Featuring Dave Sobel, host of the Business of Tech podcast, for a candid conversation about the fundamental problems with the cybersecurity industry.
Main Discussion Points
Dave Sobel's Background
- Former MSP owner for over a decade
- Worked for various tech vendors including Level Platforms, GFI, LogicNow, and SolarWinds
- Now runs the Business of Tech podcast as an independent analyst for the IT services industry
- Left SolarWinds two weeks before their major security breach
Why Dave "Hates" the Cybersecurity Industry
The Industry's Fundamental Structure Is Flawed:
- Criminals are honest about their intentions (to steal money)
- Security vendors sell products with zero liability when breaches occur
- Software vendors have no liability for defects in their products, unlike other industries
- MSPs are caught in the middle with all the liability
The "Gross Internet" Problem:
- Internet is only sold as an unfiltered raw connection
- ISPs could offer "clean" versions with basic protections by default
- Outdated protocols (like SMTP for email) remain in use despite being inherently insecure
Victim-Blaming Culture:
- When breaches occur, the victim gets blamed
- Law enforcement often dismisses cybercrime as inevitable
- Unlike physical theft, cybercrime victims receive little sympathy or support
Recommendations for Businesses
Push Back on Vendors:
- Don't accept contracts that remove all liability from vendors
- Demand third-party integrations prove their security measures
- Question where your data goes and how it's protected
Value Your Data Properly:
- Focus on protecting your "crown jewels" (critical business data)
- Implement proper backup and disaster recovery plans
- Be ready to tell criminals "no" rather than paying ransoms
Take Responsibility While Demanding Better:
- Practice basic security hygiene
- Use strong passwords and enable multi-factor authentication
- While also demanding the industry improve its fundamental approach
Concluding Thoughts
The episode emphasizes that while 97% of breaches are preventable with basic security measures, the industry needs fundamental reform. Hosts and guest agree that pushing for more accountability from vendors, better laws protecting data privacy, and a more offensive approach to fighting cybercrime are essential steps forward. The conversation concludes with a call for vendors to deliver on their promise of technology that actually works correctly and protects users.
Where to Find More
- Dave's podcast: businessof.tech
- UnHacked podcast: unhacked.live