CyberTech 2020: Insights From Eli Migdal (Part 2)

CyberTech 2020: Insights From Eli Migdal (Part 2)

 

Eli Migdal, our founder, attended the CyberTech 2020 and got lots of insights from the event. 

In this video, he is discussing the complexity of the cybertech field and how to easily communicate it to decision-makers and board members. 

“How can we really expect our boss, our decision-makers, to fully comprehend the complexity of cybersecurity, especially now in 2020?” 

He explains that even the cybersecurity community finds the field extremely complex. To keep on top of things, cybersecurity professionals must learn about new developments and keep a close eye on new threats, as well as being aware of all the regulatory changes. 

Cybersecurity professionals spend lots of resources on understanding the latest developments – both threats and solutions – by constantly reading, learning, and using proof of concept. 

And while so many resources go into understanding threats and developing adequate solutions quickly, there is also the issue of a big skill gap in the field, where there just aren’t enough cybersecurity professionals. 

“How can we explain this super complex problem which is also complicated for cybersecurity professionals?” asks Eli. How can cybersecurity professionals present the threats and solutions to the board of directors and decisionmakers? 

He gives an insightful answer: “We must simplify it it’s our responsibility. This is what we are getting paid for.” 

As cybersecurity professionals, the only way to truly communicate the impact to board members and decision-makers is to quantify the complexities of the cybersecurity field into financial figures. 

It’s simple really: the board and decisionmakers do not have the time to keep track of all the changes in the field, and they do not care about the complexities faced by cybersecurity professionals. What they do care about are the figures. 

It is not the rate scores or complexity that helps them make a decision – it’s the financial impact. 

Simplify. Don’t complicate.

Simplify Cyber Security

Explain why/how your solutions work, to a non-techy audience. 

CyberTech 2020: Insights From Eli Migdal (Part 1)

CyberTech 2020: Insights From Eli Migdal (Part 1)

Our founder Eli Migdal attended the CyberTech 2020 event. In this video, he is discussing the biggest issue cybersecurity is facing right now – response times to new threats. 

He explains that the issue isn’t in lack of solutions and that there are numerous vendors that are working on different solutions for the same problem. He further stated that he counted at least 15 cybertech companies that are working on solving fraud detection and breaches, which gives him the perfect opportunity to address a rather pressing issue – choosing the right solution.

“How can we quickly choose between them if there are so many solutions?”

Eli argues this is the tricky part of the cybersecurity business. There are different solutions that all work well for a particular issue, but which one is best? 

“As professionals, we still need to investigate those solutions.”

While a solution might sound good on paper, it will be clearer if it’s the right choice after having a proof of concept and evaluation. 

This process of determining the best solution cannot be sped up, but the process that follows can be. The solution cybersecurity experts choose needs to be presented in front of the board of directors. 

“We must make it quicker,” he says about the process of getting approval for the solution cannot wait, especially when there are so many threats to address and so many solutions to choose from. 

He explains that the risk of security and breach issues can be mitigated greatly if organisations move quickly enough. This means that the decisionmaking process of the board “must be quicker than the bad guy’s”. 

“We don’t have a technical solution problem […] the cybersecurity community can solve the majority of the problems; we just need to move quick enough.”

This means that we need to have the means to speed up the decisionmaking. When the decisionmaking is quicker than the bad guy’s decision-making process, we’ll be able to address cybersecurity before it becomes an issue. 

React quickly to cyber threats

Understand the IT and Cyber Risks to Your Small Business without a CISO

Understand the IT and Cyber Risks to Your Small Business without a CISO

Understand the IT and Cyber Risks to Your Small Business without a CISO

Cybersecurity has long left the realm of enterprises and has become a crucial component for all types of businesses. While large enterprises rely on their Chief Information Security Officer (CISO) for all cybersecurity-related threats, small- and medium-sized businesses often lack the resources to employ a CISO, which leads to higher exposure to SME cyber risks

Verizon’s Data Breach Report shows us that 43% of all breach victims were small businesses, highlighting that everyone can be a target. According to the report, out of all SME IT risks and incidents, 69% were outside attacks, while 34% were internal actors, while partners accounted for 2%, and multiple parties were at fault for 5% of incidents. 

Ransomware is among the very common SME cyber risks, accounting for 24% of all incidents. Several key factors play a role in why SMEs were attacked this often:  

  1. Many SMEs do not have a firm understanding of the cybersecurity landscape and are not aware of threats. 
  2. Many also don’t think they are the target, leading to a lack of security measures.
  3. They do not allocate funds towards their cybersecurity budget, hoping they are small enough to slip by unnoticed.

Such beliefs bring increase exposure and incidence of SME IT risks. But how can SMEs understand the risks they face without someone to fill a CISO role? By knowing where to look first:

  • Know which threats are highest for your industry – While all organisations are at risk of a cyberattack, each industry has a higher risk of a certain type of attack. The types of risks your organisation faces depend on your business model, the type of data you process, type of customers, and the technologies you use. When you know where attacks are most likely to strike, the types of attacks to expect and how often they occur, you will know where and how to prioritise your defences. 
  • Eliminate internal factors – Many breaches are a result of human error, so you must eliminate it where possible. Educating your staff is a good way to go about it. Teach everybody how to spot phishing attempts and adopt a good password policy, as well as 2FA. For additional security, you can track insider behaviour—how your staff accesses data and for what reasons, and limit data access only to those users who truly need it. 
  • Keep up with regulatory requirements – Small business owners often fail to acknowledge that they are not exempt from regulations about data security such as GDPR. You must ensure that all data, and especially sensitive data, is safe from unauthorised access, disclosure or erasure, and disclose what types of data you collect and process and why.  

While this seems like a lot to handle, especially for SMEs, the right tools can make things much easier. Here’s how Boardish assists in understanding SME cyber risks

  1. It helps you understand exposure to threats and what solutions can help – The dashboard features a drop-down menu that lists all threats, as well as solutions. You can browse through both categories, which helps you investigate what solutions exist and research threats you might have not even been aware of but could happen to you. Boardish gives you insight into the knowledge of IT managers and CISOs with experience. 
  2. It can quantify SME IT risks – Now you can get actual numbers on the impact of threats to your business and also an idea of how well different solutions help mitigate risks your business is exposed to. Without confusing terminology usually found with enterprise risk management software.  
  3. It works with limited resources – Even without a person filling a CISO position in your company, any IT professional can help use Boardish which is accessible for all business types as the plans are based on users. 
  4. No need to implement anything – You won’t have to deal with the headache of implementing and connecting Boardish to your systems; it works standalone. It truly brings simplicity to a complex method of cyber quantification. 

Keeping up with cybersecurity threats, requirements, and best practices is often a complex issue for SMEs as they lack resources and a CISO position within their company. Boardish is a tool that helps small- and mid-size businesses understand SME IT risks, stay up to date on new developments in the cybersecurity landscape, and use the best solutions to keep their business safe from attacks. 

Protect Your SME

Figure out your security posture without a CISO or extra resources.