Privacy Policy

Episode 25 of The Andy Show

Episode 25 of The Andy Show

ANDREW MCLEAN [00:01:05] Good afternoon and welcome to The Andy Show. The is the 22nd of May 2020. And time just coming up for 12:31, so it must be time for me to talk to a new guest. So one of the things we’ve spoken to in the past is about the new normal. How things have changed during this lockdown. I think has certainly changed in terms of technology, technology and technology partners but also client and customer demands. How have these things changed? And what’s going to look like going forward? Are things can be different? Are things going to be the same? If someone to help me answer these questions and more. I am absolutely delighted to be joined by my special guest today, Ollie Pech, the Channel Account Manager from KnowBe4. Ollie, welcome.

OLLIE PECH [00:01:57] Hi Andrew, how you doing? Are you alright?

ANDREW MCLEAN [00:01:58] Yeah, not too bad, not too bad. So let’s start at the beginning. Tell me, who is Ollie and what does KnowBe4 do?

OLLIE PECH [00:02:05] Yeah, I’m Ollie Pech and I look after our managed service providers in the U.K. and Ireland. And basically what we are is and we are a similated phishing and security awareness platform. And basically concentrate on social engineering and other threat factors and others say like phishing and also phishing attacks as well. So yeah, that’s a bit about us and we got a 30,000 customers worldwide. That’s about 11,500,000 users globally. So yeah, trusted by a quite a lot of end users, which is just great.

ANDREW MCLEAN [00:02:44] That’s a lot of people, so when you’re obviously dealing with a lot of clients and partners, what’s your breakdown of clients? Partners? Do you have a lot of partners. Is it a fairly closed ecosystem?

OLLIE PECH [00:02:55] Yeah. So we work with a lot of partners in the U.K. yeah, we were kind of a very open door. We do work with a lot of, you know, mainstream partners, resellers all across the U.K. and obviously all around the world as well. A 100% channel in the U.K. and I, that as well. But yeah, many again, larger MSPs, medium MSPs in place right away from, you know, people to look after two, three users right away, up to hundreds of thousands. Yeah. We concentrate on the whole market, which is great.

ANDREW MCLEAN [00:03:27] Okay, so we’ve had this lockdown. We had clients changing what they want. We’ve had companies changing the way that they execute on things. We’ve got people having to rely on home broadband to get. I even spoke to a gentleman still had a dial up modem, recently. But changes have, just did it in summary. What changes of MSP seen in the market since this all began?

OLLIE PECH [00:03:52] Yeah, definitely. I mean, obviously, that there was the rise, you know, as soon as this all kind of started with COVID. And, you know, if you’re looking at February, March time, it’s, you know, remote working, you know, remote working. You know, some MSPs great, you know, had their clients already set up in this. And obviously, we’ve seen a rise in support tickets from the MSP side of things as well. And then it’s getting those people, you know, back from then going into the office during the day today and then yet everyone working from home. So obviously, that was the biggest spike that we saw. And actually now there we’re seeing and talking to a lot of our providers is actually they’re kind of sitting back now. And, you know, a lot of people are working strongly from home that they’ve kind of got that. And now we’re looking at that place of, well, what have we done? How can we make them more secure? Because if, as you say, some people may even been using their own personal laptops in these situations just in that mad rush to get people home. And so, you know, people are coming back, taking a look and understanding, you know, their security postures, understanding about home working, and then yet implementing probably more policies and procedures that they might not have had to do before. So I think that’s pretty much the trend. And and also looking at that vendors, you know, I’ve had a lot of, you know, interest with new MSP is coming to the market saying, actually, we weren’t doing what you’re doing. Let’s have a chat, say a lot more time on people’s hands in some aspects, but then obviously in other areas are completely random and busy and just trying to do the normal day to day.

ANDREW MCLEAN [00:05:32] Yeah. You mentioned you mentioned earlier that people are using laptops. So there’s a couple of things I’ve seen. Number one, you’ve got companies weren’t ready for the whole work from home strategy. Number two, yeah, people have been dusting off their old Windows 7 machines from there, you know, on cobweb somewhere connected to internet. There’s been obviously a rise in shadow I.T. where people have been whipping up the credit card and sign up for Zoom or whatever it may be. And also, there’s been. Also, there’s been a increase in opportunists, opportunists in terms of phishing and scams and “acts” and all sorts of all those horrible other things, from your point of view. Have you seen an increase in phishing and attacks since this last time?

