In this episode of the Do Big Podcast, Jessica Dhillon, Global Product Marketing Head at McAfee, shares insights on today’s top cybersecurity trends and the unique challenges SMEs face. We discuss the importance of employee education in safeguarding businesses and the real financial impact of a cyber-attack.
[00:00:09] Hello and welcome to another episode of the Do Big Podcast. I am your host, Sheetal Chokshi, founder of Unpack Research.
[00:00:17] And today we're going to discuss an extremely crucial subject in the world of business and technology.
[00:00:24] We're going to be talking about cybersecurity.
[00:00:28] Cybersecurity in India is becoming increasingly critical as businesses of all sizes are facing growing threats from cyber attacks,
[00:00:38] haven't we all read about these in the newspaper?
[00:00:42] For small and medium enterprises, the risk is even higher due to the limited resources
[00:00:49] and the limited awareness that we have around security measures.
[00:00:53] With the rapid digitalization of business processes, protecting sensitive data
[00:00:58] and maintaining business continuity have become top priorities.
[00:01:03] We cannot shy away from this.
[00:01:05] However, many companies, and let me tell you not just the small and medium companies, even large companies,
[00:01:12] still struggle with implementing effective security policies.
[00:01:18] As technology evolves, so do the challenges.
[00:01:21] And are we ready to stay ahead of cyber threats?
[00:01:27] To help us understand the world of cybersecurity better, we have with us Jessica Dhillon.
[00:01:32] Jessica is the head of global product marketing at McAfee.
[00:01:37] She has worked in cybersecurity for nearly a decade with experiences that span solutions for enterprise,
[00:01:45] small business and consumer security.
[00:01:47] She's a firm believer that everyone should feel protected when online and is committed to the company's mission
[00:01:55] to provide a safe digital world so consumers and business owners can connect with confidence.
[00:02:03] Jessica, it's our absolute pleasure to have you here today with us.
[00:02:07] I know it's early morning where you stay, but thank you so much for joining in.
[00:02:11] Yeah, absolutely.
[00:02:12] Thank you for having me here today, Sheetal.
[00:02:14] I'm excited to share what I know, but just really excited to talk with you today.
[00:02:20] Jessica, you know, as I read on cybersecurity, et cetera, I think what happens very often is because technology has changed so rapidly,
[00:02:31] businesses are grappling with all kinds of changes.
[00:02:34] Within that, would you kind of explain cybersecurity in simple layman terms for our listeners?
[00:02:42] Absolutely.
[00:02:44] And really, it's how can we safeguard the confidentiality, the integrity, the availability of information that we consume or share when we're online?
[00:02:59] We want to ensure that, you know, when sensitive information is shared with a party, it is only shared with that party and that no others are able to intercept or access that sensitive information.
[00:03:20] As we think about integrity, when information is shared and it is shared that it is from this source, you know, we want to ensure that, you know, that integrity is ensured or confirmed, right?
[00:03:36] This is from this person.
[00:03:38] And we are able to know or understand, yes, you know, this information is from this person as opposed to a third party attempting to pretend that they are the person and sharing this information.
[00:03:55] And then availability of information.
[00:03:57] And then availability of information.
[00:03:58] You know, we want to ensure that when someone is looking to access information, that they're able to access it from the site that they intended and can trust that that information is from that trusted source.
[00:04:14] And so cybersecurity is really protecting your network, your devices and your data as well.
[00:04:21] And it's protecting it from unauthorized access, attack, damage or theft.
[00:04:29] And so really, it's very in line with what you shared.
[00:04:34] It's we want our consumers when they connect online to feel confident that they can do so safely.
[00:04:40] And when we talk about all kinds of attacks, what are the different kinds of attacks or what are the different kinds of areas that organizations need to protect their data against?
[00:04:54] Yeah, I would say that, you know, especially as we are entering into a world where cloud computing is something that is ushering in this idea of access from anywhere way of life.
[00:05:10] And so what it does is it transforms how all of us interact with digital services, how we interact with files, how we interact with each other.
[00:05:20] It's a wonderful direction that we're headed.
[00:05:23] It enables us to, you know, have a more flexible mobile lifestyle, allows us to connect from virtually any location.
