(Left to Right: Isabel Alvarado, City National Bank ∙ Nathan Whittacre, Stimulus Technologies, ∙ Michael Buis, PacStates ∙ John Durant, Hyper Networks ∙ Sean Connery, Orbis Solutions ∙ Debbie Banko, Link Technologies ∙ Mike Jewell, Lumen ∙ Connie Brennan, Nevada Business Magazine)
The recent pandemic has had a significant impact on nearly every sector of business. And as many businesses transitioned to remote work during the height of quarantine, the technology and communications industry took center stage. From helping clients maintain their business operations remotely, to navigating their own difficulties of remote work and hiring and maintaining talent, the technology and communications industry has become critical to the daily activities for nearly every business. And with so many advancements in the industry, experts are struggling to not only stay on top of advancing technology, but to educate the public on the impact of breaches in cybersecurity and the need to invest in detection and protection.
Recently, communications and technology experts met at a roundtable sponsored by City National Bank and held in Las Vegas to discuss their industry and the impact it has on businesses in Nevada. Connie Brennan, publisher and CEO of Nevada Business Magazine, served as moderator for the event. These monthly roundtables bring together different industries to discuss issues and solutions.
What challenges does this industry face with workforce?
Mike Jewell: I am having a harder time hiring people than at any time in the last 38 years and we are doing job and hiring fairs.
Debbie Banko: I do not hire people outside of the United States for any of the security work that we do, but a lot of people do at this point because they cannot find the people to get things done.
Nathan Whittacre: In Las Vegas we have not had much of an issue bringing people in, but we work in a lot of rural communities and that is where we have had more of an issue attracting talent. Here in Vegas, on the lower level, [we are] not having that big of an issue, but once we train them they often will leave for six plus figure [paying] jobs. We are having an issue keeping that mid-level position.
John Durant: We are not going to shortchange anybody. We are going to make sure they are compensated fairly. But I tell employees directly, if you want to quit today and just get a bump, do it. You are going to get it. I am not going to play that game. Go get it. And almost nobody takes me up on that challenge.
Whittacre: We are looking for [people with] some experience, an aptitude and a work ethic. [We want people] that really want to be in the industry. We are looking for passion and corporate values that align with ours.
Jewell: We have talked to UNLV about doing a certificate program [for cybersecurity] and they have come miles from where they were even just a few years ago. The advantage is, not just the number of clients that we have in Las Vegas that need cybersecurity, but those jobs are really portable. You can do them from anywhere and they are great paying jobs. If you come out [to Las Vegas] and you are certificated and [the certification] is recognized by people like the federal government, your starting salary is in the six figure [range]. Those are good jobs for technicians.
Whittacre: We acknowledge certifications, but what we do not look for is people that just went out and got a certification in a couple of weeks. You can pass [a certificate program] and get four or five different certifications and then still [know] nothing. That is a common issue.
Durant: I want [to hire] someone who believes they are part of something, that they are part of a team, and are doing something meaningful. Are we solving world poverty? No. But are we meaningfully impacting other people’s lives, the businesses that they created, the businesses that pay people’s mortgages and send [their] kids to college? Yes, and that feels good.
Whittacre: [Employees] want to feel valued and that is what is most important. Having alignment with the employees and making sure they are aligned to the organization [and] the direction the organization is going [is essential]. As long as there is an alignment, they will stay with you.
Jewell: Relationships matter. I had a technician who retired two years ago that worked over 50 years with our company. The people he worked with were his family and he would not quit on his family. That relationship was built over a long period of time. That is what we really want to get to. It is important that people understand the value of their work. I also think you have to foster a culture that says we value each other, and we are a work family.
Whittacre: It is building the right corporate culture that people want to belong to and if they want to belong to you. If you abide by your values and your culture, they will stay with you come hell or high water. Even with a great offer that might be 50 percent more than [their current] salary, they may stay with you still because they believe in what you are doing.
How has remote work impacted this industry?
Whittacre: We have field technicians that go to customer sites, but for the rest of our staff, we work remotely as much as possible. We had a quick learning curve with COVID [and working remotely, but] we were [already] moving in that direction.
