Business and Tech EducationDigital SecurityDiversity in BusinessEmployee WellbeingEmpowering Women in Gaming
First-Time HomebuyersFunding Your FutureFuture of Our PlanetFuture of WorkThe Future of Payment Technologies
Future of TransportationFuture of WorkHealth Care ITInvesting in America's InfrastructureLoyalty and Rewards
ManufacturingRetail TechnologySkilled TradesSmart HomeSustainable Business
Sustainable TechnologyWomen in BusinessWomen in Skilled TradesWomen's Financial Empowerment
Home » Cybersecurity » Robert Herjavec and John Ayers on the Importance of Cybersecurity in Business Strategy
Cybersecurity

Robert Herjavec and John Ayers on the Importance of Cybersecurity in Business Strategy

robert herjavec-cyderes-cybersecurity-shark tank
robert herjavec-cyderes-cybersecurity-shark tank
Robert Herjavec | Photo courtesy of Robert Herjavec

Robert Herjavec and John Ayers, leadership team members of the cybersecurity service provider Cyderes, share how businesses of all sizes can protect themselves from cyber threats.

John Ayers

SVP of Professional Services, Cyderes

    The cybersecurity landscape is constantly evolving, with new threats emerging every day. In your experience, what do you consider to be the most significant changes or trends in the cybersecurity threat environment over the last few years?

    Robert Herjavec: We are seeing new and emerging threats every day. Over the last few years, we have seen a few things that are most notable: a dramatic rise in ransomware attacks that are now targeting our most critical infrastructure from manufacturing to healthcare, increased sophistication of social engineering tactics powered by AI, the growing threat from IoT vulnerabilities, the widespread adoption of application-based devices leading to new security challenges, and early increasing use of artificial intelligence (AI) by both threat actors and offensive security teams, such as Cyderes, to enhance their capabilities. I believe this is all fueled by the shift toward remote work during COVID.

    As someone who’s been at the forefront of cybersecurity, how do you think businesses can better prepare for and defend against ransomware attacks?

    RH: First, we cannot prevent attacks. However, we can help limit the impact. Personally, I think it comes down to a few things:

    1. Backup: Companies need to understand that ransomware’s biggest reason to attack is your data, and having critical data backed up will limit downtime.
    2. Know your attack surface: What I mean by this is that we always think about the inside of the network. However, the threat actor can only see what is outside. What the threat actor can see is how they decide if you are a target of opportunity. If a bad guy is looking to rob a house and they see an ADT sign or a dog barking, this recon can help a bad guy decide if the home is an opportunity or not. It is no different for the threat actor. Threat actors are looking for easy targets so as not to waste time. Knowing your weak links and getting visibility of your assets will help reduce your attack surface risk.
    3. Password Management: As I mentioned earlier, social engineering is becoming one of the most common avenues for an attack. Improving your identity management of all people will help limit or even prevent potential attacks.
    4. Keeping Systems Up-To-Date: Keeping systems up-to-date on the latest firmware and software is one of the easiest tasks. However, if not done, it is one of the easiest options to compromise.

    How can organizations build a culture of cybersecurity awareness and ensure that employees are an asset rather than a liability when it comes to security?

    RH: With a remote workforce, we have become an always-on society.  My suggestion is to promote security practices by setting the tone from the top down, implementing training programs and workshops, establishing easy-to-understand and clear policies, encouraging open reporting of suspicious activity, ensuring employees at all levels understand their role in protecting company data, and making it everyone’s responsibility to protect the company — which will also help protect them and their families from similar risks.

    What advice would you give to CEOs and board members about why they should view cybersecurity as a critical part of their business strategy?

    RH: The biggest advice is to practice good cyber hygiene. It starts with being accountable for cybersecurity oversight. As I mentioned above, it starts at the top down. Champion the need for conducting regular risk assessments. Develop a comprehensive incident response plan and test it at least three times a year. Clearly connect cyber risks to potential business impacts and risks, ensuring effective communication with the board regarding cyber threats. Most importantly, allocate appropriate resources to safeguard sensitive information. Cybersecurity requires collaboration and partnership at all levels.

    What are some of the biggest challenges smaller organizations face in cybersecurity, and what advice would you give them to get started on the right foot?

    RH: Most small businesses do not think they have anything a threat actor wants, which leaves them with this attitude that they are immune to a breach. I would tell a small business to start with the basics: Help your employees understand risk by working to implement training; have a password policy to enforce the changing of passwords and to use strong password usage; partner with an MSSP to help get visibility to your environment inside and out; and finally, get informed about risks in your industry. Most states have local forums that meet on cyber, which not only helps with knowledge sharing but can also help you understand what type of tools can be used to help.  

    With the rise of cloud-based infrastructure, how can organizations ensure their cloud environments are properly secured against evolving threats?

    John Ayers: The cloud seems to be an area where we think we need different things to protect it, but the same approach we take to protect a local network can be used for the cloud. Some of the ways are:

    • Create strong passwords for all accounts and services, especially those with high privileges or access to sensitive information. 
    • Enable multi-factor authentication (MFA). MFA is a basic but effective way to prevent unauthorized access to cloud services. 
    • Encrypt data. Encryption protects data from unauthorized access by transforming it into a code that only those with the correct key can decode. 
    • Restrict access to cloud services and data to reduce the number of people who could potentially attack. 
    • Perform regular backups. Backups can run in the cloud or on an in-house physical infrastructure. Use immutable backups to ensure data remains safe even if a server is breached. 
    • All the big cloud providers offer built-in security services and features to enhance cloud security. Leverage them.
    • Monitor for misconfigurations and suspicious activity
    • Stay informed and educated about cloud security trends and changes. Again, most cloud providers have ways to sign up for notifications.

    Advanced Persistent Threats (APTs) are some of the most dangerous and sophisticated attacks organizations face today. How can companies detect, defend against, and recover from APTs? What role do threat intelligence and proactive monitoring play in countering these attacks?

    JA: The biggest advice here is to adopt a defense-in-depth approach. This approach helps clients detect, alert to defend, and recover from APTs. Some of these approaches include advanced threat detection tools like MDR (Managed Detection and Response), EDR (Endpoint Detection and Response), the adoption of regular penetration testing, employee security awareness training, and a well-defined incident response plan, allowing for swift identification and containment of potential breaches.

    You also asked how threat intelligence plays a role in this effort. Cyderes recently launched a service called DARC4 Threat Research Labs. We designed this service to give clients the ability to “See More, Stop More.” How do we do this? Think of it as a big oil refinery. We bring all that oil (intelligence) and refine it into gas to power services like MDR and EDR to help clients improve the ability to see what battleships are forming, which we call “finished intelligence.” This intelligence then enables clients to outline how to defend against the potential threat actors that are coming.

    Given the cybersecurity skills shortage, why should SMBs consider managed services to bolster their in-house capabilities?

    RH: The first reason is cost savings. Managed services can help reduce not only operational costs and IT operating expenses but also people costs, in that this reduces time combating cyberattacks and allows them to focus on their core business.

    Also, improved security. Managed services improve security outcomes by providing consistency such as network monitoring, regular updates, and maintenance. This can increase productivity by allowing an SMB client to focus on managing the business and letting Cyderes help manage the ever-changing cyber regulations and threat landscape while reducing the risk. More important is the access to expertise and resources that an SMB may not have in-house. 

    Author
    Mediaplanet
    Next
    Share Share
    Next article