Malwarebytes CISO Advises SMBs Re Hacking Risks​-Image

Malwarebytes CISO Advises SMBs Re-Hacking Risks

Are small and mid-sized companies good targets for hackers? A lot has been written on that subject and some experts have even said SMBs are not primary targets. But the CISO for Malwarebytes disagrees and explains why cybersecurity should be a part of security strategies.
 
Laura Whitt-Winyard is the chief information security officer (CISO) at cybersecurity company Malwarebytes. Prior to her time at Malwarebytes, she was global chief information security officer for finance company DLL Group, director of security for automation company Billtrust and held senior leadership positions in security at Comcast and Bloomberg. Her primary role at Malwarebytes is to keep the company secure. She recently told SiliconRepublic.com that being responsible for security at a company that operates in the cybersecurity space takes on added importance.

“We’re dedicated to using our own technology within the company and have implemented initiatives including red teaming and our very own bug bounty program to ensure that we’re constantly on the lookout for potential threats” - Laura Whitt-Winyard

What are some of the biggest challenges you’re facing in the current IT landscape?

One of the main challenges we are facing currently is aggressive application development deadlines and requirements. To address this, we make sure we partner with the development teams and remain in close contact to ensure code is scanned and remediated before check-in and before moving to production.Staying abreast of the different sides of the business is crucial to performing effectively in my role and constant contact with the development side of the organization is a key part of that commitment.
 
To that end, another big challenge is the process of seamlessly integrating development and operations. To do that successfully, it’s important that we define a minimum-security baseline and perform threat modeling on a consistent basis. In fact, we’ve gone so far as to provide gamified secure development training as a way of adding an extra incentive to the process.

How can sustainability be addressed from an IT perspective?

Our main aim has always been to protect consumers and organizations from cyberthreats – which, when done well, will ultimately reduce the amount of computing power, time and energy needed to be spent on addressing breaches of security. That’s why I firmly believe companies should be looking at cybersecurity as part of their ESG efforts – it’s something I will always advocate strongly for, given the urgency of the matter on a global scale.

What big tech trends do you believe are changing the world?

Automation – the ability to automatically remediate threats frees humans up to focus on more technical and pressing matters, which inevitably helps to push not just our industry, but the world forward. After all, who wouldn’t like to spend their time working on securing their company rather than spending endless hours in PowerPoint or Excel creating dashboards?
 
The advent of machine learning has also allowed systems to analyze patterns and provide insight into anomalous behaviors, whether fabricated or machine. Both developments are hugely exciting to me because of the opportunities they open up for innovation and progress from a technology perspective.

How can we address the security challenges currently facing your industry?

The biggest challenge currently facing our industry is that many small to medium businesses (SMBs) unfortunately think they are too small or ‘off the radar’ to be hacked, or don’t feel they have the expertise to adequately protect themselves. SMBs are targeted for the simple fact that they typically do not have the power to have a fully staffed security team, nor the budget to have a managed detection and response service. Simply put, SMBs can be a gateway for hackers into large companies—so it is imperative that they take the necessary steps to protect themselves.

Some great takeaways from one smart CISO. She didn’t even MENTION the budget!  The job is bigger than ever and the budget doesn’t always match. That’s why the smartest tech leaders of mid-market organizations know about TechTrust—a unique technology buying service that provides cash-back allowances to expand IT budgets. 

Giving YOU Back Even More!

Let’s Get Some of Your IT Budget Back