Richard talks to Jaya Baloo, Chief Information Security Officer (CISO) of Avast, who provide antivirus and security software to companies and individuals around the world. They talk about how MSPs can explain cybersecurity to their clients.
They also discuss the key metrics MSPs need to focus on, the top cybersecurity threats to SMBs, and how they can stay compliant.
An Interview with Jaya Baloo
Who is Jaya Baloo?
Jaya Baloo is the Chief Information Security Officer (CISO) of Avast, who provide antivirus and security software. She held the same role at KPN, the largest telecommunications carrier in the Netherlands, and worked for Verizon and France Telecom before that.
Jaya has been recognised in the list of 100 top CISOs, the top 100 security influencers, both globally, and was chosen as one of the 50 most inspiring women in the Netherlands by Inspiring 50. The non-profit works to increase the profile of women in technology and raise diversity in the field.
Jaya explains that the CISO is the place where the buck stops when it comes to security. The CISO is responsible for the security vision and mission in an organisation and for forward planning to mitigate against risks.
How MSPs can Explain the Importance of Cybersecurity
Cybersecurity needs to be key for any company to ensure that they remain in business, because not doing so impacts continuity. All companies need to be able to handle any problems effectively, and it’s a challenge for all businesses now, regardless of size.
Businesses need to identify where their biggest headaches come from, whether that’s within network systems or in data, and they need to be able to act quickly when problems occur.
Smaller organisations can be complacent and assume that criminals aren’t interested in their data, so it’ll never happen to them. The problem is, Jaya says, is that not all attacks are targeted – very often opportunists don’t care who they hit, so long as they hit someone.
This is prevalent in areas such as ransomware, where the majority of companies are completely ill-equipped to prepare for the eventuality of an attack, or that this is the very reason that makes them vulnerable. When they are targeted, they’re so desperate to get back to normal that they will pay the ransom without being sure they will have their data restored.
How can your business offer incredible MSP Cyber Security Services to its Small & Medium-Sized (SMB) clients? Watch this live panel session where myself and a panel discuss How to Offer Incredible MSP Cyber Security Services.
Key Metrics for MSPs to Focus on
The metrics and KPIs (key performance indicators) for MSPs (managed service providers) to focus on are the same regardless of the size of the company they support. Jaya says that the main difference is that as the business grows, they need to do more of everything.
She says that the most important metric is the average time to respond to vulnerabilities and incidents. The one metric which signifies maturity is the days in between an attack and resolving it, because that’s the window for a hacker to get in and cause damage.
A vulnerability scanner can spot vulnerabilities both in your outside perimeter and inside your network. Once you know about a weakness, how long does it take to fix? That time shows how ready you are to cope with new issues as they come along.
The Top Cybersecurity Threats Jaya Says SMBs Face
The main challenge for MSPs is lack of budget and resource, and an inability to assign one person to focus solely on security. This means they’re often slower to reach and not as prepared as they could be.
Any company that doesn’t include online and offline backups as part of their core business practices is one we should worry out. Threats that take advantage of lack of resource will always succeed. SMBs are often not agile or quick enough to prepare or assess risks.
How SMBs can Stay Compliant
Jaya believes that compliance is the floor and not the ceiling, so it’s the bare minimum that you need to do, but doesn’t ensure any form of security. For an SMB, if you aim for security, you’ll hit compliance every time. Focus on security and privacy.
Compliance regulation is always there, and additional rules are unavoidable. Rather than focusing on those, aim for good security and privacy practice instead. Plan ahead, and have smart partnerships so that your supply chain takes the same precautions.
Connect with Jaya
You can find out more about Avast here.
Mentioned in this episode
Richard and Jaya mentioned the following companies during their conversation:
- Avast: https://www.avast.com/
- Inspiring 50: https://inspiringfifty.org/
- Citrix: https://www.citrix.com/
- Have I Been Pwned: https://haveibeenpwned.com/
- SpyCloud: https://spycloud.com/
- Mitre Attack Framework: https://attack.mitre.org/
- CompTIA: https://www.comptia.org/
- NextGen Sales Academy: www.nextgensalesacademy.com/
Connect with me
- Subscribe to TubbTalk RSS feed
- Subscribe, rate and review TubbTalk in iTunes
- Subscribe, rate and review TubbTalk on Stitcher Radio
- Subscribe and rate TubbTalk on SoundCloud
- Subscribe and rate TubbTalk on Spotify
- Follow TubbTalk on iHeartRadio
- Follow @tubblog on Twitter