*The X Files into music*
Do you think you’re safe?
Do you really think your data is not out there?
Well, dear Dana, get ready. Your world is about to change.
Filip and Gio had a conversation with Tomislav Vuk in this episode of the Maoio Podcast. They discussed cybersecurity. Yes, that mythical beast everyone mentions, but not many know much about it.
Luckily for you and us, Tomislav Vuk is a cybersecurity expert with years of experience. But Tomislav said that he’s not an expert. He said that no one skilled in cybersecurity would call themselves an expert. According to Tomislav, imposter syndrome is common in the industry. Everyone who knows something is aware that they don’t know anything.
Every seasoned cyber security guy or girl knows that hackers and scammers never sleep. New ways of stealing data and destroying lives show up all the time. That makes Tomislav learn all the time. And we’re thankful for that. People like him keep us safe in the era of digital criminals.
The funny thing is…
Tomislav almost ended up wasting his talents in other industries. We should pray to holy Fox Mulder for making Tomislav return to the world of cyber crimes.
How Tomislav Vuk Fell in Love With Cyber Security
Filip and Tomislav go way back, but our audience doesn’t know who Tomislav is, so he had to introduce himself on Maoio YouTube Channel.
He’s been in cybersecurity and IT for a long time but lost interest. Tomislav mastered electrical engineering, telecommunications and informatics, but he was always interested in human behavior.
When he learned that hacking and security are related to human errors, he regained interest in cybersecurity. It was the perfect combination of his passions. Working with people and technology to keep everyone included safe. That’s how Tomislav started teaching people how to prevent incidents. That’s how Tomislav Vuk became a CyberSecurity Awareness Advocate.
“Yeah, good for him. But what does that mean? Is he some a WWW sheriff or a digital Avenger?”
Well, that means that Tomislav, and people like him, keep individuals and companies safe from the rising number of scams and data breaches. Don’t think that getting the latest software is enough. The software might be good, yet you might still be in danger. Tomislav said that human errors directly cause 60% of all data breaches.
Because of what he does, Tomislav hears some misconceptions about cyber security. One is so common and dangerous that it deserves a whole section.
Your world might change.
We’re too Small to be Interested? Wrong! Everyone’s a Target!
There’s the biggest misconception about hacking. There are sophisticated ways to hack everyone, but it doesn’t look like in the movies. Tomislav revealed that those who are good work for government-sponsored advanced persistent track groups. Yeah, those stories about teens employed by huge agencies after they breached their security are true.
But for general populations, hackers are scammers because being tech-savvy isn’t even necessary. It’s not their knowledge that makes those people dangerous. It’s their willingness to exploit every weakness in the system. They are ready to steal data, disable processes, and sometimes shoot down whole companies.
And that’s not even the biggest misconception about cybersecurity. Thinking they’re too small to be a target puts millions of individuals and companies in danger. According to Tomislav, no one is too small because hackers don’t sit in front of a computer browsing social media to find their ideal targets.
Everyone is their ideal target, so they don’t have a systematic approach. They pick random targets and try to break in. If they make it, great for them. If not, they move on. Realistically, it’s only a matter of time before you (and everyone else) become the target of a cyber attack. You can’t change that, but you can change how you react by raising your awareness (which will make you more resilient to most scams).
If you have a small company, a minor cyber attack can end it. Everything you worked on, your whole life, could vanish because you were a random target of a random evil person. It’s scary to think about it. It almost makes you want to become invisible and stop promoting your business.
But again, that’s not the way because you can’t grow if no one knows who you are.
The lack of exposure prevents businesses from thriving. You depend on your visibility, so you should keep getting better at networking and increasing your visibility, but you must also learn that great visibility brings great danger.
Do Tech Companies Think They’re Safe From Cyber Attacks?
After hearing the painful truth about hackers, Filip had another question;
“What about tech companies and agencies? How aware are they of the importance of security?”
According to Tomislav Vuk, that’s very subjective. People in IT might say that they’re safe. But IT and cybersecurity are different things. Companies that have IT and cyber security departments are better protected. Such companies understand how dangerous losing sensitive data is. Breaches could also hurt the mental health of employees and clients, the same as their lives from financial and other aspects.
But you probably remember that we said 60% of cyber attacks happen because of human error. So why don’t those companies hire better people? First, some still aren’t aware that they need separate departments for IT and cybersecurity (the same as sales and marketing).
Those aware of the importance of cybersecurity sometimes make the mistake of trying to master things too quickly. It’s not about the people they employ. You can’t jump the ladder even if you hire the best experts. Seeing the whole picture is vital for creating a safe digital business environment.
The problem is that people don’t want to invest time. Also, cybersecurity requires talking to people and investments. People see all that as an expense. Some don’t want to waste time and money solving problems that might never happen.
But Tomislav said that raising your level of safety isn’t an expense. It’s an investment into the future. That’s why it pays off to get a secure webshop on the first try instead of going with the cheap one for the beginning. That ruins many companies. In fact, 50% of small companies don’t recover from cyberattacks. It destroys them on every level.
It’s dangerous to settle for anything but the best.
Especially when you can get a webshop leasing with reasonable payment plans.
Combine it with consulting, and you can scale your eComm business in the next 3 months.
But make sure cybersecurity is part of your business plan. And if you don’t have one, you should get one. The lack of a business plan is one of the dangerous business scaling mistakes.
What About Fractional Roles For Marketing Agencies?
However, Filip is an experienced business owner. He knows what other business owners think. They might calculate their chances and take risks by investing in cyber security when times get better.
That’s dangerous but understandable, so Filip asked about fractional roles in cybersecurity.
