Cybersecurity CEOs share how businesses can protect themselves in 2022

Cybersecurity CEOs share how businesses can protect themselves in 2022
A digital globe featuring the Americas with infographic annotations and the phrase "Cybersecurity" underneath it. The globe is also sorrounded with a generic electronics blueprint.

Bottom Line: Every business needs to resolve in 2022 to treat cybersecurity as a business decision first because the risk to operations and revenue are too great if they don’t.

Originally published on Enterprise Irregulars

Any cybersecurity prediction for 2022 will likely be on the low side, given how ingenious ransomware attackers are at mining long-standing common vulnerabilities and exposures (CVEs) and how intricate breach attempts are becoming.

Predictions don’t protect businesses, professional guidance does. Intending to provide every business, especially startups, with insights they can use to protect themselves in 2022, I’ve interviewed several cybersecurity CEOs. Their recommendations on what every business can do to improve their cybersecurity and avert a potential breach, ransomware attempt, or worse are provided below:

BOS Framework Founder and CEO Sashank Purighalla

Before BOS, Sashank founded and served as the CEO of 5Y Solutions, Inc., a DevOps company that provides SaaS and enterprise-class technology solutions based in the cloud, AR, VR, IoT, Media Streaming, and Big Data spaces. 5Y has offices in the US, Australia, and India. Much of Sashank’s 20+ years of experience has involved developing enterprise-class technology solutions, strong strategic and long-range planning, setting business and technology strategies in B2B and B2C environments, and leading and motivating diverse teams to build high-impact SaaS and PaaS products. Sashank has a bachelor’s degree in Mechanical Engineering and a master’s degree in Computer Science.

Advice from Sashank Purighalla Founder and CEO at BOS Framework

 “The biggest problem that enterprises are dealing with is with fractured technology architectures. The playbook for how technology systems are designed and maintained has fundamentally changed over the past 5 years with the advent of DevOps as a new disciple geared toward bringing efficiency to the PDLC process. To help meet this growing demand, there has been nearly a 570% increase in the number of known niche tools. Here’s the strange dichotomy: In the same timeframe, there has been an over 630% increase in the number of cyber breaches and over 600% increase in technology management and maintenance costs.

The fact is that you cannot patch disparate systems with non-standardized implementations using niche tools and expect to achieve security. Breach resilience and systemic integration can only result from sound systemic architectures that are based on best practices. 

Enterprises must shift their focus from thinking of the next tool for efficiency or patching gaps to consistent architectures for effective holistic outcomes. This is an ecosystem problem and can only be addressed at an organizational architecture level”.

Founder Shield Co-Founder & CEO Benji Markoff

Benji Markoff is the Co-Founder & CEO of Founder Shield. He has an obsession with culture and the science behind it. He wants his legacy to be the success and positivity that everyone who works at Founder Shield brings to the world, whether at Founder Shield or in any their future endeavors. He hopes that Founder Shield provides a platform for unlimited success and happiness for all that work there.

Advice from Benji Markoff, Co-Founder & CEO of Founder Shield

“It’s old news that cybercriminals have beefed up their attacks, with ransomware and phishing topping every bad actor’s to-do list, it seems. The pandemic spotlighted weak links in cybersecurity systems nationwide, and hackers didn’t waste one minute to attack — back door, front door, didn’t matter. Hybrid work schedules and burnt-out IT specialists make the waters even murkier. Naturally, cyber liability insurance is a hot commodity currently, and the insurance industry plays a significant role in helping companies stay protected. Unfortunately, the attacks keep coming. Flip the script, though, and all these negative headlines can serve as lessons learned. For starters, let’s remember that cross-functionality value also translates to cybersecurity training. The more employers raise awareness and implement in-depth training, the lower they’ll fall on a hacker’s checklist. Keep cybersecurity top-of-mind throughout your entire company. Also, don’t be shy about relying more heavily on your managed service provider (MSP). These companies are ever-broadening their scope of services. If eyes and ears are what you need, start negotiating new MSP contracts.”