[00:05:31] The challenge is that it also provides countless ways for hackers to access personal and professional information.
[00:05:38] And they can access it, you know, it could be via an unsecured device, a device that isn't protected with anti-malware or antivirus solutions.
[00:05:49] You know, they can access this information via public Wi-Fi network.
[00:05:54] Social engineering are other ways where they can access, you know, information and more.
[00:05:59] And I think part of the challenge, too, is, you know, we live in an increasingly AI-powered world.
[00:06:08] And it's boosted the capabilities for not only ourselves to just be more effective and efficient with, you know, a lot of the content that we can create and produce online.
[00:06:23] But it also has boosted capabilities for hackers.
[00:06:27] It gives them a lot of tools to automate and scale their operations.
[00:06:32] And so in the past, you know, for hackers, it used to be a much more manual process, which can now be automated.
[00:06:39] So hackers are able to analyze large databases.
[00:06:43] They're able to find vulnerabilities and develop advanced phishing, malware attacks that ultimately can exploit a business and a business's lack of security, software and expertise.
[00:06:58] And, you know, create havoc within those individual businesses.
[00:07:05] What's interesting is that, you know, leveraging AI, hackers can also create really highly personalized social engineering attacks.
[00:07:12] They can analyze the online behavior of a small business, its employees, and increase the chances of them being able to be breached and gain access to that information.
[00:07:23] Jessica, while you've very simplistically told us that what cybersecurity is all about, what I really want to understand is, let's say I'm a small business and I want to implement cybersecurity in my organization.
[00:07:39] Is there a roadmap that I need to follow?
[00:07:42] Is there something that I need to do before, after?
[00:07:45] What are those phases that one needs to implement for cybersecurity to happen in an organization?
[00:07:53] Right.
[00:07:53] And I would start with some of the challenges that small business owners face.
[00:07:59] The first and primary challenge is just small business owners, they wear many hats.
[00:08:05] And they're often tasked with assuming many roles.
[00:08:08] And some of those roles include an IT manager.
[00:08:11] And in fact, a survey of business owners uncovered that majority of business owners, small business owners, self-manage their business protection.
[00:08:21] So it's roughly 80% of those that were polled manage their business protection on their own.
[00:08:28] And I think it's a huge challenge given just the limited time and resources that small business owners have to devote to such a critical task.
[00:08:38] And what we found is that 60% spent less than an hour each week managing those protections.
[00:08:46] Really underscores the importance of protection is that we see that 43% of all cyber attacks are targeted at small or medium businesses.
[00:08:57] And I do, and I can touch upon, go into that into a little bit more detail.
[00:09:01] But as I would say, you know, some of the most critical things to consider when selecting a protection that will suit your business is one, just consideration of the time.
[00:09:16] Right.
[00:09:16] As I, as I've mentioned, small business owners having to wear many hats, they don't necessarily have exhaustive time.
[00:09:24] So it's really considering, you know, is this something that I will need to implement myself or I have someone, you know, within my business that can focus on this in a much more focused fashion.
[00:09:39] So one is just consideration of bandwidth to manage that protection.
[00:09:44] It's also important to just consider, you know, just the technical understanding of the small business owner or those within the organization.
[00:09:54] Oftentimes, you know, the technical focus is focused on growing the business as opposed to protecting the business.
[00:10:03] And so oftentimes it's a consideration of what is going to best suit my needs.
[00:10:09] And, you know, where McAfee has really focused is offering solutions that are all in one.
[00:10:17] So it has solutions that are going to protect your device, going to protect your privacy, going to protect your identity as well.
[00:10:27] So it's an all in one solution, but that is simple to set up.
[00:10:31] And that's really what we find is critical for small business owners, those that are often tasked with assuming many roles.
[00:10:40] They need a solution that is simple to set up.
[00:10:43] Jessica, one of the challenges that small businesses have is where does one start, right?
[00:10:52] And is there therefore a good, better, best version of implementing cybersecurity?
[00:10:59] So what are the must-haves?
[00:11:01] What are the good-to-haves?
[00:11:02] What are the great-to-haves?