OLLIE PECH [00:06:32] Yeah, I mean, definitely, you know, that’s a kind of almost like a fact that’s out there. You know, you can see from reports not only from BBC reporting about how Google have been blocking, I think is about 80 million, you know, kind of fake emails that are coming through. Phishing has been on the rise about 600% since it began. And when you’re putting out those kind of figures of people, you know, working remotely, being at home in their safe environment, potentially not having the right security in place, because if their I.T. teams have had to rush people home and and have to, you know, look at things quickly rather than maybe, you know, carrying out normal protocols. You know, phishing amounts are definitely out there. And unfortunately, they’re also preying on vulnerable topics, for example, like wealth, World Health Organisation, and email scams. Also things like free Netflix for 3 months while you’re chilling at home, you know? Like music, these are the cooler ones that we’re seen. And actually ones that, you know, a lot of what we can do, we can help with is just protecting people to see what’s wrong with those e-mails, not only from a business perspective, but from Hotmail, G-mail suspected as well. You know, I don’t know about you, but I get loads of HMRC e-mails. You know, you’ve got 300 pounds or collect your COVID relief money, you know, stuff like that. That we just need to be careful of, because at the end of the day, you know, are you expecting that email? is that domain that is coming from correct? What are they asking for? You know? Kind of just 3 easy tips that you can look at and think, actually, and that’s probably not genuine. That’s definitely not a HMRC e-mail. And yeah. What to look out for. Yeah. You know, those are on the rise. We’ve seen them massively on the rise. And yeah, it’s something that we just need to be a bit more careful with.

ANDREW MCLEAN [00:08:29] Indeed. Definitely, so the time right now is 12:37. You’re watching The Andy show on Disruptive LIVE. I’m joined today for those just joining us by Ollie Pech, the Channel Care Manager from KnowBe4 and we were just talking now about phishing, phishing attacks. So the number of phishing attacks have increased Ollie. But have the number of successful, failed, unsuccessful, you know, I mean, phishing attacks increased as well?

OLLIE PECH [00:08:58] Yeah, I mean, you know, I don’t know exact figures on that, but. Yeah, I mean, absolutely. You know, we can see the market. You can see data breaches that have happened, you know, more recently. But also from an MSP level, in talking to partners, we’ve actually seen an increase in things like gift card and domain spoofing for CEOs as well. And we just had a call actually yesterday with a client advising a new member of staff join the business, domain space came in acting as the CEO kind of came in. And they were sending them gift vouchers. You know, that it wasn’t a massive amount of money, but for the company it was. And it just showed that, you know, new stater, coming in, you see a message from the CEO, you know, you’re going to respond to it, you’re going to act and you’re gonna, you know, send something out that potentially you haven’t so. Yeah, and then we can go into the largest scared of things. And again, I haven’t seen too much about exactly what happens easyJet, but just prime examples as well. And if I’m just being breached, you know, again, recently, I think it’s about 3 or 4 months ago. So, you know the big point out that I think is that hackers don’t really care what size of business is, you know, if any of my partners or MSP is watching this my old analogy if what you’re gonna do now? You’re gonna go and put a balacabra and rob a bank? Or you’re gonna sit in your room, send out thousand, maybe even hundred thousand e-mails, and you might get, you know, a grand, might get a hundred grand. You know, you don’t know. So, you know, from that aspects of things, you got to understand phishing is still the number one threat throughout that. And, yeah, you just got to be safer. And that’s exactly where, you know, things like KnowBe4 come into play. We educate. We train just around those subjects of what to do.

ANDREW MCLEAN [00:10:49] Well, that leads to a very nice 30 minute question, which is around about education and training. Which I imagine not just this lockdown but I imagine for the last few years now that there’s been an evolution in back in the day. It was like don’t give your real name online, don’t do this. It’s all fairly simple, back when I was a nipper. But nowadays, I imagine that the education and the training has evolved. What kind of things do you have now to teach people?

