Ian Yip, Avertro: "there are very few people in the world today who will say that cybersecurity is not important"
It’s already apparent that cybersecurity is one of the most important aspects of today’s digital business landscape. However, security teams still struggle with communicating security-related decisions with the company’s executives and board members.
This communication gap can often lead to poor decision-making and weaken business cybersecurity posture. As a result, companies are much more prone to attacks that lead to brand reputation damage and financial losses.
That’s why Cybernews talked with Ian Yip, the Founder and CEO at Avertro – a company that specializes in computer and network security. Yip agreed to discuss cybersecurity tendencies within the business landscape and what are the most effective ways to protect against cyberattacks.
How did the idea of Avertro come about? What has the journey been like?
When I was the CTO for McAfee Asia Pacific, many conversations with leaders revolved around the key challenges they were facing. The common thread was the disconnect between the cyber team and everyone else, particularly with the executive layer. Organizations continue to struggle with aligning the tracks and the GRC technology promised to address this. The reality is that organizations still need spreadsheets, consultants, and tools that aren’t fit for purpose. Armed with this frustration, I felt compelled to solve the problem directly, by starting Avertro.
Can you introduce us to your Avertro platform? What are the main challenges you help navigate?
Avertro CyberHQ® can streamline and automate up to 75% of an organization’s manual effort by taking relevant data points, calculating, normalizing, and translating them into a taxonomy that makes sense to executives and board members. It gives cybersecurity leaders the power to make their business case, and continuously prove they are doing cyber right.
In your opinion, what cybersecurity details are often overlooked by new business owners?
Cybersecurity in general tends to be overlooked by new business owners. It is almost always not considered unless the company in question happens to be in the cybersecurity industry. In other words, many new businesses do next to nothing to protect themselves against cyber threats. This is a core systemic societal problem that we’ve yet to solve and it will be a continuous battle that cyber defenders have to fight for years to come.
How do you think the recent global events affected the way people approach cybersecurity?
Recent global events have at least shone more of a spotlight on cyber risks. There are very few people in the world today who will say that cybersecurity is not important. However, outside of larger organizations, the gap between awareness and having the appetite to do something about it is still vast.
What are the best practices do you think companies of all sizes should adopt nowadays to maintain smooth and secure remote operations?
My best cybersecurity advice would be the following:
- Keep systems patched and up to date.
- Enable Multi-Factor Authentication for all key systems and services.
- Ensure all staff is regularly educated on cybersecurity risks and events.
- Maintain as much cyber visibility of key systems as possible based on the organization’s risk profile.
Why do you think certain organizations are unaware of the risks they are exposed to?
Blind spots in cybersecurity are typically a function of how much an organization understands and cares about risks and what they want to spend on addressing them. Parts of the cybersecurity industry still do not truly understand how to articulate and contextualize risks, particularly in a business context.
Far too many employ compliance or controls-centric approaches. When this is the norm, no thought is given to any detail in terms of specific risks beyond: “We have a cybersecurity problem, and we have to spend some money to address it.”
In your opinion, what are the worst organizational cybersecurity habits? Which bad practices do you come across most often?
The worst habit is not caring about cybersecurity at all. But if we look at organizations that at least do something about it, the biggest problem is the compliance-driven way many take in dealing with the challenges. Compliance does not equal security. It is much better to take a risk-based approach, prioritize spending, do cybersecurity right, and be compliant as a result.
What kind of threats do you think we are going to see more of in the near future? What measures should average individuals take to protect themselves?
Geopolitics has already played a huge part in how cyberattacks unfold and in the motivations behind how and why certain groups pick their targets. This is only going to get worse. What this essentially means is that cybercriminal activity is going to be even better funded over time and the methods and tools they use will keep improving, keeping them a few steps ahead of organizations trying to defend themselves.
Average individuals should always approach cyber safety with a healthy sense of skepticism. Some good habits include the following:
- Not clicking on links in emails.
- Enabling Multi-Factor Authentication on all key services.
- Keeping personal devices patched and software up to date.
And finally, what does the future hold for Avertro?
Our short-to-mid-term plans are focused on ensuring our product continues to evolve and serve our existing customer base, as well as new organizations that we onboard. Geographically, we remain based in Australia but will be actively growing our global footprint, team, and operations.