Cyberattacks on businesses are more commonplace than we might think. And the pandemic might have made it worse. As offices transitioned to work-from-home systems and many retailers either started or expanded their eCommerce practices, the Chief Information Security Officer for National Retail at Fortinet says that protecting your cybersecurity perimeter has never been so important (and complex). In this episode of The Voice of Retail I sit down with Courtney Radke, Fortinet’s National Retail CISO, to talk about how retailers can better protect themselves - and their customers - in a rapidly changing digital landscape.
Welcome to the The Voice of Retail , I’m your host Michael LeBlanc, and this podcast is brought to you in conjunction with Retail Council of Canada, and this episode is brought to you by Fortinet,
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Fortinet’s mission is to secure people, devices, and data everywhere.
Cyberattacks on businesses are more commonplace than we might think. And the pandemic might have made it worse.
As offices transitioned to work-from-home systems and many retailers either started or expanded their eCommerce practices, the Chief Information Security Officer for National Retail at Fortinet says that protecting your cybersecurity perimeter has never been so important (and complex).
In this episode of The Voice of Retail I sit down with Courtney Radke, Fortinet’s National Retail CISO, to talk about how retailers can better protect themselves - and their customers - in a rapidly changing digital landscape.
Courtney sheds light on the reality of identifying and reporting breaches in cybersecurity, we talk about the business of being a cybercriminal and I get to the bottom of how retailers can sustainably invest in their cyber safety.
********
Thanks for tuning into today’s episode of The Voice of Retail. Be sure to subscribe to the podcast so you don’t miss out on the latest episodes, industry news, and insights. If you enjoyed this episode please consider leaving a rating and review, as it really helps us grow so that we can continue getting amazing guests on the show.
Courtney Radke, National Retail CISO, Fortinet
Courtney spent over 10 years leading retail technology strategy and securing distributed networks at multiple retail and restaurant organizations across North America. As the CISO for Retail at Fortinet, Courtney uses his skills and experience as a former retail customer and technology leader to provide real-world solutions for customers and partners in the retail vertical.
I’m your host Michael LeBlanc, President of M.E. LeBlanc & Company, and if you’re looking for more content, or want to chat follow me on LinkedIn, or visit my website meleblanc.co!
Until next time, stay safe and have a great week!
Michael LeBlanc
Welcome to The Voice of Retail. I'm your host Michael LeBlanc. This podcast is brought to you in conjunction with Retail Council of Canada. And this episode is brought to you by Fortinet.
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network, today and into the future. Fortinet's mission is to secure people, devices, and data everywhere.
Cyberattacks on businesses are more commonplace than we might think. And the pandemic might have made it worse.
As offices transitioned to work-from-home systems and many retailers either started or expanded their eCommerce practices, the Chief Information Security Officer for National Retail at Fortinet says that protecting your cybersecurity perimeter has never been so important and complex.
In this episode of The Voice of Retail, I sit down with Courtney Radke, Fortinet's National Retail CISO, to talk about how retailers can better protect themselves and their customers in a rapidly changing digital landscape.
Courtney Radke
So, I think you know, a first start is, is do more than just the basics when it comes to protecting endpoints.
Michael LeBlanc
Let's listen in now.
Michael LeBlanc
Courtney, welcome to The Voice of Retail podcast. How are you doing this morning?
Courtney Radke
I'm doing well. How about you?
Michael LeBlanc
I'm doing fantastic. Thank you. And we're just talking about smokers and barbecues and family and stuff, just off mic. So, it's great to chit and chat. But let's, let's get right into it. Let's, let's share with the listeners, the folks out there a little bit about yourself, your background and your role at Fortinet.
Courtney Radke
Yeah, absolutely. So, but you know, I came into the industry from, from retail, I was in the restaurant industry. Started off, you know, as a network technician, to engineer to an architect and then ultimately leading, you know, full retail network architecture, cybersecurity for some very large QSR is in North America. At Fortinet, now, my role as Field CISO for Retail and Hospitality encompasses many things. But, but ultimately, I'm responsible for our technology development, go to market strategy and working with retailers, service providers and our industry partners to really understand the challenges and educate on the trends and overall threat landscape.
