Former executive director of security at the CIA, Nick Gisinto, who worked at Uber and Tesla after leaving, gave some advice to Ukrainian IT companies regarding cybersecurity in the face of Russian full-scale invasion.
He shared this in an interview with Forbes Ukraine.
"Russia allows the spread of cyberattack methodologies among the population, not just the military, and encourages civilians to carry out such attacks," Gisinto noted.
He talks about how every cyberattack costs companies millions of dollars, and employees should realize this, otherwise they won't understand the risk and won't take the threat seriously.
According to him, companies should allocate at least 10% of their IT budget to cybersecurity. To determine the specific amount of expenditure, a company needs to assess risks and analyze what is most important for protection. Then the business can make proper investments.
He also shared his vision on the use of polygraphs in IT companies.
"As someone who worked in the CIA, I understand the necessity of polygraphs in certain cases. But in most companies and corporate cultures, polygraphs can have the opposite effect on employees' psychology. Using a polygraph in an ordinary company is overkill," believes Nick Gisinto.
The former CIA security officer added that instead, more investment should be made in corporate culture so that employees "feel valued, protected, and believe they bring value to the company." Then they won't leak information, sell secrets, or give access to hackers.
In his opinion, investing in cybersecurity should start from the very beginning of the company's existence. Many things can be implemented without using additional tools. For example, multi-factor authentication is an effective measure that costs almost nothing. Meanwhile, the lack of reliable password protection methods is one of the main reasons why companies fall victim to malicious programs.
"Ukrainian companies probably understand better than others the risks of cyber vulnerabilities. When a country is involved in a conflict like Ukraine is now, resources become very important. Companies need to be more creative in their solutions. They need to look for inexpensive, innovative solutions to gain a competitive advantage or achieve a goal without significant resource expenditure," Gisinto believes.