Security Feature

When it comes to cybersecurity service providers, there are very few companies that focus solely on security and consulting without a sales angle. Yet cybersecurity is becoming increasingly important, and many organizations are tasked with figuring out where to begin when it comes to securing their assets from hackers and meeting increasingly stringent compliance mandates.

GreyCastle Security (News - Alert) is one of only a handful of U.S. companies that is focused exclusively on security and consulting, and the service provider is becoming a valuable ally for a number of vertical markets. TMC CEO Rich Tehrani (News - Alert) got a chance to chat with Reg Harnish, CEO of GreyCastle, at the recent ITEXPO Florida 2016 event.

“We don’t sell hardware or software, really we’re a risk management company for our clients,” said Harnish. He said most clients wonder where they should start or what they are lacking when it comes to cybersecurity. They then want to know how to institute changes in a logical order that makes sense for their particular organization. Finally, businesses want to know if they’re doing enough when it comes to security.

According to Harnish, it’s extremely difficult to answer any of those questions without performing a risk management assessment, something GreyCastle specializes in. The company also offers penetration testing, awareness and education, incident response services, vulnerability management and general cybersecurity consulting.

Healthcare and higher education organizations make up about half of GreyCastle’s business, while the rest of their customer base stems from a variety of vertical markets comprised of medium to large companies that understand they are at risk. These include critical infrastructure markets like utility companies along with retailers, who are under fire to meet a large number of changing compliance mandates.

“The compliance requirements are motivating in ways,” said Harnish. “Certainly in healthcare we’ve seen a dramatic increase in cybersecurity activity. The problem is the legislation can be a distraction if it’s not truly helping them secure their assets. Now you have to balance regulatory risk with cybersecurity risk. Focusing on risk management handles both of their issues.”

And auditors and regulators can be just as scary as hackers when it comes to imposing regulations and the potential fines and penalties for noncompliance. Harnish said companies need to have a broad understanding of the most important properties of their individual businesses – and how to adequately protect them. He added that human error is one of the biggest problems in cybersecurity, and companies need to focus on educating and training workers to better secure their networks and intellectual assets.