Michael LeBlanc
All right, and so the listeners don't miss it. You said your CISO, so that's Chief Information Security Officer, right?
Courtney Radke
Yes, absolutely, for our retail vertical.
Michael LeBlanc
And now, how did you, like when you started, you described your kind of career trajectory, your progression., did you always want to get into the security side? Or was that a natural progression of just, you know, the natural demand or opportunity? How did that come about?
Courtney Radke
Yeah, I think it was just an organic progression. I had, kind of had a you know, network architecture and security background. So, it was just kind of a natural fit.
Michael LeBlanc
Yeah, so for you, you got to build it and do the architecture. So, you could, you could spot the challenges or conversely see the, see the threats, right, just from the ground up. It's a great, it's a great background. Now talk about Fortinet, tell us all about them. Your company scope of work, where you operate, retail background, focus, that sort of thing.
Courtney Radke
So, so Fortinet is a 20-year-old company, founded in 2000. And we're headquartered in Sunnyvale, California. And most of our R&D takes place in North America, though, we are a broad global company, we have a broad footprint. So, 8,600 employees, 59,000 partners, and over 500,000 customers worldwide. And, I have, my role focuses mainly on the retail vertical for North American and globally. But Fortinet really solves challenges for businesses of all types, of all sizes, across all verticals.
Michael LeBlanc
Now, did you say 500,000 customers, did I hear that right?
Courtney Radke
Yes, absolutely.
Michael LeBlanc
So obviously, not just big, but medium sized enterprise? Like give me an idea of the scope of the minimum size viable customer that you two would get on well and talk a bit about that.
Courtney Radke
Yeah, any company that needs security, and any company that's, you know, moving forward digital innovation, which can start at a one store location. It can go all the way up to 10s of 1000s of sites. So, really, Fortinet is tailor made for businesses of all sizes, of all complexities.
Michael LeBlanc
Well, we'll get into, into that, and how that, that works. But let's talk about the threats to business. Now you know, is it my imagination, or is it just a natural progression that there seems to be more risk today than there was in the before time, pre-pandemic? Is that real in my, or is that just mostly in my mind? I mean, I can think of a lot more people working at home, for example, that's different than in the before time, but, but is that, is it just more obvious to me or has the threat landscape as you would describe it has that gotten worse or increased over the past, you know, 18 months or two years?
Courtney Radke
Yeah, I think it's a bit of both. It's definitely not in your mind. You know, it, there was a record number of breaches and incidents reported over the last year. I mean, they're, they're, they're way up. The attacks that they're occurring, they're bigger and scale, but they're definitely bigger in publicity. You know, that's, that's a lot of things that brought cybersecurity issues to the forefront, to the spotlight, which can be a good thing. It brings attention to real world problems, you know, of the issues that are faced by these businesses every day, hopefully, creating a call to action.
On the flip side, you know, cybercriminals want publicity, it continues to be lucrative. It is a business after all. So, the increase in suppose exposure, you know, access free publicity for them as well. So, you're not crazy. I mean, it is big. There's more, there's more happening. And I think we're also getting bigger publicity on it.
Michael LeBlanc
So, let me let me follow that thread for a bit. Because I was about to say, you know, sunlight is a disinfectant, in other words, is more publicity, more profile, but what you're seem to be saying, is that that actually helps the bad guys, talk about that a bit.
Courtney Radke
Yeah, it's a little bit, you know, they're not, you not wanting to be on everybody's radar. But as I said, it is, it is a business. These are, you know, they're doing ransomware as a service. They're bringing, they're trying to recruit people into these organizations. So, the more publicity the more money that they say that they make, is going to recruit more people.
Michael LeBlanc
So, I guess they're not taking ads out on LinkedIn, this is their best way to,
Courtney Radke
Honestly, sometimes they do. Sometimes there's open calls for, you know, recruitment into these organizations.
