Richard Baker, rSolutions: “if it sounds too good to be true, it probably is”

Cyber felons don’t discriminate – no matter the individual or the sector the company is in, anyone can fall victim to the hands of a cybercriminal.

Data breaches, ransomware, fraud – there are many threats that are lurking in the corners of cyberspace. And the worst part is that it can result in irreparable damage, whether it’s financial or reputational.

Sure, regular users get themselves a high-quality antivirus for their personal computing needs as a means of providing some protection, but companies need more advanced solutions, including managed cybersecurity services.

That’s why we invited Richard Baker, the Founder and CEO of rSolutions – a company that specializes in cybersecurity solutions. Baker agreed to share his views about cybersecurity, common threats, and efficient prevention methods.

How did the idea of rSolutions come to life? What has your journey been like?

Having worked as a CISO in the public sector and then at a big 4 Consulting firm, I recognized that I wanted to build an organization that focused on the rising demand for cybersecurity concentrated on customer service. Like many entrepreneurs, I leveraged my personal assets and relationships to start rSolutions. During this journey, we faced growth challenges (staffing, capital, expertise, partnerships), and throughout all of those, the dedication to our clients allowed us to prevail and grow into the viable company we are today.

In the 12 years of operation, we have grown from two employees to fifty employees across Canada and into the US. We have served over five hundred clients across North America and have won North American Partner awards from the strategic vendors we partner with.

Can you introduce us to what you do? What are the main challenges you help navigate?

We are a full-service cybersecurity company delivering enterprise-grade cybersecurity services and solutions to the clients we serve, with a focus on delivering managed security services.

Providing security is challenging given threats are constantly evolving… it is a constant state of change. This means our advice, services, and solutions are all a point in time. This is a challenge for clients as security is never final – it is rather a journey.

What would you consider the most important changes you have witnessed in the cybersecurity industry throughout the years?

Number one is the challenge of finding and retaining qualified staff. Few youths grow up dreaming of a career in cybersecurity and there are still even fewer higher education programs focused on cybersecurity. Commonly, cybersecurity resources are in the second or third phase of their career when entering cybersecurity from previous careers in systems administration, network administration, or application development. This has really driven the demand for managed security services providers as the breadth of knowledge and the variety of experts required to effectively run a cybersecurity program costs too much for small and mid-sized organizations to bear.

While there is an increase in news about the increased sophistication of attacks, most incidents occur due to a lack of fundamental security (e.g. insecure authentication, poor security architecture, lack of logging and visibility, etc). We are starting to see a shift in clients’ belief that any one technology is a silver bullet to keeping clients secure.

How did recent global events change organizations’ approach to cybersecurity? Were there any new features added to your services as a result?

Global events tend to impact the specific industry sectors targeted. For example, Covid-19 put focus on healthcare clients, both those delivering healthcare and those doing research and developing vaccines.

To mitigate these new threats, we began offering additional threat intelligence offerings and enhanced our external threat monitoring and identification services. The new services are designed to help clients at identifying and prioritizing which threats need to be mitigated first.

With work from home becoming the new reality, what are the best practices companies should incorporate to keep their workload and customer data secure?

Work from home, combined with many companies’ pushes to the cloud, has left many companies exposed to a lack of visibility. First, the shift to the cloud has not always been done with security in mind. Moving critical workloads to the cloud has often been completed with the priority on ensuring functionality first. Security is often an afterthought as companies realize they do not have the same visibility into who is accessing their cloud systems as easily as when they ran systems on-premise.

Examples of failures we have seen include limited knowledge of secure cloud configuration, a lack of audit and logging trails in cloud services, or a lack of getting logs into client security incident and event management systems. This is often due to the ease at which cloud systems can be deployed, whereby business units are firing up cloud services vs the traditional approach of IT systems folks being instrumental in building on-premises solutions.

Secondly, working from home has meant cloud environments are being accessed over the Internet without the need of going through a corporate network. This has removed the visibility of standard cybersecurity controls, such as IDS/IPS, DLP, and UBA systems that protect corporate networks. This has given rise to Secure Access Services Edge (SASE) services to provide similar security controls to users, whether they are on the corporate network, working from home, or in their local coffee shop.

Why do you think certain organizations struggle to keep their cybersecurity up to date, despite all the solutions and providers available today?

Until a client experiences a breach, they do not often associate the impact a breach will have on them should a malicious incident happen. The cost and effort of maintaining cybersecurity are always in competition for funding from other business initiatives and are still too often viewed as an expense rather than a business enabler.

In your opinion, what kind of cyberattacks can we expect to see more of in the near future?

Follow business and technology trends and you can predict attacks. We are likely to see increased attacks on critical infrastructure in retaliation for the war in Ukraine. As well, increased cloud adoption will make attackers focus on ways to attack the new cloud environments.

What measures should individuals implement to protect themselves from these threats?

If it sounds too good to be true, it probably is. Some Prince from a distant land doesn’t need your banking information for a wire transfer, so be sure to avoid bad emails that promise free things or consider you a winner for things you did not even enter. Watch web addresses to be sure you are dealing with a legitimate source.

Unfortunately, just about everything from phone calls (if you still answer them), to email, social media apps, SMS messages, and IOT devices have the potential to be misused. While I am not suggesting being paranoid, sometimes it is okay to take a step back and say, “Does it make sense for this app to ask me to do this?” (Why does this calculator need access to my Facebook account, could my bank really have accidentally sent me a funds transfer?). As Canadians, we are sometimes overly polite, but in some cases, it is okay to ignore a suspicious friend request or call your bank to validate a suspicious request no matter where you’re from.

Remember that the convenience of technology makes it easy to do things quickly, sometimes faster than we are thinking things through. Technology’s speed and convenience come at the cost of risk.

Share with us, what’s next for rSolutions?

We are growing in step with demand for cybersecurity and we have already doubled our endpoints under management in the first quarter of this year. We want to be the best Cybersecurity Managed Security Services Provider in North America. We have a 100% retention rate in our managed services and aspire to maintain the trust our clients have placed in us to protect their systems and networks.

rSolutions will continue to enhance our managed security services and is looking to align our cybersecurity services with the potential of helping our clients mitigate the rapid increases in cost for cyber risk insurance.