OLLIE PECH [00:11:19] Yes. So, I mean, you know that’s exactly that. You know, training has to evolve because if hackers are evolving, you know, they’re getting really clever in what they’re doing. So, you know, we need to step up and, you know, we need to do and we need to do more. So, you know, the market used to be, you know, focussed purely on awareness and as it’s saying, you know, just because people are aware, you know, it doesn’t mean that they care. And that’s a quite a good topic to kind of say that, you know, the market has to evolve with people that also don’t love I.T. you know, that like, self like me. We- you know, we’re like it. We’re interested in it. We look at the market. But that doesn’t mean everyone else is. So we have to make training more fun. You know, we have to make it an educational. But also we have to look at the whole market and understand what people might want to watch. Might how they want to train and also what they want to do. So, you know, if you think about training and think about old school kind of training, you’re in a classroom. You might be there with 20, 30 people, you know, half a day’s worth of security awareness training with maybe an I.T. guy or someone else coming into the office. Now, I’m not saying that that didn’t work, but also what we’re all saying is that you do that once a year and then you carry on with your day. It really probably take half of it in. So, you know, our approach to this is that you train often, you know, monthly, we recommend. Bite size modules as well. So maybe like 8, 2 minutes long, 8 minutes long, 15 minutes long. But then also, what we’re, you know, what we’re doing and what we’re seeing in the market is actually, you know, adding things that are similar to the Netflix series or BBC. Because that’s what everyone else is doing outside, you know, in their spare time. So what we can do is provide security awareness, maybe around something that’s a bit more fun. So an example, we have a series called The Inside Man, and it’s literally about, you know, hacker getting into a business. And there’s a plot, there’s a twist. You know, there’s little subject modules of every bit of training. So then everyone’s into it. You know, you see characters, you’re emotionally involved and then you’re training at the same time. So, you know that kind of more old school trial of just putting stuff on a board. Do this, do that, I think yes, is definitely evolving. And that’s as we go back again. Hackers are becoming more clever. So we need to have wider topics about everything you know, about not picking up USB off the floor or, you know, replying to that email. That’s from your CEO, but it’s not from your CEO, and how to act. You know.

ANDREW MCLEAN [00:14:01] I think it was the thing some organisations where much of the culture. A security was a technology problem. It’s something from the I.T department, something from the MSP or something from the provider, whoever it is. Actually, a lot of this now seems to be a great deal. This is also social engineering. Teaching everyone from, you know, this to this good practises. Have the cultures of organisations changed to reflect this to “the now extend” that everybody needs to play their part almost.

OLLIE PECH [00:14:38] Absolutely. You know, definitely. And I think that’s something that is just genuine involving with security companies. So, you know, we actually have a survey that’s part of our platform called a Security Culture, where you can see people’s behaviours and your end users can basically answer the survey. And it pulls back a report about, you know, the company culture and how they’re kind of measuring in, you know, at the moment. And that’s exactly what people are looking at. And understanding that, you know, security awareness is part of your security stack, you know? It’s part of everything. It’s not something that’s gonna go away. And also, you know, you can use it as a tick box exercise. The end of the day, if you’re gonna be breached and something’s gonna happen when you rather your staff were educated and trained, you know, professionally. And in the correct manner. And rather than interesting a tick box, you know, you don’t just buy a firewall because if you know it’s free, and you know it costs a pound. You look at it and you’re investigating. And that’s exactly why our platform is much worldwidely used. And why we have so many customers is because we understand that, you know, if people care and if people want to care, you know, we can put everything in place and then have that human firewall, as we call it. And your last line of defense of being, you know, people, but arguably as well, the first line of defense and yet is in the culture is definitely something that’s coming into play. More so probably, I would say, with the enterprise market, you know, just being out there, I think that the security layers and stacks are a bit more evolved in the SME market, but it’s definitely filtering down. And that’s normally what the trend is. It starts up and everyone should get on the bandwagon effectively.

ANDREW MCLEAN [00:16:22] So, look, I’m a MSP or I run an I.T. department and all my people that I work with are scattered all over London, let’s say. You say about 20 employees. So I’m like, Ollie, Ollie, Ollie, Ollie, I need your help man. They’re all working from home and they’re all gonna get hacked and all these rubbish machines and blah, blah, blah, blah How- what advice would you give me to increase the security when they work?

OLLIE PECH [00:16:53] Yeah, definitely. I mean, there’s obviously basic things that we can do. And, you know, one of the first things that I would always recommend is actually sending out a remote working training module. From there before from our platform, you know, send it out there because it gives them just high level tips of things to understand, you know, basic things like, you know, don’t let your children go in your laptop, for example. You know, don’t go on unsafe Web sites that on, you know, during your a day. Because if you’re at home, doesn’t mean that you kind of yours shouldn’t care. But also things like, you know, changing your router password is another example of those little hints and tips that people might not expect working from home. There’s also that thing of, you know, sitting down and being safe in your chair again just doesn’t mean that you can react to any emails or think it’s okay. So, yeah, you know, the education piece, remote working, being safe is definitely something to send out. And then also you have the other more technical standpoints of you know, VPNs, you’re not using the same passwords in one of your, you know, databases and things like that. So, yeah, that’s some examples that probably.