Hexnode Founder and CEO Apu Pavithran

Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and Information security management. In addition, he’s passionate about entrepreneurship and spends significant time working with startups and empowering young entrepreneurs.

 Advice from Apu Pavithran, founder and CEO of Hexnode

“Enterprise customers in 2022 are looking for a seamless digital experience that they can adopt immediately. Unfortunately, while catering to this need businesses tend to overlook the cybersecurity risks involved in making this possible. 

In practice, cybersecurity decisions mostly take the backseat when associated with budgetary needs and business priorities, however, what comes with that is a successful ransomware attack that can completely turn the equation upside down.   So, while adopting a flexible working environment in a constantly changing IT landscape, I would strongly recommend having a device security policy and a UEM in place. This helps keep your sensitive information safe by making sure employee devices are always compliant. 

A patch management solution that comes along with the UEM solution will monitor your devices to make sure that there are no security vulnerabilities. The solution will also make sure that your device is running on the latest OS update and protected from threat actors. 

Endpoint security solutions like UEM’s will help secure businesses to an extent, But having the right tools can’t always ensure that your businesses are 100% secure. The biggest threat is always the human element in cyber security. So make sure that in your flexible work environment your employees are cyber aware with regular cyber awareness classes that cover updated cybersecurity best practices.”

Ivanti CEO Jeff Abbott

As CEO of Ivanti, Jeff Abbott oversees all aspects of the company’s growth strategy and direction. Before becoming CEO of Ivanti in October 2021, Jeff served as Ivanti’s President since January 2020. Jeff has over 25 years of experience working for enterprise software and services companies, including Accenture, Oracle, and Infor. Jeff holds degrees from the University of Tennessee and Georgia State University. He sits on the National Alumni Board at the University of Tennessee and has previously held board positions with the Georgia Leukemia and Lymphoma Society and the Posse Foundation.

Advice from Ivanti CEO Jeff Abbott:

The rapid shift to remote work has accelerated growth in new digital systems and workflows, leading to expanded enterprise attack surfaces. At the same time, threat actors have matured their tactics and targeted enterprise security gaps. For example, attackers have increasingly waged phishing attacks at mobile devices, which remote workers are using more than ever before, via text and SMS messages, instant messages, social media, and other modes of communication, beyond just corporate email. Ransomware has also continued to evolve, with attackers increasingly leveraging known vulnerabilities that have remote code execution and privilege escalation capabilities. Ransomware is a business, and threat actors are incentivized to find companies that are more likely to pay.

Organizations are struggling to proactively combat these growing cyber threats. A new study by Ivanti revealed that 71% of IT and security professionals found patching to be overly complex and time-consuming. 57% of respondents stated that the global transition towards a decentralized workspace has made patch management more complex to deal with. And 53% said that organizing and prioritizing vulnerabilities takes up most of their time. This is alarming because the longer vulnerabilities remain unpatched, the more exposed a business is at risk of an attack or ransomware. 

To effectively mitigate risk, companies should implement a Zero Trust security strategy. At its simplest, Zero Trust provides organizations continuous evaluation of their employee devices, endpoints, assets, and networks that business relies on. As part of an overall Zero Trust strategy, companies should invest in automated controls that proactively perform cyber hygiene tasks and reduce security risk across infrastructure and applications. This includes leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation. A proactive, end-to-end risk-based assessment strategy can drive business value and further reduce the mean time to detect, discover, remediate, and respond to cyber threats.

Orchestral Founder and EVP Dale Smith
As Orchestral’s Head of Revenue Technology & Operations, Dale leads the digital infrastructure team responsible for integrating customer-facing operations across marketing, sales, and customer success to deliver extraordinary customer experiences that accelerate revenue performance. Dale has over 30+ years of experience in the tech industry, including several roles that include engineering, marketing, business development, and product management. His current startup, Orchestral.ai, provides AI-enabled IT workflow automation & orchestration technologies that facilitate digital transformation for some of the world’s largest enterprises.