Durant: We were forced into a remote scenario in 2020 and I think we had a little bit of confirmation bias going on that it would be the absolute best model. What we are realizing is that the team building piece and developing actual trust relationships [with employees] is really hard to do on a 13 and a half inch screen.
Whittacre: We now have teams operating in four locations so creating cohesion among people that are not going to see each other because they are not even in the same locale [is a challenge]. There are little things that we do [and] we get together periodically for lunches, but I think there are still plenty of ways to [encourage cohesion] digitally.
Durant: [The pandemic] sped us up learning that human connection is deeply important because [even though] we have workers that may be super skilled, they are despondent because they need that [human] connection. They need somebody to come up and tap them on the shoulder.
Whittacre: We start off every one of our [remote] meetings with a quick segue where everybody shares things that they are grateful for [in order to] give those opportunities to have human interactions.
Durant: Can you run a successful organization without being in person? Of course, we are doing it and we have remote people. We have people all over the country. But you need those periodic face-to-face interactions.
What should businesses know about cyber crime?
Sean Connery: At the root of cyber crime is money. In 2019, cyber criminals took a trillion dollars and are estimated to take $10.5 trillion in 2025. That will make it the third largest economy [in the world] just behind the United States and China. [Money] is what is driving it. And because of [that], it is more frequent and when it is more frequent, it is now more dollars per incident.
Banko: We always say if it is information, it is the Chinese. If it is money, it is the Russians.
Durant: The average dwell time was about 280 days. [Dwell time] is how long some vulnerability or exposure [in cybersecurity] existed in [a businesses’] environment before it was discovered. That means hackers have been in there for half a year or more.
Connery: That number in 2020 was 280 days [but in] 2021 it went down to 221 days. People are getting better. There are better technologies and people are getting better at keeping an eye on what is going on. There is improvement, but the FBI even admits that bad actors are in your environment for 200 plus days on average.
Durant: These [hacking operations] run like corporations in some of these other countries. They are funded like private equity businesses. In some cases, they have actual companies. Their sole job is to hack other companies. It is overt. It is out in the open. They do not hide it.
Michael Buis: A lot of people envision [a hacker] as some high school kid in a hoodie, but it is computer generated. They do not care what your name is. [They] probably do not know what your name is until they get your stuff.
Banko: The people that are hacking and stealing this information are evolving just as fast as our technology is evolving to help protect companies from [them]. It seems that it is a never-ending cycle.
Buis: [Another consideration], AI (artificial intelligence) is coming if we want it to or not. How do we prepare for it? And that is the cybersecurity side of it. How do you protect against it? Because it is going to learn faster than we can adapt.
Connery: It is nearly impossible [to protect everything] even if you bought every bell and whistle. NASA spent [approximately] $28 million for cybersecurity and they got hacked. The FBI just had a bad guy running around their network. The DoD (Department of Defense) just left an email server out on the internet for two weeks and that was all in one day. The government has billions of dollars to spend on this problem. If someone wants to get in, they are going to get in.
Whittacre: The number one threat to businesses is not from the outside, it is their employees. Any hack almost always starts with a social engineering attack against an employee or set of employees. Whether it is via email or a phone call or whatever it may be, it is getting an employee, somebody on the inside, to do something that they necessarily would not normally do. A lot of the hacks are due to wire fraud and people sending out money to vendors that they should not be sending money to. You are sending it to a bad actor. It is just realizing that the employees are making mistakes and then focusing on the education [to prevent those mistakes in the future].
What stops businesses from taking cybersecurity seriously?
Whittacre: A lot of businesses do not want to invest in security because they feel like it is [an unnecessary use of] money. It is kind of like insurance. You do not want to buy it, but companies are being forced more and more to buy it because of insurance or regulation. But there is a lot of apathy both on the employee side and on the owner side. It is just not a priority for them to invest [in cybersecurity].
Durant: [The large companies] used to be the ones that faced the biggest threats and the biggest intrusions and now that is all being pushed down to the midmarket. They cannot pretend that they are anonymous anymore. [Anonymity] is not going to protect you.
Whittacre: I met with a client the other day that I would consider mid-market and they still feel the same way. [They say], “We are too small. Nobody knows who we are and nobody would want our stuff.” But when you are a company that is doing $10 to $20 million a year in business, or [even] $1 to $2 million a year in business, there is stuff that hackers want.
