The video focuses on the critical need for securing the connected enterprise from IoT and operational technology (OT) vulnerabilities, highlighting the rapid growth of connected devices and the increasing threat of ransomware attacks. Presenters Graeme Scott and Jason Stein discuss the challenges organizations face, including visibility gaps and compliance burdens, as well as the financial risks associated with data breaches. They emphasize the importance of understanding various devices and the need for organizations to adapt to evolving cybersecurity threats. The discussion also touches on the role of advisers in helping businesses navigate these challenges, particularly for small and medium-sized enterprises (SMBs) that often lack resources and awareness of their vulnerabilities. Overall, the session encourages proactive engagement and investment in cybersecurity measures.
Transcript is auto-generated.
Well, your comments and questions are welcome in the chat window today to which our presenters will respond both during and after today’s event. It’s time now for today’s high intensity tech training, Securing the Connected Enterprise against the vulnerabilities created by today’s converging IOT and OT systems.
We’re going to look into the new attack vectors beyond the traditional networks, identify security gaps, show you the market opportunity, and best of all, how to close and implement these IoT and OT security deals. I am thrilled to welcome back to the Tuesday call two of Telarus’ most dynamic and powerful presenters, VP of Advanced Networking and Mobility, Graeme Scott, and, of course, VP of cybersecurity,
Jason Stein. Hey, guys. Welcome to you both.
Thanks, Doug. Really glad to be here, and I always, love it when, Steiner and I get to team up on some of this stuff. We have such a good time, the two of us. So really excited to be here. Steiner, how are you doing this morning?
I’m doing great. How are you both?
Good. Good.
Alright. Well, let’s go ahead and jump right in here. So, those of you guys who follow these kind of things know that, Stein’s gonna be really busy next month because it is cybersecurity awareness month, and there’s a ton of amazing things that we’ve got planned for you guys around that kind of content. So make sure you’re checking out the hit calls as well as our LinkedIn.
We’re gonna be very active posting all kinds of content for you guys that you can use with your customers. But, we’ve got so much of it. We didn’t have a chance to get to everything. So we’re, you know, Telarus always likes to be ahead of the curve here.
So we are getting a kick start on cybersecurity awareness month by talking about the IoT and OT security risks that are out there in the marketplace. So first off, let’s just define OT. When I say OT, we’re talking about operational technology.
So, typically, these are the machines, processes,
all these kinds of things that are being used within an industrial industrial environment.
And, as we will find out here today, these types of devices are critical to your customer’s operations, and they are under attack. So, Chandler, if you wanna go ahead and move to the next slide here. So let’s start with the big picture. Okay? We’re gonna talk a little bit about IoT in general. And, I think what should be obvious to everybody out there is enterprises today aren’t just securing laptops and servers anymore. You’re basically running smart factories, connected fleet, building systems, health care systems.
There’s all kinds of stuff that’s out there, and all of it is connected. So by the end of this year, we’ll have nineteen billion connected IoT devices worldwide and on pace for over forty billion by twenty thirty. So that is massive growth, and every single one of those devices is a new doorway into the enterprise, and the bad guys, they know it. So last year alone, ransomware attacks grew by eighty seven percent.
And, Stein, we’re seeing automated scans targeting OT protocols. This stat here says thirty six thousand attempts per second globally. So that’s the big picture, Stein. Like, what, like, what’s going on with this stuff?
Yeah. It’s crazy. There’s so many different sensors, things with IP addresses that are hitting the network, and they’re so far ahead of where we’re at, or we don’t have the security measures in place. You’re seeing artificial intelligence and a lot of these devices hit at a faster rate than we can create security around. So we’re gonna have to combat AI with AI, which is absolutely crazy. But we’re gonna be leaning in a lot more with IoT security, OT security, trying to get lots of different flavors. But you’re gonna see if you talk to your customers, most of your customers are really having a hard time getting their arms around all the different IP addresses, devices that are hitting their network and that their employees are, you know, potentially susceptible to clicking on.
