During our week in San Francisco for the RSA Conference 2018, we wanted to meet and have a chat with our friends at Webroot: Gary Hayslip, VP and Global CISO, and Tom Caldwell, Senior Director of Engineering.
We are actually planning to have more in-depth conversations about the present and future of cybersecurity for businesses and consumers when we meet again in Las Vegas this August, during Black Hat 2018,
We were curious to know their opinion about this year’s conference, the most discussed topics and trends, and what the present and near future of IT security looks like for small and medium businesses.
There seems to be a movement towards platforms and orchestration of connected technology via API, and nobody wants to be the technology company standing by itself. Even the big guys are becoming platforms that can be customized according to the specific needs of their clients.
AI and Machine Learning can help detection, but unfortunately, SMBs can be overwhelmed by these strategy and technology changes when it comes to the use of Artificial Intelligence to analyze data and operate effective threat hunting. There is a big gap between what enterprises can utilize and what small business can afford.
The level of complexity in cybersecurity has become so broad and so deep that no company can take on the responsibility of covering and protecting a business entirely, and yet there are marketing buzzwords and messages out there that hint towards such a snake oil selling strategy.
The most critical first step for SMBs is to cover the basics. Statistically, until a business reaches 200 - 300 employees, it is probably not financially mature enough to have an internal IT department. Also, as we just mentioned, the level of cyber attacks complexity is too high even for large corporations, to be 100% protected
So, even if IMSPs (integrated managed services providers) are starting to cover SMBs’ cybersecurity needs, whatever those may be, it is essential for these businesses to resist the alluring temptation of "snake oil" salespeople and know what their priority is when it comes to their cybersecurity needs. For example, audit and inventory — how can you protect something that you do not know that you have? How is your system working, what is on your network, and what are the most critical assets to defend?Only at that point can an SMB start leveraging the latest technologies, including some of the latest AI and machine learning solutions, and stay within their limited budget, even with IMSPs solutions.
SMBs are not attending conferences like RSA because they are geared towards enterprise and high-level tech audiences, but SMBs are becoming more aware of the cybersecurity landscape and the fact that security is becoming a necessity to keep their business alive.
Listen to this interesting conversation if you care about your business, no matter what size it is. There is something to learn for everyone and learning, education, and knowledge of what is happening in our cyber society and how to leverage the positive and mitigate the negative is an essential first step. How can you go in the right direction if do not know what the right direction is?
It was great to talk about the present status of cybersecurity with Gary and Tom, and we are most definitely looking forward to continuing this conversation in Las Vegas. We will pick up from where this conversation leaves off.
Enjoy the podcast, listen to it carefully, and share it recklessly!
* If you have read my introduction above, you can go directly to the conversation by skipping ahead to 3':23'' - Enjoy!