27.11.2020 5 cyber security truths revealed on The Knowledge Project

by Andrew Milne

With more than 10 million downloads so far this year, The Knowledge Project (TKP) is becoming the go-to podcast to hear from life and business experts from around the world. Led by Shane Parish, Farnam Street founder, TKP has featured a best-selling author, an award-winning psychologist, a Harvard lecturer, and now one of the world’s leading authorities on cyber security.

That’s right, Matt Holland, Field Effect’s Founder, CEO and CTO,  recently sat down with Shane to talk all things cyber security, including new exploits, hacking, ransomware, Huawei, and other juicy tidbits. The full episode is definitely worth a listen, but, in the meantime, here are five key takeaways.

Truth #1: Not every vendor has your best interest at heart 

“The current state of the cyber security industry — to say it’s a hard problem — is an understatement . . . It’s all about the transaction. It’s all about taking the customer’s money and saying good luck,” said Matt. “And that isn’t making anything better.”

Cyber security vendors rely on technical jargon and pushy sales tactics to acquire prospective customers, shared Matt. The current approach is “like a warped, used car salesman strategy,” he elaborated:

There are salespersons all over the place that will say, You need some wheels. Another will say, I’ll sell you the engine. Another will say, I’ll sell you the steering wheel. That’s probably all you need. Then it’s up to you, as a company, to put those things together and make use of it.

The result? Customers paying thousands a year – if not more – for a patchwork security “solution” that often creates more problems than it solves.

Truth #2: No company is too small to be targeted 

Everyone is a target, no matter how small. In fact, Matt shared that he has seen companies with as few as two workers get attacked. If you consider all the sensitive data that smaller legal or accounting firms possess — confidential agreements, financial documents, and personally identifiable information — it makes sense why attackers have expanded their target market to include smaller organizations.

But not every business has the resources for an IT team, and those that do may still lack the security expertise necessary to defend against threats.

Matt’s advice? Don’t be afraid to ask for help, even if it’s intimidating.

“It’s like going to a doctor if you have pain. You don’t necessarily want to find out what the problem is because people are naturally averse to bad news,” Matt explains. “But you can’t be like that with cyber security. If you don’t have a vendor — if you don’t have a company helping you out with that problem — get on it. Everybody is a target at this point.” 

Truth #3: Attackers are probably profiling you 

If an attacker is targeting your company, they’ll often conduct research before launching their attack, advised Matt. If your business has a website or social media accounts, they’ll probe those to see what insights they can collect. Are there any email addresses to target from the website? Is your company saying anything on social media that may be useful?

As Matt explained, the attacker may then use this information to launch a social engineering campaign. You or your employees may start receiving legitimate-looking phishing emails containing malicious hyperlinks or documents. Because of this initial profiling, these scams are extremely effective.

Truth #4: It’s easier (and cheaper) to proactively secure your business

“I’m aware of businesses that have been shut down because of ransomware,” Matt shared. For these victims, the ransom payment was too high and “it was just easier to just throw in the towel, fold up shop, maybe start again. But the reality is, continued Matt, “it’s much easier — and cheaper — to be preventative, to harden your system, and be ready for attacks.

And, as Matt pointed out, it’s also becoming a legal obligation to proactively secure your business. More nations are implementing mandatory breach reporting, where companies are legally required to report any compromises containing customer data.

In Canada, there has been discussion to set fines upwards of $100,000 if: 

  1. a company has been the victim of ransomware,
  2. customer data was compromised, and
  3. the company didn’t have adequate security in place to prevent the breach.

By proactively securing your business, you’re not only reducing your odds of an attack, but you’ll also avoid large fines if one does occur.

Truth #5: The future of cyber security is a holistic approach with simple alerting and expert support 

The best cyber solution knows where your data is and all the ways that you could be attacked, then secures it all. For a modern company, “it needs to include an endpoint component, a network monitoring component, a cloud component, potentially an Internet of Things (IoT) component,” Matt advised.

According to Matt, this solution would also have a very concise way of dealing with an incident  if one arises. In a time of crisis, you don’t want to receive a long list of links to pages that simply tell you to implement a Virtual Private Network (VPN) or install a firewall, he explained. What you need is a step-by-step guided approach to get back on track.

The right vendor will also know that you may not have anyone on staff with a background or interest in cyber security. Their solution should be setup, built, and implemented so individuals who are not necessarily technical experts can manage it.

One more cyber security truth

Securing your company doesn’t have to be confusing, costly, and complex. At Field Effect, we make it so!

Covalence provides cyber threat monitoring, detection, and response capabilities unlike any other solution. With simplified alerting for vulnerabilities and threats, and a team of cyber security experts to provide support, advice, and guidance, you’re protected from end to end.

If you’re ready to learn more about proactive, comprehensive cyber security, schedule a demo with our team today.

 

Request Demo

Fill out the form and we will send you details about our demo.