Yeah. So, I mean, really bottom line here, the perimeter isn’t just the firewall anymore. Right? I mean, I know a lot of us are are really comfortable at that at that point in the network, but it’s extended so much further beyond there that we really need to implement these kind of controls, protocols, and policies on all of these edge devices. Right? And that is, you know, anytime you’ve got a problem like this for, businesses out in the ecosystem, I love it because it just creates opportunity for us as advisers.
One hundred percent. It’s interesting. And and what are we gonna have more robotics? I I’m surprised that it’s only gonna be forty billion devices by two thousand thirty. I feel like it’s gonna be even higher than that. We’re probably not projecting
accurate numbers because the devices are just hitting at such a rapid pace.
Yeah. And there are more IoT devices connected to the Internet now than there are regular devices, just so everybody knows. So we’ve crossed that threshold a couple of years ago, but, this this is a massive explosion.
Enterprises love data. Right? Data is the currency that enterprises business runs on, and IoT and OT devices provide that data. So super critical to operations, and it is vulnerable. So let’s move on to the next slide here, Chandler.
Just again, to take a look at some of these, these numbers here, and it’s really, really stark. Right? More devices, more divide more problems.
The the expanding tax surface is is tremendous. Jason talked a little bit about it, but here’s some numbers that really kinda put it into perspective here. Twenty twenty four alone, eighty seven percent year over year increase from twenty twenty three as we talked about. Thirty six thousand attacks per second, and that is a one hundred and fifty six percent attack volume growth. The numbers are crazy, Jason. It’s really hard for businesses to stay ahead of that and to manage that on their own.
A breach happens every fourteen seconds in the United States, and it makes sense when you’re seeing thirty six thousand attacks per second. There’s so many different things that are going on within an organization, and we’re not doing enough time in cybersecurity awareness training because nobody wants to do it. You know, things are getting clicked on. There’s a lot of vulnerabilities.
You and I always talk about even an aquarium and a casino floor is vulnerable because some of these devices haven’t been updated enough, and it just takes so much effort to get your entire IT team. You know? We just moved into an a new house, and we just added five new IP addresses that we never had before. So just think about how many different things a business is doing when it comes to that.
And, you know, one of our suppliers offers robodogs. First off, five thousand dollars a month. Give me, like, ten of those robodogs. That’s awesome.
Yeah. That’s great. And I think, you know, when you start to talk about IoT, you know, really, you’re talking about data collection and and, you know, certainly, those are attack vectors. But when you expand that conversation to OT, I mean, you are talking about major disruptions to business operations when, an attack happens there.
Something goes down. I mean, that is a serious problem. You’re talking the
bread and butter of that business potentially down for extended periods of time. That can cost a business everything.
So what we’re gonna do here, guys, we’re gonna go ahead and break down a couple of different challenges that organizations are facing so that you, as our tech advisers, can start these conversations looking at a couple of key areas, just giving you some tools to go out there and start this conversation with your customers and, and see where it goes. So, Chandler, if you wanna move to the next slide, these are the kind of challenges that are happening within the organization. So challenge number one is we call visibility gaps, the blind spot crisis. So when organizations were interviewed, only forty four percent of them said that they maintain any kind of real time visibility into their operational technology environment. So that means well over half have no idea what’s going on within their OT environment, and, of course, if you can’t see it, how are you gonna secure it? These organizations are pretty much flying flying blind. Right, Stein?
Yeah. It’s tough. You know, there’s not enough tools out there. And let’s face it. Most organizations, you’re logging into ten, twenty, thirty different tools to be able to get visibility into your entire network.
But when you think about OT, you’re talking MRI machines, you’re talking fire suppression systems. There’s so many different devices that are out there, and a lot of them have some type of software on there, but it’s not it’s still vulnerable because there’s no patching that’s available for these devices. So it’s it’s really hard to get and manage all the tools that an IT person needs, and most organizations are understaffed.
So who’s responsible for looking at OT? You need to outsource it and get some of these incredible softwares that are out there.
Yeah. I mean, there’s a lot. And I think, you know, also, a lot of times, these devices aren’t even added to the network. They’re not even operated by the IT team.
