City A.M.: Robert Herjavec: We are in the midst of a Cyber Cold War
Never has a flute of champagne been thrust into my hand as I arrived for an interview, until today.
I’m in Reading, which, considering that I’m one of those ghastly London-centric metropolitan elites, I did not realise was just 25 minutes away from the Capital. It’s quickly becoming a hi-tech hub, away from the exorbitant rents, besuited hubbub and hubris of the City.
Remarkably enough, Reading isn’t full of people making arbitrary daily toasts – there is reason to celebrate today. It’s the inauguration of Herjavec Group’s new UK headquarters. The sixth floor of the White Tower still smells of fresh paint, with the modern, clinical pastiche one might expect from a global information security firm. Giant screens dominate as you enter, a plethora of technology after that; then a control room which feels like one is peering into a Jason Bourne movie. It’s all really cool.
I’m here to meet the man himself. British readers probably won’t know of Robert Herjavec – the multimillionaire star of the Canadian version of Dragon’s Den and its US counterpart, Shark Tank. He’s also featured on Dancing with the Stars and myriad other shows and films, including a cameo in Sharknado 4 (which if you know, you know). On Shark Tank, Herjavec is the “Nice Shark”, and tells me that in fact, coming to the UK is a relief, if only for the anonymity from starstruck fans.
More than a pretty face
But he’s more than just a (very) pretty face. He has the air of a self-made man, and his career in cyber security, spanning some 30 years, is testament to that.
The world is at a pivotal point: the rapid proliferation of digital technology over the last decade or so has made the threat from malicious actors ever more pertinent. As one grows, so does the other.
“As smart as I might be – as much as I thought the security business was going to grow – I never saw it to this scale,” he tells me, sipping champagne. “But there’s a macro trend that’s happening in our industry – the Russians hacking, the Chinese hacking, cyber warfare. We see all that, and you’re going to see that increase. You’re going to see large-scale attacks on utility grids and infrastructure.”
What we’re seeing is the evolution of data as a weapon
Cyberspace has mutated beyond recognition since the Herjavec group’s inception in 2003. And while he’s certainly not sanguine about the future, I suggest that the current spate of attacks surely makes it a good time to be in managed cyber security.
“The average enterprise today has 70 security products. When I started they had 12. So how does a company keep up with 70 technologies? They can’t. So that’s one thing. The second that we’ve really seen is the use of cyber as a strategic weapon against nation states. We’ve never seen that before. Before it was hacking groups; it was kids breaking into utilities and then telling the world they did it. Nobody cares about that anymore.”
The Russian question
Donald Trump’s ascension to the White House has been mired in controversy over his alleged links to Russia. “Russian Hacker” naturally rolls off the tongue, as if to be expected from the motherland of espionage and surveillance. There is a notion that what we “ain’t seen nothing yet” though – one that Herjavec agrees with.
“What we’re seeing is the evolution of data as a weapon. It takes a long time and is very expensive to buy aeroplanes and tanks and bombs and stuff like that. To launch a cyber war, you need two or three really smart, highly-educated, idealistic people. And so the economics of going against a corporate or government target with cyber is so much cheaper than launching a traditional attack. We’re going to see more of them.”
There’s nothing new there though. No one is surprised.
The wars of the future will not be fought in space, much to the dismay of seventies science fiction writers. They will, and are, being fought in cyberspace though, at a scale the man on the street simply can’t comprehend.
“We are in the midst of a Cyber Cold War. Whether we want to think we are or not, we are. It’s been going on for a while and it’s escalating. So the Russian election thing is getting a lot of PR right now in the US, mainly because of Trump and all those connections. There’s nothing new there though. No one is surprised.”
Usually during a war, the general public are at least marginally aware of the battle being fought before them. But in cyberspace, the public slumbers. Many have argued that WannaCry and Petya, for example, served as a catalyst for greater awareness. But far more have argued that it’s going to get worse before it gets better.
“It’s going to get much worse,” says Herjavec. “And I don’t think we’ve even seen the tip of the iceberg. What we have today is consumers that don’t really care about security because it’s not personal to them. If they go to a shop and that shop has a breach, they’ll simply go to somebody else. Consumers today expect that cyber security is being done at the enterprise level. When there’s a an infrastructure breach that affects consumers, a utility goes down, a tube goes down, something happens – and it will – then they’ll start to pay attention.”
Throughout our conversation, Herjavec brings up Brexit on several occasions – he has after all just invested a fortune in the UK. Post-Brexit, the home secretary has said we are “likely” to stop sharing intelligence with EU through Europol. Her remarks have been largely dismissed as empty rhetoric, but regardless, I question the infallibility of that outcome. Herjavec, having served as a cyber security advisor for the government of Canada, participated in the White House Summit on cyber security, and recently joined the US Chamber of Commerce Task Force for Cyber security, is well placed to answer.
The UK has committed to share information with Five Eyes, but perhaps not Europol.
“There’s a certain level of data people share, but data is proprietary. I really don’t see a future where governments or corporations are going to share data at that level. And the other reality is, that when you as an individual or business have a cyber breach, the government isn’t going to help you either. They’re too busy trying to protect themselves.”
If the state is so busy protecting its own interests, does it have a role to play in protecting its citizens?
“The role of government is to set the direction and mandate compliance – people don’t want to do what’s good for them. Inevitably people do what they have to do. And that’s why one of the biggest drivers of our business has been compliance. Even so, one of the most valuable assets a company has is data. Compliance aside, if you’re compromised on a data perspective, it can put you out of business.”
Originally posted on cityam.com