Cyber Security In 2016: How Business Owners Can Protect Their Information
Insight As CEO and founder of Lavalife, previous Dragons’ Den host, and current host of The Disruptors, Bruce Croxon has firsthand experience with cyber security and just how impactful a breach can be.
Mediaplanet The Disruptors focuses on Canadian entrepreneurs who are disrupting the global technology climate. In what ways are Canadians leading the pack globally?
"At the risk of sounding overly cocky, I can’t think of a major area of disruption where we aren’t at a minimum contending."
Bruce Croxon At the risk of sounding overly cocky, I can’t think of a major area of disruption where we aren’t at a minimum contending. Innovation and the ability to start things has never been a weakness of ours in my opinion. Lavalife, a company I founded with three partners was arguably the first internet-based commercial social network in the world. In my view, we continue to be a world leader in social, enterprise B2B, data analytics, e-commerce, and fintech to name a few. We sell a lot of our companies early and in many cases before they become household names but that is a capital issue, not an innovation issue.
MP From your own experience as an entrepreneur did you find that security was a top priority? How did you incorporate it into your own business and balance it as you continued to grow?
BC Businesses can develop ways to protect their IT assets and communicate it to their employees. Technology is part of the answer and so is employee education. By making employees aware of the threat — what information is valuable and how they can protect it — the business will be better prepared to defend itself.
MP How have you seen security and threats develop over the past few years — how do you see this continuing in 2016 and 2017?
BC The common techniques used by threat actors have been consistent for many users. Threat actors continue to target individuals through phishing e-mails to execute attachments or click on links to malicious websites, which infects computers with malware. From that point, the threat actor remotely accesses the compromised computer from the Internet and attempts to steal information. Even with the most sophisticated prevention technology deployed, malware continues to infect computers.
"While prevention is still a priority, businesses are now focusing on improving their detection and response capabilities."
Previously, businesses have invested mostly in preventive security technology. While prevention is still a priority, businesses are now focusing on improving their detection and response capabilities. Detection security controls can use correlation and anomaly analysis to alert IT staff when security breaches occur. IT staff can then execute their security incident response plans to contain and eradicate the breach from the system as quickly as possible to minimize the damage and restore business operations.
MP What are the most important steps business owners can take to protect their information, property, clients, employees, and to have peace of mind?
BC Business owners can follow these steps to defend their business:
➊ Identify valuable IT assets which may include intellectual property, processing systems, or private information of customers.
➋ Evaluate how the business would be impacted if a breach affecting the IT assets occurred and consider the likelihood of becoming a target to determine how much to invest. Don’t underestimate the likelihood which continues to trend higher globally.
➌ Deploy security technology to prevent the most likely threat scenarios and also invest in detection and response capabilities.
➍ Train and educate employees about what information is most valuable and how they can protect it.
➎ Keep systems up-to-date and ensure they have all the security patches installed.
➏ Prepare for a cyber breach by developing a response plan that will help minimize damage if a breach ever occurs.
MP Why is it so difficult to stay ahead of cyber threat? Why do massive powerhouses such as Target, Home Depot, and Anthem remain exposed to digital breach?
BC The cyber threat is continually evolving. As progress is made with the development of innovative security technology, the cyber threat actors are changing their attack methods. Security technology continues to lag behind the sophisticated techniques used by cyber threat actors. Business’ confidential and private information can become targeted by sophisticated and determined threat actors that are motivated by financial gain from selling the information to fraudsters or others that can use it for their benefit.
MP With so much going on trying to build and run a business, are Canadian business owners and entrepreneurs devoting enough of their attention and capital to an investment in their businesses security?
BC Owners can start by identifying IT assets that have the most value to their business. If these assets were stolen or damaged, what would be the impact to the business? The impact could include damage to reputation, loss of intellectual property, loss of private information of customers and employees, and financial costs associated with system downtime or response to the security breach. Based on the likelihood of their IT assets becoming targeted and the impact of a breach, businesses can determine the right level of investment required for protection.