Rob Schenk, Intivix: “cybersecurity is about building layers upon layers of protection”
Various global geopolitical and economic challenges can cause bigger cyber incident volumes, creating a need for better protection for companies.
There are various threats that fill the cyber world – data breaches, malware, fraud – whatever they are, they can have damaging effects on companies. And financial losses are not the only consequences – in some cases, cyberattacks can also result in reputational damage or even identity theft.
Regular Internet users take advantage of traditional security measures, such as adapting a password manager. However, for companies, such solutions are not enough for high-level security and require a more layered approach.
Cybernews invited Rob Schenk, the CEO of Intivix – a company that provides managed IT support and cybersecurity services. Schenk agreed to share his views regarding businesses’ approach to security and threat prevention methods.
Intivix has grown exponentially since its launch in 1996. What has your journey been like?
Entrepreneurship is certainly an adventure. Core to our business ethos is embodying a creative growth mindset, having an open mind, and doing the right thing for our clients, our team members, and our community. Ultimately, our success and longevity stems from our relentless focus on driving value for our clients and being better every single day.
Like many businesses, the Intivix journey is one of twists and turns with its share of ups and downs. We learned the importance of resilience and tenacity early on. If you get knocked down six times, then you get up seven. We would not be where we are today without our amazing team, whose focus and energy enable our collective success and growth. I’m humbled and honored to work with such dedicated professionals.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
My main roles are helping our clients enable their teams and secure their data, while also crafting our corporate strategy, developing our company culture, creating memorable experiences, and cultivating the next generation of modern leaders.
One of the major challenges that I’ve been navigating is how best to educate our client base and community on the importance of cultivating a security-first mindset and driving this through organizational change. It’s a journey, and you start where you are. With dedication, consistency, and focus, though, we’re making inroads, which is a positive development.
What are some of the most serious problems organizations can run into if an appropriate IT strategy is not in place?
Technology touches every part of a business. If you have a strong foundational technology stack, along with consistent patching and IT inventory hygiene, it can be a positive game-changer. But if you aren’t keeping up with basic blocking and tackling, are missing modern security toolsets, and still don’t have cyber liability insurance, then your company is vulnerable and incurring a lot of downside risk.
Not properly investing in a sound IT strategy will ultimately result in heightened security risk exposure, low team efficiency/productivity, potential reputational damage, and technical debt that will end up costing you more money than investing in the right solutions in the first place. If your goal is a thriving business, then proper planning and investment are key.
Have the recent global events somehow affected your field of work?
Yes, definitely. For example, the current conflict between Ukraine and Russia has escalated cyber threats for businesses and government agencies in the United States. You have state-sponsored cyber actors and criminal organizations from countries like Russia, North Korea, and China who are taking advantage of the situation to engage in espionage and other malicious cyber activities.
Any time you have economic difficulties or geopolitical unrest, you can expect crime rates to increase, and the same is true for cybercrime. Fortunately, the MSP community has an extensive threat intelligence network, with vendors/partners freely educating the community with actionable steps to protect ourselves and our clients better. After all, if one MSP gets hit, the community is hit. We are all in this together, and it takes a village. This growing selflessness and information exchange strengthens the MSP community and keeps us up with the latest threats, enabling us to more effectively monitor the situation, raise awareness, and prepare accordingly.
What are your thoughts on cybersecurity systems specifically tailored to one's business? Is it something each organization should invest in or is it only relevant for large enterprises?
It's critical for SMBs to invest in a cybersecurity plan that works for them. Cyberattacks have grown more nefarious and are increasing in severity and impact. Cybercriminals know many small businesses are still using cheap, cookie-cutter solutions, making them easier and more attractive targets.
We recommend designing your plan from the perspective of the “assume a breach” mentality. Properly inventory your systems, as, after all, you can’t protect what you don’t know. Do a risk assessment, identify your mission-critical applications, amount of acceptable downtime you can tolerate, and work to strengthen core defenses as a primary objective. Develop a strategy of cyber resilience, draft an incident response plan, and have enough defense so you can quickly determine malfeasance and remove the threats. The faster you can detect and eliminate the bad actors, the less impact it has on your business.
Every business, from SMB to enterprise, has its own unique security needs. To meet those needs and achieve cyber resilience, your security plan should be tailored specifically to your company’s requirements. You need to consider several factors, like your industry, size of your business, available resources, regulations, network complexity, and types of data you store. Those answers will determine what security program is required to protect your environment.
In your opinion, what IT and cybersecurity details are often overlooked by new businesses?
I think many businesses overlook two key things when it comes to cybersecurity. First, they don't realize that you can't get effective security from a single solution. Second, it will always be an ongoing activity. There are a lot of SMBs that believe using passwords and antivirus are enough or that they're too small to be a target. Some even think letting an MSP take over will solve all their security concerns. Sadly, none of these are true.
SMBs need multiple layers of protection like multi-factor authentication, endpoint protection, and more. Also, they need to defend their network actively. That means you need security policies, processes, and procedures in place. In addition, you need to train their employees regularly and update their security tools constantly. It's the only way to keep up with the ever-evolving cyber threats.
What cyber threats do you think can become a prominent problem for organizations in the near future?
I believe the biggest cyber threat is always going to be the one we don't know about yet. The runner-ups, however, are the most prominent ones. Those are the ones that you'll see on watchlists regularly. So, you have the usual suspects like email phishing, password compromise, and ransomware. But now, you also have the challenges brought on by the sudden shift to remote work in recent years. That includes bring-your-own-device policies and the increasing use of cloud applications that continue to challenge cyber defenses. In addition, new and poorly regulated cryptocurrencies that have popped up in the last few years have helped ransomware attackers, becoming their payment method of choice.
What are the best cybersecurity tools do you think every company and individual should have in place to combat these threats?
As mentioned previously, every business has its own unique needs, budgets, and priorities. In essence, the best cybersecurity tools are the ones that fit your needs, that you can implement well, and that you can manage properly.
There's no single cybersecurity solution that will do everything for you. You can't install a piece of software and just call it a day. Cybersecurity is about building layers upon layers of protection. Those layers include basic security measures like consistent patching, email protection, firewalls, web filtering, security awareness training, and endpoint protection and isolation software. In comparison, the more advanced option will include building a 24/7 security operations center with active threat hunting capabilities, SIEM, and more. Each component has its part to play, and that gives you the ability to prevent attacks from being successful while being able to detect and eject quickly should an incursion take place.
And finally, what's next for Intivix?
We are looking forward to continued growth and expansion as we help our clients secure their data, create solid foundations to scale their operations and drive continued value as we take things to the next level.