Banko: A lot of people do not realize that [cyber criminals] come after small companies just as much as they come after the large companies and the medium sized companies. Small companies are easier because they do not have a lot of protection.
Durant: [Sometimes we find a] company where they have a gaping hole [in cybersecurity and] they are exposed in some way, [but they] do not want to do anything about it because they are afraid that even acknowledging it could hurt their reputation. They would rather just put their head in the sand and pretend it does not exist. And so that is a real issue because they are terrified of that getting out because it could have competitive problems. We have to convince them that if they get hacked, it is worse.
Buis: It is hard to educate [businesses] and to let them know what is possible because then they do not do anything out of fear. They just kind of freeze up and instead of making a decision, they do not do anything. What I am finding is they really do not understand the methodology behind it. There is not somebody on a PC and a hoodie with a green screen targeting [specific people and businesses]. It is all computer-generated AI. They do not care who they are as long as they get an IP. That is the hard part to get people to understand. And then once they do, they get so scared, they petrify and they do not do anything.
Durant: A lot of times people are fearful of what happens to their job, not only if they get hacked, but if we start finding [additional] problems. They are terrified of what their board of directors or those leaders are going to [say and do]. They take pride in what they do and now they are embarrassed to say, “We have had this vulnerability for four years, but we never fixed it and we never addressed it.” There is a certain psychological and social dimension to this that [we] have to help them through.
How can businesses protect themselves from cyber-attacks?
Jewell: You have to talk about it, you have to think about it and get a plan for it. And most companies are ignoring it. It is a fatal mistake.
Banko: You have to have a budget for [cybersecurity]. It is like a tax. If you do not pay your taxes, then the government is going to shut you down. And if you do not pay someone to do at least some type of security on your systems, that could potentially shut you down.
Connery: Protecting the cybersecurity for your business is like [protecting] your house. We all slept well in our homes last night and that was because of a system of protection [that includes] detection and response protection. If someone kicked in your door and you have no detection, then they are in your system for [approximately] 280 days. They are just lounging around your house unless you have something to detect it.
Durant: Start treating these things at the same level as you do sales or any other function in your business. Start treating it at the same level as an opportunity for strategic [and] competitive advantage and fund it accordingly. Bring experts into the equation. [Las Vegas] is a great city. There is a lot of knowledge in this town. Invest [in cybersecurity] and treat it that way instead of an afterthought or something you have to do.
Connery: Ninety-three percent of hacks are coming through email and so getting serious about email and protecting it [is important]. Most companies use Office 365 and there is so much you can do for free. There is something called a security score and if you click on it, it will tell you what it wants to change. Add the advanced threat protection [that is] pretty much required for cyber insurance anyway nowadays. Turn some of those switches on. There is so much in there that is free to be turned on that no one does, and that is what leaves them more susceptible. Having good cybersecurity hygiene when it comes to emails is a great start.
Jewell: Talk to your service provider [and ask] “what can you do for us?” I think the biggest problem is that people do not realize the amount of risk [they are exposed to] and they do not plan for it.
Whittacre: [Cybersecurity] is also a competitive issue. These companies are being competitive in the marketplace and if they have a breach, they have to notify customers that there is a breach and that diminishes their level in the market. [There is a real fear that] companies are going to other service providers or consumers are going to go to other companies that they feel safe doing business with. That is something that companies have to understand in this market. It is not just about insurance or regulatory compliance. It is about being one step ahead of your competition. And if you fall victim to any of these issues, you are going to be knocked down in the marketplace considerably.
Durant: [Businesses should] reach out to experts like us and like others to get involved and not be afraid of these things. [Large] companies are going to keep pushing this kind of stuff toward us and [people] do not need to feel threatened or overwhelmed by this. They just need to raise their hand and ask for help. And qualified people who study it and learn it will help them take advantage of it for the benefit of their business.
Whittacre: Businesses need to be aware of [advancements in technology] because if they are not going to, somebody else is going to and put them out of business. We need to be aware of the technology coming out and use it to our advantage. It is a new generation of productivity for all industries.