Right? They might be an operational device that’s been put in there by someone in the warehouse. You know? You’ve got a lot of shadow IT type stuff happening as well.
So this this lack of awareness of what is even operating within the environment is a huge problem. And when you see a number like forty four percent of organizations maintain real time visibility, I mean, I would challenge you that it’s probably not even that high. You know? Most people aren’t even gonna admit that they don’t know what’s going on in their environment.
So I’m gonna guess it’s less than that.
One hundred percent. If they don’t have to share the statistics, they’re not going to.
Right. Why throw it out there? Right? Let the bad guys know. So let’s go ahead and move on to the next challenge.
This is a big one I know, and I I something that tech advisers run into all the time. We’ll call it legacy constraints. So, basically, the old stuff that’s out there, let’s assume they can see their assets just for the sake of argument. Right? The next challenge is that a ton of these things are running on legacy systems, all of, like, old technology that you can’t even bring up to speed and and put some of these monitoring tools and capabilities in place.
Oh, one hundred percent. It’s just so tough to to be able to to patch stuff that have restrictions. There’s think about some of the old legacy things that we used to joke about like an AS four hundred. But all these devices, they’re they’re not patchable.
They have these vulnerabilities that they’ve had for years. There’s all these outdated protocols that we have. There’s, you know, authentication that needs to happen. There’s, you know, encryption.
And we said it twice here because it’s so important, but there’s a lot of encryption that needs to happen. There’s all these things that are locked down from a hardware perspective. It’s just not easy to patch some of this stuff. So you become vulnerable in so many different ways.
Yeah.
And I think, you know, this this idea of vendor lock in as well. Right? Locked in with a single vendor, maybe that piece of equipment or that piece of hardware or the operating system is is tied to a
specific vendor, and you there can be a lot of challenges when that individual when that company is not updating their protocols. Right? They’re not they’re behind the times with what they’re doing. That creates challenges for the, for the organization.
I love this concept of security debt. Right? We talk a lot about tech debt, you know, in general as a general concept, but really kind of breaking that out into security debt, I think it’s kind of an interesting concept, Jason.
Yeah. You know, it’s it’s interesting because there’s a lot of different things that accumulate over time. It’s important to make sure that our environments are being maintained properly. You know, half the time, we even see it in our space that suppliers, vendors go out of business.
And so you you go and buy an asset from an organization, and then all of a sudden, there’s no one there to patch it or put something in place to help you, but yet it’s not broke. It’s not going anywhere, so you’d leave it in place. But we need to modernize a lot of these things in order to protect them. We need to implement a lot of different policies and controls and procedures in our environments for our our IT staffs.
And if not, there’s possibly vulnerabilities when it comes to compliance and all the different types of regulations that are out there. So lot of different issues when it comes to that debt that we, don’t think about on a day to day basis.
Alright. So good stuff there. Two really, really key problem areas that may exist within your organizations. We got another one here for you, Chandler. If you wanna go ahead and move to the next slide.
Stein, I know this is one of your favorite things to talk about. Right? Compliance and regulation.
Depending on what organ you know, what type of business you’re in, this may be a significant burden for an organization.
And, you know, especially, like, when it comes to OT and IoT devices that are out there, they are not immune from compliance and regulation that it you know, other, you know, notable IT, you know, assets are.
We saw a massive uptick when it came to compliance and regulations and fines this this year in January, and there’s only gonna be more. More around AI, more around OT, more around IoT. You know? So what you the EU has really put a lot of really good, processes and procedures in place.
And, you know, they did GDPR, and then California, when implemented CCPA, well, it was right around the time that COVID happened. So you saw a lot of the compliances take a little bit of the restrictions away because they were worried that if they implemented all these fines, all the SMB would go out of business. But now, you know, NIST, all these frameworks with HIPAA, they’re all coming back, and the fines are starting to get levied. And you’re gonna see CMMC is huge right now.
So if you have an organization that is doing business with anybody in the public sector, anybody in the federal government space, they have to be CMMC certified by March of next year, or they will lose millions of dollars in contracts. It’s regulated by the government. We have all these different compliances that are in place. And a lot of the things that we’re not doing from a patching perspective, from getting our arms around OT, from getting our arms around IoT, and who has access to all those things can cause a lot of violations, and those fines are gonna add up.