ANDREW MCLEAN [00:18:12] It’s really, it must be a very challenging time for anybody working in I.T. and security. Not only to keep the things going, keep the systems going, but to get access to the system, access system securely. It’s just so many moving parts now. And of course, it does, of course, rely on the one thing which most I.T. people can’t control, which is Internet. Although. Yes, which is unfortunate. Okay, so the lockdown’s over. Everybody leaves. It goes back to work. Not now. That wasn’t a recommendation. That was a hypothetical situation. And the- what happens next? When people do return? What does the world look like?

OLLIE PECH [00:19:03] Yeah, I mean, I think the good thing from a MSP point of view is that during this time they’ll probably stop or they should have, you know, set up all their clients now to be working at home. And now it’s just as you say, just preparing them to make sure they’re working safely. I think one of the big things that we’re gonna get out of this is I think remote working is gonna be probably, you know, a new norm. I imagine we’ll see a lot of people with split shifts or in and out of offices, maybe on set, on set days. And then from there, it’s just making sure that things are safe. You know, things like Zoom are amazing. You know, Teams, again, have seen a massive increase and you know, they are fantastic at what they do. But for me personally, I do think we’ll actually see maybe not in the next 6 to 12 months, but a bit later we might actually see it reverse back. Actually, people like going into the office and then people want to be with people. Because I think we’re all feeling, you know, the moment that, you know, you have two sides of the coin of people that love working from home is great. Don’t have to do anything. Don’t have that to commute for an hour or whatever it is. But then you do have the other side where people I’m just talking and I miss speaking to that person who sits behind me. So, yeah. Again, you know, I think that will evolve either over time, but definitely the steps are in place for everyone to do it. But also, the steps are in place that we need to have security policies, procedures of working from home, you know, working remotely, making sure the MSP is providing that, you know, to their clients and really offering that service to make sure, yeah, maybe they’re secure, but also that they can work from home more freely.

ANDREW MCLEAN [00:20:39] Okay. So let’s move away from the hypotheticals. Let’s look under your own bonnet. So since your organisation or before have gone into this lockdown, how have you had to… how have you managed to work? Have you worked well? And how have you had to adapt in this environment?

OLLIE PECH [00:20:59] Yeah, definitely. You know, I think that the good thing about working with KnowBe4 and the companies and we work, remote working before this anyway. So, you know, we could work from home and we did work from home maybe a couple of days a week, so for us. This has just been kind of like a bit of a norm. At partners, obviously interactions and been different. You know, I haven’t been in people’s offices. We haven’t been chatting, you know, going and talking about call out days or, you know, talking about what clients. So I actually feel I’m having probably more meaningful conversations and slightly longer conversations with people because the human interaction is that, you know, running things like virtual call update, it’s been fun. You know, with salespeople and, you know, just being a bit more inventive with what we’re doing and who we’re speaking to. And that’s yeah, you know, it’s been fun. It’s just been been challenging. And as I say, you know, without Teams and Zoom and I think if this was 10, 15 years ago, we might be hitting in a different state. Yeah, we’re just lucky we have the technology to be able to really kind of carry on as normal.

ANDREW MCLEAN [00:22:05] It’s I mean, it’s such a different time and so many different companies have had to change some of pivoting, some of them are gone. You know what? We can’t do this anymore. I think the events industry, for example. They know they’re going to struggle. And they had to look at how pivot and how it changed things and so on. But from your partners, have you seen a change in the types of requests that you have coming through?

OLLIE PECH [00:22:32] Yeah, absolutely. And I think, again, you know, you’ve got those two aspects of, you know, businesses that unfortunately are struggling at this time. And, you know, they are taking different approaches, you know, potentially trying to take some technology off again, you know, and rightly. But also, we’re seeing businesses that suddenly, you know, massively growing. And because of everything that’s going on, I’m seeing you’ve kind of got two sides of the coin. And, you know, I think what’s really good about quite a lot of managed service providers out there is that they’re not really that sector specific. I think any wrong there are people that just focus on some key areas. But the good thing about having many service providers and providing that for your clients is the fact that you’re there and your help and their support. But just because, you know, you’re not focussing just on one sector of the market, allowing you you know, you’re growing in some areas, but maybe getting a bit weaker in others say we’ve definitely seen a rise in people coming back to us that potentially, you know, put, you know, now before or just a manage session right. On a bit of a hold around security. We’re now seeing a lot of people now come back and say, actually, you know, we’ve got loads to work from home. I need help, I need help now. And and that’s kind of the drive.