[00:11:04] I think about protection as, and if you have, you know, searched for solutions within the cybersecurity space, you know, what you'll find is, you know, your starting point is typically an antivirus, right?
[00:11:22] So that is providing protection for the device, whether it's a laptop, whether it's an iPad, whether, you know, it's a smartphone.
[00:11:33] But you want to protect the device, and that's protecting it from, you know, potential malware or other threats that could immobilize the device and make it useless.
[00:11:47] So you want to protect the device, you know, from potential threats.
[00:11:51] I think the next frontier is then protection as you connect and transact with the outside world, right?
[00:12:01] So either, you know, you're purchasing goods, you know, connecting with different vendors or partners.
[00:12:08] How can you secure that network?
[00:12:11] And there's a number of solutions that can help with that as you're transmitting information.
[00:12:19] You know, there's ways to confirm that, you know, the Wi-Fi network that you're using is a secure one.
[00:12:28] There's ways to look at, you know, is this website that I'm about to go to or this link that I'm about to click, is it secure?
[00:12:38] And then, you know, the other, the next frontier is then, you know, is there anything to indicate that my personal information or my professional information has been compromised?
[00:12:53] And so that's looking at, you know, identity type solutions, you know, identity monitoring, which will then alert you if by chance your personal information or professional information has been compromised and is available on the dark web.
[00:13:10] And so I see it as protect the device, protect, you know, the connections from that device, protect and be wary of, you know, your information ending up in the wrong hands.
[00:13:27] And so really it's looking at securing your device, your privacy as you connect, and then your personal information, you know,
[00:13:40] and being aware of, you know, any compromises to your identity.
[00:13:44] The other interesting data point that I had, Jessica, which when I was reading up on cyber security was that a lot of cyber security issues,
[00:13:54] I believe about 90% plus is really caused because of human error.
[00:14:01] And I just want to understand, therefore, so when an SME is looking at implementing cyber security solutions,
[00:14:09] how important does it become for them to, A, onboard the employees to this, and second, keep ongoing training happening for employees?
[00:14:24] Yeah, it's crucial that employees are educated.
[00:14:28] It helps them recognize and then avoid potential cyber threats.
[00:14:33] And ultimately, you know, what we want to do is to reduce the risk of a successful attack.
[00:14:41] The challenge is employees are often that first line of defense against cyber threats,
[00:14:46] but they need to know how to recognize and avoid those common scams, you know, from a phishing email,
[00:14:54] you know, to a smishing, you know, text, a tech scam.
[00:15:02] But ultimately, you know, they're that first line of defense to help prevent many of those attacks before they can cause harm.
[00:15:10] I think the challenge is that a successful cyber attack can be financially devastating for a small business,
[00:15:18] you know, can lead to lost revenue, damaged reputation, costly recovery efforts.
[00:15:25] And so preventing these incidents through education is just far more cost effective than dealing with the aftermath.
[00:15:33] And while you've just spoken about the real cost of business, right?
[00:15:40] I was reading up that last year alone in 2023, over 1.3 million cyber incidents were reported.
[00:15:49] And if you're saying that, you know, 43% is really about SMEs.
[00:15:53] I'm trying to understand that beyond the brand and the reputation loss,
[00:16:02] what are the other things that SMEs should consider as to what will happen to the business when there is a cyber attack?
[00:16:13] Yeah, the real cost to business, if they're attacked, it not only includes the immediate financial loss,
[00:16:22] but there's also just hidden factors, reputational damage, loss of customer trust, and then potential legal consequences.
[00:16:33] I think the reality is oftentimes the consequences of a cyber attack result in a closure for that business.
[00:16:39] Many small businesses rely heavily on trust and relationships,
[00:16:44] and that can easily be lost in such situations where a business is impacted and, you know, sensitive, you know, data is compromised in the aftermath.
[00:16:57] And how can businesses identify whether they are vulnerable to a cyber attack or not?
[00:17:04] How can they figure whether they're an easy target for, you know, hackers?
[00:17:11] How can they do that?
[00:17:12] That's an interesting question.
[00:17:15] Many small businesses believe they're not likely to be a target of cyber attacks.
[00:17:20] They underestimate their value.
[00:17:22] They believe they may not have anything of value or of substantial value that a hacker might be interested in.