And some of these companies will be forced to go out of business.
Yeah. And and, you know, I think the examples we’ve got in the slide here, you know, the first one there, that’s the EU, and they tend to be a little bit ahead of us on some of these kind of things, right, where they start to implement some of these policies. So I
think we can really kinda take a look at what’s happening over there to see what’s coming. So, you know, to your point, Jason, you’re starting to see more and more fines done here.
There’s more on the way, right, as as more of this stuff comes. I mean, this is not something that’s gonna go away. One thing I really wanna point out to our advisers, the the little key insight bottom at the, bubble on the bottom there, seventy three percent of organizations struggle with regulatory compliance mapping. For us as TAs, that’s the kinda thing we love to see because that means seventy three percent of businesses out there need your help.
Right? And that’s the kind of thing that we love to see. Before we move on to our next slide, had a couple of questions in the chat. I wanna just touch on one real quick.
When we’re talking about legacy technology, couple people asking for examples. Derek threw out SCADA. Right? SCADA stuff, that’s a that’s a great example of a lot of legacy type tech that’s out there.
So just for those of you who are wondering, I think that that really kinda illustrates what kinda stuff we’re talking about. So let’s move on to the next slide here, Chandler.
This one is the cost of inaction. Right? If you’ve been at one of the ascends with me, I always talk about, you know, businesses care about two things, making money and saving money. Right?
The cost of inaction is the is a major, major concern for businesses. So the the, dark blue there is sort of the average cost, and, the light blue is kind of the high end of the scale. Right? So data breach, you know, the minimum you’re talking four million dollars for for enterprises.
Downtime per hour, very, very significant. And then regulatory fines, also something that can cost businesses a ton of money. And I know, Stein, you’ve got a lot more research on this kind of stuff as well. Right?
Yeah. The breaches are happening, and, still the United States is the, highest, you know, out of pocket when it comes to breaches. I think we’re throwing more and more money at cybersecurity, yet we’re gonna see global criminal activity hit ten point five trillion dollars from last year, which was nine point six trillion, which the year before was eight point five. So it’s going up a trillion dollars a year.
Now the average breach in the United States is four point three million dollars, which means that a lot of breaches are really, really high. And still the average dwell time mean meaning that an organization has something malicious living in their environment is still over a hundred and fifty days. So it’s undetected. Then back to your point when you got to, we’re talking about seventy three percent of organizations need help with their compliance.
GRC is the governance, risk, and compliance. And if you bring that up to your IT, you know, decision maker, they’re gonna say that they’re struggling, and it’s now a board level conversation.
And boards are outsourcing their risk. They want more advisers to come in and advise them because there’s all these fines. There’s all this downtime, yet they struggle with a CIO coming in and three letter acronyming them to death and saying, we’re fine. Don’t worry about it.
We got it. We’re we’re about to pass our audit. But passing the audit doesn’t mean that you’re still compliant. You still have all these things that you have to adhere to.
And I think once an IT staff passes that audit, they let things go because they’re so small. They’re reacting to other issues now, and that’s where all of this downtime and breaches will come into play.
Yeah. And I think, you know, just, you know, that seventy three percent stat was a great one. I’m gonna throw another one here. So the IoT, OT security market is estimated somewhere between twenty five and thirty billion right now, growing at about twenty five percent every year.
But eighty one percent of organizations still underinvest in OT security. So, again, another huge opportunity there. Right? Even if they’re spending some money, they’re not spending enough. They’re underinvesting and really creating tremendous risk for the business. And, again, you know, for advisors that are able to kind of bridge that gap, have that conversation, there’s a huge opportunity there to create some revenue.
Yeah. One hundred percent. I agree. This is absolutely a great door opener. And if you’re looking for something that differentiates you, talking about IoT, talking about operational technology, and how an organization really gets their arms around all the different devices is gonna separate you from the average person that’s coming in trying to sell them, you know, speeds and feeds as well as, you know, other aspects of the business.
