In an increasingly digital world, where cyber criminals steal sensitive data and wreak havoc on the world’s infrastructure, businesses, and governments every day, how do SMEs with limited resources and knowledge have any chance of protecting themselves from a cyber attack?
Sai Huda, a globally recognized risk and cybersecurity expert, has some ideas. He’s seen the cybersecurity industry evolve from mostly lone wolf attackers to sophisticated, well-funded criminal gangs or hostile nation-state sponsored groups. Motivated by what he saw and experienced, he authored the best-selling book Next Level Cybersecurity and founded CyberCatch, a cybersecurity software-as-a-service (SaaS) solution for small and medium-sized organizations
Sai Huda will be a keynote speaker at the CanadianSME Small Business Expo, June 29 -30, 2022. He will discuss Canada’s new national Cybersecurity standard, CAN/CIOSC 104, Baseline Cybersecurity Controls for SMOs, which he helped author.
IT Chronicles sat down with him to learn more about his motivation for founding CyberCatch, its mission, and his thoughts on how SMEs can best protect themselves against cyber crimes.
Q: Tell us a little about the history of CyberCatch.
Sai Huda: CyberCatch was founded a couple of years ago, but we were in stealth mode until January 2022, when we launched officially. We were quietly building the solution and signing up the initial set of customers to confirm the value proposition. Now we are off and running, busy signing up many customers and growing the company, focusing on serving SMEs in the U.S. and Canada.
Q: What motivated you to start the company?
Sai Huda: After being informed that my security clearance data, which included a copy of my fingerprints, were accessed as part of a data breach at a government agency, I was shocked and motivated to take a deep dive into why and how hacks keep happening. So I wrote a book, Next Level Cybersecurity, which became a best-seller, to reveal the steps attackers take and the signals of the attacker that if a company can detect in time, it can stop the hack and prevent loss or damage.
My research of dozens of cyberattacks and data breaches discovered 15 common signals of attackers. Tom Ridge, the first Secretary of the U.S. Department of Homeland Security (DHS) read my book and inspired me to start CyberCatch to create a solution to cyberattacks. I am honored to have Tom Ridge on CyberCatch’s advisory board, along with other distinguished experts from the U.S and Canada, on our board and team.
Q: Why focus on SMEs?
Sai Huda: CyberCatch is focused on serving SMEs because they are the most vulnerable because of limited resources and cybersecurity knowledge. Yet, they are operating digitally and are the growth engine of our economy. Our mission at CyberCatch is to protect the little guy from the bad guy. The cyber attackers know SMEs are vulnerable and are increasingly attacking them to steal data and install ransomware. Frequently, the SME is the initial target and entry point to a larger, ultimate target that the SME is a supplier to. There are over 30 million SMEs in the U.S. and over 1.2 million in Canada, and they are underserved and need help so they can be safe from cyber threats and succeed digitally.
Q: Are there particular vulnerabilities CyberCatch addresses?
Sai Huda: CyberCatch has an innovative, unique, patented cybersecurity platform specifically built for SMEs that first helps implement all necessary cybersecurity controls to prevent, detect and respond to cyberattacks. Then the platform automatically tests the controls to detect control failures and guides the SME to fix and eliminate the security hole so an attacker cannot exploit and break in and steal data or install ransomware. CyberCatch removes the root cause of data breaches: control failures that create security holes that attackers exploit.
Q: What would you say to an SME wondering if large enterprises or government agencies fall prey to cyber attacks, how can they stay secure?
Sai Huda; An SME can stay secure by implementing all necessary cybersecurity controls and ensuring controls remain effective. Canada has issued a new national cyber security standard, CAN/CIOSC 104: Baseline Cyber Security Controls for Small and Medium Organizations. I had the privilege of helping author the national standard. The national standard prescribes 55 cyber security controls. We spent considerable time researching and determining an optimal set of baseline controls that would protect an SME.
CyberCatch is honored to partner with the CIO Strategy Council, who developed the national standard, to provide the CAN/CIOSC 104 Compliance Manager solution to SMEs in Canada.
Every SME in Canada should comply with the national standard to operate safely. The CAN/CIOSC 104 Compliance Manager enables compliance quickly, easily, and cost-effectively. It is the optimal solution for SMEs and is affordable, with only one fee per year based on the size of the SME. As organizations signup, they quickly see the results, and provide us extremely positive feedback and testimonials, which is most gratifying.
Q: Are there any common misconceptions about cybersecurity that you believe are important to address/correct?
Sai Huda: There are two misconceptions:
First, many SMEs think they are safe if they have an IT provider. However, IT is not cybersecurity. The IT provider helps keep the operations running and may have some cybersecurity covered. However, they are not cybersecurity experts. So the SME needs CyberCatch to make sure all controls are implemented and tested continually to prevent security holes for attackers to exploit.
Also, SMEs often think cybersecurity is costly, so they avoid the topic. However, this is not the case. Cybersecurity is critical for an organization to succeed digitally, and CyberCatch is most affordable and the key to staying safe while operating successfully digitally. An SME must remain secure. Data theft or ransomware is an existential threat. In the CyberCatch Small and Medium-Sized Businesses Ransomware Survey (SMBRS) of 1,200 SMBs in North America, 75% said they would be able to survive a ransomware attack for only 3 to 7 days.
Q: What are a few of the common cybersecurity mistakes SMEs make?
Sai Huda: There are three common critical cybersecurity mistakes SMEs make:
- They do not implement all necessary cybersecurity controls or test them, so they have security holes they are unaware that attackers exploit.
- They do not have an incident response plan, or even if they do, they do not test the plan to see if they can handle and survive a cyberattack, so when one happens, they don’t know how to handle it.
- They do not regularly scan all Internet-facing IT assets to ensure there are no vulnerabilities that attackers can exploit, so attackers frequently scan, find vulnerabilities, and break in and steal data or install ransomware.
Q: Are there any new pitfalls or challenges facing SMEs since the pandemic or in the “new normal?“
Sai Huda: The “new normal” has only expanded the attack surface of SMEs since most have expanded digitally and more of their workforce are working remotely, so there are more opportunities for cyber attackers to hunt for vulnerabilities from thousands of miles away and exploit.
Q: What are future cyber technology trends in the industry?
Sai Huda: The defense must be one step ahead of the offense and bad guys. So innovation is a must, and using machine learning and artificial intelligence in cybersecurity is the future.
Q: Are there any trends in the industry that either concern you or excite you?
Sai Huda: SMEs are extremely vulnerable, and we must educate and help them become safer. In the CyberCatch Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR), which involved scans of randomly selected 12,050 SMBs in North America, nearly 8 out of 10 had vulnerabilities in their websites that attackers can easily exploit to break in steal data, or install ransomware and harm the SMB. The findings are very concerning and should be a wake-up call to SMEs to take immediate action to mitigate cyber risk.
CyberCatch is an exciting, innovative invention, and we are just getting started. We are going to transform cybersecurity forever and make a lasting difference. This inspires us all at CyberCatch.
We’d like to thank Sai Huda, founder and CEO of CyberCatch, for interviewing with IT Chronicles about the critical work his company is pursuing and sharing his thoughts on SME cybersecurity.
Don’t miss his keynote address, Canada’s new Cybersecurity Standard: What You Must Know and Should Do, during the CanadianSME Small Business Expo 2022 in association with Caary Capital on Thursday, June 30th, at 11:15 am. For more information about the free event, visit the event website www.smeexpo.ca.