Aviva Zacks of Safety Detective interviewed GRSee’s CEO and Founder Ben Ben Aderet. She asked him about how much compliance matters to startups.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Ben Ben Aderet: I was working at an Israel-based IT company for about a year when I was offered a position as an information security consultant. Since then, I have been in the cybersecurity world, or compliance information security. I started off as a consultant focused on the technical operating system and moving on to a position in application security and then compliance regulations. During that time, I founded GRSee Consulting.
I love that cybersecurity is always evolving. Attacks, threats, and vulnerabilities that we saw in 2000 are very, very different from what we see today. The attack surface today is so much broader than it used to be, and some of the reasons for that are social media, regular online presence, and that everything is SAS—everybody and everything is connected to one another.
Another reason I love cybersecurity is that, in my job, I can be constantly engaged with startup companies and founders and brilliant people and I keep learning every day. I think that the most important part for me.
SD: What are some of the industries that use GRSee and why?
BBA: Our fastest-growing market is the startup industry—it might be a medical device startup or FinTech—and I think the startups are the largest growing industry for us. The main reason for that is 90% of startup companies need to start doing compliance in order to get big deals flowing in and signing big agreements with corporate America or even companies in Europe. We work with a lot of startup companies; we also work with large corporations in Israel as well as in the US, which include insurance companies, financial institutions, online gaming providers, and software companies.
SD: How does GRSee help protect its customers?
BBA: We help our customers identify their major risks, identify core business-related risks and have some internal quick wins at an early stage of an engagement. In order to carry on some of our work, we use a variety of tools and software packages that we purchased, and we use them to conduct some of our services such as penetration testing.
SD: What do you feel is the number one threat in cybersecurity today?
BBA: As I mentioned, the attack surface is so much broader these days. I’m not sure I could narrow it down to a single threat, but I think the fact that nowadays if a hacker or a malicious user wants to gain access to a corporate environment, he could stalk someone on Facebook or LinkedIn. He could start a conversation using social media with these and he could conduct the first phase of any attack which is usually reconnaissance. He could conduct it very seamlessly and then when he has enough information, he could then craft a sophisticated attack. Spear phishing a single individual with a higher probability of success. Once he has the credentials he needs, he can go ahead and carry out the attack.
SD: How do you see cybersecurity developing in the next five years? How do you see the threat landscape changing?
BBA: Regarding your last question. I think compliance will keep evolving and will present more opportunities on one hand and restrictions on the other. We’ve been seeing that for the past few years with GDPR in Europe for privacy and security, with CCPA in California with the shield act in New York. PCI has been around for a long time. I think compliance will keep evolving and will continue to serve the baseline that each and every company needs to be able to do business.
SD: What should startup companies expect in terms of compliance?
BBA: I think startup founders need to be acutely aware of the fact that once they start collecting any type of data that is under contract with a business partner or is deemed as sensitive—whether they collect financial data, personal information, health and medical data, and payment information—they would need to consider compliance at very early stages in order to be fully prepared when they finally roll out their solution.