On the heels of the Colonial Pipeline breach and global concern about Russian hackers, world governments and companies are spending more resources than ever on cybersecurity. A new report by industry analysts, Gartner, predicts worldwide IT security spending to exceed $150 billion by the end of 2021 — a 6.4% increase from 2020.
Cybersecurity has become an inseparable part of corporate and government infrastructures as companies and organizations grapple with the challenge of protecting their assets from cyberattacks.
We recently sat down with Anas Chbib, Founder and Group CEO at AGT, a cybersecurity firm that specializes in ‘360-degree’ cybersecurity solutions for businesses, government agencies, and private organizations.
Q: Cybersecurity threats over the last few years have skyrocketed, along with their success rate. Yahoo Finance, for example, reported in February that 78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite the increase in digital security investments in 2020. What do you think is the reason for this lack of confidence and lack of investment results?
A: It's hard to identify an exact reason, but I believe part of it has to do with the fact that there is a lot of misinformation out there surrounding cybersecurity and cyber safety. A big portion of the population isn't even aware of what these issues are. Another large portion simply doesn't know how many threats actually exist or how to go about protecting themselves or their information.
The biggest problem, however, is simply that most people are not taking the threat seriously enough. Cyberattacks are much more dangerous than physical attacks and they're becoming increasingly common as we become more reliant on technology in our everyday lives. From my perspective, it's no longer a question of whether cyberattacks will occur, it's more about when and where.
Q: What sort of threats are we talking about? What should people be concerned about?
A: I think people should be most concerned about the possibility for a very large-scale cyberattack to occur in which critical infrastructure is targeted, such as banks and financial institutions, transportation systems (aviation, trains, etc.), oil pipelines, and electric grids. Most companies focus on the investment of the systems, hardware, and software upgrades, rather than focusing on human capabilities, who ultimately run the systems, and act as the first line of defense.
Q: The human element of cybersecurity, as you mentioned, cannot be ignored. How can CIO’s improve their investments to strengthen their human firewall?
A: Investing in education, awareness, best practices for adversarial thinking, and understanding what it takes to build good security.
As a first line of defense, the human element is so valuable! Organizations can start by forming a security culture, empowering their workforce with the tools and knowledge to help them help themselves. Educating your employees will also increase user awareness, which is key when it comes to attacks like phishing. A good security culture starts from the top down; senior leadership need to be role models of security best practices and show a vested interest in protecting both company assets and personal data.
Employers can even reward employees by incentivizing training and security tests. This will encourage them to take security seriously and make it part of their everyday routine.
Q: How important is the government's role when it comes to cybersecurity? Some are advocates of reform while others say that the current enforcement (or lack thereof) has been sufficient. Would you advocate for an increase in federal efforts and funding, or just maintaining the status quo?
A: Maintaining the status quo will not do. Cybersecurity is now a major issue that requires meaningful reform in government to address the needs of citizens who are concerned about their privacy and security online. With advances in technology, cyber threats are more diverse and dangerous than ever before. We shouldn't wait until there is a significant cyberattack.
Q: Anas, you have been an authority on cybersecurity for nearly two decades; advocating to the German government back in the early 2000’s that they should help businesses and other industries develop their cybersecurity programs. Why do you think the government should be more involved? What would that look like?
A: The government should help businesses to do the right thing and they have the power to force them. They are not doing enough today in my opinion. I think that it has become easier for small/medium-sized businesses who can now go out there and buy cyber insurance, which gives rise to the false sense of security that everything is okay. We need more regulations and rules, but then again, the laws are still very new and not that well-enforced, which is why I have been advocating for a Ministry of Cyber Security.
We need to strengthen lobbying for stronger rules in order to better protect all of us from cyber criminals. The more you know about cybersecurity, as a user or as a company, the less chance there is of being hacked. More organizations and governments need to invest in cybersecurity to protect the citizen and the consumer, otherwise hackers will continue to be in business—ultimately stealing citizen and shareholder money.
Q: Overall, it seems like education is the big obstacle limiting the success of corporate cybersecurity programs. Employees and customers alike are still learning the ins and outs of an ever-evolving industry. How would changes to education, from a federal and company level, impact the success of cybersecurity systems?
A: In the education sector, they need to adapt the curriculum and teach the new generation about technology. We hand our students iPads and iPhones at a young age but don't teach them how to use them in a secure manner. They don't learn about everyday cyber threats, such as phishing attacks, ID theft, malware, or viruses.
The same is true for employees because they need to keep themselves educated and up-to-date. It's a two-way street: the federal government can help by pushing awareness campaigns and sharing cybersecurity best practices, but it's also on companies to provide education to its workforce. The more educated our workforce becomes, the fewer loopholes there are for cybercriminals. The industry has to do something for the young population, let them learn at an early stage.
Anas Chbib is one of the most respected leaders in the security industry, known for his unmatched business ethics, inspirational entrepreneurial spirit, and fierce desire to offer organizations worldwide highly-secured environments in order to ensure business continuity and better service. Anas is currently the Founder and CEO of AGT, a highly respected, international cybersecurity firm.