perspectives

Data Bytes with Sanjay Tiwary: What Every Growth Company Needs to Know About Cybersecurity

Data Bytes: Cybersecurity

Cyberattacks are on the rise and any interconnected enterprise is a target. As cybercriminals become more sophisticated, the job of Chief Technology Officer and Chief Information Security Officer has become more complex. How can CTOs and CISOs protect their companies, customers, investors and employees from future attacks? What steps should they take to prevent data breaches, disruptions in service, or harmful leaks of sensitive or embarrassing information?

In our latest Data Bytes, a monthly series of conversations for Spectrum Equity portfolio company CTOs and CISOs, we spoke with three leading experts – Scott Oberlink, CTO of Definitive Healthcare; Christopher Hudel, CISO and CTO of Spreedly; and Brent Williams, CISO of Momentive – about how to prepare for and prevent cyberattacks.

As always, I found their insights helpful and have synthesized them with the hope that they serve as a high-level guide for cybersecurity conversations and planning. One of the most important takeaways that I want to stress is that cybersecurity should not be viewed as brain surgery or rocket science, but simply as daily hygiene. The most basic, routine protections – think multi-factor authentication, unique passwords, and email phishing training and awareness – go a long way in protecting businesses and individuals alike.

~ Sanjay Tiwary, Chief Technology Officer, Spectrum Equity

Top 3 Takeaways:

1. Prepare, prepare, prepare: Scott Oberlink, CTO of Definitive Healthcare, stressed the importance of preparing your networks, staff, and support systems. “You don’t want to be scrambling when the worst happens,” he said. The first thing CTOs should do is assess the company’s defenses against cyberattacks and make sure basic protections, such as endpoint detection and response (EDR/MDR), are in place. “Do not overlook the basics,” Oberlink advised, encouraging CTOs to develop and practice incident response and business continuity plans; retain outside counsel with specialization in cybercrime; purchase cyber insurance; and consider retaining a CISO or virtual CISO.

2. Understand the threat landscape and pay attention to attack patterns in your industry: Christopher Hudel, the CISO and CTO of Spreedly, encouraged CTOs to become familiar with common types of cyberattacks and techniques like phishing emails and web attacks. “If we know the threats, we can be better armed to defend against them,” he said. While cybercriminals utilize similar attack methods, their patterns can vary by industry. “If you’re in financial services, your vulnerabilities are different from hospitality or healthcare; every industry has vulnerabilities attackers are looking to exploit, so you should become an expert on yours.”

3. Educate and train your staff on phishing emails: Brent Williams, CISO of Momentive, emphasized the importance of implementing a robust phishing email awareness and detection program across your company. “If you do only one thing, you should educate your staff on phishing emails. They are often the first step in attackers gaining remote access to your systems.”

About the Author:

Each month Sanjay Tiwary, Chief Technology Officer at Spectrum Equity, hosts conversations with CTOs across Spectrum’s portfolio companies to share the insights and expertise that are powering high growth tech companies. With over 30 years of product and technology operating experience at software companies across a variety of industries, Sanjay brings a wealth of knowledge to Spectrum Equity’s portfolio companies. Prior to joining Spectrum, he was the Chief Information Officer at Amazon (Audible) and served in the same role at Spectrum-backed Seamless/Grubhub and NetQuote/Bankrate.

Content contained in this blog post is not intended to and does not constitute investment advice. Your use of the information in this blog post and materials linked is at your own risk. Spectrum Equity does not make any guarantee or other promise as to any results that may be obtained from using this content. No one should make any investment decision without first consulting his or her own financial advisor and conducting his or her own research and due diligence. Past performance is not indicative of future results, and there is a possibility of loss in connection with an investment in any Spectrum Fund. To the maximum extent permitted by law, Spectrum Equity disclaims any and all liability in the event any information, commentary, analysis, and/or opinions prove to be inaccurate, incomplete or unreliable, or result in any investment or other losses. The specific companies identified above does not represent all of Spectrum’s investments, and no assumptions should be made that any investments identified were or will be profitable. View the complete list of our portfolio companies.