Cybersecurity tips from the ‘Shark Tank’
Shark Tank star Robert Herjavec’s experiences while traveling are a good indicator of how cyberattacks have emerged as a concern for businesses and individuals.
Herjavec, a cybersecurity professional for more than 30 years, appeared Wednesday on a webcast with Barry Melancon, CPA, CGMA, the CEO of the Association of International Certified Professional Accountants. The archived webcast is available on the Association’s website.
Five years ago, Herjavec said, he had difficulty getting meetings with CEOs unless they were fans of Shark Tank, the ABC television show on which he serves as a judge of entrepreneurs’ budding business ideas.
This dynamic has now changed. “Fifty percent of my time now is spent with boards and senior executives,” Herjavec said. “This tells me that cyber is not a technology issue; it’s a risk issue. The more senior someone is in an organization, the less they care about technology and the more they care about cyber risk. They all want to know if they’re doing the right things.”
Not just C-level executives express this interest. “When I first got on TV, I’d go to these fancy Hollywood parties and would tell people, ‘I’m in cybersecurity,’ and they’d look at me for about 10 seconds and then exclaim, ‘You’re the guy on Shark Tank!’ ” Herjavec said. “Today when I go to these parties, they say ‘Hey, I want to talk to you about cybersecurity.’ ”
One thing hasn’t changed: Once he passes on his advice, they still request a selfie.
Nary a week passes without another large organization suffering the brunt of a data breach damaging its revenues, reputation, and business prospects. With big data proliferating, information has become many organizations’ most critical asset.
Herjavec and Melancon discussed the distressing spate of recent data breaches and ransomware attacks such as WannaCry and Petya. They also talked about the changes in the attack vector, composed of traditional hackers along with criminal organizations, nation-states, and terrorist groups. Herjavec echoed a comment he heard recently that summed up the state of cyber readiness in the global business world. “There are two types of companies—those that have been hacked and those that don’t know they’ve been hacked,” he said.
Prior to joining Melancon on the webcast, Herjavec reviewed the AICPA’s recently issued cybersecurity risk management reporting framework, which can be used by an entity’s management in describing its cybersecurity risk management program and by CPAs in reporting thereon.
The framework, available at aicpa.com/cybersecurityriskmanagement, serves as a common language for management to use in reporting to its board, audit committee, and other key stakeholders. It also can be used by CPAs in performing cybersecurity consulting engagements known as “readiness assessments,” as well as System and Organization Controls (SOC) for Cybersecurity examination engagements.
Herjavec found value in the framework, including for small and medium-size businesses (SMBs), many of which are constrained by tight budgets, Herjavec said. “To get the guidance they require, a starting point is to go to people they trust,” he said. “… To me, it makes sense to consider their accounting firm. They’re trusted advisers, without an underlying vested interest in selling you something else. … A CPA adviser is a logical progression for SMBs to get advice around cyber risk and how to manage it.”
Herjavec’s tips for cybersecurity for all businesses include:
—Russ Banham is a Pulitzer Prize-nominated business journalist and author who writes frequently about cybersecurity. Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com), a JofA editorial director, also contributed to this article.
Research & References of Cybersecurity tips from the ‘Shark Tank’|A&C Accounting And Tax Services