Engaging with professionals to reduce the risk of attack is a way to get high-level protection without massive expenses. Yet again, remember that it isn’t about the people you hire but your understanding of the bigger picture. You can get the best cyber security expert in the world, but if you make him obey your ways, you’re doomed. It’s the same as hiring someone to build your house and telling them how to do everything. They’ll finish the house, but it won’t be perfect.
That’s why there’s a business philosophy in mature markets that a CISO (chief information security officer) should have autonomy and be one of the decision-makers. CISO should be one of the vital people in the company because that’s what the modern world demands.
Micromanagement is a big turn-off for consultants, Gio and Filip know that from experience. Check out how a global eight-figure company destroyed its cooperation with Filip. It’s similar to cybersecurity experts. That’s why Tomislav said that a CISO should report directly to the CEO and the board.
And no, you aren’t safe if your market is small. Even tiny markets like Croatia, with a couple of million speakers, are under the rise of cyber crimes. Tomislav hears about that at every event. Some lose 50.000 – 100.000 Euro in one breach. Cybercrime is on the rise, and responsibility should follow. Everyone needs someone they can trust.
In the end, it’s a problem of trust. You need to trust your CISO the same as every other relationship, but a bit more because CISO might save your life’s work from getting stolen in a couple of minutes.
Things Are Getting Cheaper Which Puts Us In Danger
The world is in the middle of a technological revolution. Things are getting better a lot faster, and that makes them cheaper. More people get access to technology. Don’t get us wrong, that’s good. It gives opportunities to everyone. But that raises the risk because not everyone uses new possibilities for good.
People (and companies) ignore that even though everyone is a potential target. And the potential isn’t as small as we think. Everyone should educate, and businesses should invest in security. As Tomislav said, 50% of small companies go extinct after their first cyber attack.
That’s why Gio wanted to emphasize how vital CISO is nowadays. A CISO is as important as a CMO, lawyer, or accountant. They’re simply essentials for business. Without them, you can suffer serious consequences. No one is too small. Remember that they don’t pick on purpose but at random.
And again, don’t think they need fancy equipment to target you. All they need is a fake (or even real) social media account and some time. After a while, you might give them what they want, and they won’t even have to ask.
Scammers use social engineering to earn your trust, so you lower your guard and do what they want. They become your friends and then send weird links. You click it, and you jump right into their trap. However, Tomislav made an interesting point.
Social Engineering isn’t New
Hybrid warfare is the same as warfare. Romans changed history in their favor. Napoleon was printing Russian rubles to cause inflation. Fake news isn’t new; they’re just common nowadays.
In the digital era, everything is as before, but we have more people and tools. Scammers either get creative or learn how to use laws in their favor.
People sell stuff for a low price because they count that no one will do anything because of $5-10. In most countries, police won’t even investigate a $10 scam. Tomislav said that it’s snake oil but digital.
Humans still react to the same stuff as 500 years ago. Now, it’s just simpler to exploit them. Hackers have more opportunities because there are more communication channels.
- Scammers use fear of deadlines with consequences –
“This is a government-issued document. If you don’t pay before X, you’ll suffer Y.”
- They give huge promises –
“Hi. I’m rich. My uncle left me an Emerald mine, so I want to send you $14 million.”
- They use current events –
“Send them money on this OFFICIAL bank account to save Ukrainian children from the horrors of war.”
What Else Makes Us Vulnerable?
Other than believing in stuff without checking, people put themselves in danger by using too many services. Most don’t even know how many accounts on how many sites we have. And each of those accounts is a potential hole in your overall cybersecurity.
Social media, email, Netflix, Slack, everything…
IBM cybersecurity intelligence report (you can download it on the official IBM reports site) proved that human error is the cause of 95% of data breaches. Yes. A wrong click could destroy everything around you.
Are we Doomed?
Tomislav said that we aren’t. There’s still hope for this world. Yet, everyone needs to learn how to build awareness and steps to take to make their environments more secure.
Here are some quick tips on cybersecurity from a cybersecurity awareness advocate, Tomislav Vuk.
Don’t be Too Proud; Everyone Can Fall.
Using the copycat strategy is one of the massive mistakes digital agencies make that prevents them from delivering the best results and making it to the next level. Every business and every client is different. So if you’re investing in cybersecurity, find a person who’ll take the time to analyze you and come up with the solution that fits you as a glove.
PRO TIP – if the security expert claims that nothing could ever go wrong if you hire them, hire someone else. Everyone can fall, even the giants in the industry. Cybersecurity isn’t a field for those with big egos.
Cyber Attacks are More Common than Most People Believe
We mentioned a couple of times that no one is too small to be a target.
And the number of cyber attacks is rising, even in small markets. What’s scary about it is that even children are in great danger. They are the weakest targets. The same as in nature, predators pick the weak because they give them the most reward without risking too much.
PRO TIP – don’t give your kids mobile phones because you don’t want to hang out with them.
If You Use the Same Password on Many Things, You’re Weak
That might be the most common cyber security mistake ever. Most people know how dangerous using the same password is. Yet, that doesn’t make them change their passwords until they lose access to vital files, accounts, etc.
PRO TIP – don’t make it easy for them; use different passwords and change them every 60 days.
It takes Time to Build Awareness and Gain Experience!
Now that you know that scammers and hackers don’t mind using emotions to fool their targets, you’ll become more aware of fake stuff around you. That will make you as safe as you can be. Technology is great, but in the end, common sense still rules the world.
So, the last pro tip is Filip’s famous sentence: “Do what you do best, pay for the rest (if you want the best possible results).”