You wouldn’t go to war without your bulletproof vest, so don’t go into the internet with the cyber equivalent. Episode 134 of the Middle Tech Podcast with Wes Spencer can be described only as eye-opening. Wes, the Chief Information Security Officer of the cybersecurity software firm Perch Security, presented cybersecurity and IT in a way that truly delivers just how essential paying attention to detail in this field is to companies of all sizes. As Wes eludes to, the internet is a theatre of war just like any battlefield, except, unlike any other battlefield, normal civilians like you and me are willing to waltz our ways into the middle of it. And, even worse, most of us do it without any preparation or equipment.
Recently, a major hack occurred on U.S. soil mainly affecting the company SolarWinds. This hack, arguably one of the worst in U.S. history, affected many key federal agencies as well as caused the SolarWinds stock price to plummet over 23%. SolarWinds will be far from the only one as cybercrime losses this year alone are projected to be $6,000,000,000,000.00 – yes, that is six trillion – and with a limited number of Fortune 500 companies, the majority of this will fall on small to mid-sized businesses. Cybersecurity companies like Perch add value to companies of all sizes by reducing the risk that a hack is successful. There is a key distinction to be made here from the typical thought process about IT and cybersecurity; Perch reduces the chances of success of the hack, not reducing the chances of a hack.
Wes pointed out that “the reality is every organization at some point is going to suffer a breach. ... You have to get past this prevent breach mentality.” Wes makes clear that this is not a defeatist attitude, but instead a realistic attitude. If you are trying to prevent a breach, then you have to be right every single time while the hacker only has to be right once. That is an exhausting and defeating place to be as a start-up with little funding, which is why changing that mindset is so important. Instead, if you are defending against a breach in the manner Perch does, the hacker has to be right every single time to avoid detection, while the defender only has to be right once to expose and eliminate the hacker before the hacker is successful. Now, that seems doable, realistic, and worth the effort.
Perch takes the company’s budget for cybersecurity, sets the protection priorities, and then creates a plan to monitor and prepare for a breach when it occurs. That way when a hacker is able to get past the firewall and anti-virus, you are both aware of, and prepared for, the hacker’s presence. It is both an art and a science, in the same way, medicine or law are both art and science; it takes art to diagnose a problem and science to solve it. The practice of cybersecurity is your bullet-proof vest, and Perch is your commander leading you through the cyber theatre of war.
So, as a consumer, what are the easy-to-implement steps to practice good cybersecurity? Wes recommends you use a password manager, like LastPass. This will make your life not only safer but easier. The password manager, which is specifically designed to be secure enough to hold passwords, requires you to know one password for all 300 of your passwords. Then you can input long and strong passwords for those 300-sum accounts and only ever have to remember the one for the password manager. Wes also recommends utilizing a two-factor authentication app, like Google Authenticator – over the text or phone generally offered – as there is no way the second factor could ever be compromised as it changes constantly.
As easy as those steps are to implement if you are creating a cybersecurity plan for your business, it takes more than that. Wes puts it simply, unprepared and unaware small to mid-sized companies “are just sitting ducks” for hackers to hack and then extort. Fortunately, cybersecurity companies are growing like never before, so there is help available. According to a Crunchbase article, businesses in this sector received $8.1B in funding worldwide and $6.3B in the US. There is almost certainly a company that can create a cybersecurity plan within your budget and risk requirements.
First things first though, educate yourself about cybersecurity and the risks that are out there. Episode 134 of the Middle Tech Podcast featuring Wes Spencer is the perfect place to start.