Cyber-attacks have become a major threat to companies around the globe. To avoid them, businesses must stay on top of key security procedures. As head of the Herjavec Group, a leading cybersecurity firm, Robert Herjavec offers his expertise on the steps companies must take to stay protected.
As the industry has changed since Herjavec Group began, do you believe that businesses must adapt even faster now to stay ahead of harsher cyber-attacks?
Absolutely yes. We aren’t moving fast enough and can always do more but we’ve made strides. When we started Herjavec Group, I used to have to explain to enterprise leaders why they needed a SIEM (Security Information Event Management system) and why one day they would want to outsource all of their security to a 3rd party for improved 24/7 visibility and detection. I think business leaders are more aware of cybersecurity threats than ever before. Cybersecurity is no longer simply an IT problem, it’s a board level initiative that requires company-wide support to manage effectively. Enterprises are dedicating more funding to detective, protective and process-oriented measures to help combat cyber threats and are taking a more proactive approach in planning their cybersecurity strategies. It’s a completely different space now.
As ransomware becomes a bigger issue each year, what’s your advice for businesses moving forward to stay protected?
You’ve got to do the basics right. Enterprise cyber hygiene is so very important and it takes a ransomware attack sometimes to jog our memories. The basics mean training your staff to recognize a phishing communication, regularly backing up all data on computers to lower the risk of data loss and using a balance of tools and technology — endpoint protection and privileged access management can help control your privileged accounts and disrupt ransomware.
If your business has a BYOD (bring-your-own-device) policy, ensure that your staff is aware of any risks associated with using their own devices at work. Ensure the use of a VPN for remote work. The key is to regularly patch and update licenses and applications.
Do you believe there is a shortage of cybersecurity professionals within big organizations – should we push for more education in this field?
Yes absolutely. There will be over 3.5M open positions in cybersecurity over the next 4 years. The industry is evolving at such a rapid pace — with new technologies and emerging threats that education and training simply can’t keep up. Enterprises are challenged to recruit, train and retain cyber professionals so they’re turning often to 3rdparty cybersecurity services firms and Managed Security Services Providers for support.
To help fill the gaps, we have to encourage youth to pursue an education in information technology and computer science. We also have to cross train our existing IT staff. All IT professionals need to know security. Given the complexity of today’s interconnected world, we all have to work together to support the protection of the enterprise.
Warren Buffett believes cyber-attacks are THE biggest threat to mankind- would you agree with his comments?
Yes, I agree with Warren Buffet. When most people think of cybercrime, they think of stealing information online — usernames, passwords, banking info etc. However, I agree with this statement about cyber-attacks because we’re seeing imminent attacks across IoT environments and critical infrastructures that could lead to the loss of human life. We know today’s wars are fought online and the 5 most-attacked industries in the cybersecurity space are all part of a country’s critical infrastructure: healthcare, manufacturing, financial services, government, and transportation.
With the increased use of mobile devices, in your opinion, what are the top concerns organizations should keep in mind regarding mobile cloud security?
Mobile Cloud security is about visibility, scope and control. With the proliferation of mobile & personal devices in the workplace, enterprises need to have a line of sight to what’s connected to their networks and also have the ability to limit access based on each user’s identity. Governance is key and many enterprises are turning to identity and access management tools and services to support their mobile device management. Enterprises need to ensure multi-factor authentication is in place and we are seeing more enterprises embrace the built-in biometrics in many of the devices their employees already have.
Originally posted on mediaplanet.com