to your phone without your knowledge – don’t assume any third-party device is safe.