Jeremy Hendy DTX 2019 Interview

Jeremy Hendy DTX 2019 Interview

NATALIE TURNER [00:00:12] Hello and welcome back to day one of the Digital Transformation Expo. You’re with me Natalie Turner from Disruptive Live and my amazing co-host, David Savage. You all right?


DAVID SAVAGE [00:00:30] Yeah i’m fine thank you.


NATALIE TURNER [00:00:31] So today we are joined by Jeremy Hendy. He is the CEO of Skurio. Thank you so much for joining us today as we speak. lovely to meet you too. So could you tell us a little bit about your role, your company? Just walk us through it why you’re here today.


JEREMY HENDY [00:00:44] Yes, I’m Jeremy. I’m the CEO of Skurio.  We’re Digital Risk Protection Company. So we’re cybersecurity arena. But we do it slightly differently from other people in that we look for your data outside the network so we assume that it’s gonna get lost by you or one of your partners or one of your suppliers or maybe a customer. So we are just providing software that does continuous automated monitoring looking for your data outside the firewall .We’re based here in the UK split between London and Belfast, which is where the technology teams bases so we’re kind of proud to UK cybersecurity company.


NATALIE TURNER [00:01:23] Fantastic. That’s awful, though, that there’s the assumption that your data is going to get lost and it does. It happens doesn’t it?


JEREMY HENDY [00:01:31] I think, you know, a lot of the time data breaches, it’s not because you’ve been hacked. It’s not a malicious hacker or you know a nation state government trying to get into your network, its because a member of staff sends the email to the wrong person by mistake and attaches all the customer details or the papers get left on the train or a laptop gets stolen. So a lot of time data breaches happen through human error. Actually, it’s not. It’s not necessarily a hacker getting into your network that causes the data to be lost I think what we’re what we’re seeing more and more now is people’s people adopt the cloud and move into these kind of really customer focussed, agile environments where everything is available online 24/7 to implement those kind of digital transformation businesses. You end up needing to share data with lots of different companies, put it through lots of different bits of software and lots of cloud applications and it’s just really hard to, if you’ve still got it. If your security is still. Depends on defending your own network. That’s really hard if your sharing data with a thousand different people is one of our customers to see, as I said they store customer data in a thousand different systems and alot of them are outside the network.


NATALIE TURNER [00:02:45] What would you say are the security implications for businesses moving into the cloud and how can we avoid those threats?


JEREMY HENDY [00:02:51] It’s really difficult. I saw the other day and one of the things that. You know, the the organisations expect the chief information security officer to look after the data just as carefully as when it used to be inside the building, on your own computers, inside your network where you had control over that security and as they move into the cloud.  The siso still expect expected to learn after it, even though theres no control over whats the security of those cloud platforms, whats the security of the passwords and usernames that their staff are using to log into it. So I think, you know, one really important. Part of the challenge is a lot of a lot of employees with access to data about say staff or customers. People in HR or sales and marketing. They use a lot of different cloud systems to do their job. So email marketing tools or, you know, things to automate customer success journeys or things for employee benefits. A lot of those applications are in the cloud and the HR team or the marketing team. Just go sign up to them. They use their work email address. They pick often choose the same passord they use everywhere else so a shared password while then part of the challenge is, no matter how good the network security is inside your organisation if you’ve got to factor authentication You know, you’re not allowed to reuse the same password on the corporate network. But if I’ve just logged into Salesforce using whatever password I happen to use for salesforce and thats the same one that gets exposed to the third party breach. Someone else could choose to get into one of the thousand system that my staff are using and get access to my data.


NATALIE TURNER [00:04:39] So your company is slightly different to some of the other people we spoke to today, obviously of checking the data outside the server. So I’d be interested to know, as I’m sure the audience would be. What are the major challenges that you’re faced with on a day to day basis?


