Shai Gabay of Trustmi On 5 Things You Need To Know To Optimize Your Company’s Approach to Cybersecurity

Embrace collaboration — Find the right partners that align with your vision and values. Don’t be afraid to work with early-stage companies. In fact, working with these agile companies is usually the best way to innovate and address future challenges proactively

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Cybersecurity”, I had the pleasure of interviewing Shai Gabay.

As a Co-Founder and CEO of Trustmi, Shai is working on the next BIG thing in the cybersecurity field, leveraging his 15+ years of experience and deep expertise in information security, cyber defense, and product management. He is passionate about providing customer value, solving business’s most complex problems, creating innovative and cutting-edge solutions, and leading a multidisciplinary team of talented professionals.

Prior to Trustmi, he held various executive roles in the cybersecurity industry, including General Manager, Chief Innovation Officer, VP of Product, and Chief Information Security Officer. He developed and executed effective strategies in these roles, drove business growth, closed significant deals, and led product vision and development. He also has a solid academic background, with a Master’s from Tel Aviv University and a Bachelor’s Degree in Software Engineering from Shenkar College.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I discovered my talent and passion for cybersecurity as an amateur hacker at the age of 13. My journey continued in the Israeli military and various private companies, including cybersecurity roles in the financial sector. While I initially started in offensive cybersecurity, I later transitioned to the defensive side. Throughout my career, I’ve witnessed firsthand the challenges of cybersecurity fraud. What fuels my passion is the constant desire to overcome boundaries and face these challenges head-on. That’s why I started Trustmi: to work on the next big innovative thing in the cybersecurity field.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

From a very early age, I liked to push and challenge boundaries, which is what cybersecurity is all about. But it was while working at a bank with several early-stage companies I decided I wanted to build Trustmi. I was fascinated by their ability to adapt quickly and influence how other companies do business. This sparked a desire within me to do the same. I’ve always had an interest in fintech in addition to cybersecurity and wanted to find a way to bridge those two areas. Cybersecurity is a broad field, but I honed in on safeguarding a company’s most valuable assets: its finances and bottom line. I truly wanted to “follow the money” by protecting payments to their vendors.

Can you share the most interesting story that happened to you since you began this fascinating career?

For me, it’s all about value creation. As I was working at the bank, I encountered numerous technologies, particularly in cybersecurity, that seemed more geared towards offering insurance than real value. My passion lies in identifying a problem where we can quickly quantify the impact and deliver immediate value to the business. I truly enjoy being able to build a solid business case and prevent financial losses for the enterprise businesses we work with.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

My twin brother has provided not only support but also invaluable advice and help through my journey with Trustmi. He’s a CFO, and we’re selling to CFOs. It’s been really helpful to explore and validate many of the assumptions at Trustmi with someone I can really count on, and who also has deep expertise in that area.

Are you working on any exciting new projects now? How do you think that will help people?

Absolutely. We are continuously working on new projects, always attuned to our customers’ needs and exploring ways to provide them with added benefits and value. One example is our focus on eliminating mistakes and human errors from business payments. While payment fraud is a big issue, we’ve discovered that errors like duplicate payments, overpayments, late payments, and data entry mistakes pose a significant challenge for most businesses. According to a recent conference we attended, 1%-3% of budgets are lost each year due to payment mistakes and errors. Consequently, we’ve expanded the capabilities of our AI module to address and prevent these issues.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Try to find a balance between work and other activities. This is especially important at startups. You must find a way to release your stress and pump up your energy and motivation. But most importantly, focus on building the right team around you. You gain a lot of energy from your team, and the camaraderie is essential, especially when the going gets tough.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

1. Providing value to businesses — It’s exciting to work in an industry that can immediately deliver results to businesses and create a positive impact. I truly believe that companies need to focus on creating indispensable solutions that bring value rather than telling horror stories about potential issues.
2. GenAI opportunities and risks — We’re in a new era where GenAI is a game-changer. It’s thrilling to think about the different uses of AI and how we can leverage these tools to evolve our product. However, bad actors also use AI to launch increasingly elaborate and highly effective attacks, requiring us to proactively develop better tools.
3. Protecting critical information — The stakes are high in cybersecurity as it revolves around protecting a business’s most vital and confidential information. Breaches can have severe consequences with substantial financial losses. For instance, just from business payment fraud alone, we’re seeing losses upwards of $300 billion per year. Being able to protect businesses from these losses is what excited me to found Trustmi.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

