As Founder & Chief Strategist at CyberSC, Dominic Vogel holds a proven track record within cyber security across multitude of industries (financial services, logistics, transportation, healthcare, government, telecommunications, and critical infrastructure).
Dominic actively participates in the Vancouver security community and is a well-respected cyber security expert for appearing on media news outlets across North America and Internationally on BBC World News. Dominic is highly regarded as a cyber security thought leader and was recently appointed to the BC Provincial Cyber Security Advisory Committee.
Dominic focuses much of his energy on providing strategic security leadership to technology start-ups and small/midsize businesses to proactively solve their cyber risk challenges. He strives to provide practical cyber security advice to his clients and actively turning the security consulting world upside down.
Connect with Dominic on LinkedIn.
What You’ll Learn In This Episode
- Every kind of industry is at risk
- There are ways that you can protect yourself and and not become a victim
- Cyber ethics
This transcript is machine transcribed by Sonix
Intro: [00:00:04] Broadcasting live from the Business RadioX Studios in Atlanta, Georgia, it’s time for high velocity radio
Lee Kantor: [00:00:13] Lee Kantor hear another episode of High Velocity Radio, and this is an important one today. On the show we have Dominic Vogel with CyberSC. Welcome, Dominic.
Dominic Vogel: [00:00:23] Thank you, Lee.
Lee Kantor: [00:00:24] Well, I’m excited to learn what you’re up to. Tell us a little bit about cyber S.C. How are you serving, folks?
Dominic Vogel: [00:00:31] Well, I like to see that we serve the lifeblood of the economy. We work with small and mid-sized organizations right across Canada, the U.S., and really help business owners and executives grapple with with cyber risk because it just keeps growing by the day.
Lee Kantor: [00:00:45] So now do you mind educating kind of the listener about the threat of cybersecurity? It’s in the news. A lot of people. It happens so frequently they may not understand the prevalence, and they may not understand how it can impact a small business. It’s not just the big guys that get hit with this.
Dominic Vogel: [00:01:06] Absolutely, you know, and it’s a strange paradox of sorts in which a lot of people, especially the small midsize business community, they don’t really understand that actually, globally, the vast majority of cyber attacks are focused on the small and mid-sized organizations, and it’s very much an existential risk for them. You know, mainstream media may cover, you know, the big data breaches from big, big companies, big organizations, Colonial Pipeline, what have you. But for every, every big company you see experienced a data breach. There’s about five to 10 smaller ones that aren’t in mainstream, but they go out of business because they don’t have the war chest to survive a cyber attack or a data breach. And one of the most prevalent threats right now, especially among small mid-sized organizations, is something called ransomware. It’s basically like kidnaping the twenty first century where your IT systems, your data basically held hostage and you have to pay a ransom in order to regain access to that. And it’s like a digital wild fire right now. Says organizations are just getting hit left, right center with it.
Lee Kantor: [00:02:09] And then, while every kind of industry is at risk, this is especially dangerous for financial services. Supply chain health care, I would imagine telecommunications. Anything that deals with the government or infrastructure I would imagine are really. This is not a nice to have. These are must haves.
Dominic Vogel: [00:02:30] Oh, absolutely. I tell you that the the magnifying glass is even brighter or the scrutiny is even tighter in those sectors. But one of the things I often tell people is that we live in a digital economy. Pretty much every company relies on its data, whether it be manufacturing companies, whether it be a five person company. If you lose access to your data, the ability to access key IT systems, you’re unable to do business. And if you’re unable to do business, you’re unable to serve your customers. If you’re unable to serve your customers, you’re not making money. And I always jokingly say that unless you’re selling tacos on the back of your Volvo and all cash deals, you are a digital company. That’s just the economy in the world we live in today.
Lee Kantor: [00:03:16] And then to educate the listener about the people who are kind of doing these kind of deeds. It used to be, you would imagine, some kid in the basement, you know, eating Cheetos and drinking Red Bull and just doing this as a prank. But these are these are sophisticated players here. This is their job. They approach this like middle management, right where they’re going into office buildings with whiteboards, and they’re brainstorming to try to find the most effective ways to penetrate a system.