Now, actually, Chandler, if you go ahead to the next slide, you know, this is really what I was just talking about. I forgot to ask you to to advance it. But, folks, this, sort of gives you a visual, representation of what Jason and I were just talking about.
The one thing that is happening that I think is a real positive is that there is a growing awareness within the industry that this is a problem. Right? We’ve seen some fairly high profile, breaches. You know, the one that everybody talks about is, of course, the aquarium.
I think it was at Caesars or one of the big casinos. I can’t remember which one. But shut down a bunch of the you know, that was huge. But there’s more of these every single day. And I think businesses are starting to go, hey, man. This is a real vulnerability for us. And, again, you know, because of that, I think they’re open to having a conversation.
That last bullet point, Stein, I know something you talk about all the time. They don’t have the skill internally to tackle this stuff.
Yeah. They really don’t. And so you can come in and say, listen. Are you short on resources?
How are you doing when it comes to operational technology, IoT, and all the different advancements there? You know? And how are you aligning with the business goals? You know?
What’s the primary focus for you and your organization?
And how are you able to do that and limit the risks, report to the board, and put more security around those measures in place? There’s only a few different things,
but we have resources in incredible deep bench of engineers that will come in and talk to you about OT, talk to you about IoT, make sure that you have the right frameworks in place, make sure that you have the right compliances in place, and also make recommendations on a lot of different tech that’s out there that some of your customers may not really realize.
Yeah. Good stuff. So, Chandler, let’s go ahead and move to the next slide.
You guys have spent some time with Jason know he loves stats. Right? He’s a stats guy. That’s his that’s his bread and butter. He’s, really good at at delivering those stats and telling us what they mean for us. So, Stein, break this one down for us. There’s a couple of really alarming statistics on this one that I think we really wanna pay attention to.
Yeah. I’m gonna start with the first three, the top three. So listen look at this. IoT security statistics show that seventy percent of devices have an exploitable flaw. So not only do we need more visibility and more tools, but seventy percent of the devices on a network have exploitable flaws. But fifty percent of all devices have at least one critical vulnerability.
So imagine not only all the things that you have to deal with as an IT decision maker or CIO, but then to know that seventy percent and fifty percent of of all of your devices have these vulnerabilities. But this is the one that got got me, Graeme.
One out of every three breaches last year was caused by an IoT device. What are you doing over there with the IT IoT, division?
Sorry, man. We’re just trying to collect some data out there. You know? So I guess we gotta we gotta protect it.
You know, I yeah. It’s it’s stark and and not not surprising because it is one of the it’s kind of the forgotten, you know, the forgotten part of the of the network. And, again, everybody talks about security up to the firewall, but it’s all that stuff beyond the firewall that’s really, really vulnerable. And once you get in there getting past the firewall, often not a problem.
What do we got on the bottom here? I think, you know, we talked a lot about operational disruption on one of our, earlier slides.
Putting some some numbers context around it, I think, really kinda drives that point home. Three hundred and thirty billion dollars in operational disruption, and that’s last year. Right, Stein?
Yeah.
So, you know, think about it. That’s last year when it was nine trillion dollars. We’re talking, what, a third of a trillion dollars was because of IoT and OT devices. So first off, sixteen billion in losses were by companies being down.
That’s how much money that they lost. But then there was another three hundred and thirty billion for companies that were impacted because an IoT device took them down for a few minutes or caused disruption where people couldn’t get to their site or get to things that they needed in order to purchase. You had mentioned a lot around, different percentages going up, but ransomware targeting operational technology, targeting those devices rose by sixty percent last year. And then, you know, seventy five percent of OT attacks cause disruption and twenty five percent cause complete shutdown.
So think about that. If you’re a TA on this call, you can not only say, hey. Let’s talk about your IoT. Let’s talk about your OT.
A lot of companies had operational disruption. Did you have any last year? We’re seeing a big rise in attacks, and we wanna make sure that you don’t have either complete shutdown or some kind of disruption. Do you have an OT security measure in place?
If not, would you like a soundboard? Would you like one of our resources to talk to you about best practices, principles, and technology that will help protect your organization?
