Hello and welcome. My name is Kyle Munson, and I'm part of the content studio at Principal, and I'll be moderating today's conversation. I'm excited to be joined by my colleague Meg Anderson, our Chief Information Security Officer, as well as Venus Quates, the Owner and CEO of LaunchTech.
Now, LaunchTech is a women, minority and service-disabled veteran-owned company, which has expertise in navigating critical technology and systems engineering infrastructure for enterprise clients in both the public and private sectors. And I'm proud to say that LaunchTech is a Principal Benefits and Protection client.
Now, today, we hope to emphasize points of optimism in this high stakes and often hazardous world of cybersecurity. Now, we've come a long way in the overall awareness in security, but we also think it's important to celebrate the legitimate wins and advances when the persistent threats can get so much attention. So let's dive right in.
Meg, let's start with you. So why do you feel it's important to recognize these cybersecurity gains? And is there a particular point of optimism that's top of mind?
Sure. Thank you very much, Kyle. Every morning when I scan the daily negative coverage associated with cybersecurity, I find myself wanting to change my mindset and maybe even my title to Chief Information Security Optimist.
As a field, we have made so much progress in resisting, detecting, and recovering from cyber attacks. And while I understand why there is a feeling of fear, and I wholeheartedly believe businesses must stay alert to cyber threats, I think a timely dose of informed optimism may be reassuring for companies of all sizes.
One reason I'm so optimistic about cyber is because technology is everywhere and increasingly embedded in our daily lives. And although this reality does introduce new, unpredictable vulnerabilities, it also means more software firms are rising to the need. Software providers are recognizing that greater security isn't just a good practice, it's just good for business.
I expect that we'll see things like multifactor authentication and other critical cybersecurity features built into the core of more and more software. Safeguards will become more common and will also be within the budgets of small businesses. And even more exciting, when there is an incident data recovery is becoming more seamless.
Thank you. Well, thanks to our Chief Optimist, Meg. Now, Venus, turning to you. How does your company, LaunchTech, see small businesses embedding more of this technology and software into their core operations? And what I think is a critical point, how are they making this more affordable?
Sure. So I usually advise small businesses to embrace technology and software integration to enhance their operations. Like Meg mentioned, there are plenty of options on the market, and they're far more affordable than when I started my company in 2016. Software companies are leveraging tools like automation and AI, and this helps consumers streamline processes and overall reduce their costs.
So they've introduced various options like cloud-based solutions, subscription models, and bundled services. So you don't have to be a multi-million dollar company to make your front line cybersecurity a priority. Additionally, there are plenty of free and valuable educational resources and support networks online, so all of which can be used to empower small businesses to safeguard their digital assets effectively.
Thanks, Venus. You know, Meg, these businesses, of course, also work within a broader national and regulatory framework. So how have you seen a collaboration between government and industry on cybersecurity? What progress have you seen that's noteworthy?
Oh, absolutely, Kyle. There's definitely been progress there. There's greater collaboration between government and industry partners more now than ever before. This commitment to information sharing between public and private is also helping others to avoid becoming victims of cyber attacks or to recover much quicker from them.
I'm also hearing more discussion about harmonizing laws and regulations to bring more consistency to cyber threat and incident reporting, which for the business simplifies what can sometimes be a very complex process.
Yeah. Well, Venus, this is in your wheelhouse I think because LaunchTech, as we said, serves government agencies and corporations alike. So what are you seeing in terms of this greater teamwork between government and industry in cybersecurity?
Sure. So I started my career 26 years ago in the intelligence space in the military and as a government contractor. I've also worked for technology manufacturers architecting solutions. And then as a decision-maker and buyer in the commercial space before I started my company. So my view of this landscape is pretty broad and pretty multifaceted.
As Meg mentioned, I am thrilled to see greater collaboration between government and industry in various areas. And the collaborative efforts for me, they demonstrate a positive shift towards leveraging the strengths of both government and industry players to tackle complex challenges and to drive innovation that benefits our society as a whole. And that, in and of itself, makes me more hopeful about the future.
I think some key areas where I've seen collaboration myself fostering positive change-- data privacy and security regulations. Governments worldwide are recognizing the importance of data privacy and security. And these collaborations are resulting in more robust and balanced regulations, which we've all seen.
AI ethics and governance. There's also larger investments being made in digital infrastructure. So the building and expansion of broadband networks-- 5G connectivity and other critical infrastructures. Things like that drive technological progress and economic growth.
And why we're here today-- cybersecurity initiatives. I think the rise of cyber threats has highlighted the importance of collaboration to bolster cybersecurity measures. So it's been proven that by working together, we can better identify vulnerabilities. We can introduce new techniques. We can create more streamlined frameworks, and create threat intelligence, and implement more robust defense strategies overall.
Yeah. Now, Meg, Venus just covered a lot of territory there. And so when we talk about government and private sector collaboration, another thing that comes to mind is just information for maybe even some of the smallest businesses who want to get a foothold in cybersecurity. What do you see in terms of free resources that can help some of these companies just get started and know which direction to go?
Yeah. It may be easier than some companies think. You no longer have to travel the cybersecurity journey alone. There are free and credible resources available to you and your businesses.
And a couple of examples-- you can find specific cyber guidance for small and mid-sized businesses on www.cisa.gov, which is for the Cybersecurity and Infrastructure Security Agency, including tasks for CEOs and services like cyber tabletop exercise packages. So you can practice responding to cyber incidents within your businesses without having to make it up on your own. Use the package on the CISA site, and you'll be able to walk through a cyber incident and get practice.