Dominic Vogel: [00:03:49] You’re absolutely right. I mean, you know, well, all of us are stuck in what I refer to as nineteen ninety five level thinking when we when we think about cyber criminals. That was absolutely true back in the mid 90s and into the early 2000s. It was mostly just disgruntled teenagers wearing hoodies in the in their mother’s basement. That’s not true anymore. What we’ve seen, especially over the past 10 years, is a rise of what I refer to as the professionalization of cybercrime. Every single criminal syndicate organization in the world invests heavily in being able to commit cybercrime. Cybercrime has actually surpassed the drug trade as being the most profitable crime throughout the world. The reason being it’s safer. It scales a heck of a lot better than drug trafficking. You can commit these crimes anywhere in the world, and being caught is the risk there is really, really low. So that’s what we’ve seen just so much money being invested by criminal organizations because cybercrime is such a profitable crime for them. And that’s why I often tell people now is that we have to understand we’re not going up against the amateurs, we’re going up against professionals. So organizations keep taking an amateur approach to cybersecurity. Well, it’s like any amateur going up against a professional in anything you’re going to lose 10 times out of 10.
Lee Kantor: [00:05:07] So let’s give the listener some relief. There are ways that you can protect yourself and and not become a victim. Talk about cyber ethics and how you’re actually helping people prevent some of this and so that it doesn’t impact their businesses.
Dominic Vogel: [00:05:24] Absolutely. And I’m a big believer in doing the basics and doing them well. You know, a lot of people think about cybersecurity. It means, oh, we have to spend hundreds of thousands of dollars on state of the art security and firewalls and what have you. That’s really not the case. You know, it’s really just a matter, a case of embracing what I refer to as cyber hygiene and doing those basics and doing them well. And that’s where an organization like ours, like Cyber, see where we come in. We work with whether it be a business owner, CEO, CFO, CEO, someone who is ultimately responsible for the well-being of their organization. And cybersecurity falls on their shoulders. But it’s not something that they truly understand. And we go in and we really go through a what we refer to as a maturity process to be able to identify what are the most critical data assets in your organization. Do you know where they are? Do you know who has access to them? And we start building security controls around that thing and just doing some basic, basic stuff. One of the things which I always talk about if your listeners take any practical tidbit away from our little chat here is that they need to embrace what’s referred to as multifactor authentication. And that’s where you’re no longer just using a username and password to log into a system where you’re using username, password and another form of authentication. So that could be a one time code that gets sent via text message or via email to your phone. Perhaps you have what’s referred to as an authenticator app on your phone. It’s really just adding an extra layer of security, and that is one of the most effective techniques that people can embrace right now in terms of lowering their cyber risk for their organization. And for the most part, it doesn’t cost anything. Most of the systems, especially their online systems, whether they’re using for email or for remote access, those capabilities are generally built in. Most people just aren’t making use of it.
Lee Kantor: [00:07:12] Now, in the work that you’re doing, you’re obviously protecting data for your clients. And and this is something that the client obviously has a need to protect the data. That’s important, but it isn’t. The value you provide goes beyond that, doesn’t it? Because of if my data is protected well and I can show that if I was to sell my company, if I wanted to merge with another company, I would imagine that my company is that much more valuable that I’ve checked that box in terms of the due diligence of whoever is my purchaser. And so I would imagine this is more than just an insurance policy. This is something that can really. It’s not an expense. It can really improve the value of my company.
Dominic Vogel: [00:07:58] And it’s so great to hear you bring that up where you go. And that’s really it’s about adding value to your business. It’s about supporting the growth of your organization’s business. You know, this is especially true for even even before you even get to the point, maybe even selling or having your company acquired. You’re happy to be on business to business, especially if you sell to. You mentioned the government sector. If you sell to within regulated industries like financial services, you’re selling to Fortune five hundred Fortune 1000 companies. If your company is able to actively demonstrate in a quick fashion what your security capabilities are, that puts you at a competitive advantage compared to maybe your one of your competitors who is not investing proactively in cybersecurity. And we’re really seeing that right now as large organizations are digging deeper, they’re doing greater due diligence on the vendors that they rely on, and they’re saying, No, sorry, we can’t do business if your company isn’t able to demonstrate its cybersecurity capabilities. And we’re seeing that more and more with mergers and acquisitions, as well as part of due diligence. For the longest time, it’s always been let’s do the financial operational personnel due diligence. Past few years, we’ve seen cyber risk due diligence become increasingly more common and the organizations doing much more digging there. So if you want your company to be acquired successfully, especially one of those more regulated spaces, you need to be investing in cybersecurity now. It’s going from not just being, it’s going from being a table stakes item to being a source of competitive advantage in value and growth for your organization.
Lee Kantor: [00:09:34] Right. And like you mentioned in some of these heavily regulated industries, this is a must have. You can’t even do business because you’re putting everybody in the network at risk by you having places that can be kind of penetrated. Now that gives the bad guy away in to everybody.
