For our first specialist interview on the Logit.io blog, we’ve welcomed Scott Steinburg to share his thoughts on the current state of cybersecurity as well as the reasons behind writing his new book Cybersecurity: The Expert Guide.
Scott is the creator of the popular Business Expert’s Guidebook series, host of video show Business Expert: Small Business Hints, Tips and Advice and CEO of high-tech consulting firm TechSavvy Global.
He’s also a regular on-air analyst and industry insider with frequent feature appearances on ABC, CBS, FOX, NBC and CNN. Scott is also the author of over half a dozen books on business, marketing and technology, his companies publish books, software, websites, magazines, video documentaries and more.
How Did You First Become Interested In Cybersecurity?
As a technology and innovation consultant for the world’s largest businesses and brands, it always came with the territory, and I’ve been following it for over 30 years, since the earlier days of home computing, back when friends were trading issues of 2600.
Cybersecurity has only continued to rise as a concern in the decades following with the growth of the Internet and cloud computing, and stay top of mind thanks to our consulting work and an almost constant stream of news coverage.
It’s hard to believe, but it first popped onto the radar before I was even a teenager, as entire Bulletin Board Systems (BBSes) were advertising themselves as being devoted to the sharing of information here, which pretty much blew child-me’s mind.
How Do You Stay Up To Date With Industry News & Updates Affecting Cybersecurity?
By staying in regular touch with industry experts and analysts, speaking with corporate teams and security pros, and reviewing a constant stream of whitepapers, research, and conference or media coverage.
Cybersecurity is, of course, a constant arms race between threat actors and law enforcement. Its parameters and stakes change on a daily basis, which make achieving success here an ever moving target. With so many possible threat options and points of attack, it’s really more about threat mitigation and recovery these days.
In other words, best practices and rising trends are always changing – that means having to sprint to stay ahead of the curve as well.
How Have Insider Threats Evolved In The Last Ten Years?
In addition to the rise of state-sponsored threats, and a growing range of criminal actors, we’ve also seen the digital security perimeter that companies are being asked to defend grow exponentially, given the broadening range of devices, digital touchpoints, and network connections that we all interact from these days.
To a great extent, that perimeter has evolved to become less about network boundaries themselves and more about users and data itself.
Likewise, security teams have found themselves under rising duress, as hackers can now launch tens of thousands of attacks 24/7 at a host of different possible targets – and only one attack needs to get through to cause significant trouble.
What Would You Say Are The Biggest Security Threats Affecting Companies Today?
Lack of cyber awareness, data literacy, and healthy computing habits. All sorts of cutting-edge and artificially-intelligent software tools exist now that can help you predict and prevent threats, and a variety of high-tech providers offer plug-and-play access to services and solutions that can help your company stay up to date and equipped to meet the challenges of today’s cybersecurity landscape.
But the irony is that human error is still the #1 most frequent point of failure: All the high-tech safeguards in the world can’t protect you if someone accidentally slips up, shares sensitive information, or leaves a virtual backdoor open that criminals can exploit.
How Do Those Threats Vary Between Companies Of Different Sizes (For Example A Startup Vs A Well-Established Business With Over 100 Employees)?
Larger companies operate using more networks, apps, and devices, creating more potential points of network failure and compromise, even as teams connect, communicate, and work with sensitive data on a scale that leaves many opportunities open for digital exploitation.
Startups are often working with less well-established technology tools, less time and budget for cybersecurity training and fewer resources to draw upon for protecting data.
Can You Give An Example Of A Vulnerability You've Fixed, What Were Some Key Takeaways That You Can Share To Help Our Readers?
Roughly four in five companies have no cybersecurity incident response plan in place, despite the fact that hacks and data breaches now occur every 39 seconds.
We recently helped one of the world’s largest financial institutions design a strategic framework and best practices for dealing with intrusions that it could pass on to thousands of customers for implementation in their own IT departments. Among key advice here includes the need to build cyber response teams staffed by participants with clear roles and responsibilities; create a communications plan and workflow for how response operations will take place; establish formal procedures for compiling and sharing information on threat incidents; build a step-by-step playbook for dealing with concerns; conduct regular penetration testing on apps and devices; etc.
The important part is to have a plan in place and be prepared before disaster strikes.
What Are Some Of The Security Benefits Companies Can See From Moving To The Cloud?
Easier ability to roll out unified policies and procedures across a range of apps, networks, and solutions; opportunities to implement an AI- and machine-powered software layer than can establish baseline network behaviours and constantly scan for aberrant or suspicious activities; chances to more readily backup, archive, and resource data; the ability to draw upon standardized apps, tools, and solutions that can be deployed across multiple channels without having to build custom tools and subject yourself to added bugs and glitches; etc.
What Are Some Essential Best Practices Businesses Can Do To Avoid Cyber Threats Such As Insider Threat Actors, Ransomware, Phishing Attacks, ETC.?
Teach their staff that cybersecurity is everyone’s responsibility from the CEO down to frontline workers, and that it’s important to speak up and say something if you see something suspicious.
Trust no network user or interaction, and verify and authenticate at every turn. Confirm unique, time-sensitive, or out-of-the-ordinary requests before simply processing them.
Engage in regular simulations and problem-solving exercises based on real-world scenarios and trending news topics to prepare yourself for troublesome scenarios.
Constantly refresh learning and education every 3-6 months. Limit users’ access to accounts, networks, and information to an as-needed basis to minimize the extent of possible intrusions.
Last Of All Let Us Know More About Your Latest Book Cybersecurity: The Expert Guide, What Was It Like Writing the Book and What Would You Like Potential Readers to Know?
It was both an educational and exhausting experience – there’s so much happening between digital transformation, the Internet of Things, and a growing move to multi-cloud environments that there’s a massive amount of ground to cover, and the operating landscape can change at a moment’s notice!
Thankfully, as it turns out, you don’t have to be a technology expert to improve your ability to make your business or yourself more cybersecure: Just practice a few good high-tech habits.
We’ve packed the book with all sorts of simple and practical advice and action steps that readers of every skill level can follow to help keep digital dangers at bay.
If you enjoyed this article on cybersecurity than you might want to consider reading our previous post to discover what is SIEM?