Michael LeBlanc
Wow. Black hats wanted, I guess, or,
Courtney Radke
Absolutely
Michael LeBlanc
Whatever you would say. Is it, is it the case that more companies are now, I know it's the case in Canada, soon to be the case, that you need to declare breaches, is, I heard once someone once said that, you know, there's two types of companies folks who've been breached, and folks that don't know they've been breached, haven't told anybody. And is it the case that more people are declaring breaches earlier? And again, I'm kind of circling around the same question. I guess I'm answering asking a couple different times. Is there more activity, or just we know more about that?
Courtney Radke
Yeah, you know, we know more, we know more about the activity. And I think the, the, you know, businesses want to get ahead of it. And so, there's no clear set, you know, guideline, you know, of when to declare. There's a lot of times where, you know, law enforcement will tell you not to declare yet because they're still trying to gather information. So, as some of these breaches only come to light months or years after they actually happen. And a lot of times, they don't know about them, it's not just that they're not declaring it.
Michael LeBlanc
Right. Right.
Courtney Radke
They don't know anything happened.
Michael LeBlanc
Well, there's a big breach in the US, right, with a, with, that went on for many, many months before in the government, I believe that many, many months before it was discovered. So, that's not an uncommon, right? It takes, sometimes it doesn't, it's not obvious that you've been breached, is that the case?
Courtney Radke
Yeah, I think, you know, what we're seeing is the sprawling nature of these disparate networks, it becomes much harder to determine did something happened? Where did it happen? When? And how far did it go?
Michael LeBlanc
Is it the case that when you know, when COVID hit, suddenly millions of employees went home, and did that increase the risk? Or is that kind of a net neutral to, you know, neutral or positive, or neutral to negative, impact on the threat profile?
Courtney Radke
Yeah, I think by now, many organizations have had a chance to rethink what the, you know, the idea of work-from-home means. They've been able to put in additional protections, change their baselines, provide training for the remote workforce. For a time it was, it was a disrupter, you know, work-from-home created yet another edge that needed to be protected on top of the branch, data center, cloud, everything else. I mean, it just made the perimeter even harder to find than it ever had been before. The problem being there was as an initial scramble to bring functions online. We had to be operational, so that, you know, many organizations just.
Michael LeBlanc
Right,
Courtney Radke
Throwing things at the wall and see what sticks, learning point products, little integration, left a lot of gaps in security controls.
Michael LeBlanc
I guess the only thing it solved is the old, you know, don't pick up a USB in the parking lot problem that you would kinda hear, right. So, I guess it's solved that problem, dispersed audience.
Michael LeBlanc
Now, you know, as you think about these risks, what are the top concerns you're protecting against today? You'd mentioned ransomware, what are you hearing from retailers in terms of what they're most concerned about? We've seen in the past, for example, breaches from companies that have been acquired, weak points and point of sale in store, you don't hear too much about that these days. But what are the top couple ones that you guys really.
Courtney Radke
Yeah, I think,
Michael LeBlanc
Really focused on
Courtney Radke
I think, you know, POS is still a top concern, for different reasons now. You know, but I think cloud is, is that number one, it's taken the number one spot, web applications.
Michael LeBlanc
Wow, really?
Courtney Radke
Yeah, you know, they're the number one target because that's where the data is, hopefully by now, you know, there's not credit card data or sensitive information going through POS systems.
Michael LeBlanc
Right.
Courtney Radke
And so, they're still being used as a stepping off point. They're still being used as a point of ransomware.
Michael LeBlanc
Yeah,
Courtney Radke
There's still you know, disruptions for business, you know,
Michael LeBlanc
Sure.
Courtney Radke
Your business operations if I can't use my POS, I can't sell X.
