Small Business Journal: Robert Herjavec on Everything You Need to Know About Herjavec Group’s 2021 Cybersecurity Conversations Report

March 20, 2021

Our Founder and CEO, Robert Herjavec sat down with Small Business Journal's Chloe Caldwell to discuss his insights on cybersecurity in 2021 and how the most recent Herjavec Group Cybersecurity Conversations Report explores the past year and how to best prepare for the year ahead. Read on to learn "Everything You Need to Know About Herjavec Group's 2021 Cybersecurity Conversations Report."

---

2020 threw every small business owner across the nation for a loop. After having had to adjust communications, retail sales, and operations as a result of COVID-19, many entrepreneurs are working tirelessly to keep their brand running smoothly. Now, as more restrictions begin to lift and employees are going to start working in-office again, executives will have to readjust yet again to the “new normal.”

Luckily, Herjavec Group is doing its part to provide small businesses with the resources they need to thrive in the post-pandemic market. In fact, the corporation just launched its 2021 Cybersecurity Conversations Report, which dives into three key conversations that business leaders should have with their teams to prepare for the paradigm shift that is a direct result of the pandemic. Additionally, it explores why 2021 will be the most profound year in cybersecurity in our global history.

Ready to learn more? Keep reading to check out SBJ Correspondent Chloe Caldwell‘s conversation with Robert Herjavec.

Chloe Caldwell: You just launched the 2021 Cybersecurity Conversations Report. Can you tell us a little bit more about what it is about and how it can help small business owners?

Robert Herjavec: From increases in nation-state attacks to sophisticated malware threats, this is just the beginning of what we can expect to see in 2021! The annual Herjavec Group Cybersecurity Conversations for the C-Suite Report showcases the cybersecurity trends we forecast for the upcoming year, relevant strategic conversations, and questions that leaders should be discussing with their teams and asking themselves as cyber-aware professionals. While it’s geared towards enterprise businesses, cybercrime does not discriminate and oftentimes, small businesses fall victim because they simply can’t prioritize or invest in proactive security. Being cyber aware is the first step, so I certainly recommend business leaders of all company sizes engage with the report!

In the report, I share that 2021 will be the most profound year in cybersecurity in our global history. We have a remote workforce that has been off of corporate networks for the better part of 12 months. With vaccines rolling out, and the return to in-office work on the horizon, many companies will be in for a world of hurt when their employees plug back in. Regardless of where your organization’s cybersecurity strategy is – whether you’re starting at square one or have a well-maintained and mature plan – this report is a roadmap to build and strengthen your strategy and best prepare your company for what’s ahead.

Chloe Caldwell: The report breaks down the three key conversations that business leaders should have with their executive teams in order to confront the paradigm shift resulting from the pandemic. Can you summarize what these key points are for our readers and why they’re so important?

Robert Herjavec: The first key conversation is “COVID Testing” Your Devices. When workforces were sent home to work remotely, their devices followed. Your employees took their computers, phones, and even printers and connected them to their personal, unsecured networks. With this in mind, ask yourself – if your entire workforce came back into the office tomorrow, would your cybersecurity team be prepared? If your team hasn’t identified all of the devices coming back into the office, tested these devices for malware or vulnerabilities, and treated the “infected” devices so they are safe to return – the answer to that question is “no”. Bringing these devices back onto your corporate network presents a huge risk. It only takes one infected device to breach your network and affect your entire company. To prepare for a cyber-safe and smooth return to the office, we recommend prioritizing these essential tasks:

The Move Back to the Office Essentials:

1. Asset inventory: Take inventory of all devices coming back to your network to ensure visibility of all endpoints.
2. Test all devices: If you haven’t already deployed cloud-based Endpoint Detection and Response, do so. This will be the best way to identify and respond to any malware or compromises on all devices coming back to the office. Respond to any infected devices appropriately to ensure they are safe to return to the office.
3. Quarantine devices that have yet to be tested or are infected: If a device is infected or hasn’t been tested yet, quarantine these devices on a network segment that is isolated to avoid total corruption until the device can be properly treated.
4. Regularly test moving forward: Once your team is back to the office, continue to scan and monitor your EDR solution to ensure all devices remain safe. We highly recommend engaging Managed Detection and Response (MDR) support to ensure time to value, proactivity, and automated blocks & updates.

