Michelle Drolet, CEO & co-founder, Towerwall
Michelle Drolet
CEO and co-founder

Michelle Drolet is the CEO and co-founder of Towerwall a  woman owned cyber security company.  As one of Towerwall’s resident cyber security experts, Ms. Drolet assists Towerwall’s customers through the risk mitigation process to help them protect critical data by the evaluation, establishment, education and enforcement of sound cyber security, network security and data security practices.

Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of, network and cyber security experience. She has leveraged that knowledge to make Towerwall a leading cyber security service and solution provider. Well respected in the analyst and trade community, Ms. Drolet is often published in national magazines and is a regular contributor to the Forbes Counsel, and IDG CSOonline.

Ms. Drolet recently was named the Top CEO’s to Watch in 2020 and Top 5 Women in Cybersecurity in 2019.  She has received citations from Senator Spilka for her community service and has received the Cyber Citizenship award several times on behalf of Towerwall for community support and participation. She has received the Athena award, the ESL Christine Taylor Award and been named one of the 10 most powerful women in the channel by VARBusiness magazine.

Currently she sits on the Framingham Foundation Board Events Committee as well as the MassBay Cyber Security Advisory Board and her churches SBRC Committee. She is past chair of the Mass Bay Foundation Board, Metrowest Chamber of Commerce and Framingham ESL.

This article is by Featured Blogger Michelle Drolet from her Blog Page. Republished with the author’s permission.

Covid-19 has disrupted our lives and caused a lot of stress and panic globally. Even though lockdowns may be relaxing, cyber-attacks are showing no signs of slowing down. The pandemic has created the perfect environment for hacktivists to strike with a high degree of success. Let’s understand the top 5 reasons:

  1. Expanding attack surface

Millions of workers globally suddenly woke up to the new work from home normal. While IT departments scrambled to get their infrastructure ready for a 100% remote workforce, many of them also sacrificed cybersecurity for the sake of business continuity. As employees started to connect to the corporate network from home, they introduced a number of potential security vulnerabilities. Unsecured devices, unsecured WiFi and unpatched systems… suddenly the attack surface expanded exponentially.

       2. Evolving scamming techniques

As if the confusion and distraction surrounding the pandemic wasn’t enough, an infodemic of misinformation and phishing scams are on the rise. Insurance and financial service providers have reported that fraudsters are using the full suite of scamming tools -- phishing emails, fraud identities, robocalls, etc. and are watching the headlines closely and adapting their messages to scam targets. The Federal Trade Commission (FTC) is estimating that coronavirus scammers may have already made $100 million off stolen stimulus checks, mortgage scams and more.

      3. Shifting priorities, budgets and resources

Amidst high risk and increased reliance on technology platforms, business continuity takes precedence over cybersecurity. Experts warn of even further budget cuts and cybersecurity will be no exception even though the environment demands that the controls be more robust. Since resources are increasingly spread thin; 50% of cybersecurity teams are getting reassigned to general IT tasks.

     4. Increasing skills shortage of cybersecurity professionals

Gartner reported a 65% increase in demand for cybersecurity professionals worldwide. Another study estimates 3.5 million cybersecurity jobs to remain unfilled by 2021. Organizations lack expertise in areas including cloud security, incident response, threat intelligence, security operations and more. Credible cybersecurity leadership is also hard to find as such professionals are extremely high in demand.

     5. SMBs as vulnerable (if not more) as large enterprises

New research suggests that if an organization “feels” it’s too small to get attacked, chances are they will limit their cybersecurity spending. On the flip side, analysts are increasingly seeing lesser-known, smaller companies being targeted by hackers, especially those that are linked to larger, influential companies. Not only do SMBs have desirable data, they are also easier to attack because they lack the resources. And when SMBs are hacked, high profile companies that are linked to the SMB also get hacked. This demonstrates that cybersecurity is a major problem for all size businesses.

Why hiring a Virtual CISO makes business sense

Times are challenging and it’s time to get creative. Organizations must find a way to respond to modern cyber-threats without stretching their financial resources or investing in inadequate security expertise. A virtual Chief Information Security Officer (vCISO) delivers the most bang for your buck. Here’s why:

  • Vast experience and proven leadership: Most vCISOs carry decades of experience and have a superior track record of reducing cyber risk and improving cyber resilience for well-known companies. They are usually industry veterans having vast amounts of domain knowledge and hands-on expertise and are well-positioned to train your internal security staff.
  • No training needed: vCISOs are well-versed with day-to-day responsibilities and are extremely familiar with current trends, regulations, standards and expectations from management. A vCISO is also the ideal candidate for businesses that do not have the time, resources or motivation to train someone for the role. Another aspect that works in favor of vCISOs is that they are experienced in operating and leading from a remote location, which is the need of the hour in times of pandemic.
  • Reduced overhead: vCISOs can be recruited on-demand and come without the overhead of a full-time employee such as health insurance, worker’s comp, payroll, benefits and related HR costs.
  • Flexibility: vCISOs can be setup on a retainer basis for a set block of hours, hired on a project basis, or allocated for tech support hours. A vCISO can free up valuable time for the C-suite so that management can focus on other important aspects of the business.
  • Faster on-boarding: Sourcing, building and retaining the right security leadership might takes a lot of time, especially when there is short supply of cybersecurity talent. When organizations are suffering from attrition or a security incident, a vCISO can immediately step in and fill the void of a leadership position.

The Pros of Hiring a Full-time CISO

What are the benefits of hiring a full-time CISO? Truth is, it depends on the requirements of the business and the resources at hand. Here are some reasons why a full-time CISO might be your preference instead of bringing in a virtual CISO if an interim role isn’t required.

  • You need someone full-time in the office to be the face of security
  • You need a dedicated resource that is available 365 days, 24/7 in case of emergencies
  • You see the resource as critical for business continuity and day-to-day operations
  • You think this is good for team building and supporting the corporate culture

Cyber attackers are continuously evolving their tactics and techniques to get to your company’s crown jewels. Businesses need cybersecurity leadership that can take out the guesswork, boost defenses and bolster cyber resilience. In times of the pandemic and beyond, a vCISO becomes an extremely pragmatic and compelling value proposition.

About the Author

Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional cybersecurity solution with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Founded in 1999 in Framingham, MA, Towerwall focuses exclusively on providing small to mid-size businesses customized cybersecurity technology programs. Reach her at michelled@towerwall.com.