JEREMY HENDY [00:04:54] Absolutely. I think, you know, most of our customers are doing nothing at the moment in terms of looking outside the window for that data, they’re still really focussed. It’s a full time job looking after the company. So when it comes to searching for your data on the outside. Most of them have no idea of the sheer volume of data. That’s out there so one of the things that’s really important when you do this is just to make it all automated, so our solution is completely automated it’s just a bit of software runs in the cloud 24/7, so they don’t have to do anything because everybody in IT security is really busy. Know what? You know, you can’t hire new people. It’s getting really difficult. So that’s why you’ve got to automate all those boring things, perhaps the biggest the biggest challenge people have is, is in monitoring for data scale. Because if you Imagine a typical B2B company like ourselves. We might have 10 or 20 or 30 thousand different customer contact records in our systems for email marketing and customer support. Just managing that volume of search terms because I’m going to have to search for those 30 thousand customer records continuously put the into search engine like ours so that we can detect any breaches of thats a massive number of search terms . If you think about businesses dealing with consumers. Some of our customers have got 10 million consumers that they provide services for so if there’s a breach of a subest of that Data How do you detect? And so that’s really nice, big technical challenge. How do I take 10 million customer records and securely create search terms I can use to monitor for leaks of that data, because one of the things that tends to happen is the dark web, which is where that information ends up getting traded and sold and marketed. It’s actually just like any bit of the internet, people have to market their products and sell them, and in fact, it’s criminals doing it doesn’t make a difference. They still have to give away free samples. They have to advertise their products or that stolen data. It’s often what you’ll see is if there’s been a big data breach. People will be giving away samples of it. That’s kind of free teasers to prove they’ve got the data. And that’s often somewhere where you can detect the data that has been leaked or misused, as in someone giving away a sample.


DAVID SAVAGE [00:07:19] I think I’d be interested just to see if you’ve got a view on how the industry is evolving in terms of you have to share and collaborate with other organisations to make the best use of data. If you look at the fintech industry, open banking has been a real success in the way that they’ve been able to. I suppose use that to propel a whole industry forward. When you’re talking to siso, do you see other sectors or industries that are beginning to learn some of those lessons from finance and aply them themselves.


JEREMY HENDY [00:07:43] Yeah, I don’t know. I mean, the seesos do tend to move around a bit and they don’t necessarily stick in the same industry. I still think that people are generally still less aware that the security implications of doing that, I think obviously the advantage fintech has is that it’s it’s kind of built with security from the ground up, and it’s clearly was one of those number one concerns when they developed all those interfaces was to make them secure. It’s a regulated industry. It’s quite well governed. I think in other sectors, that’s a lot less so. You know, it’s it’s people just trying to do something quickly or they acquire 20 different companies that are trying to glue it all together. So I’m not sure the same level of thought goes into. Maintaining security when you’re collaborating. With all those customers, because you’ve got a lot of very old businesses, that are still going through these massive digital transformation projects at the moment and its you know, it’s really hard for them to just get that stuff up and running and working, and I think security often just takes a back seat to that, because in the rush to get something to pull it together now. You know, you can’t afford as a as a siso to be blocking the business or preventing it from being agile. So real balances, as you know, how do you balance that the needs of the business to transform? with trying to keep the data secure, and I think that’s where really at the highest level. View is most cybersecurity today is still trying to look after the network because that was 30 years ago. That’s what it was. It was your own computer network in your organisation. And what we’re saying to people is you need to be thinking about looking after the data itself. Not the network its stored it. Because fundamentally a criminal doesn’t really care about your computers or your networks, they want your data. If your data stored in a thousand different places, you need to be looking for the data.


DAVID SAVAGE [00:09:46] I suppose there’s an element of that that switched mentality between risk averse, not traditional.  to someone who goes, okay. Risk is part of the environment. But especially with cloud solutions, I have to accept that and move forward. Do you think most of accepted that?


JEREMY HENDY [00:09:59] I think it’s there’s different differences in what we siso round table last week where we had eight to nine sisos from a real range of organisations. Some of them were 500 years old and they were kind of. Just going through that digital transformation, so other businesses that I’ve got a really well developed risk model and everything is quantified and measured and accepted. And I think we see a massive spectrum. That’s why, you know, one of our particular focuses on is on enabling kind of the mid tier enterprise customer who is not you know, it’s not a big bank with a whole load of security resources. They’re just, you know. They typically quite large organisations, but I’m not yet particularly well developed. They don’t necessarily have the expertise in hand. And I think having solutions that are just really easy for them to adopt without introducing a lot of extra effort is really important because, you know, this is just something else. People. I think, you know, the kind of tools that we’re providing and some other customer companies in that space are doing acts as a bit of a safety net against if that data does leak out. At least you know about it first rather than finding out in two years time.


NATALIE TURNER [00:11:13] I think that’s a really good note to finish on. We’ve actually run out of time i’m afraid? But that was really informative, really engaging. So thank you so much for joining us here on Disruptive. As I’ve said, that is all from us for now. However, you can join in on the conversations on LinkedIn and Twitter by following Disruptive Live and hashtag DTX Europe. Don’t go away. We’ll be back after a very short break. See you in a bit.