Cyberattacks are on the rise and any interconnected enterprise is a target. As cybercriminals become more sophisticated, the job of Chief Technology Officer and Chief Information Security Officer has become more complex. How can CTOs and CISOs protect their companies, customers, investors and employees from future attacks? What steps should they take to prevent data breaches, disruptions in service, or harmful leaks of sensitive or embarrassing information?
In our latest Data Bytes, a monthly series of conversations for Spectrum Equity portfolio company CTOs and CISOs, we spoke with three leading experts – Scott Oberlink, CTO of Definitive Healthcare; Christopher Hudel, CISO and CTO of Spreedly; and Brent Williams, CISO of Momentive – about how to prepare for and prevent cyberattacks.
As always, I found their insights helpful and have synthesized them with the hope that they serve as a high-level guide for cybersecurity conversations and planning. One of the most important takeaways that I want to stress is that cybersecurity should not be viewed as brain surgery or rocket science, but simply as daily hygiene. The most basic, routine protections – think multi-factor authentication, unique passwords, and email phishing training and awareness – go a long way in protecting businesses and individuals alike.
~ Sanjay Tiwary, Chief Technology Officer, Spectrum Equity
1. Prepare, prepare, prepare: Scott Oberlink, CTO of Definitive Healthcare, stressed the importance of preparing your networks, staff, and support systems. “You don’t want to be scrambling when the worst happens,” he said. The first thing CTOs should do is assess the company’s defenses against cyberattacks and make sure basic protections, such as endpoint detection and response (EDR/MDR), are in place. “Do not overlook the basics,” Oberlink advised, encouraging CTOs to develop and practice incident response and business continuity plans; retain outside counsel with specialization in cybercrime; purchase cyber insurance; and consider retaining a CISO or virtual CISO.
2. Understand the threat landscape and pay attention to attack patterns in your industry: Christopher Hudel, the CISO and CTO of Spreedly, encouraged CTOs to become familiar with common types of cyberattacks and techniques like phishing emails and web attacks. “If we know the threats, we can be better armed to defend against them,” he said. While cybercriminals utilize similar attack methods, their patterns can vary by industry. “If you’re in financial services, your vulnerabilities are different from hospitality or healthcare; every industry has vulnerabilities attackers are looking to exploit, so you should become an expert on yours.”
3. Educate and train your staff on phishing emails: Brent Williams, CISO of Momentive, emphasized the importance of implementing a robust phishing email awareness and detection program across your company. “If you do only one thing, you should educate your staff on phishing emails. They are often the first step in attackers gaining remote access to your systems.”
Each month Sanjay Tiwary, Chief Technology Officer at Spectrum Equity, hosts conversations with CTOs across Spectrum’s portfolio companies to share the insights and expertise that are powering high growth tech companies. With over 30 years of product and technology operating experience at software companies across a variety of industries, Sanjay brings a wealth of knowledge to Spectrum Equity’s portfolio companies. Prior to joining Spectrum, he was the Chief Information Officer at Amazon (Audible) and served in the same role at Spectrum-backed Seamless/Grubhub and NetQuote/Bankrate.