Michael LeBlanc
Right, so, they'll shut it down versus their,
Courtney Radke
Yeah,
Michael LeBlanc
Shut it, shut you down versus get in there. Because you know a lot of the cloud providers, they're pretty big, pretty big organizations, right. Is, are we safer with, with cloud-based computing? With, or not? I mean, is that a, is that a billion-dollar question? Or is that,
Courtney Radke
It's a good question. I mean, you can't I mean, you can be just as safe either way. I think right now, what we have is this, still a lack of understanding and this cloud responsibility model. Who's responsible for what,
Michael LeBlanc
Interesting.
Courtney Radke
And in the event of an incident, who's responsible? For who's responsible? Who's accountable? Who's actually putting in the security controls? So, I think we're still in this, we're still in this area where, especially now, a lot of companies had to rapidly expand into Cloud, they are maybe adopting cloud for the first time as crazy as it seems. And there's still not a, not a full understanding of that cloud responsibility model. So, it can be safe, it can be just as safe. Moving to the cloud isn't inherently dangerous, it has it has to be done correctly.
Michael LeBlanc
Interesting. What, now what's the right balance for retailers in terms of investment in network and protection services? I mean, you know, you know, when you go, you start projects in retail, sometimes you, you try not to design to the worst-case scenario, you try to design to the most likely scenario. What's that, what's that balance that you advise the clients on in terms of, you know, investment in security versus too much focus on security? Or is there such a thing as too much focus?
Courtney Radke
Yeah, but that's also, you know, that's also a tough one. I think, you know, for me, our mindset is security and networking, they have to go hand in hand. What we talk about it is, is the convergence of network and security. And that's kind of the critical piece to keep up with the speed of digital transformation. But also, businesses can't afford a security incident that erodes customer trust and brand loyalty. You know, that's, that's honestly, the industry best practice formula that I see going forward is the convergence of networking and security. Investing and solutions where you know, security, isn't that bolt on, or you have to think about it afterwards. If you have to think about it, do I have enough security put in here? Obviously, there's Platinum plating, we don't want to get to but security should always be a cornerstone. And I think that's kind of the right balance. I'm not saying 50% of your spend has to be on security and 50% on networking, but make sure that they're, you know, converged.
Michael LeBlanc
I was gonna say, is there some kind of formula that you, you know, if I spend $1, on technical infrastructure and is there a percentage formula? Is that is that a simplifying it too much?
Courtney Radke
It's, I think it's, I think that's probably an oversimplification, because every business is different. You know, depends
Michael LeBlanc
Right,
Courtney Radke
On the industry that you're in. Depends on your risk profile. Depends on if you've been attacked before and if you're, your, retail is always a prime target for attack, but some organizations more than others are. So, there's not, there's not a silver bullet of 'I spent this much and then I'm secure'.
Michael LeBlanc
Interesting, interesting. So, you know, when I think of this ransomware, I think of the payment type. Is the problem here, you know, cyber, cyber currencies? I mean, the bitcoins of the world seemed to be the way these black hats get paid. Is, is this the biggest weakness here? Is that, is this, is, you know, digital currencies, is that just the currency of crime now? Is this a problem that, you know, this isn't a political podcast, but as banks and central bankers turn their mind to, you know, non-fiat currencies, as
Courtney Radke
Yeah,
Michael LeBlanc
They would be known, it seems to be that the weakness of these currencies, amongst the craziness of the up and down that I don't get based on tweets and appearances and Saturday Night Live, is that it's truly the currency of crime in your world.
Courtney Radke
I haven't seen Dogecoin yet be the currency of crime, but it does get, it, it does get a bad stigma. I mean, I mean, it's not what, it's used for that. We often see it, you know, attributed to cybercrime, but there's so many other things that it can be used for. I think, if it wasn't around, they'd find another way. You know, it's just the, it's here. It's, it's, it's been easy for them to use. We're seeing a lot of crackdown. We're seeing a lot of regulation on it. I think we got to get a handle on it.
Michael LeBlanc
Yeah, yeah.
