Whenever you put a critical mass of technology industry players in one room, certain themes are going to emerge—who has the best swag, what's for lunch and what's new in the world of cybersecurity.
Recently, CIRA attended the ASCII IT Success Summit in Toronto to meet with our peers and learn more about the needs of managed service providers as part of our efforts to expand our D-Zone DNS Firewall partners program.
While the variety of products on display for managed service providers to add to their portfolios was vast, it was clear that protecting their networks, and their customers' networks, from malware, ransomware and other cyber threats was top of mind.
However, while managed service providers seem to understand the risks to their networks, the tricky part is helping their customers understand the risk. Jan Spring, from the managed services platform, Continuum, reiterated in her presentation that educating customers on the costs associated with a breach of their system, beyond the obvious ones, is a great way to drive the message home.
“The ransom you pay in an attack is the least you will pay,” said Spring. “It will cost you much more in downtime.”
Educating customers on the risks, best practices (use two-factor authentication, people), and the solutions that are available were all major themes throughout the event. However, our old nemesis—the Internet of Things—was a frequent source of concern and a bit of comic relief.
In a presentation by Auvik Networks, the story of an unnamed client, whose decision to install smart lightbulbs in the office accidentally triggered a warning for a DDoS attack as dozens of new IP addresses started showing up on the network, highlighted just how much education is still needed in the field.
Despite the variety of great vendor presentations, there's no question that the highlight of the event was the keynote by Theresa Payton, former CIO of the White House. Payton now runs her own cybersecurity firm, Fortalice Solutions, and was also the star of the CBS reality series, Hunted, where she helped track down fugitives using technology.
Payton provided attendees with a plethora of helpful cybersecurity advice including a tip that was particularly close to our heart at CIRA: acquire a separate domain name that is different from your business (and not public) and use an email address from it to set up all large wire transfers and purchases to protect yourself from fraud.
Payton also advised everyone to segment their Wi-Fi networks, even at home, and explained just how far she takes that commitment. When her kids' friends come to visit and ask for the Wi-Fi password, Payton warns them that having access to the guest Wi-Fi comes with a cost—she monitors everything that happens. Their response: “Never mind, we're going to go play outside.”
According to Payton, the two biggest challenges for small businesses when it comes to cybersecurity are a lack of resources and not fully understanding the risk.
She attributes the lack of urgency in cybersecurity among small businesses to how complicated the industry has made it to understand, and be compliant.
“Security is so hard because we've made it hard,” said Payton. “We failed because we didn't design for the user.”
Payton relates cybersecurity to seat belt laws, something that was once a hard-fought public education campaign is now second nature the minute you get in your car.
They key to that education is to help small businesses understand the risks. While a ransom may seem small, according to Payton, it can take up to 48 hours just to buy Bitcoin—is two-days' downtime something a small business can afford?
It is clear from the discussion at ASCII IT Success Summit Toronto that managed service providers are increasingly having these discussions with their customers and expanding their offerings of cybersecurity solutions. As CIRA continues to expand its support for small businesses across Canada, we hope to have more of these discussions—including at our upcoming AGM—and propose some solutions in the future.