An exclusive with Robert Herjavec: the evolution of cybersecurity

Robert Herjavec is one of North America’s most recognizable business leaders. Born in Eastern Europe, he arrived to North America on a boat with his parents after escaping Communism in the former Yugoslavia. From delivering newspapers, and waiting tables, to launching a computer company from his basement, his drive to achieve has led him to the fulfillment of a better life for himself and his family. In 2003 Robert founded Herjavec Group, who are an Avecto (Now BeyondTrust) partner, and quickly became one of North America’s fastest growing technology companies. Today, Herjavec Group is recognized as a global leader in information security specializing in managed security services, compliance, incident response and remediation efforts for enterprise level organizations.

1. 2017 was quite the year for cybersecurity. From all the major attacks/breaches that took place globally, which ones do you think raised the profile of cybercrime the most?

We are no longer surprised to see enterprises flashed across the headlines as the latest victim of cyber attacks. What’s more, we the consumer have been directly impacted. The Equifax breach effected millions worldwide, compromising data from birth dates to social security numbers. That caught people’s attention and raised the profile of cybercrime. Enterprise executives and consumers alike wanted to know – what more can we do? That breach truly came down to cyber hygiene and ensuring the basics were in check: patching, password protection, least privilege, scope, employee education etc.

2. In one of your recent blog posts, you said that the likelihood of any given organization being a victim of cybercrime is 100% (albeit on small or large scales). Is this the same answer you’d have given 10 years ago? If not, what’s changed since?

Likely not. I may not have been so brazen on the 100% number, but it was clear that this is the direction we were heading. For years, I have been saying that the next war will be fought online. We are also going to see the loss of human life as a result of a cyber attack in the very near future. It’s inevitable, as we are seeing mass infrastructure targeted. Cybersecurity is no longer a sub category of IT and we are just beginning to adapt in terms of government regulation, industry compliance measures, insurance policies and proactive defence strategies.

Herjavec Group ranked #1 on the 2018 Annual Cybersecurity 500 List.

3. It was also found that, over the past five years, 88% of all Critical Microsoft vulnerabilities could have been mitigated by simply removing admin rights. What do you think makes many organizations hesitant to take this action, despite such overwhelming evidence?

Excessive employee access is one of the fastest growing unmanaged risks for organizations and really it’s because most organizations don’t know where to start. Automating the provisioning process and having a policy around onboarding/offboarding is daunting to many companies. The world of the connected device has complicated matters further because employees are bringing their own tablets, laptops, and phones into the work environment.

Organizations need to realize, while it may be difficult to have visibility into scope of devices at all times, it’s a step forward to control user access to data. At the user level we can control and identify who has access to what, when, for how long and why. When there are anomalies we are more adept at detecting them.

4. You’ve been on quite the journey since that boat touched down in North America in 1970 – from delivering newspapers and waiting on tables. The old American adage ‘the land of opportunity’ rings true for your success since then. But what was it that first sparked the decision to start up a computer company in your basement?

A turning point in my career came when Warren Avis, founder of Avis Rental Car, and my boss at the time, took me aside and told me I was working way too hard to achieve my goals. I remember him saying - You’re putting so much pressure on yourself. You’re never going to scale that way.

He brought me to the window in our office and we stared down at the hot dog vendor selling on the edge of the parking lot.

He told me that I was acting like the vendor. I was pushing my product, making a living but it wasn’t going to be enough. I needed to be the guy supplying the hot dogs to ALL the vendors if I ever wanted to be big.

That was huge for me. I refocused my approach, started out on my own selling cybersecurity technology.

5. In today’s world of rapidly changing technology, what do you think the future holds for cyber security? What evolving tech do you think poses the most risk to global organizations going forward?

Today when you walk through Times Square in New York, the billboards can track you via your mobile phone and you’ll receive spot advertising customized for you. That’s incredible to me. Think of the risks. Cyber security is mainstream today because we’ve seen the repercussions personally, professionally and financially from not keeping our corporate and customer data secure.

As cybercriminals attack mobile or IoT devices, they get access to personal data stored on the device and could potentially gain access to a corporate environment. There isn’t enough control at the device level in terms of how they’re manufactured, secured and, of course, there isn’t enough knowledge at the consumer level about the potential security risk of connecting that device. The onus is on the organization to prevent or control connection – but that comes at the detriment to convenience in most cases.

We live in a hyper-connected world and I don’t see that changing anytime soon. Welcome to the internet of everything! But beware, someone is probably tracking you.

6. Tell us a little bit about Herjavec Group. In August 2017 you became #1 in the Cybersecurity 500 list – which is quite an achievement. How does your business help to identify and deal with the dangers mentioned above?

At Herjavec Group, we take our role as a trusted advisor in information security very seriously. We are laser focused on offering cybersecurity products & services for enterprise level organizations.

We have been recognized as one of the world’s most innovative cybersecurity companies and rank #1 on the Cybersecurity 500. We’re proud of how far we’ve scaled over the last 15 years – from a Canadian reseller to a global cybersecurity services company and Managed Security Services Provider with presence across Canada, United States and of course United Kingdom. We are known for our unbiased, vendor agnostic approach, and our ability to thrive in complex, multi technology environments.

"Excessive employee access is one of the fastest growing unmanaged risks for organizations and really it’s because most organizations don’t know where to start."

- Robert Herjavec

Today our expertise includes Consulting, Installation & Architecture, Identity & Access Management, Managed Security Services and Incident Response. We have four global Security Operations Centers supporting our Managed Customers and are committed to continuing to innovate. We take a truly global approach, with expert knowledge of industry and regional directives, as well as significant cross client correlation driving improvements in threat intelligence, alert development and data enrichment for our enterprise customer base.

7. 2018 marked Avecto’s (now BeyondTrust) 10th anniversary, but if we were to be starting up today, what essential advice would you give if we were to ensure success in this fast-paced industry?

The best advice I can give to any entrepreneur or company, alike is: Don’t look at what is happening in the industry now, look where it is going and get there first! The qualities that all successful companies possess include; vision, determination and sufficient energy to make their concept a reality. They take the time to build strong partnerships with others, with their potential clients and with their competitors. Congratulations, 10 years is a huge milestone and we are happy to be a part of your success!

8. You mention being ‘laser focused’ quite a lot in your book and on your blog. When juggling such a hectic life - running multiple companies, having a family and being a media personality - how do you switch and maintain focus so effectively?

When I’m focused on one thing, that’s the only thing on my mind. Learning how to cut the noise and to be present is a skill that after many years I have perfected. Not to say that anything that I am not focused on is not important, it simply has its time and place… everything does! The task at hand deserves your respect and attention otherwise you wouldn’t be doing it at all, so take the time to do something properly and efficiently rather than focusing on too many things and doing them half-heartedly.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Consulting, Identity & Access Management, Managed Security Services, and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom, and Canada. For more information, visit www.herjavecgroup.com.