You should also check out free Cyber Readiness Institute certification programs at becyberready.com. You can use the champion referral code, Principal. And by investing some of your time and your employees' time, you can enjoy the peace of mind that your business is improving cybersecurity in meaningful ways.
Thanks, Meg. One of the key recommendations I think that we find in a lot of these, even these free resources, is that cybersecurity IT needs to be integrated into the heart of your business operation, into the core function. And when all too often in the past it might have been more of an afterthought. So how have you seen this evolve from maybe not thinking first about cybersecurity to thinking about it in the basic business planning?
Sure. And Venus touched on this a little bit as well. Technology is firmly integrated into business operations today. And the financial impact of a significant cyber incident has become a business risk, not just a technology problem.
The cost associated with data breaches vary greatly, but research shows that the average cost of a data breach is over $4 million per incident. That's a lot no matter how big your business is.
So over time, we've learned cybersecurity is more effective and less expensive when we're proactive. Thinking about how to keep your business secure should be started when your business plans are written, when changes occur to your business, such as office expansions, technology purchases, acquisitions, new employees. You should be considering the impact to your cybersecurity program, very similar to how you might adapt your budget. For business owners, cybersecurity should not be an afterthought, but rather a core business concern.
Venus, how does LaunchTech help both your agency and your business clients bring IT and cybersecurity into the hearts of their operations? Sure. So again, as a business owner, I know firsthand the crucial role that technology plays in business operations, especially for small businesses. So integrating IT and cybersecurity measures early on is essential.
A few strategies that are believed are really helpful is hiring the best you can afford, or engaging consultants or experts to assist where you have gaps. And again, this is not an area you want to scrimp on at any size.
Meg spoke earlier about prioritizing IT in your business planning, and that's crucial. No matter how small you or your budget are, implementing the right technology can make a significant impact.
Another is embracing the cloud. So cloud services provide cost-effective solutions for data storage, collaboration and task management tools, software applications, and so on. Data security and privacy is another for me-- so prioritizing data security and privacy from the beginning. And this is to make sure the sensitive information of your company, your employees, and your customers is safeguarded.
So lastly, we all know that knowledge is power. So properly training your employees on how to use the IT tools and systems effectively and encouraging IT awareness can avoid security risks.
Thank you. So Meg, if we're successful in this mindset shift, bringing IT cybersecurity into the heart of companies, does this mean that businesses also are focusing more resources on cybersecurity that-- what is the trajectory of the cybersecurity spend?
The conversation has shifted, Kyle, from who is the specific cyber person or team to how does cyber impact a particular process or service offered by your business? And that means more and more decision-makers and experts within companies, including business leadership and IT teams, are being exposed to thinking proactively about managing cyber risk and assessing it without necessarily having security in their job title.
But as Venus mentioned, it does take focus. And just like any other solid business analysis, small business owners are likely to need deeper expertise once in a while. But they understand the unique risks of their business, so they're in the best position to think about risk mitigation.
So Venus, I know this conversation is one where we're focused on the glass half full, but we do need to talk about some of the risks. So what are some of the cybersecurity risks you commonly see among small business, and how are they getting better at spotting these farther in advance before there's a serious breach?
So I think awareness is first. The biggest misconception some small businesses have is that they are too small to be targeted, when in reality, they are the perfect targets. So some of the most common cybersecurity risks I've seen are phishing attacks, ransomware, insider threats.
A great one is Mom 101-- your weak passwords, outdated software. We mentioned this earlier about employee training, so the lack thereof. And third-party risks. So when you're collaborating with other third-party vendors, partners, and such, that can also introduce additional cybersecurity vulnerabilities.
So to improve your overall posture, I've seen new things come about just because of the new regulations imposed by federal government as well. So the new adopted measures are making sure your employees are trained on a regular basis, installing endpoint protection, enforcing multi-factor authentication, making sure your software is updated, internal cybersecurity audits and risk assessments. And one of my favorites is making sure everything is backed up, so data backup and recovery.
That's a comprehensive list, Venus. Thank you very much. So Meg, as we get closer to the end of the conversation, how about leaving us with a final point of optimism to try to end on a high note?
Sure. In one word-- people. I think there's a wave of new trained reinforcements on the way with talented cyber workers flooding into the playing field. Employment of information security analysts is expected to grow 31% from 2021 to 2031. And the growth in the field is outpacing the average rate of growth of all other professions.
We're definitely seeing that our friends in higher education have responded to the gap in cybersecurity talent. Students are graduating from related programs and majors at a very fast pace. And there's also several programs providing mentorship to those looking to change careers. I think the future is bright.
Venus, this brings to mind, I know at LaunchTech, you do a lot to grow and develop new talent. Can you talk about this future talent that you're nurturing into the pipeline?
Sure. I'm on the same wavelength as Meg. We have a great bidirectional relationship with tech boot camps, with certification programs, higher ed. Last year we created an initiative called Launching Scholars, and that sends high school girls to cost-based STEM camps across the country, with a focus on space aviation and cybersecurity.
So these are three areas which we have our hands in at LaunchTech. So our approach is to remove barriers, to heavily invest in our talent, and also to build our pipeline early.
Well, Venus, Meg, thanks so much to both of you for joining in this conversation. And I think we've made good on the title of today's conversation, especially considering all this new talent that's coming into the pipeline to help with cybersecurity defense. Thanks to everybody for listening and taking part.
Thank you, Kyle.
Thank you.