A dynamic entrepreneur, in 2003 Robert Herjavec founded Herjavec Group, a global leader in information security, currently ranked #1 on the Cybersecurity 500 as the world’s most innovative cyber firm. HG specializes in managed security services, consulting, delivery and incident response for enterprise-level organizations. Robert’s ability to interpret industry trends and understand enterprise business security demands has helped him achieve the profile of a global cybersecurity expert. He shares his expertise with other entrepreneurs each week as a leading Shark on ABC’s Emmy Award-winning hit Shark Tank.

Mediaplanet: How would you say that your organization or industry values data?

Robert Herjavec: Data is paramount to everything we do. Basically, data is power. In the world of cybercrime, data is currency. There is a value there, whether it’s an email address, financial transactional information, personal records, or what have you. Data is being used as a weapon today, and we’re seeing data loss and security breaches become regular headline news. Data is central not just to the cybersecurity industry, but across all industries.  As a cybersecurity services provider, it is our job to protect customers’ data, and also to enrich the data received for trend analysis and defence against future cyber threats.

MP: What would you say are the biggest knowledge gaps SMEs are facing when it comes to their vulnerability to cyberattacks?

RH: The biggest knowledge gaps for SMEs are first of all, not understanding the threats they are facing, and, second, not having the right IT skill to defend themselves against these cyber threats. Attack vectors are constantly evolving, and it’s very hard to find trained security professionals to keep up with the threat landscape. Trying to do this without an expert partner is extremely challenging.

MP: How do you feel about the implementation of the General Data Protection Regulation (GDPR) in Canada? Will it affect cybersecurity strategies for SME owners?

RH: Compliance is a key driver in the cybersecurity space. We’ve seen directives and regulations like PCI, HIPAA, and PIPEDA change how business is done globally, and now Canadian organizations that do business with the EU will need to adapt to the GDPR.

On May 25, 2018, the GDPR will start being formally reinforced, aiming to regulate how businesses manage data breaches and prioritize data privacy in order to protect consumers. The regulation will apply to enterprises in all countries across Europe, as well as any global enterprise collecting, storing, sharing, or processing data on EU citizens. Failure to comply with the GDPR can result in a fine of €20 million or 4 percent of annual global turnover, whichever is greater.

This will change how businesses on all sides manage their customer information. Increased diligence and control will be required, including in database management and security protocols.
MP When is the right time to outsource vs. do it yourself? Where have pain points been seen most often in a DIY model?

RH: Outsource vs. in-house is always a tough decision for any company, especially at the SME level. We’ve seen some organizations leveraging internal IT resources for things like networking and storage, but outsourcing specialized work on the security side, such as managed security services, incident response, and threat hunting. It’s absolutely a balance of resource availability, expertise, proactivity, and budget requirements. Labour availability and expertise are really the biggest issues. We’re seeing the demand for cybersecurity services, particularly managed security services providers, grow exponentially across Canada. When you DIY, you don’t know what you don’t know — sounds simple, but it’s true. It’s challenging to stay on the cusp of emerging trends and to have the bandwidth to complete multiple projects. How do you prioritize? How do you learn industry standards, best practices, or what is going on across other organizations? Outsourcing can generate economies of scale and powerful cross-client correlation benefits in the long term.

MP: With the ever-increasing amount of smart technologies and the IoT, how are cloud security solutions evolving to support more interconnected networks?

RH: Cloud computing is the future for one main reason — scale. Just think about everything we have that’s connected: computers, cell phones, cars, thermostats, even your fridge! Everything has an IP address (or a few!) and that data needs to be stored somewhere. As the amount of storage that’s required for all the data being collected grows, we’re seeing more companies move toward the cloud model. It’s scalable, grows with your business, and we are dispelling the myths of the unsecure cloud.

MP: What do you see as this industry’s greatest challenge over the next five years?

RH: Complexity is the enemy of execution, and the cybersecurity industry thrives off complexity! Over the next five years, there will be more complexity in all areas – more connected devices, more vulnerability, and more risk. The more complex things gets, the more vital it becomes for proactive cybersecurity measures. You’ve got to balance people, processes, and technology. It sounds simple, but you can’t ever let up on the basics. You should train your employees on why security matters and what to look out for. You should have documented processes, escalation plans, data recovery plans, incident response plans, asset classification plans (you get it – PLAN), and you should have a proactive security technology approach so that you’ve got the right services and products to support your security posture. The greatest challenge is staying ahead of the bad guys while you do all this, and still supporting your business’ objectives.