Good cybersecurity focuses on people and not just technology, says Polaris Infosec co-founder and CEO Tin T. Nguyen [Q&A]

In a world where technology is becoming increasingly ingrained in almost every aspect of our lives, so are the dangers of cyber security. However, a good reformulation of the challenges in cyber security would be to consider it more in relation to how people communicate with technology.

“Cybersecurity is inherently not a technology problem, it’s a people problem,” said Tin T. Nguyen, co-founder and CEO of Polaris Infosec, in a TechNode Global Q&A. “You can have the best technological solutions on the market, but if you don’t use it correctly, it doesn’t matter. Most cyber attacks have a human element, a human failure.”

Nguyen previously served as both an infantry officer in the US Marines and a US Federal Bureau of Investigation (FBI) special agent serving in the Counterterrorism Threat Response and Violent Gang Units. Both experiences taught Nguyen the importance of information security and intelligence gathering, especially when it came to countering threats, both real and online. Upon leaving the FBI, the skilled ex-soldier quickly went deep in obtaining a number of cybersecurity accreditations.

With it, he combined his technical knowledge in the cyber security field with his leadership and intelligence experience from the military and the FBI. He would later join Singapore-based Polaris Infosec in the winter of 2021, bringing the company from the product development phase to the go-to-market phase.

Nguyen highlights the timeliness and importance of a strong cybersecurity posture for both organizations and individuals:

“It is important that people start thinking about cyber risk now because hackers know that the vast majority of businesses and organizations do not have security in place. Most times they don’t target you specifically, but you can be just one fish caught in a big net during an attack. Cyber ​​security is not as complex and expensive as most people think it is, and can be quite simple for small organizations as long as you know who to ask.”

Read on for the interview.

What are the trends driving innovation in cybersecurity today?

For me, it all boils down to 3 buckets:

• Digital transformation. With everyone from small mom and pop shops to larger enterprises going online for everything these days and relying more on new technologies such as IoT, OT, Cloud services, blockchain, etc., the risk increases with a requirement for security providers to be more innovative in how we offer security solutions.
• Young technology companies with new solutions and systems. Everyone wants to be a tech company these days, and you see it across all industries, even those that were traditionally non-tech (ie look at the rise of artificial intelligence). New technology means new vulnerabilities for cybercriminals to exploit.
• Bad boys. Innovation means trying to keep up with the guys who have no rules and restrictions, and no limits to how they attack. In the private cyber security industry, we have rules to follow and play by, and we are influenced by things like business considerations.

What are three main challenges involving cybersecurity in an increasingly technology-dependent world?

• Lack of attention. People do not have an understanding of what risks exist and why they need to worry about them
• Increasing complexity. Technical concepts and cyber are complicated enough for experts, but for a normal person it’s like learning a foreign language… and it only gets more complicated despite being a daily integrator in life.
• Increasing demand with not enough supply in the form of experts. Evolving threats due to technical integration in everything – smart homes, smart cities, web3, 5G, autonomous vehicles, robotic process automation are just a few technology trends that require security, but without enough experts in the market to really protect the growth of the technology.

How are these handled with innovative solutions and technologies?

I don’t think there is a lack of technological innovation. There are some brilliant minds working on today’s biggest cyber issues. But to reframe the thinking a bit – cyber security is inherently not a technology problem, it’s a human problem. You can have the best technical solutions on the market, but if you don’t use it correctly, it won’t matter. Most cyber attacks have a human element, a human failure.

Cyber ​​teams around the world are pushing cyber awareness and training very hard, but it’s a long-term strategy. Product development companies are getting smarter about secure software development to ensure that security is an organic part of what they sell.

[C]Hypersecurity is not inherently a technological problem, it is a human problem.

Organizations are starting to build their own organic security teams or, for smaller teams, outsourcing security to third-party vendors (also growing rapidly) so they don’t have to think about it as much. Governments are developing cyber frameworks to impose security and privacy regulation to force organizations to plan for risk. Digital transformation companies seek security partners to deliver services automatically.

With your background in the military and law enforcement, how has this influenced your approach to cybersecurity and data protection?

We need to integrate cyber security and data protection into the systems and practices of businesses, so they don’t have to think about it. Historically, people don’t really worry about security until it’s too late, and even then some people still choose not to do anything.

Cyber ​​security must go hand in hand with secure software development, with digital transformation services such as the use of cloud services. As best we can, we need to make security transparent to the average user and business, because quite frankly, they won’t use it otherwise.

Does this also have an impact on your entrepreneurship and leadership style? How?

Absolutely. We need to have a very clear understanding of the mindset of consumers and end users. When we know their priorities, we can adjust how we interact with them, how we market to them, how we deliver our services to them. Knowing that the vast majority of society knows nothing about security allows me to focus on education and awareness for long-term impact. At the same time, the Polaris Infosec team and I continually adjust our business plans to find ways to seamlessly integrate security into their day-to-day operations.

Managers need to be more patient and understanding when working in emerging markets such as cyber security.

Can you cite case studies that highlight the importance of security posture for companies and industries?

It was a Southeast Asia FMCG company that was the subject of one compromise of business email. Fake emails and documents from “internal managers” (actually hackers) caused the company’s own accounting department to transfer $500,000 to an overseas account belonging to the hackers.

There was also a Southeast Asia Blockchain gaming company that was hacked for millions of dollars. More specifically, the company was the subject of a social engineering attack, where team members were manipulated via social media and messaging apps into downloading malware that allowed access to their network. Finally, the blockchain was hacked due to the private keys being stolen due to the attackers gaining access to the network.

How do you see the future of the cybersecurity industry?

Long-term stability and growth: Technology is ingrained in literally every facet of our daily lives, and that will only increasingly be the case. As long as there are systems that collect private data, as long as there are systems that talk to each other, it will be cyber. As long as there are technology companies, people using computers and phones, there will be cyber.

read more TechNode Global Q&S and Interviews from the archive. TechNode Global INSIDER also accepts editorial contributions with relevance to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Cybersecurity trends to watch for in 2023