Earlier this week, Kurtis Minder, CEO at GroupSense, joined Defendify's Cyber Crystal Ball panel with Lori Sussman, Professor at University of Southern Maine and Antoinette King, Founder at Credo Cyber Consulting.
On the panel, they discussed:
- The growth and evolution of ransomware attacks in 2021 from a ransomware negotiator
- Third-party risk, supply chain vulnerabilities, and cybersecurity insurance market hardening
- Closing the talent gap and educating the next generation of cyber defenders
- The convergence of physical and digital security systems
- Channeling where to focus your research on new solutions in the vendor channel
Below are a few highlights from the panel discussion:
Craziest 2021 Moment
The craziest 2021 moment for Kurtis was the number of small businesses that got hit that no one heard about. "For every Colonial Pipeline you hear about in the news, there are 100 small businesses that are hit by ransomware. It is the thing that no one talks about. It is life changing for small businesses." Small businesses are impacted on a greater scale than large enterprises - and it is happening more frequently. The likelihood that a small business owner knows someone that was hit by a ransomware incident is high.
Ransomware was everywhere in the news during 2021. Lori Sussman brought up a scary statistic, "40% of people don’t change passwords on their home networks." With the rise in home offices it increases your organization's attack surface. Even organizations that implement VPNs, are vulnerable. An employee is likely to turn off their VPN when when they experience issues with slow internet speeds. According to Lori, "we need to make sure things work better with VPNs."
Kurtis made the observation that with work from home. "In a traditional office space you don't have to worry about who overhears you. Work from home has brought in a new level of vulnerabilities that aren't being talked about. If you are at home or in a hotel, you don’t know who’s overhearing you, which could be a security violation."
Due to increased ransomware cases, cyber insurance is becoming more popular. If you have a policy the insurance company might dictate how you respond. You need to understand that in advance of an incident. "Please don't wait until after you have been attacked to read the fine print on your insurance policy. Know what you need to do and who you need to contact," says Kurtis..
2022 Hot Lines
What are we going to see in 2022? According to Kurtis, "the multi-factor authentication market is going make a big leap this year. Those type of companies are valuing high right now. Also, I predict that the metaverse is going to make headlines. Some of the cyber-criminal activities have moved into the metaverse, which is harder to crack. There is a huge opportunity for fraud. We are going to see a lot of bad activity around the metaverse."
Advice to Cybersecurity Professionals
At the end of the day, know that you can make a difference. Volunteer and help out your community. Good cyber hygiene at a small business is good patriotism. Small business makes up half the economy and half the jobs. We need to solve that gap. We need to step up as cyber professionals to educate the small businesses.
About Kurtis Minder:
Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider in Digital Risk solutions. Kurtis built a robust cyber reconnaissance operation protecting some of the largest enterprises and government organizations. Kurtis has been the lead negotiator at GroupSense for ransomware response cases. He has successfully navigated and negotiated some of the largest ransomware, breach, and data extortion cases world-wide. With over 20 years in the information security industry, Kurtis brings a unique blend of technical, sales and executive acumen.
Defendify is an award-winning, all-in-one cybersecurity SaaS platform designed specifically for organizations without security teams.
With Defendify, users can easily navigate the complex cybersecurity landscape to defend their entire organization against the evolving threats.
It's time to shift the perspective away from a single layer of basic technology, and toward multiple layers of protection that include:
- Assessments & Testing: Identify critical data security weaknesses and get ongoing recommendations for improvement based on leading cybersecurity frameworks.
- Policies & Training: Regularly educate all employees on how to detect and handle cyber threats.
- Detection & Response: Keep aware and ahead of cybersecurity threats and incidents with active monitoring, detection, containment, and response.