There’s a large group of people out there who love true crime stories. Something about the lurid details fascinates us in a way we can’t really explain. People who are drawn to true crime often start questioning: Could it happen to me?
Cybercrime is no different. While many of us consider ourselves to be tech-savvy these days, cybercriminals still have an edge—and yes, it can happen to you. In fact, according to Cybersecurity Ventures, by 2025, the average cost of damages by global cybercrime is predicted to be around $10.5 trillion. That means cybercriminal activity is something businesses of all sizes should be paying attention to.
Seeing a business like yours go through a cyberattack can be sobering, according to Adam Pilton, senior cyber security consultant at CyberSmart. Pilton, a former police officer, will share real-world cybersecurity stories during a session titled “Protecting Your Crown Jewels” at the CompTIA Community – UK & Ireland Meeting and Spotlight Awards 26 June in Birmingham, UK. We asked Pilton how MSPs can emphasize the importance of cybersecurity to their customers. Here’s what he had to say.
How did you go from law enforcement to cybercrime?
I enjoyed investigating crime and finding new ways to gather evidence. In 2016, I took the opportunity to become a digital media investigator alongside my day-to-day role of being a detective. This meant that I received additional training and was able to support investigations across the force with my newly acquired digital knowledge. I enjoyed the role and spent a lot of time learning about networking and new tactics that could be used to support digital investigations. I was fortunate enough to be able to join the cybercrime team and then to lead them. I soon realized that I wanted to be able to do more, beyond policing and I started looking at what opportunities existed outside of law enforcement.
With 15 years in law enforcement and now 5+ in cybersecurity, what’s one thing that most criminals and most victims have in common?
Nobody truly knows what information they are giving away! Victims are unknowingly leaving data for cybercriminals to use against them and cybercriminals are leaving data for the police to gather intelligence on them!
How are businesses failing to protect themselves? What should MSPs be doing to help protect ‘the crown jewels’?
It is important to get the basics in place, like creating strong passwords, using multifactor authentication (MFA) and, of course, regularly patching. However, culture is fast becoming a key area for me. I often question if we are truly seeing cybersecurity as a necessity or a compliance issue?
Are people and culture just as important as the best cybersecurity products?
Absolutely. We can invest in the best cybersecurity products, but they're only as effective as the people using them. If employees lack awareness of cyber threats, they might unknowingly compromise security. It is like having the strongest front door, but leaving it unlocked.
What advice do you have for MSPs struggling to make cyber important to their customers?
Education is key. We need to ensure that people are aware of the threats and the possible impacts of them. I have always leaned towards using real-life experiences of cybercrime to explain the “why” of cybersecurity in a business-relevant context. Most small businesses will not be overly concerned by the news that Sony has been hacked, but they will be concerned if someone like them has been. Ultimately cybersecurity should enable businesses and our messaging must align with this premise. You do not need to be an expert but you should understand when something is not right and know what action you must take.
Hear Real-Life Cybercrime Stories
Join Adam and others in Birmingham on 26 June
Register now for the CompTIA Community – UK & Ireland Meeting and Spotlight Awards
Add CompTIA to your favorite RSS reader
