With more than 10 million downloads so far this year, The Knowledge Project (TKP) is becoming the go-to podcast to hear from life and business experts from around the world. Led by Shane Parish, Farnam Street founder, TKP has featured a best-selling author, an award-winning psychologist, a Harvard lecturer, and now one of the world’s leading authorities on cyber security.
That’s right, Matt Holland, Field Effect’s Founder, CEO and CTO, recently sat down with Shane to talk all things cyber security, including new exploits, hacking, ransomware, Huawei, and other juicy tidbits. The full episode is definitely worth a listen, but, in the meantime, here are five key takeaways.
The cyber security industry can be shady
“The current state of the cyber security industry—to say it’s a hard problem—is an understatement . . . It’s all about the transaction. It’s all about taking the customer’s money and saying good luck,” said Matt. “And that isn’t making anything better.”
Cyber security vendors rely on technical jargon and pushy sales tactics to acquire prospective customers, shared Matt. The current approach is “like a warped, used car salesman strategy,” he elaborated:
“There are salespersons all over the place that will say, ‘You need some wheels.’ Another will say, ‘I’ll sell you the engine.’ Another will say, ‘I’ll sell you the steering wheel. That’s probably all you need.’ Then it’s up to you, as a company, to put those things together and make use of it.”
The result? Customers pay thousands a year—if not more—for a patchwork security “solution” that often creates more problems than it solves.
Cyber attackers will target any business
Everyone is a target, no matter how small. In fact, Matt shared that he has seen companies with as few as two workers get attacked. If you consider all the sensitive data that smaller legal or accounting firms possess—confidential agreements, financial documents, and personally identifiable information—it makes sense why attackers have expanded their target market to include smaller organizations.
But not every business has the resources for an IT team, and those that do may still lack the security expertise necessary to defend against threats.
Matt’s advice? Don’t be afraid to ask for help, even if it’s intimidating.
“It’s like going to a doctor if you have pain. You don’t necessarily want to find out what the problem is because people are naturally averse to bad news,” Matt explains. “But you can’t be like that with cyber security. If you don’t have a vendor—if you don’t have a company helping you out with that problem—get on it. Everybody is a target at this point.”
Cyber criminals profile their targets first
If an attacker is targeting your company, they’ll often conduct research before launching their attack, advised Matt. If your business has a website or social media accounts, they’ll probe those to see what insights they can collect. Are there any email addresses to target from the website? Is your company saying anything on social media that may be useful?
As Matt explained, the attacker may then use this information to launch a social engineering campaign. You or your employees may start receiving legitimate-looking phishing emails containing malicious hyperlinks or documents. Because of this initial profiling, these scams are extremely effective.
Prevention is the best approach
“I’m aware of businesses that have been shut down because of ransomware,” Matt shared. For these victims, the ransom payment was too high and “it was just easier to just throw in the towel, fold up shop, maybe start again.” But the reality is, continued Matt, “it’s much easier—and cheaper—to be preventative, to harden your system, and be ready for attacks.”
And, as Matt pointed out, it’s also becoming a legal obligation to proactively secure your business. More nations are implementing mandatory breach reporting, where companies are legally required to report any compromises containing customer data.
In Canada, there has been discussion to set fines upwards of $100,000 if:
- a company has been the victim of ransomware,
- customer data was compromised, and
- the company didn’t have adequate security in place to prevent the breach.
By proactively securing your business, you’re not only reducing your odds of an attack, but you’ll also avoid large fines if one does occur.
Cyber security solutions should be simple and holistic
The best cyber solution knows where your data is and all the ways that you could be attacked, then secures it all. For a modern company, “it needs to include an endpoint component, a network monitoring component, a cloud component, potentially an Internet of Things (IoT) component,” Matt advised.
According to Matt, this solution would also have a very concise way of dealing with an incident if one arises. In a time of crisis, you don’t want to receive a long list of links to pages that simply tell you to implement a Virtual Private Network (VPN) or install a firewall, he explained. What you need is a step-by-step guided approach to get back on track.
The right vendor will also know that you may not have anyone on staff with a background or interest in cyber security. Their solution should be set up, built, and implemented so individuals who are not necessarily technical experts can manage it.
A bonus cyber security truth
Securing your company doesn’t have to be confusing, costly, and complex. At Field Effect, we make it so.
Covalence detects and responds to cyber attacks, unlike any other solution. With simplified alerting for vulnerabilities and threats, and a team of cyber security experts to provide support, advice, and guidance, you’re protected from end to end.
If you’re ready to learn more about proactive, comprehensive cyber security, schedule a demo with our team today.