ANDREW MCLEAN [00:23:49] I can imagine. Well, Ollie, thank you for your time today. You’ve been an absolute star. Thank you for informing us about the changes in the security and phishing market. I wish you all the best and let us know how you get on after the lockdown and what changes will be subtler or large that will be. But thank you very much and have a great weekend.

OLLIE PECH [00:24:12] Yeah, absolutely. Thank you for having me. Cheers, guys.

ANDREW MCLEAN [00:24:14] All right. So that was Ollie Pech the Channel Account Manager from KnowBe4. The time is coming up to 12:54 pm on Friday. It is Friday, the 22nd of May. I know, you’re all looking forward to the bank holiday weekend, but the show’s not over yet. We have one more guest today. Back by popular demand. We had your father yesterday, but I wasn’t supposed to tell you that. It’s my pleasure to be joined by Nicky Pennycook. Welcome.

NICKY PENNYCOOK [00:24:47] Hi, Andrew.

ANDREW MCLEAN [00:24:49] Hey, how are you?

NICKY PENNYCOOK [00:24:52] Not too bad, thank you. How are you?

ANDREW MCLEAN [00:24:54] Yes, good, good, good. I’m… the sun is shining and I get my own mug on the air. So, Nicky, I believe you’re going to give us a wrap up of the week.

NICKY PENNYCOOK [00:25:07] Yeah. So we’ve had some great conversations this week and speaking about business and advice and all those great things that can help us at the moment and his recent paper. We had me and yourself Andrew, on Tuesday. And then we were joined by Michael Foot on Wednesday, speaking about the channel space. And then, like you mentioned, we had Chris from Public Artists Today. Who gave us a different view into the charity world during this time. We’ve had another security Celerity episode, which is great for rounding out all the latest cyber security needs. And later today, we’ve got the latest episode of Impossible Things with David Terrar.

ANDREW MCLEAN [00:25:58] Yeah. With my good friend, Mr. Terrar. Yes, it’s there’s been it’s really strange because getting people on camera used to be a challenge some time. And I think now we’re very much people like, yeah, I want to do this. I want to do this. And I do like the kind of spirit that’s coming from this. Are there any positives to be brought from this whole lockdown thing that is definitely one of them. And we’ve had some fantastic things. We had the final episode of “Esmat” yesterday, and some of the other charity stuff have been amazing. And it’s a different dynamic. It’s a very different dynamic. People are in lockdown. People are unsure. They’re getting rubbish advice of Mr. Internet and then Mrs. Facebook and they’re just looking for relevance and looking for information that is real. So it’s an interesting time. It really is. And we’ve got fantastic week ahead of us next week other than Monday because it’s bank holiday. Can you tell us some of the guests of shows we’ve got coming up next week?

NICKY PENNYCOOK [00:27:05] Yeah few “little insights” into next week. We have Lenovo, he’ll be joining us on The Andy Show on Tuesday and which is definitely wanted to tune in to a very excited to have Lenovo joining us. Later in the week. We have Steve “Scheffler”. Sorry if I pronounce that wrong, from Hamilton Rentals.

ANDREW MCLEAN [00:27:30] Oh Steve, I love Steve.

NICKY PENNYCOOK [00:27:30] So it woul be great again to hear a little bit more from a slightly different business and what they’re doing at the moment. And we also have Austin Pierce and he’ll be joining us from ScienceLogic.

ANDREW MCLEAN [00:27:41] All right. Well, I look forward to it. Well, Nicky Pennycook, thank you very much. And I’ll speak to you again next week. So that was Nicky Pennycook. You have been watching The Andy Show here on Disruptive LIVE. The time is now 12:57 on the 22nd of May. It’s nearly the weekend. I’d like to thank all our guests from this week and all of you viewers who without you, we wouldn’t even be- wouldn’t even be here. So thank you for that. Well, enjoy your weekend. And until next week. I’ll see you then