"How should I be thinking about cybersecurity?”

Media Thumbnail
00:00
00:00
1x
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, "How should I be thinking about cybersecurity?”. The summary for this episode is:

Speaker 1: Let's get started. All right. For context, what these statistics say is that the majority of small and medium sized businesses have either been victimized by a cyber attack or live in fear of one. And yet, this statistic isn't up there, the majority of those same small and medium sized businesses are either uninsured or underinsured when it comes to cyber insurance. That seems like kind of a dichotomy, doesn't it? It's like, why would that be? And that's really the underlying motivation for Trava and for this cybersecurity awareness seminar. We want to dig into that and help expose what that's all about. Here's the motivation, as we say down here. Increasingly, these small medium sized businesses, customers, vendors, and business partners are withholding business until that cyber risk is under control. So, things like, well, you must have$ 10 million in cyber liability insurance. You must have this certification. You must have that certification. You must successfully fill out this security questionnaire. It becomes kind of, what we say, table stakes for doing business with a lot of customers in a variety of different industries. So those are the, easy for me to say, statistics. But what have we seen when we talk to our customers? Here's some of the things we've heard. A lot of our customers say things like, " I don't even know what I don't know." It's almost like they don't want to know. Because if they know, then they feel like they're forced to do something about it. There's a lot of misunderstanding about, as I mentioned before, about the differences between compliance and security, and I don't understand cyber risk management. How's all this come into it? So, what do they do? Who do they turn to? What you have to understand is that the business owners, and we'll talk to some later today, the business owners of these small and medium sized businesses, their expertise is in some field other than IT or cybersecurity. That's not what they're experts in. That's not the business they're in. And it's almost like this is a specialized field. So, when they look for help, they, they turn to managed service providers, managed security service providers. One of the problems there is there's a wide spectrum. That's a broad label that covers a whole lot of range of abilities and services that they offer. It is not an easy road to negotiate for these business owners. And as a result, what they often do is they often say, " Well, maybe I should just buy some security tools. Maybe I should buy some cybersecurity tools. I saw this advertised on TV. Or I was on an airline flight and I saw this tool advertised in an airline magazine." But the problem is the cybersecurity tool landscape is very crowded. And you might say, " Well, just how crowded is it, Jim?" And it's very crowded. It's very, very crowded. Right? So, how is someone, your average business owner who doesn't understand, this isn't their area of expertise, doesn't understand cybersecurity all that well, how are they supposed to choose from among all these tools, all these different categories, how are they supposed to know which particular grouping of which tools is going to protect them properly? It's clearly an impossible task. So, there's got to be a better way. It's almost like we've jumped immediately to the solution without understanding the problem. And this is really where the notion for Trava came about. It's like, don't jump immediately to cybersecurity solutions. Take a step back. Let's talk about cyber risk management. And that's really what we are about. So, here's a reality check. And if you remember nothing else from today, I hope you'll take this away, and that's that a random collection of cybersecurity tools does not a cybersecurity program make. That's so important I'm going to say it again. A random collection of cybersecurity tools does not a cybersecurity program make. Cyber risk management has to come first. You have to understand what are the problems that are particular to your particular organization. Don't go looking for a solution until you fully understand the problem. The problem definition portion of cybersecurity is called cyber risk management.