[00:17:31] You know, some don't have sufficient awareness of just how cyber crime works.
[00:17:36] You know, they're just unaware that, you know, hackers can exploit ordinary everyday information like an email account or a social media profile in the hopes of, you know, someone clicking and providing information.
[00:17:53] You know, they have a strong belief in their anonymity.
[00:17:57] So they some think that just because there are so many people online, the chances of them being singled out are slim.
[00:18:04] But they don't realize, though, our cyber attacks are automated.
[00:18:08] They cast a wide net to catch as many potential victims as possible.
[00:18:13] So they're not looking for, you know, presence on social media or, you know, high net value.
[00:18:20] They're just looking for anyone that they can catch and catch their attention and, you know, get them to click or take action.
[00:18:30] I think some of the other challenges, you know, consumers and especially business owners and employees, you know, are quite confident in their ability to detect, you know, when an email is malicious or when a text is malicious.
[00:18:47] I think the challenge is because of AI, it's becoming increasingly more difficult to distinguish when something's fake from when something's real.
[00:18:59] And that's where I would say, you know, McAfee has really helped in really detecting when, you know, a suspicious link appears in a text and alerting consumers.
[00:19:14] Or if a consumer is going to a suspicious site or attempting to download a suspicious document, flagging and alerting an individual before something bad can happen.
[00:19:28] Over the last 10 years that you've been in this space, what, according to you, are the most overlooked aspects of cybersecurity in smaller businesses?
[00:19:40] I do think it goes back to a strong belief in being able to distinguish what's real from what's fake.
[00:19:48] I know many of us in the past have seen and come across fraudulent emails.
[00:19:55] And, you know, there are telltale signs of what makes it suspicious.
[00:20:00] And we've come accustomed to when we see that type of email to know to disregard it.
[00:20:06] I think the challenge now is just how AI has made it a lot more easier for hackers to create very realistic emails or even texts or any type of scam that it looks like the real thing.
[00:20:26] So you go to what you believe is a shopping site that you've been to numerous times, but it's actually not that real site.
[00:20:37] It's a clone or a copy of that site.
[00:20:40] And it looks like the real deal.
[00:20:43] So you're likely to take action and continue with your business, not questioning that something is suspicious.
[00:20:52] You know, emails, you know, from vendors that look exactly like ones you've received time and time again.
[00:21:01] And so because it doesn't have those telltale signs or telltale markers, you don't question that it might not be legitimate and proceed with business as usual.
[00:21:12] So I think that that is one of the bigger challenges, you know, for consumers and business owners alike is just how much more sophisticated scams have gotten because of just the availability of AI to create those realistic looking scams.
[00:21:33] As you worked with McAfee, I'm sure you've experienced or heard about or had real life examples.
[00:21:43] Can you share some of those cases or examples that you all have experienced at McAfee when it comes to cyber attacks?
[00:21:52] You know, I think it's they come in all shapes and sizes.
[00:21:56] You know, I can speak to a personal example where my husband had received a text about a deal on his Internet provider and was it was just a simple deal.
[00:22:13] He received a text about a one day deal.
[00:22:16] And if he wanted to take advantage of it to call in, he did.
[00:22:21] You know, he later learned over the course of the conversation that to take advantage of the deal, he would need to go to a specific store and purchase gift cards to make payment that same day using those gift cards.
[00:22:37] Which, you know, based on my experience, you know, from the beginning, you know, I had said, oh, that sounds like a scam.
[00:22:45] You should not call that number.
[00:22:46] And he did.
[00:22:47] They want gift cards.
[00:22:48] That sounds like a scam.
[00:22:49] You should not do that.
[00:22:51] And at that point, that's when, you know, he understood.
[00:22:53] Yes, it was a scam.
[00:22:55] But up until that point, you know, it sounded like a great deal.
[00:23:00] You know, they had information about his, enough information about his account to make him believe that this was a legitimate source and could be trusted.
[00:23:12] And it wasn't until it got to the point of, you know, asking for gift cards for payment that it finally clued him in that this was a scam.
[00:23:20] And so that just really highlights the how sophisticated hackers have become in terms of, you know, pooling, mining large subsets of data to piece together a profile about an individual and to send them a text.
