Cybercrime: Bain Expert Offers 3 Tips to Thwart Attacks

A woman and man look on a row of computer screens
Listen

When it comes to preventing cyberattacks, companies are operating under a set of outdated notions, says Mark Sutton MBA’09, senior vice president and chief information security officer for Bain Capital.

Companies often treat cyberattacks as purely a “tech” problem, to be solved in an IT back office, he says, when really it needs to be tackled in the boardroom by the leaders making senior business-risk decisions.

Mark Sutton, senior VP and chief information security officer at Bain Capital
Mark Sutton MBA’09, senior vice president and chief information security officer at Bain Capital

“Cybercrime isn’t a criminal endeavor; it’s a business,” Sutton asserts. “To protect your company, you have to understand who may want to target you, how they may compromise your network and what your most critical and sensitive digital assets are.”

It seems almost quaint now to recall a once-pervasive image of cybercriminals “as geeks in their parents’ basement with no real friends, trying to hack into” systems, says Sutton, or “Nigerian princes sending you emails (asking for) your bank information.” The cybercrime of today, he says, has “evolved into something much more sophisticated to a level where people are talking about this being the fifth dimension of warfare” (after land, sea, air, and space).

In a webinar presented recently at Babson’s Miami campus, Sutton addressed the threat of cyberattacks and offered three tips on how companies can better protect themselves:

Invest in a Cybersecurity Team

This is different from an IT team, which is “going to be focused on IT projects,” Sutton says. A cybersecurity expert knows how to assess cyber risk and then build a program and strategy that is aligned with the business to mitigate it.

Invest in Cyber Controls

“Small- to mid-sized companies that want to roll that dice and say, ‘I won’t be targeted,’ leave themselves very exposed if they don’t invest in the most basic of cyber controls,” he says. Measures such as endpoint controls to stop malware and viruses and multifactor authentication “so you can be confident only your employees are ‘logging in’ are now table stakes,” he says.

Update Software and Plug Holes

“Companies hurt themselves because of a basic lack of IT hygiene,” Sutton says. Basic updates often are overlooked in favor of other initiatives, he explains, adding, “Plugging holes or patching is the digital equivalent of locking your front door.”

Some cyberattackers “are simply opportunistic,” Sutton says, “like a criminal walking around a neighborhood looking for open doors. They can see all the holes that (a company) is trying to patch. All they need is one hole, one gap, one opportunity, and they are in.”

Posted in Insights

More from Insights »

Latest Stories

Shenaya “Nay” Martin MBA’25 poses for a photograph
A Mother and Entrepreneur Creates Community for Her Fellow Moms As a new mom facing a challenging time, Shenaya “Nay” Martin MBA’25 founded the support group Zooming Moms. She later started a second group, Moms at Babson, as an MBA student.
By
John Crawford
Senior Journalist
John Crawford
A writer for Babson Thought & Action and the Babson Magazine, John Crawford has been telling the College’s entrepreneurial story for more than 15 years. Assignments for Babson have taken him from Rwanda to El Salvador, from the sweet-smelling factory of a Pennsylvania candy maker, to the stately Atlanta headquarters of an NFL owner, to the bustling office of a New York City fashion designer. Beyond his work for Babson, he has written articles and essays for The Philadelphia Inquirer, Notre Dame Magazine, The Good Men Project, and other publications. He can be found on Twitter, @crawfordwriter, where he tweets about climate change.
May 15, 2025

Posted in Community, Entrepreneurial Leadership

In a Babson sweatshirt and with his arms up, Robert Pulles poses for a photo outside Olin Hall
Robert Pullés MBA’25 Puts Smiles on People’s Faces He made connections and built bridges at Babson. Now, Robert Pullés MBA’25 will deliver the student address to his classmates at the graduate Commencement ceremony May 17.
By
May 14, 2025

Posted in Community

Sheikha Al-Otaibi sitting outside
Sheikha Al-Otaibi ’25 Wants to Talk to You Sheikha Al-Otaibi ’25 spent her time at Babson finding out what she’s really passionate about. As the undergraduate Commencement student speaker, she’s ready to tell the whole story.
By
Melissa Savignano
Writer
Melissa Savignano
Melissa Savignano, a content marketing manager at Babson College, has worked in higher education for almost a decade, where she tells authentic, compelling campus and community stories. Before Babson, she managed communications for Boston University’s largest college, the College and Graduate School of Arts & Sciences. She previously worked in client relations, helping brands of various sizes launch content marketing strategies and storytelling initiatives. When not at work, you will find her in the city of Boston, probably at the movie theater.
May 13, 2025

Posted in Community