In a world where technology is increasingly ingrained in almost all aspects of our lives, cybersecurity hazards are also growing. However, one good reframing of the challenges in cybersecurity would be to consider it more in terms of how humans interface with technology.
“Cybersecurity is inherently not a technological problem, it is a people problem,” says Tin T. Nguyen, Co-Founder and Chief Executive Officer of Polaris Infosec, in a TechNode Global Q&A. “You could have the best tech solutions on the market, but if you don’t use it properly, it doesn’t matter. Most all cyberattacks have a human element, a human failure.”
Nguyen previously served as both an Infantry Officer in the U.S. Marines and a U.S. Federal Bureau of Investigation (FBI) Special Agent who served in Counterterrorism Threat Response and Violent Gang Units. Both experiences taught Nguyen the importance of information security and intelligence gathering, especially when it came to countering threats, both real and online. Thus, upon leaving the FBI, the accomplished ex-soldier quickly deep-dived into achieving numerous cybersecurity accreditations.
With that, he combined his technical knowledge in the cybersecurity field with his leadership and intelligence experience from the military and FBI. He would later join Singapore-based Polaris Infosec in the Winter of 2021, bringing the company from its product development phase into the go-to-market phase.
Nguyen highlights the timeliness and importance of a strong cybersecurity posture for both organizations and individuals:
“It’s important that people start thinking about cyber risk now because hackers know that the vast majority of businesses and organizations don’t have security in place. Most times they’re not targeting you specifically, but you could just be one fish caught in a big net during an attack. Cybersecurity is not as complex and expensive as most think it is, and can be quite simple for small organizations as long as you know who to ask.”
Read on for the interview.
What are the trends driving innovation in cybersecurity today?
For me, it all boils down to 3 buckets:
- Digital transformation. With everyone from small mom & pop stores to larger enterprises going online for everything these days and being more reliant on emerging technologies such as IoT, OT, Cloud services, blockchain, etc., the risk grows with a requirement for security providers to be more innovative in how we provide safety solutions.
- Young tech companies with new solutions and systems. Everyone wants to be a tech company these days, and you see it across all industries, even those that were traditionally non-tech (i.e. look at the rise of AI art). New technology means new vulnerabilities for cybercriminals to exploit.
- Bad guys. Innovation means trying to keep up with the guys that have no rules and restrictions, and no borders in how they execute attacks. In the private cybersecurity industry, we have rules we need to follow and play by, and are influenced by things like business considerations.
What are three key challenges involving cybersecurity in an increasingly tech-dependent world?
- Lack of awareness. People don’t have an understanding of what risks exists and why they need to worry about them
- Increasing complexity. Tech concepts and cyber are complicated enough for experts, but for the normal person it’s like learning an alien language….and it’s only getting more complicated despite being a daily integrator into life.
- Growing demand with not enough supply in terms of experts. Evolving threats due to technical integration into everything – smart homes, smart cities, web3, 5G, autonomous vehicles, robotic process automation are just a few tech trends that require security, but without enough experts in the market to truly protect the growth of the tech.
How are these being addressed with innovative solutions and technologies?
I don’t believe there is a lack of tech innovation. There are some brilliant minds working on today’s greatest cyber problems. But to reframe thinking a bit – cybersecurity is inherently not a technological problem, it is a people problem. You could have the best tech solutions on the market, but if you don’t use it properly, it doesn’t matter. Most all cyberattacks have a human element, a human failure.
Cyber teams worldwide push cyber awareness and training very hard, but that’s a long-term strategy. Product development companies are becoming smarter about secure software development to make sure security is an organic part of what they sell.
[C]ybersecurity is inherently not a technological problem, it is a people problem.
Organizations are beginning to build their own organic security teams or for smaller teams, outsourcing their security to 3rd party providers (which are rapidly growing as well) so that they don’t have to think about it as much. Governments are developing cyber frameworks to mandate security and data privacy regulation to force organizations to plan for risks. Digital transformation companies are seeking security partners to provision services automatically.
With your background in the military and law enforcement, how has this influenced your approach to cybersecurity and data protection?
We must integrate cybersecurity and data protection into systems and practices for businesses, so they don’t have to think about it. Historically, people don’t really worry about security until it’s too late, and even then, some people still choose to do nothing.
Cybersecurity must go hand in hand with secure software development, with digital transformation services like cloud service use. As best we can, we need to make security transparent for the average user and business because quite honestly, they won’t use it otherwise.
Does this also have an impact on your entrepreneurship and leadership style? How so?
Absolutely. We must have a very clear understanding of the mindset of consumers and end users. Knowing their priorities allows us to adjust how we interact with them, how we market to them, how we provision our services to them. Knowing the vast majority of the community doesn’t know anything about security allows me to focus on education and awareness for long-term impact. At the same time, the Polaris Infosec team and I are constantly adjusting our business plans to find ways to seamlessly integrate security into their daily functions.
Leaders have to be more patient and understanding when working in emerging markets such as cybersecurity.
Can you cite case studies that can highlight the importance of security posture for businesses and industries?
There was a Southeast Asia FMCG company that was the subject of a business email compromise. Fake emails and documents from “internal leaders” (actually hackers) caused the company’s own accounting department to wire $500,000 to an overseas account belonging to the hackers.
There was also a Southeast Asia Blockchain gaming company that was hacked for millions of dollars. Specifically, the company was the subject of a social engineering attack, where team members were manipulated via social media and messaging apps into downloading malware that allowed access to their network. Eventually, the blockchain was hacked because of the private keys that were stolen due to the attackers being allowed access to the network.
How do you see the future of the cybersecurity industry?
Long-term stability and growth: Tech is literally ingrained into every facet of our daily lives, and that will only increasingly be the case. As long as there are systems that collect private data, as long as there are systems that talk to each other, there will be cyber. As long as there are tech companies, people using computers, and phones, there will be cyber.
Read more TechNode Global Q&As and interviews from the archive. TechNode Global INSIDER also accepts editorial contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.