Courtney Radke
The you know, the way to stop cybercrime is to you know, same as always, hit him where it hurts, and that's in the purse strings. And so,
Michael LeBlanc
Yeah,
Courtney Radke
I think it gets a negative connotation because that's what it's been used for. But if it wasn't around, you know, and find another way.
Michael LeBlanc
Yeah, I mean, we're a long way from black satchels of cass's, black satchels of cash and bus station lockers, though, right with cyber currency? I mean, it's hard to, hard to track. Anyway, again, not really the focus, but I was just kind of curious, since I got you on the mic. It was just, you know, occurred to me to kind of ask you that question.
So, where do you, where do you guys fit in and all this? Like, you know, I'm a retailer, lots of retailers listening to the podcast, and, and some who are probably saying, 'Are we secure enough?' or some saying, 'Listen, we moved to cloud,' sounds like, are you consulting? Are you technology? Are you come in and say, here's some solutions that come on, and attach on top, sit on top of services, just unpack that a little for me.
Courtney Radke
Yes. So, you know, we're a security company. We're an engineering company first. You know, where we're, you know, enabling rapid digital innovation. And we're doing that through guidance and direction. You know, consulting, we're doing that by providing the technology. We're doing that by, you know, influencing organizations to set standards and guidelines. So, it's kind of all of the above. You know, Fortinet often got known as the firewall company, for good reason, you know, but there's so many other solutions out there. You know what broad portfolio and that's from home to brands to data center to cloud to mobile to really everywhere business is that we, we provide solutions for that and guidance direction. And obviously, the technology, the backbone that it runs on.
Michael LeBlanc
What I find interesting is it sounds like you've got a solution. I don't want to call it ala carte by any means. But, if you're talking about single store, to a dozen stores, SMEs to big enterprises, sounds like you've got a, you've got something for everyone. I mean, you obviously, you know, you're not going to roll out an account executive, I wouldn't think to a single store. So, you must have some, so to speak, off the shelf,
Courtney Radke
Yeah,
Michael LeBlanc
Kind of products, is that how you're designing?
Courtney Radke
Well, I mean, so, we have a lot of, a lot of, that the biggest thing with us is its organically grown. And it's all built around this concept of 40 OS. And so, whether it's, you know, a small, the smallest firewall that we have all the way up to our carrier class it's the same OS. And we build around that same platform. And it's all with that integration on a great automation. And, you know, the broad portfolio in mind. And so, you know, as you said, it's, yeah, we're not going to roll out an account executive to a one store site. But the beauty of it is, if you have one store, you have an entire data center, you're kind of getting that same,
Michael LeBlanc
Right,
Courtney Radke
Research and developing going into both of them, you're not getting a, you know, a smaller functionality box, maybe speeds and feeds. But it's the same throughout the entire portfolio.
Michael LeBlanc
Talk about your business model, is it, is it a pay as you go? Is it a SaaS model? Again, the answer might be yes to all.
Courtney Radke
You guessed it, right.
Michael LeBlanc
Yeah, yeah, right on.
Courtney Radke
It's whatever it, business is agile now, and, you know, we need to be able to support that that fluidity, which, which business moves, and so whether you're, you're still in data center, you have a hybrid approach, you're fully in the cloud, you don't want to own any hardware infrastructure, our, our solution really tailors towards that. So, obviously, we have hardware, which, which what sets us apart is we haven't, you know, dedicated ASICs inside that hardware for, you know, really, really high acceleration. But if you need more, you know, flexibility, we have virtual, we have, you know, pay as you go, we have SAS based models, we fully host models. So, you know, we've had to adapt and provide our solutions wherever business is. You know, again, one other thing that kind of makes us unique.
Michael LeBlanc
And, I want to get back to some of the challenges that retailers are facing, should we be concerned that nation state actors seem to be having a hand in some of this? I mean, it's not unusual, I guess, there's industrial espionage, as it was known, where, you know, certain nations would try to gain competitive intelligence on industries, is it, is it, I think they're less likely as nation states to try to disrupt your business and more likely to kind of steal from it. And, it, is, is that what we're seeing today? Or is it, is it a mix of state sponsored individuals? I mean, you just, you know, we were talking earlier in the podcast about just, you know, this is just a pure profit model. So, is it a mix of both? Are you, is it something that's on your radar screen? How do you how do you process that?