 Advice from Orchestral Founder and EVP Dale Smith

“Although there is an increasing amount of attention given to automation within the cybersecurity sector, there are still many gaps between the countless tools and SOAR/SIEM platforms found in a typical enterprise’s cybersecurity infrastructure.
To be sure, cybersecurity automation is a welcome and necessary focus for innovation in threat intelligence and response. But, as organization’s adopt cybersecurity automation, they are likely to discover that significant human intervention is still required to bridge the “silos of automation” that naturally develop around highly specialized security tools and platforms. It is at this point when the focus should shift to “cybersecurity orchestration”. Cybersecurity orchestration intelligently integrates all of the different and disparate tools, platforms and siloed automations so that information is shared across the entire cybersecurity infrastructure. In this context, cybersecurity automation and cybersecurity orchestration are complimentary stages of focus for developing security infrastructure capable of coordinating a truly “autonomous” threat response.”

Prometeo Co-Founder and CEO Rodrigo Tumaián

Rodrigo Tumaián is co-founder of Prometeo, a startup in the fintech area. He is also a co-founder of Truss, a company that provides information security services in the financial sector. His extensive experience working with national and international companies has enabled him to learn to adapt to any type of environment and help customers across a broad spectrum of business models, industries and revenue levels.

Advice from Prometeo Co-Founder and CEO Rodrigo Tumaián

“When we talk about Cybersecurity month to encourage awareness around the topic, we should keep in mind that it is something we must take action on every day.  The repercussions that are caused when we find ourselves in the middle of a problem or a serious cybersecurity issue, profoundly impact our digital ecosystem.  Constantly promote cybersecurity awareness – that’s what we’re focused on internally and with every customer – and we’re product of what we’re accomplishing with them and seeing them and we are very proud of what we have accomplished.”

Rapid.Space Founder and CEO Jean Paul Smets

Jean Paul is an entrepreneur, with 20 year experience and success in enterprise open source software for B2B markets. As Founder and CEO At Rapid.Space, he leads product and business development . Before Rapid.Space, Jean Paul founded Nexedi S.A the largest FLOSS publisher in the EU (4 M€ income). He founded VIFIB which invented edge computing in 2009 and contributed its technology to Rapid.Space. He holds a PhD in computer science, graduated from ENS Ulm and joined “corps des mines”. 

 Advice from Jean Paul Smets, Founder and CEO at Rapid.Space

 “If you use a cloud service, make sure  your cloud provider does not have access to your passwords or credentials (most have access and password leaks happen in average every year, as we all experienced). If you use containers, make sure you understand that they do not provide strong isolation (containers from other users on the same host may be able to access your sensitive data through security escalation, such as the one which happened to Azure in 9/2021)”

ThycoticCentrify CEO Art Gilliland

Art Gilliland is CEO at Centrify and brings proven success in the global enterprise software industry-leading large organizations in product development, enterprise infrastructure, cybersecurity, go-to-market strategy, and SaaS operations. He most recently was SVP/GM of the Symantec Enterprise Division of Broadcom, reporting to the CEO, where he led the integration and business operations post-acquisition. Before Symantec, Art held executive positions at Skyport Systems, HP, Symantec, and IMlogic.

Advice from ThycoticCentrify CEO Art Gilliland:

“As organizations execute on their digital transformations to adopt cloud and SaaS infrastructure it will become more essential to adopt tighter control over who has access to what. Investments in tighter controls over privileged access by using multi-factor authentication, centralizing identities, and enforcing least privilege can go a long way to securing modern infrastructure. This investment can not only make the user experience more seamless for those who need and should have access, but can also simultaneously harden defenses to reduce risk of becoming the next hack or ransomware victim.”   — Art Gilliland, CEO, ThycoticCentrify