Indeed, companies need to be watchful about the rising threat of GenAI-based attacks. These attacks are becoming more sophisticated and advanced, allowing attackers to steal organizational funds faster than ever at scale. We expect attacks on business payments and the supply chain to surpass those of ransomware attacks.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

I’ve seen a lot of cybersecurity breaches originating from the supply chain, meaning the adversaries compromise the organization’s vendors. Although companies are usually aware of risks associated with supply chain attacks, identifying and mitigating these vulnerabilities remains a persistent struggle. From these experiences, a key takeaway is to evaluate risks continuously, not only during onboarding new vendors but throughout the entire procure-to-pay process. At Trustmi, we’ve seen instances where companies, once unaware of a supply chain attack, are now able to promptly detect and rectify the situation by leveraging our solution. We are protecting billions of dollars from potential losses for our customers. This emphasizes the importance of proactively protecting organization funds and preventing future attacks.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

At Trustmi, we use our own end-to-end payment security solution to protect ourselves. It safeguards against cyberattacks, internal collision, and human errors in the payment process. The tool, powered by advanced AI, detects abnormal payment activities, prevents fraud, and enhances overall payment security. It offers transparency, uncovers vulnerabilities, and aligns with best cybersecurity practices.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

Today, even small teams need to handle security like big teams, especially when it comes to supply chain attacks where smaller teams are at high risk. Even with limited resources, prioritizing cybersecurity is important, and all organizations must take a holistic approach that is easy to implement and execute. For small and large teams alike, it is essential to look at third-party solutions to solve challenges outside a company’s domain of expertise. For example, building an end-to-end security platform that protects the business payment process and supply chain is a heavy lift for large enterprises to build themselves. In most cases, it’s better to bring in experts like Trustmi so that the organization can focus on its core business priorities rather than try to reinvent the wheel.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

Processes involving manual work and high complexity, with multiple systems and steps, are always vulnerable to attacks. Another red flag is when there are operational activities spread across different teams that work in silos, where there is no visibility into the entire process. Without visibility, no one can truly know what’s happening, and a bad actor can take advantage of that blindspot. Every system needs controls in place — many employees have a surprising amount of access to systems they probably shouldn’t have, creating multiple points of vulnerability. Addressing these challenges requires connecting the dots, breaking down silos, and introducing more automation and visibility as key solutions.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

First and foremost, it’s crucial to recognize that a data breach is not solely a security concern but a business issue as well. Companies should have a well-defined response playbook that involves cross-functional teams. Every team needs to have open lines of communication with the security team to get them involved quickly — don’t wait to loop them in! In fact, a proactive approach with the security team is critical to building a preemptive defense. It’s important for all teams to bring in the security team early on when there is a breach but also keep them closely involved in integrating new systems to ensure maximum security for the company stack in the future.

What are the most common data security and cybersecurity mistakes you have seen companies make?

A common mistake is relying on manual controls and processes rather than enforcing controls and leveraging automation. Another mistake is not providing people with the right tools to protect their data and work.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

We’ve seen an uptick in fraud post-COVID. The hybrid work model has introduced new vulnerabilities as companies no longer use closed corporate networks, and employees can access data and tools from anywhere. Therefore, robust checks, balances, and enforced controls within the hybrid workflows become crucial to fortify against evolving security threats.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

1. Focus on core priorities — Concentrate on what matters the most to your organization. Understanding the business priorities and the systems to support those priorities is a vital step in developing a robust cybersecurity strategy.
2. Identify critical gaps — Pinpoint vulnerabilities by conducting assessments to identify gaps and weaknesses in core areas. Prioritize plugging these gaps according to the business priorities.
3. Select appropriate use cases — Tailor the cybersecurity efforts to your organization’s specific needs. Identify relevant use cases to ensure resources are efficiently allocated and address the most pressing threats.
4. Implement effective solutions — Once the gaps and use cases are identified, choose customized, end-to-end solutions that align with your organization’s needs for optimal protection.
5. Embrace collaboration — Find the right partners that align with your vision and values. Don’t be afraid to work with early-stage companies. In fact, working with these agile companies is usually the best way to innovate and address future challenges proactively.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)

I urge people to challenge the status quo and embrace change fearlessly. By fostering a mindset of constant improvement and innovation, we can collectively contribute to positive transformation and progress for the greater good.

How can our readers further follow your work online?

To stay updated on our latest work, you can visit www.trustmi.ai.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!