Alright. Let’s, let’s move on, Chandler. So those of you guys who have seen me present, I always have my I call this my cool story, bro, slide. Right?
It’s like, hey. Cool story, bro. But what do we do about it as advisers? Like, how do we go out to our customers and start to have a conversation?
So I think the first thing that we should do is we should be looking to assess. Right? Those those three first three issues that we really kinda talked about, how do you find those out? Well, you gotta take a look and see what’s going on within the environment.
Right? Assess what’s happening. Assess what exists within the, the, like, the infrastructure, what you’ve got there to establish what you’re dealing with. Right?
We gotta crew we gotta know what we don’t know. And I think that fifty six percent of of, organizations that have no visibility, we wanna try and identify what we don’t have visibility to.
Stein, I know you love to talk about ZTNA, zero trust network segmentation, a great strategy, and then starting to monitor some of this stuff, and then, of course, governance. So, Stein, like, a great way to start the conversation right here.
Yeah. So when you start to get into z t n a zero trust network access, zero trust network architecture, you’re you’re starting to see a a better way of doing it. And a lot of organizations are moving towards an SD WAN with secure access service edge or SASE with zero trust to put better parameters around their employees, and it’s better than the traditional VPN way. VPN, you have seventy percent chance of more vulnerabilities than you do implementing, you know, a a newer approach using SD WAN with zTNA.
ZTNA locks it down in such a better capacity so that the CFO who has access to everything can’t log in to all those different things at once. It makes sure that it verifies that that CFO or a decision maker within an organization so that a bad actor doesn’t follow them around. It also helps that if somebody’s machine were to be compromised, that it doesn’t allow that that bad actor access to everything that that person has without logging in with credentials, doing multifactor authentication. There’s so many great things that ZTNA brings to the table that organizations who don’t have it are definitely looking at it.
And you’re gonna see eighty percent of organizations are still trying to implement ZTNA. So you can ask, is ZTNA a priority for your organization? How are you doing with it? Do you need help?
We have different resources that can help you make sure that your environment has a full ZTNA framework, deployed. So let us know if we can help you with that.
Yeah. So here’s four key areas that you can sort of start the conversation, have a conversation, ask some questions that drive at these things. Jace, go to the next slide there, Chandler. You’re good. So, Jason, this one here, obviously, these are some of the things that you are advising as it relates to IoT and OT. Again, kind of building on our last slide here, some opportunities for our tech advisers to really ask some questions, driving at those four topics and starting to look at some things to, to bring into the organization.
So first, you’re gonna see a lot more organizations leveraging AI for defense. And it’s kinda like you remember WarGames? I’m gonna date myself, and I’m gonna date you.
It’s like, remember the tic tac toe just kept playing into a tie?
Yeah.
I mean, if AI is battling AI, we’re just gonna, you know, stalemate. That’s the hope. And then, you know, to your last point, adopting zero trust is gonna be huge, locking down the environments, more segmentation on the network, which gets into a lot of things, Graeme, that you address, you know, and then preparing for cloud and five g where all of this stuff is moving right into your wheelhouse.
A lot of the things that we need to do from an Internet of things and an operational technology standpoint starts with the network.
We need to access it. We need to lock it down. We need to segment it. We need to have AI battling AI. There’s a lot of skills gaps that are, you know, there that a lot of people are not up to speed with the tech, and then we need to focus on a better incident response.
If something bad happens, does my entire team know all the things that I need to do in order to get us back on track? Lot of really unique things that I think are happening, and a lot of them are in your in your, advanced solution.
Yeah. I love it. So let’s go to the next slide here, Chandler, just to kinda bring this home. What do you do next? You’re a TA on this call. You’ve heard a lot of stuff that’s really interesting, that’s kinda peaked your interest.
What’s next? Right? We’ve maybe had a conversation with some of our customers we’ve identified. Hey, maybe there’s some stuff going on here that I can help with. So what do we do? Well, number one, obviously, the Telarus team, myself, Jason, our great team of sales engineers are here to help you guys. We’re here to have conversations.
