Issue link: https://iconnect007.uberflip.com/i/1472190
20 SMT007 MAGAZINE I JULY 2022 pliance requirements in place, which perhaps your competitors are not doing. You can then show prospective customers the cybersecu- rity program you have in place. ey will be more likely to want to do business with you. At the same time, you're protecting your company. Companies who spend the money are going to gain that much more revenue share. Matties: Acknowledging your $1,000 example: Isn't it an expensive proposition for people to put money into this? Patel: It is an expensive proposition, but it's much less than the risk of not doing it. Matties: I get it. Still, some people are going to roll the dice. ey don't have the resources. What if you don't have the resources? As you're pointing out, margins are tightening up. Patel: Your January issue of SMT007 Magazine had an article on a breach in a company with two locations. What was the revenue loss on that over the course of two years? Matties: We did an update with them, and it was really interesting. ey were sitting there with the FBI in their conference room, getting advice on whether to pay the ransom. at becomes a question whether you can keep the business open. It was a horrible position to be in. Patel: It's a mess. It's a crime scene. I think cybersecurity hygiene is part of the business plan now and must be properly budgeted and funded. Matties: I like what you said, the other ROI is the added marketability of your company, because you have elevated your cybersecurity. You can demonstrate it. Patel: is is a must-have compliance program, like ISO, that shows your security posture. Level 1 doesn't have to be expensive. It just needs to be taken seriously and maintained, so it doesn't become expensive later. Matties: Right. at's great advice. Johnson: ISO is generally a "nice to have." Lots of people ask for it. ere certainly is customer pressure to make sure that you're ISO certi- fied. But CMMC, especially if you want to be in the DoD supply chain, is going to be more than just a "nice to have." You either have it, or you don't. If you don't have it, you don't get to do the work. Patel: My opinion on CMMC and companies in general: Go through it no matter what. It is the foundation. CMMC is built off NIST 800-171, which is a standard. Just to have CMMC Level 1, you are that much bet- ter positioned than you were yesterday. Hav- ing that posture in place is critical to any business. It doesn't matter if you do busi- ness with DoD or not; you're a small opera- tion, control the environment. Even if you're a small 10-person company, control the envi- ronment. Matties: Good advice. anks, Divyash. Patel: ank you for allowing me to do this, gentlemen. SMT007 If you have questions for Divyash or want to learn more, click here. Companies who spend the money are going to gain that much more revenue share.