50 Most Innovative Companies to Watch 2021
Cyberattacks are on an absolute rise. Industry studies show that cyberattacks are among the fastest-growing crimes in the United States. Especially the pandemic-induced digital revolution has brought many new users and organizations online, increasing overall cybersecurity risks. Cyberattacks are not only growing in scale and frequency but also costing victims larger financial losses.
Cyturus Technologies is a company that delivers cybersecurity business risk quantification services using its patent pending Saas platform, Cyber Risk tracker, coupled with a proprietary Adaptive Risk Model (ARM). With decades of cybersecurity expertise, Cyturus has helped many organizations gain insight into business risk, as well as provide corrective actions to mitigate risk. We interviewed Robert Hill, the CEO of Cyturus Technologies, to know more about the company and its services. Here are a few excerpts of the interview:
Q. What was appealing about starting this company?
After spending many years of consulting with clients and building cybersecurity risk roadmaps and implementation plans only to find during their next audit that not much had been accomplished, I knew there had to be a better way. I started Cyturus Technologies so that organizations could begin to effectively ascertain their cyber maturity level at any time while eliminating the need for the annual cyber risk assessment. Being able to offer clients something completely different than what was traditionally available in the market while simplifying the associated complexity of risk assessment was key to our formation.
Cyturus expands the risk focus beyond IT (Information Technology) controls to encompass the potential business impacts by quantifying the capacity and capability of the organizational culture for cybersecurity. Combining this broadened focus with extended engagements through our Cyber Maturation as a Service (CMaaS) offering, we can deliver maturation trending, roadmap guidance, and full-service project management to ensure our clients recognize a measurable Return of Investment (ROI) in their cybersecurity programs.
Q. What is the firm’s management style and philosophy?
Cyturus is fortunate to have a team comprised of veteran industry experts who are each a shareholder in the company. This empowers each resource to think like a business owner and supports independent decision-making, eliminating the need for middle management and micromanagement of client engagements. Exceeding our client’s expectations makes good business sense and is core to the Cyturus business philosophy.
Q. Tell me about the last time you identified an incoming cyberattack and what was the outcome?
Cyturus focuses on assisting our client organizations in moving from a reactive posture to a proactive stance. This was evidenced recently in a healthcare client where we had finished their tabletop exercises, helped define response playbooks, and the resources within the organization were beginning to function as a team during these simulated events. Coincidentally as the project was drawing to a close, the client experienced a ransomware attack, and it was rapidly propagating East and
West within their environment.
It was very satisfying to be on the sidelines watching this event unfold. and witness the response plan in action. The client resources engaged, each person knew their role, and tasks were performed efficiently and with purpose. There were no adrenaline-fueled poor decisions being made, and they were not only able to stop the propagation, but they were able to fully recover in a matter of hours with minimal impact to the business. That is the result of business-focused outcomes and a proactive stance.
Q. Give an example of a time you used teamwork to accomplish a task.
Every success we have takes teamwork. From our dedicated developers constantly making updates to our SaaS (SOFTWARE AS A SERVICE) solutions to our sales guys meeting with prospective customers to our consultants assisting with maturation quantification, it takes the entire team to be successful.
Q. What does effective cybersecurity look like to you? How do you measure it?
Traditionally cybersecurity was measured by counting what was blocked or avoided and sold to executives through fear, uncertainty, and doubt (FUD). Effective cybersecurity provides management of risks to the level defined by the business. Acceptable Risk, Risk Tolerance, Residual Risk, and Annual Loss Expectancy were all enterprise risk management terms and can now be applied to cyber risks and measured accordingly.
Q. Why was the Cyturus Adaptive Risk Model (ARM) developed? How does it work?
The Adaptive Risk Model was developed to combat the prevalent practice of rushing to remediation of an identified deficiency before the potential impact to the business was evaluated. The ARM model engages the business early in the process once the gaps, immaturities, and deficiencies have been identified. These findings are measured against potential business impact enabling prioritization by the business. This process ensures mitigation of the risks to the business is calculated and methodical. Mitigation does not always mean remediation. Sometimes risks can be transferred or even accepted as a business decision once they understand the potential impact. Too often, we in IT and SecOps have wanted to remediate every identified item, and that is simply not effective, efficient, or in some cases necessary.
Q. Delineate about your range of services. Reveal some success stories of your services.
Cyturus offers a set of tools and associated services enabling any organization to better understand their current maturity, their compliance where applicable and then build a roadmap that can be managed, enabling the ongoing measurement and reporting of the maturation progression. This empowers the business with the knowledge to make decisions in areas that have previously been a black hole of unlimited spending for an unmeasurable return.
Q. How does Cyturus Cyber Risk Tracker (CRT) help continuously manage cyber risks?
The CRT manages the roadmap and progression of practice (controls, processes, and procedures) maturation within the organization organized by Horizons and Workstreams. These Practices can be tied to specific risks on the integrated Risk Register and those risks attached to business services with a known value to the organization. In this way, the organization can see the reduction of risk at the business service level and manage the progression through project management tasks all contained within one SaaS solution.
Q. What are the key benefits and capabilities of CRT?
The CRT manages the client engagement lifecycle from the initial Baseline through the various iterations of the progression down a defined roadmap of improvements while providing the tools we find most frequently missing at many organizations. These modules include robust Project Management with RACI models and individualized task management and reporting, an integrated Risk Register module, full-featured Third-Party Risk Management (TPRM) with Vendor Risk Assessment tracking and Vendor Portal modules, a Policy Management with Compliance referencing module, Business Service Management, as well as Incident Response Case Management and Analysis module for those organizations needing to reduce and simplify the number of deployed tools in their environment.
About the CEO
Robert Hill is the CEO of Cyturus Technologies. He has spent over 30 years in the IT space promoting significant and measurable reductions in business risk through applied cybersecurity practices, programs, and technologies. Prior to founding Cyturus, Robert worked as an industry-leading cybersecurity consultant often featured on Network News broadcasts, seen on stage as a forum panelist, and found in Fortune 500 conference rooms discussing cybersecurity risk in business terms. Robert is a member of the FBI InfraGard, is a Certified Information Systems Security Professional (CISSP), and attended the University of Alabama at Birmingham, where he received his degree in Biomedical Clinical Engineering.