We’ll help you with some discovery questions. If you think there’s an opportunity, kinda lay it out for us. We’re here to help. We’ve got a bunch of great suppliers within the portfolio that have great assessment tools.
They can go in. They can take stock of what’s going on, analyze some risks, provide some sort of idea of what, the business has at stake with some of these challenges. And then, of course, again, partnering with the OT and IoT security vendors within the portfolio. We’ve got a great group of them a ton, and we’re adding more all the time.
One of the big focuses Jason has. And then, of course, high end value prospects. Right? If you work in the manufacturing sector, if you’re in energy, if you’re in health care, transportation, these are areas where there are massive, massive OT technologies deployed, and the urgency is extremely high there.
Jason, anything to add to this?
To this slide, no. I think you you and I both see a lot of what’s next, and a lot of it starts with the network. A lot of it starts with the employees.
John, you brought up a an interesting question.
When it comes to Telarus and our resources, we’ll do a a cybersecurity training for clients.
When it comes to training employees, that’s where we’ll bring in a supplier. We’ll marry them with what they’re looking for. We can do audits and assessments, and so there’s all different kinds. There’s gap assessments.
There’s security assessments. There’s vulnerability assessments. You know, we can come in and help with all those different things. And then from a security awareness training standpoint, we can make sure the industry average says that we make employees spend forty five minutes a year doing cybersecurity awareness training.
Let’s face it. Nobody wants to do it. Lot of opportunity there. Our resources will come in and whiteboard an environment and talk about recommendations, and then we’ll bring in the best of the best suppliers.
And that’s what we really pride ourselves on. I think you’re gonna see us continuing to add top tier suppliers. They’re gonna make you look good. IoT, OT, advanced network, SD WAN, SASE, zTNA for all the topics that we just talked about.
Yeah. And just to bring it home here as we, as we welcome Doug back onto the call, you know, the beauty here, guys, is that organizations need help. Right? And we as tech advisers love those types of scenarios because that is our bread and butter. So, hopefully, we brought something to your attention that maybe wasn’t totally on your radar today. Iot and OT, there’s a lot of different ways to kind of profit from the huge boom that’s happening there. Security is just one of them, but definitely something that we wanna make sure you guys are talking about with your end user customers.
Massive, massive opportunity out there. Doug, looks like we had a lot of questions. I know Jason did a pretty good job of banging out some of them.
That’s true.
Do we have time to tackle a couple other ones here today?
He did do a great job with those. A terrific presentation, you guys. The, the opportunity on this is just massive, and you brought that to bear, in a number of different instances. I’d like to go back because a number of the questions at the beginning, really took off the idea of this tech debt and security debt, in creating this opportunity for us to take advantage of. But at the same time, it puts those potential clients and customers in a real quandary in terms of where they begin to attack this and with what resources. Can we talk a little bit more about that and some of the ways that advisors can help clients to overcome some of the problems created by that?
Graeme, you wanna start?
Yeah. No. I I mean, I think, you know, the the the bottom line is when organizations invest money in something, right, regardless of what it is, you know, there’s always a reluctance to go and buy something else. Right?
Sure.
You know, because, hey. We’ve spent money on this. You know, they look at it as you know, they wanna get that ROI curve out of it. They wanna make sure that they’re not having to respend more money to do it, you know, before they’ve paid that investment off.
And the reality is sometimes that’s just not possible. Right? Things change. Things evolve. We really have to sometimes point out the fact that, hey.
Listen. Back when you bought this, these were not issues. Right? The when when you put this technology in place, these kinda challenges did not exist in the marketplace.
People weren’t looking at your machine press or your whatever as a potential attack vector. Well, they are now. And I think, you know, the world changes, and sometimes we have to kind of help people realize something that may not have exist previously on the on the you know, as a threat is is now there and prevalent in the organization. And, Stein, I know this is a topic that you talk about a lot.
Right? Yeah. So there’s a couple different types of debt. There’s, you know, a financial debt that you you have to and you you nailed it.
Companies don’t wanna invest in just in case stuff happens. It’s kinda like buying insurance. You know? I mean, imagine we buy insurance and then all of a sudden, we never get in a car accident our entire life.
