Cyber-attacks have become a major threat to companies around the globe. To avoid them, businesses must stay on top of key security procedures. As head of the Herjavec Group, a leading cybersecurity firm, Robert Herjavec offers his expertise on the steps companies must take to stay protected.
As the industry has changed since Herjavec Group began, do you believe that businesses must adapt even faster now to stay ahead of harsher cyberattacks?
Absolutely yes. We aren’t moving fast enough and can always do more, but we’ve made strides. When we started Herjavec Group, I used to have to explain to enterprise leaders why they needed a Security Information Event Management system, and why one day they would want to outsource all of their security to a third party for improved 24/7 visibility and detection. I think business leaders are more aware of cybersecurity threats than ever before. Cybersecurity is no longer simply an IT problem — it’s a board-level initiative that requires company-wide support to manage effectively. Enterprises are dedicating more funding to detective, protective and process-oriented measures to help combat cyberthreats and are taking a more proactive approach in planning their cybersecurity strategies. It’s a completely different space now.
As ransomware becomes a bigger issue each year, what’s your advice for businesses moving forward to stay protected?
You’ve got to do the basics right. Enterprise cyber hygiene is so very important, and it sometimes takes a ransomware attack to jog our memories. The basics mean training your staff to recognize a phishing communication, regularly backing up all data on computers to lower the risk of data loss and using a balance of tools and technology. Endpoint protection and privileged access management can help control your privileged accounts and disrupt ransomware.
If your business has a bring-your-own-device policy, ensure that your staff is aware of any risks associated with using their own devices at work. Ensure the use of a VPN for remote work. The key is to regularly patch and update licenses and applications.
Do you believe there is a shortage of cybersecurity professionals within big organizations? Should we push for more education in this field?
Yes, absolutely. There will be over 3.5 million open positions in cybersecurity over the next four years. The industry is evolving at such a rapid pace; education and training simply can’t keep up with new technologies and emerging threats. Enterprises are challenged to recruit, train and retain cyber professionals, so they’re turning often to third party cybersecurity services firms and Managed Security Services Providers for support.
To help fill the gaps, we have to encourage youth to pursue an education in information technology and computer science. We also have to cross train our existing IT staff. All IT professionals need to know security. Given the complexity of today’s interconnected world, we all have to work together to support the protection of the enterprise.
Warren Buffett believes cyberattacks are THE biggest threat to mankind. Would you agree with his comments?
Yes, I agree with Warren Buffet. When most people think of cybercrime, they think of stealing information online — usernames, passwords, banking info, etc. However, I agree with this statement about cyberattacks because we’re seeing imminent attacks across “Internet of things” environments and critical infrastructures that could lead to the loss of human life. We know today’s wars are fought online, and the five most-attacked industries in the cybersecurity space are all part of a country’s critical infrastructure: health care, manufacturing, financial services, government and transportation.
With the increased use of mobile devices, in your opinion, what are the top concerns organizations should keep in mind regarding mobile cloud security?
Mobile cloud security is about visibility, scope and control. With the proliferation of mobile and personal devices in the workplace, enterprises need to have a line of sight to what’s connected to their networks and also have the ability to limit access based on each user’s identity. Governance is key, and many enterprises are turning to identity and access management tools and services to support their mobile device management. Enterprises need to ensure multi-factor authentication is in place, and we are seeing more enterprises embrace the built-in biometrics in many of the devices their employees already have.