Market Leader: Greg Fitzgerald of Cyberforce Security
On the Need for Expertise
Cybersecurity has been something where people typically only thought large organizations and governments—places with “value”—were attacked. Now, we see clearly that the common individual or the small business—the entities that felt they didn’t have assets that might be desired by attackers—they’re all vulnerable. And at the same time, we’re now challenged with not enough talent or skill or personnel on the good side that understands cybersecurity in its basic form, much less in a highly sophisticated form. [At Cyberforce,] we discern which technologies work, which are easy to use, and which are affordable. All three of those elements are required to get [technology] to the masses. When a cybersecurity vendor tries to reduce their feature set to make something more affordable for a small business, it hurts everyone—it’s a useless product.
On the Rise of Managed Security Service Providers
There are millions of vacant cybersecurity jobs around the world. If you have a cybersecurity skill, are you going to work for Joe’s Savings and Loan in Columbus, Ohio? Probably not. And because we live in a virtual world, you can still live in Columbus but work for Citibank, or a great cybersecurity company, or the government. This leaves Middle America highly vulnerable. So MSSPs are growing crazy fast because people realize they can’t do it themselves. The business model of an MSSP is to be a team of experts who can spread security skill sets across numerous companies as a service.
On Cylance’s Breakthrough
At Cylance, we understood that the foundation of protection was not scalable. Everything was based on reactive behavior, just like a vaccine. The coronavirus is a great analogy. There wasn’t a protection for the coronavirus, but now that we’ve seen it, there will be a vaccine. But look at all the damage that happened because it came out—that’s exactly what happens in cybersecurity, even today. The key [difference] is, can AI predict how to prevent a virus from spreading? It is possible. We understood back in 2012 that this was a theory we wanted to prove could work—and, subsequently, it has.
On the Biggest Threats Today
Today, anything connected to the internet is vulnerable. That’s very concerning— people want to live their lives and not think about this, but unfortunately, it’s part of our modern way of life. I see malicious software, malware becoming automated. No human is involved, but it can infect and take action to steal data or damage data and devices automatically. You’re seeing more organized crime. It’s not government or nation-state sponsored; common thieves have gotten organized. We’re also seeing a lot of ransomware—it’s always existed, but it used to be managed by an individual. Now it’s automated. A person with no skills can go to a website and transact a ransomware attack and never get caught.
On What’s Next
I’m identifying a [potential growth] area around devices, users, and applications for security administrators. If you ask them how many assets—a device, a service, a laptop, a phone, an IoT device, any computing opportunity—do they have, they can’t give you an accurate answer because the databases of these devices that have traditionally been registered are not able to keep up. Devices come on, come off, break, stop communicating, etc. This is a huge opportunity: If you don’t know what you have, you can’t protect it. And in a world of BYOD—people are accessing company email on an iPhone—we’re not in a centralized world and there are no boundaries to an IT environment.