[00:23:38] And they can send those texts out in mass.
[00:23:41] And what they're looking for is at least a handful of people to click or a handful of people to call in to make it worth their while.
[00:23:50] If it's too good a deal, it isn't a good deal.
[00:23:53] I agree with you.
[00:23:58] So, you know, this is so fascinating and I could continue forever.
[00:24:02] But just to conclude, if you had to give, let's say, three tips of advice or three tips, not of advice, but three tips to our SME listeners, what would those be?
[00:24:15] I think if you ever receive an email or a text with a link and it's preying upon some sense of urgency, always think twice before you click.
[00:24:32] I would say just that's my biggest piece of advice to every person out there.
[00:24:37] You know, advice I give too often to my mom, my in-laws, don't click the link.
[00:24:44] That's the first, unless it's from a trusted source and you can verify it's from a trusted source.
[00:24:50] Don't click the link.
[00:24:51] I think it's the threat landscape is evolving so quickly and threats are coming our way that are increasingly difficult to determine that this is something malicious or risky.
[00:25:08] And it puts a lot of pressure on the individual to try and distinguish or determine if something is suspicious.
[00:25:17] And my biggest counsel and guidance is don't carry that burden on yourself.
[00:25:24] There are numerous solutions out there that can do the work for you.
[00:25:30] You know, for me, I look to McAfee, you know, over 35 years of experience in the category, you know, award-winning protection from a number of third-party sites and trusted to protect over 600 million devices.
[00:25:44] So I'm a little biased, but I have a lot of faith in how McAfee is just changing the industry and finding ways to make it easy to keep businesses and consumers protected.
[00:25:59] But what I want to emphasize is that, you know, these comprehensive all-in-one solutions can do a lot of the work for you so that you can go about your day, go about growing your business, knowing that someone else can look out for the threats for you.
[00:26:21] Jessica, that was absolutely brilliant.
[00:26:50] Thank you so much for joining us today.
[00:26:51] It was absolutely fantastic hosting you today.
[00:26:54] I learned a lot and I'm sure so did our listeners.
[00:26:58] Thank you once again.
[00:26:59] It's our pleasure having you on the Do Big Podcast.
[00:27:02] Thank you so much, Sheetal.
[00:27:04] It's been a wonderful experience chatting with you today.
[00:27:07] Thank you.
[00:27:09] Thank you for tuning in to the Do Big Podcast,
[00:27:12] a podcast that is dedicated to providing insights, strategies, and success stories of smart digital solutions for SMS.
[00:27:20] We believe that behind every successful business, there's a strong foundation of reliable and secure technology via digital connectivity, cloud infra, cloud apps, collaboration tools, or cybersecurity solutions.
[00:27:32] In a rapidly evolving digital world where technology is key to progress, Tata Tele Business Services stands at the forefront of digital transformation of SMEs.
[00:27:43] Tata Tele Business Services, with their extensive experience and commitment to empowering businesses, understands the unique needs of SMEs.
[00:27:51] Whether it's scalable connectivity, robust communication tools, or tailored ICT solutions, Tata Tele Business Services is here to propel your business forward.
[00:28:02] Tata Tele Business Services is synonymous with innovation, reliability, and transformative solutions.
[00:28:08] With a legacy spanning decades, Tata Tele Business Services has been empowering businesses and transforming lives across the nation.
[00:28:17] So, if you're ready to take your organization to new heights of success,
[00:28:22] we encourage you to explore the transformative possibilities that Tata Tele Business Services has to offer.
[00:28:28] Our contact details are in the description below.
[00:28:32] Remember, we're available on major podcast platforms.
[00:28:35] So if you enjoyed today's conversation, subscribe to our podcast for future episodes,
[00:28:40] which we promise will be packed with equally valuable insights on questions entrepreneurs face as they digitize and scale businesses with the help of technology.
[00:28:50] Don't forget to rate and review our podcast as well as share it with peers, colleagues, and other entrepreneurs like yourself who will benefit from listening to it.
[00:28:58] Thank you for listening to us.
[00:29:00] And until the next time, keep embracing technology and may your business thrive in the digital era.