Courtney Radke
It's on the radar. I mean, the, the attacks in retail, by and large, are financially driven.
Courtney Radke
And so, they're after the money. Or more, you know, more acutely they're after the data that is where the money is. And so, you know, there's, there's a threat of business disruption, brand harm, etc. via ransomware because it's continuously lucrative, as we just said. You know, that's not to say that nation state, nation actors aren't something to be aware of. We're definitely aware of them. We've seen a sharp increase in nation state attacks on businesses in technology, healthcare, pharmaceuticals as of late, you know, but not necessarily a specific target to retail as much.
Michael LeBlanc
Right,
Courtney Radke
But it doesn't mean that organizations aren't also collateral damage. You know, when a nation state attack occurs, you know, aimed,
Michael LeBlanc
Sure,
Courtney Radke
At a widely used software or supply chain attacks, they often become downstream on unfortunate targets of those nation state attacks.
Michael LeBlanc
From the team that has taken thought leadership and community for retail marketers and direct and consumer brands to the next level with their CommerceNext Conference Series, get ready for season one of The Conversations with CommerceNext podcast.
Hosted by veteran retail, eCommerce, marketer and podcaster, Michael LeBlanc, with co-hosts Veronica Sonsev, and Scott Silverman and presented by Wunderkind, Conversations with CommerceNext gives voice to the eCommerce and digital marketing community like never before.
You'll hear thought leadership with one-to-one interviews that will dive deep into marketing challenges, winning digital strategies, the latest research technologies and people behind one of the most dynamic industries in the world. Together will work to make sure as we emerge from the COVID era that you're ready to take on the new challenges and opportunities and help you thrive with insights and advice from industry leaders who have hands on experience that you need to hear.
Available on Apple, Spotify, Amazon Music, all the major platforms where you enjoy your podcast today, with new episodes debuting every two weeks.
Alright, so a, lots of retailers listening, advice to retailers who are thinking about their status security, and they're interested to hear more, frame it for me in two starts and one stop. Two things they should be doing today, maybe they already are. But from your experience and day-to-day talking at the at the suite, C-Suite, and then one thing they should probably do less of, or stop doing, that maybe was a very good best practice 18 months ago but is less so now. What's your, what's your advice?
Courtney Radke
So, I think you know, a first start is, is do more than just the basics when it comes to protecting endpoints. We've seen time and time again, that the endpoints are extremely vulnerable to targets of ransomware. What we've really seen is EDR should become more commonplace, more common practice to keep up with today's advanced threats. I think we can't expect the, you know, legacy endpoint protections to, you know, protect organizations from the advanced threats that you know, are out there. They're getting smarter, they're using,
Michael LeBlanc
Yeah,
Courtney Radke
The same technology, we need to be smarter and protect against it. And, I think another start would be adopting a zero trust methodology. You know, that's, that's, a way, a better way to protect the evergrowing and hard to identify network edges in these distributed environments. And now, doing so is, you know, less cumbersome, it's more approachable concept than ever before, and can be done.
Michael LeBlanc
Unpack that a little bit for me. And, you said two things that I wanted follow-up, was it EDS?
Courtney Radke
EDR.
Michael LeBlanc
Yeah, what's that?
Courtney Radke
Endpoint detection and response. So, it's kind of the natural progression and evolution of endpoint protection of traditional antivirus, if you will,
Michael LeBlanc
Okay,
Courtney Radke
It moves beyond just simply detecting or preventing, it's kind of wrapping all of it. We're in EDR 2.0, essentially now. It's more machine learning, more predictive, more automation built into it. So, it's just helping keep up with these threats in more real time as opposed to being reactive all the time.
Michael LeBlanc
And talk about zero trust. What does that mean?
