Cybersecurity isn’t just a buzzword – it's a necessity for today's B2B tech companies, like us at LinkSquares. And it can also be a terrifying concept if your company doesn’t have a plan in place to protect your data (maybe that’s why Cybersecurity Awareness Month is so close to Halloween). This begs the question: What are the most pressing cybersecurity threats we face today? And it's a question that warrants a look into our approach to IT security and how we've adapted to an ever-changing threat landscape. So, what advice would we give to other companies looking to bolster their defenses? And how will new technologies affect the role of IT leaders in the coming years? As we dive into these topics for Cybersecurity Awareness Month, LinkSquares VP of IT & Security Robb McCune is here to share his thoughts with the masses of SaaSes.Q. In your opinion, what are the most pressing cybersecurity threats that SaaS B2B tech companies face today?
A. Data theft and control of data continue to be the most pressing threats to organizations. However, intent, methodologies, and ease of attack continue to evolve. Activsim and monetization remain at the top of the list for intent, with hundreds – if not thousands – of subtopics under those headers.
Insider threats have also evolved. Utilizing refined spear phishing, AI and machine learning (ML) attacks that can impact both one’s business and personal profiles make it increasingly difficult for employees to see the forest for the trees.
Adding fuel to the fire is how easy attacks have become. HAAS or Hacking As A Service has matured into a professional market. This maturity includes wrap-up reports on how to better protect your organization, what the attackers used to exploit you, and how you can adjust your profile to avoid future attacks.
Q. How has your approach to IT security evolved over the years in response to an ever-changing threat landscape?
A. The edge has changed. No longer can you be confident that data won’t traverse an employee’s unmanaged phone or computer. In addition, companies leverage hundreds of SaaS solutions to run their operations. Hiring an expert for all applications just isn’t feasible. However, a robust Data Loss Prevention (DLP) program to identify and manage different data types and how they’re intended to traverse an environment can help mitigate the fungible edge we live with now.
Q. Can you share some examples of measures we've taken at LinkSquares to mitigate cyber threats and protect customer data?
A. Client data protection is our top priority at LinkSquares. We have a layered strategy with security that spans vendors and technical approaches, including web application firewalls (WAFs), a unified cloud security platform, continuous monitoring, and scanning among other things. Our approach applies to both employee endpoints as well, leveraging security with functionality and business needs.
Q. How do you foster a culture of cybersecurity awareness within your team and the broader organization?
A. We foster our awareness programs through traditional training programs as well as non-traditional approaches with monthly security awareness newsletters. Keeping the information relevant to job functions and injecting a certain level of humor helps to keep it light and engaging – like our “in-stall-ments,” which are educational flyers that we put up on the bathroom stall doors.
Q. With Cybersecurity Awareness Month upon us, what efforts is LinkSquares making to raise awareness and education about cybersecurity among our employees?
A. For this year’s Cybersecurity Awareness Month, we created a scavenger hunt. Within our Monthly newsletter, there’s an unlabeled QR code. That code will take you to an internal page presenting you with the challenge of finding a new “Security Monster.” The winner will receive a Visa Gift Card.
Q. How do you approach the balance between implementing robust security measures and ensuring a seamless user experience for our customers?
A. It’s a continual balance that requires you to keep current with tools and methods that internal teams are utilizing. Often, I’ll approach this from API reviews to discover unknown tools and use that as a catalyst for conversations with appropriate business leaders.
Q. In the event of a data breach, what steps do we take to mitigate damage and ensure timely recovery?
A. We have a full incident management policy with cross-functional leadership that enables us to be limber and timely.
Q. Could you tell us about any new technologies or innovations that you think will shape the future of IT security in the SaaS B2B sector?
A. Tools blocking on behavior and intelligence continue to hold the most values against static rule sets that can go stale. AI and ML will change the landscape when it comes to threats and the perceived credibility of the attacker. Training and awareness on the hallmarks of deep fakes and other obfuscation is critical for our employees to be armed with.
Q. What advice would you give to other companies looking to strengthen their cybersecurity posture?
A. Start with the basics and keep it simple. Shiny new tools can be great but you should wrap a tool around your program and not your program around a tool.
Q. Lastly, how does having a platform like LinkSquares help when it comes to cybersecurity?
A. With the massive SaaS presence in today’s organizations, leaders need to not only be aware of the intent of their tools, but also of how they can be used in unintended ways. Internally, we use LinkSquares Finalize as part of our vendor management and risk scoring.
Creative use of tools can save money and increase efficiency to avoid context switching. Before you go buy a new tool, see if you can get creative with the ones you have to cut down spend and increase efficiencies within your teams.
In light of the shifting digital landscape, the importance of cybersecurity can’t be stressed enough. This is especially true for SaaS B2B tech companies that continually face pressing and evolving challenges like data theft and insider threats. AI and ML will keep influencing the future of IT security, but amidst all of that, Robb’s best advice for other companies is simple: Be proactive. Start with the basics – and leverage the tools you already have on hand. A platform like LinkSquares can help mitigate risk and increase efficiencies in the wake of a data breach or other crisis. As we move further into the digital age, cybersecurity remains a crucial concern that’s not going anywhere. Instead, it’s taking us on a journey of constant vigilance, learning, and adaptation to stay protected.
Subscribe to the LinkSquares Blog
Stay up to date on best practices for GCs and legal teams, current events, legal tech, and more.