Next, your team should look at Refreshing Emergency Preparedness Plans. Now that you’ve thought about the initial transition from a fully remote work environment, it’s time to get proactive and make a plan for the worst-case scenario. Last year we saw an unparalleled number of cyber incidents at an astounding level of sophistication – and we can only expect both to increase in 2021. Most business leaders have stopped believing the myth that you can prevent all cyber-attacks. This is a great step in the right direction. But now comes the hard part – what do you do when your company has been breached? I’ve said it once and I’ll say it again – the worst time to decide what to do about a cybersecurity incident is after it’s happened. This is why your team, even small businesses, needs to start building your Incident Response Plan now. You may not have Incident Commander level expertise on call, but you can start by having a good understanding of your network, identifying your crown jewels so to speak (ie your critical assets) and doing regular backups. In the event you were breached, who would you call? It’s never to early to build out that Incident Response plan and source a service provider with the right team, the right tools, skills, and capacity to respond to an incident quickly and effectively.

Finally, we recommend Reprioritizing Scanning and Testing Programs. This key conversation is perfectly summed up by one of my favorite mottos – “cybersecurity is a journey, not a destination.” The bad guys are constantly looking for ways to penetrate company networks. So, cybersecurity teams must continuously improve and verify their systems and controls for securing the business. You won’t know how to improve if you don’t know your program’s current state. A balance of initial threat modeling exercises, a robust Vulnerability Management Program, and testing through Penetration Testing and Red Team Operations is a great way to gain full visibility. Once you understand your current security program’s capabilities you benchmark that against your industry peers and in a perfect world, an industry-leading framework like the MITRE ATT&CK framework. That way you know where your team needs to focus and the gaps you should close. The bottom line is – continuous improvement is no longer optional.

Chloe Caldwell: Why do you believe that cybersecurity is more important than ever in 2021?

Robert Herjavec: I can say that because of what happened last year. In last year’s Cybersecurity Conversations Report, we predicted that 2020 would be the year of “digital transformation”. We said that many companies would begin their transition online or to the cloud if they hadn’t already. I think it’s safe to say we were right! But we had no idea how right we would be. Due to the COVID-19 Pandemic, we saw a mass transition to digital operations. Businesses of all sizes and from all industries moved to a remote workforce almost overnight – and I have to give kudos to all of the IT teams who made this happen; it was truly an amazing feat! As a result, the main priority for businesses during the pandemic was to do what they had to do to survive. Unfortunately, this meant that cybersecurity took a back seat. Coming into 2021, cybersecurity teams are being tasked with catching up and keeping up. Not only are they retroactively securing infrastructure in their current state – they also need to start preparing for what’s to come. We can no longer overlook cybersecurity in 2021. In fact, it must be at the forefront of every business leader’s mind.

Chloe Caldwell: What do you think was the greatest or most challenging adjustment that businesses had to make in the past year in terms of cybersecurity?

Robert Herjavec: For cybersecurity professionals, our main goals are to protect our organization while also enabling the business. Unfortunately, during the pandemic, these two goals were at odds. The need to digitally transform as quickly as possible to enable the business took precedence over transitioning strategically and securely. I’ll put it this way – the digital transformation that most companies underwent would generally have taken months, sometimes years, to achieve before the pandemic hit. But last year for most organizations, it happened in a matter of days.

Chloe Caldwell: How do you think the workplace environment and the way businesses being run will change again as people begin to go back to their offices? What role will cybersecurity play in this adjustment?

Robert Herjavec: That’s a great question. I’ll start by saying – I don’t think things will ever go back to the way they were. The pandemic has taught us that cloud-based operations and remote work are very possible! They allow for attracting global talent, cutting down on company costs, and encouraging a fluid work/life balance for your employees. I think the way forward is with hybrid work environments – a mix of in-office and remote work environments. What does this mean for cybersecurity? For one, cybersecurity will be an essential component for business strategy decision-making. An organization’s cyber-attack surface grows as more operations move online. So, transitioning with cybersecurity top of mind will be critical. It will also mean a complete re-evaluation of security programs to address the new work model. When everyone was in office, it was easy to keep tabs on who was accessing what, with what device, and to pinpoint external intruders. That physical space is no longer the main location of company network access. So, cybersecurity teams will need to re-evaluate controls and prioritize Identity & Access Management policies & programs. This will ensure authorized people and devices are the only ones accessing the company network, at the right place, at the right time, and for the right reasons. We know businesses will begin transitioning to their post-pandemic work environments soon. It’s absolutely essential that their plans are informed by cybersecurity best practices equipped to face the emerging cyber threats in 2021.

 

Originally posted on thesbjournal.com