Shauli Zacks
Published on: March 3, 2025
SafetyDetectives recently spoke with Matt Reck, CEO of Fortra, to discuss the company’s holistic approach to cybersecurity and how it helps organizations protect their people and data from evolving threats. With a background in investment banking and private equity, Reck brings a unique perspective to cybersecurity leadership, emphasizing innovation, intelligence-driven defense, and AI-readiness. In this interview, he delves into Fortra’s flagship solutions, the biggest cybersecurity challenges organizations face today, and how companies can better protect themselves against ransomware, insider threats, and cloud security risks.
Can you share your journey to becoming the CEO of Fortra and how your background has influenced your leadership approach?
My path to CEO is a little different than many, as I spent most of my early career in investment banking and private equity and got to work with a lot of really successful companies across a range of industries and end markets.
What I learned along that path is that there are a lot of ways to make a good return, but to truly create something special, it has to be about more than generating growth or return.
Fortra is a great example of that, as our mission is very clear: We help companies protect their people and data from cybercrime. As an organization, we are rallying around that calling, recognizing that our clients need us, and it is inspiring a different type of engagement and innovation. If we protect our clients the way I know we can, all of the other benchmarks of success (e.g., growth, ROI, etc.) will work themselves out.
What are the flagship services offered by Fortra, and how does it stand out in the competitive cybersecurity field?
Fortra’s flagship offering is really our overall solution. Think of Fortra as covering what we believe to the most important components of both Data Security Posture Management (DSPM) and Attack Surface Management (ASM) coupled with the market’s most advanced offensive security and ethical hacking solutions.
Where we are truly unique, however, is in our ability to leverage the threat intelligence from across our comprehensive suite to improve the performance of each of the sub-components, whether that is phishing defense, email security, or data loss prevention. All of our solutions feed real-time data and indicators of compromise into the “Fortra Threat Brain”, which utilizes AI to evaluate and process that data and drive actionable intelligence to the individual security products we offer. Each of our solutions is competitive as a standalone solution, but our ability to cross-reference attacks, indicators of compromise, and threats makes each component better and is truly unmatched in the market.
What do you see as the most pressing challenges organizations face, and how does Fortra’s suite of solutions address these issues?
Two areas are front and center with just about every organization:
- The bad guys. Cybersecurity adversaries have grown in number and sophistication, and they are innovating as fast as defenders are. Where once each type of attack was likely an isolated incident, now criminals are attacking all of the perimeter systems at once. You as a company have to be right 100% of the time, where a breach need only happen once. Fortra has one of the market’s most advanced ethical hacking or “Offensive Security” tools and the teams to simulate what a sophisticated adversary would do to your system. Then, importantly, we have architected our entire suite of solutions to work together to detect, prevent, and mitigate the damage those adversaries can do.
- Every organization is rapidly trying to figure out how best to harness the incredible power of AI to unlock previously unfathomable potential in its employees and systems. It is a huge opportunity, but it doesn’t take long for management to realize the exponential increase in potential risk this advanced technology creates. Fortra’s data protection suite has long been a leader in the protection of the market’s most sensitive data and our “AI-Readiness Data Protection” offering is purpose-built to provide the toolset for an organization’s CISO to regain control of the data risks around AI without crippling its potential.
Ransomware attacks have become more sophisticated and damaging. What strategies should organizations implement to prevent and respond to such incidents?
Practicing good security hygiene is step one. Many of these attacks begin with exploiting well-known vulnerabilities that have patches and mitigations available. Inventory the attack surface you present to the outside and verify that it is secured, limited to only required services, and fully patched.
Employees are a critical line of defense against cyber threats. Keep them trained on the latest tactics used by malicious actors, including phishing attempts and deepfake scams designed to manipulate them into approving transactions or granting access.
Most importantly, ensure everyone knows how to report a security incident. If something seems suspicious, report it immediately so the security team can investigate. Foster a culture of security where employees feel empowered to speak up without fear of blame.
Insider threats remain a persistent issue, whether from malicious intent or human error. What measures can organizations take to mitigate risks associated with insider threats?
Employ least-privilege principles and audit access rights regularly. Make a list of your high-risk individuals, what they do, and what position they hold within the organization. Implement stricter monitoring and protections around this group above and beyond the standard. Security awareness training presents another opportunity to inform your user base about the signs that an insider may be acting with less-than-legitimate intent.
Monitor for unusual activity, such as unexpected behaviors during the workday, attempts to access data outside of an employee’s role, or large transfers of information from internal systems.
As businesses increasingly migrate to cloud services, what are the key security considerations they should be aware of to safeguard their data?
It is important to understand where the different boundaries exist between a business and its vendors. Security is a shared responsibility between both sides. Cloud service providers are responsible for the security of the cloud infrastructure, while clients must manage security in the cloud, including their data, applications, and access controls. Are your applications, security controls, and user access rights, along with everything you would typically safeguard on-premise, aligned with your organization’s security posture? Understand what data is being passed into your cloud environments, where it is residing and how it is accessed. Don’t become another statistic where access controls to your data are not enforced and the internet at large can reach in and shuffle through your virtual papers.