Dominic Vogel: [00:09:51] That’s that’s exactly the case, you know, and there’s a watershed moment when Target, the large retailer, experienced a data breach. And I’m going to say that was about 10 years ago. It wasn’t actually target that was compromised. It was there. Each vac vendor, which is which was a mid-sized organization, they were compromised. And then there was through that access to target. The target ended up being compromised. That end up being a watershed moment because it was at that point forward. And with each passing year, the scrutiny has gotten tighter and tighter, where the large organizations started really clamping down on the vendors that they rely on day in and day out. So that was a turning point, especially over the past year. We’ve seen those screws just get tighter and tighter and tighter to the point where, again, if you’re in a regulated space, it’s table stakes and more and more so in other spaces, it’s becoming a source of competitive differentiation.
Lee Kantor: [00:10:45] Now is this something that only the big guys can afford? That you have to hire a chief technology officer or a CIO or somebody that is just, you know, 24-7. This is all they’re thinking about that if I own that five person company, I can’t afford to, you know, take 20 percent of my personnel and put them on this. I, my business is too small to do that. Is your solution something that that the small guy can take advantage of it? Or is this something that they got to kind of grow up a little before they can afford to deal with this?
Dominic Vogel: [00:11:24] No, and I appreciate you bringing this up. I mean, that was very much the genesis for our organization we saw in school almost 10 years ago from when we started the organization was that the the little, the little guys, the little organizations, they were being priced out of getting good, actionable guidance and advisory capabilities from organization, those security organizations and security vendors. That’s when we started and we saw that there’s an opportunity to really help this fall in mid size market. They should be able to access that. That’s where our services and there’s two sets of services that we provide. One is we provide fractional or virtual cyber risk leadership. You’re absolutely right in that every organization should have some form of cybersecurity leadership. But not every organization doesn’t make sense to have a full time employee there, especially when your chief information security officer. Their average salary is anywhere between one hundred and fifty K plus, you know, and that that can be a lot for someone to take on, especially a smaller organization. So that’s where our services you’re able to tap in to instant experience cybersecurity leadership at a fraction of the cost. You’re able to have someone hit the ground running and take that security portfolio for the organization. So that’s something that we absolutely love love doing for our clients. The other thing that we have, it’s it’s a it’s a course for I refer to as microbusinesses. So this is for organizations that have 10 employees or fewer, maybe even our advisory services, maybe a little too to rich for their liking, at least at this point in time, they’re able to designate internal cybersecurity advocate and they go through our training course, which is a series of videos and worksheets and guidelines, things which are being narrated and by me, and we guide them through how they can at least start building. Cybersecurity program and foundation that their organization and that’s the price of the spot where it’s just an investment of a few hundred dollars and they’re able to get started right. So we love being able to help and make cybersecurity cost effective and available for any organization.
Lee Kantor: [00:13:32] Now this kind of protection is something that a lot of people procrastinate because, oh, nothing bad happened today. You know, it’s like one of those things you you don’t need it until you need it. But this is something I think you have to proactively stay ahead of because everybody is so vulnerable.
Dominic Vogel: [00:13:51] You’re absolutely right. And so the real world analogy I always give is, you know, think about a doctor who is trying to encourage a patient to change their lifestyle. They know that a heart attack is coming. They know that this person’s going to have a massive stroke because they’re not exercising. They’re not taking care of themselves. They’re eating Burger King four times a day. They know what’s coming, right? So you can you can either how we view ourselves from a security practitioner point of view, we know that there are organizations that ultimately it’s going to they’re going to get hit by data breach or ransomware or what have you. And like you said, there are those who understand the need to be proactive. But then there are those who will always react. And the thing that I always want to tell people is that after a negative event or after a significant data breach or security incident, it’s always more expensive. The road is longer to recovery. Just like if the road to recovery before you have a heart attack is easier compared to the road after you have a heart attack, and that’s assuming you’re lucky enough to survive.
Lee Kantor: [00:14:54] Well, thank you so much for sharing your story today. If somebody wants to get a hold of you or somebody on the team or just learn more about the service, what’s the website?
Dominic Vogel: [00:15:02] The website is cyber SD like South Carolina or Santa Claus, or just the letters s c, or they can reach out to me on LinkedIn. Dominic Vogel or find it the company page Cyber Etsy on LinkedIn as well.
Lee Kantor: [00:15:15] And that’s c y b r s c.
Dominic Vogel: [00:15:19] That’s correct. Sure.
Lee Kantor: [00:15:21] Well, thank you so much for sharing your story. You’re doing important work, and we appreciate you.
Dominic Vogel: [00:15:26] Much appreciated. Thank you.
Lee Kantor: [00:15:27] All right. Lee Kantor we’ll see all next time on high velocity radio.