The digital transformation trend was accelerated by the COVID-19 pandemic, forcing businesses to rapidly switch to new ways of working and confront an expanding landscape of cyber threats. We spoke with Prentiss Donohue, Executive Vice President of SMB and Consumer Sales at OpenText, about what this means for the future of business, especially in terms of security and cyber resilience.
How has 2020 changed the need for cyber resilience?
We have become even more dependent on technology to work, to send our kids to school, order supplies for our home, and stay connected to other human beings. With that dependence on technology comes vulnerability. We are more vulnerable than we have ever been. We have increased the surface area the bad guys can go after, and we have never needed to be more resilient than we need to be right now.
What does it mean to be resilient in this way?
When you hear the term cyber resilience, we mean the ability to bounce back from an adverse event and get back to running your business or getting your kids back to school, or really getting your home life and your work life back up and running as seamlessly and as effortlessly as possible. It could be ransomware or a very targeted cyberattack, but it might also be something more analog. What if you have a fire in your data center? What if your daughter spills grape soda on your phone? What if your laptop is stolen out of the trunk of your car while you’re at the grocery store? Cyber resilience is about being digitally fit so you can avoid adverse events altogether or recover from them quickly when they do happen.
So you’re saying cyber resilience needs to be a priority for everyone, not just big businesses?
There are hundreds of millions of victims of ransomware. Hundreds of millions. Forty-three percent of all businesses have been the victim of a cyber crime. And it seems like almost every week we are reading about a new attack. This stuff is costing individuals and businesses literally billions of dollars. The pandemic hasn’t seen any slowdown. The bad guys are able to work from home just fine, and our challenges continue to grow.
How have the threats been changing?
The attacks themselves are becoming more and more sophisticated. A huge majority of malware and viruses is now polymorphic. That means that code that lands on a device is a little bit different every time it lands there, like it’s wearing a disguise when it shows up in your data center. The phishing and highly targeted spear phishing attacks are becoming cleverer. It’s no longer an attack in broken English from a Nigerian prince who desperately needs your help to move money out of the country. Phishing attacks now appear to be from your own bank, from your coworker or from a childhood friend.
When threats are changing so quickly, what does this mean for security?
Your security education and your security technology need to keep up, to improve at the same pace and in real time. What’s more, the cost of not being resilient isn’t always measured in hard dollars. It’s not only the cost of paying the bad guy in a ransomware attack – it’s also the downtime and loss of productivity. Downtime due to cyber crimes is up 38 percent in the last decade. This downtime and this loss of productivity leads to reduced customer confidence and often a real loss of revenue following an attack. For many mid-market and smaller businesses, they simply cease to exist following an attack – they’re put out of business in one fell swoop.
Can you talk about OpenText’s approach to cyber resilience?
Our strategy is pretty simple and straightforward: it’s really to secure users and devices, and their data, no matter where they are, no matter if you’re in the office or at home, at work or at play. We do this by giving IT what they need to block threats, diagnose potential threats, and we do this with real-time, up-to-the-minute, artificial-intelligence-based threat intelligence for new and emerging threats. And we do all of this across a common platform that simplifies security management and recovery all from one place.
How does that approach work in real life? Can you give an example?
One of our customers, Webcor, is a large commercial construction company based in San Francisco. It knew it had to protect itself against the same kinds of threats that larger organizations face but had more limited resources with which to do that. So, it turned to the OpenText Managed Security Services team.
The team did a full security risk assessment, then developed a comprehensive security solution that also provides improved resilience against cyberattacks or compromised data. That solution includes managed threat detection and response, as well as proactive protection through OpenText’s threat hunting service. It not only provided Webcor with much stronger cyber protection but helped it manage the challenges of moving to remote work when the pandemic hit.