Courtney Radke
Yeah, well, zero trust means, I, normally when you set up a VPN connection or, or network connection now, it's assumed that you, you have the, the access necessary. It's assumed you've passed all security checks. That's, that's kind of the, the method that's used a lot now. But, this is a check every single time, I know, 'I just allowed you on the network, but now you're asking for access, again, we're going to check you again', we're going to do a posture check, we're going to do an assessment. And that seems cumbersome, but it's all done in real time. It's all done automated in a true, you know, zero trust model. And, I think it, because it's more approachable now, that the technology maybe five years ago, you could have implemented a zero-trust model, but there was a lot of moving pieces. But now as we've gotten more moving more towards a platform approach, it's you know, all part of one, one platform, it's much easier to implement it successfully.
Michael LeBlanc
It's, and it makes me think of two-step validation that I often have to go through, right, that text you get to your mobile phone. I think we're talking about, of course, much more sophisticated. But that's that two-step approach that I think we're all getting used to right? That extra bit of validation,
Courtney Radke
I think part of it is knowing that it's it has to be part of a process. Multi-factor authentication is definitely a good step and in additional validation, but this is, you know, segmenting the network, you only need access to this portion of this network or this application only, and not just granting carte blanche across the entire network.
Michael LeBlanc
Right, I see.
Courtney Radke
I think that's kind of what moving to zero trust is. And then the stop, I think is, stop equating compliance to security.
Michael LeBlanc
Oh, interesting.
Courtney Radke
Well, you know, what, while achieving compliance is a great, such a good foundation overall, you know, overall cybersecurity and risk management, it is table stakes. It's the cost of doing business. And I think organizations need to move beyond that. Move beyond simply being compliant to protect customers business and the brand. Because all of these organizations have to get compliance. But rarely do they maintain compliance throughout the year. And so, I think we need to move beyond compliance to more true cyber maturity.
Michael LeBlanc
That's an interesting one, because, you know, compliance regimes are pretty sophisticated and pretty, you know, I think of credit card compliance regimes, but you're saying that should just be your starting point. Just make sure that that's where you start, not where you finished the process.
Courtney Radke
Yeah, yeah. I mean, it's getting better and PCI 4.0, you know, coming out in the next 18 months, it should start going into practice. And it's, it's, you know, putting a focus on security as a continuous process, which I think is great. But again, a lot of these are, you know, compliance, a lot of organizations gain it so they don't get fines or something else. And that should not be our impetus to be more secure.
Michael LeBlanc
Right, right on right on. All right, well, listen, you, a lot of information that you conveyed on us. It's been a great interview, fantastic. I think we've probably just scratched the surface, but it's a great overview. Where can folks go to learn more and get in touch and, and just start exploring all the great topics you're doing and how to get in touch with, particularly for my Canadian listeners, but also for everyone else who might be listening around the world?
Courtney Radke
Yeah, so fortinet.com is obviously the one-stop shop for everything that Fortinet has to offer which there's a lot of it. And then fortinet.com/retail for, for our solutions and guidance tailored specifically towards the retail vertical.
Michael LeBlanc
All right. Well, Courtney, that's been great. Thanks so much for, for coming on sharing some of this stuff with us. I know many of us hear about it, some of us and no doubt my listeners are deep into it. But, you provided a great overview and brought us up to date. So thanks, thanks so much for joining me on The Voices of Retail podcast.
Courtney Radke
Absolutely. Thank you for having me.
Michael LeBlanc
Thanks for tuning into today's episode of The Voice of Retail. Be sure and follow the podcast on Apple, Spotify or wherever you enjoy podcasts, so you don't miss out on the latest episodes, industry news and insights. If you enjoyed this episode, please consider leaving a rating and review as it really helped us grow so that we continue to get amazing guests onto the show.
I'm your host Michael LeBlanc, President of M.E. LeBlanc & Company Inc. And if you're looking for more content or want to chat, follow me on LinkedIn or visit my website at meleblanc.co.
Until next time, stay safe