Was it a waste of money? And that’s kinda where we’re at with security. We have to we have to spend money just in case, and no organization, no board of directors wants to spend money just in case. But then you have the security debt, which is kinda like we need to be able to come in and lock the doors.
We have complex environments.
We have lack of resources and prioritization, and and there’s all this this security dead, and we need to put resources in place to manage all of these things. But yet, we we don’t necessarily want to spend the money or have budgeted for that money. You know? So there’s a lot of different ways that we incur this debt, and it’s just in case bad stuff happens. But you have to have it because the breach is happening every fourteen seconds.
Yeah. I mean, the insurance analogy is really what nails it. Right? I mean and we can all think about it that way.
You you have insurance in case, and I think a lot of this stuff too, like, hey. You have to make these changes in case because the cost of something happening is significant. Right? We we put some numbers up there on the on the slides earlier.
So just, use those. I mean, we wanna try and drive the point home that, hey. You know, these are these are things you gotta spend money on because the cost of not is significant.
Is worse. Yeah. That’s the thing. The cost of spending the money is far less than a four point eight million dollar reach.
So true. There was a lot of discussion in the chat about the difference between enterprise and SMB customers, of course. And, obviously, resources tend to be more limited with, SMB markets. And some of the solutions may be a bit more limited as well. But the need is certainly there. Are there ways in which advisors can help smaller customers, SMB markets, begin this journey without having to go full on investment that will take care of some of the greatest concerns or the most easily problematic concerns?
Yeah. I can start by saying that look. I mean, I I sat down with Carnegie Mellon who had, at their head of security, and I I said, how many are on your team? And I was expecting them to say ten or twenty.
He said, five hundred. And I was like, you have five hundred security people you hoarder. Spread them around. But still, when you talk to enterprises, you know, a lot of them still have needs, and they’re continuing going from fifty three secondurity measures in place to putting fifty six because it gives them peace of mind.
But ninety percent of North America’s SMB, they have limited staff. They cannot afford to not put these security measures in place and outsource a lot of that. Eighty percent of organizations are gonna outsource many different components of their cybersecurity because there’s not enough resources, and you’re at the mercy of your team. If your team comes in and they’re SonicWall experts, you’re going with SonicWall.
But is it the necessarily the best solution for your organization?
Our engineers can help with that. You’re gonna see companies in the SMB are more comfortable outsourcing because that one resource that they have or two or three resources that they have cannot staff an organization twenty four by seven. They’re more or or they’re more open to that conversation than an enterprise by far.
Yeah. I know. I think you you nailed it, Stein. Right? For for an SMB organization,
this is even more prevalent because they you know, a lot of times, they don’t have the resources to address this on their own.
We didn’t have a breakdown of it, but I would guess if you’re looking at that sort of real time awareness stat that we shared at the beginning, a huge chunk of that’s gonna be in the SMB space because they just don’t know. They don’t know what’s going on. So they need the help more than ever. The opportunity is huge there.
Just getting an idea of what’s going on, where their vulnerabilities are, and they might not be able to spend all the money right away to address everything that they’ve got. But, you know, putting their head in the sand and saying, hey. I’m too small. I’m not I’m not a nobody’s coming after my business.
That’s a sentiment we hear a lot from SMB, and it’s just not accurate. I mean, those guys are the ones that people are going after because they don’t have protections in place. So starting out with awareness, what are my vulnerabilities? What’s going on in my, my environment that I need to be aware of?
I think that’s a great place to start with SMB customers and just let them know what’s going on and then, you know, develop a plan to to fix it. It might not be overnight, but something over time that they can address those, vulnerabilities.
And the AI battling AI. Let’s get ready to rumble.
I like it. Great presentation today, guys. There’s a lot of compliments in the chat and a questions. Graeme and Jason will be here for a few more minutes. They’ll take a look at a few of, those questions and comments in there and try to get you an answer. I’ve gotta move on, but terrific job today, guys. We’ll talk to you again soon.
Thanks, guys.
Appreciate it.
Alright. Man, that was good stuff.