avatarJussi Luukkonen – your curiosity guide

Summary

The article provides insights into cybersecurity best practices, the growth of ZX Security, and the importance of human-centric approaches in the field, as discussed by its founder, Simon Howard.

Abstract

The piece delves into the cybersecurity landscape through the experiences of Simon Howard, the CTO and founder of ZX Security, a leading firm in New Zealand. It discusses the evolution of his company from a one-person operation to a significant player in the cybersecurity industry, emphasizing the importance of organic growth and self-funding. Howard shares his journey from being a hacker to a business leader, highlighting the challenges of scaling a company, the impact of COVID-19, and the global shortage of cybersecurity talent. The article underscores the necessity of a comprehensive cybersecurity strategy that includes education, the adoption of two-factor authentication, regular software updates, secure home networks, and the use of firewalls and antivirus software. It also touches on the role of state-sponsored attacks and the importance of individual vigilance in the digital age.

Opinions

  • Simon Howard believes in the importance of educating people about cybersecurity to prevent losses and pain caused by cybercriminals.
  • He values organic growth and self-funding, viewing them as essential for focusing on the essentials and leading with wit, wisdom, and will.
  • Howard emphasizes the role of a human-centric security design, moving away from a purely technological approach to one that includes people management and education.
  • He suggests that New Zealand's safety and stability provide an advantage in observing global cybersecurity trends and building appropriate responses.
  • There is a sense of camaraderie rather than rivalry among security companies in New Zealand, with enough work to go around for everyone.
  • Howard points out that while the cybersecurity market is growing, so are the threats, making it crucial for organizations and individuals to stay vigilant and proactive.
  • He advocates for regular cybersecurity audits and the continuous education of both corporate leaders and the general public to mitigate risks effectively.
  • The article conveys that cybersecurity is an ongoing process rather than a one-off solution, requiring constant updates and vigilance.

Technology | Business | Cybersecurity

How to Be Safe in the World of Cybercrime

Learn best practices for cybersecurity from the experience and insights of an expert in the field.

Photo by Privecstasy on Unsplash

The purpose of this story is to present a realistic view of cybersecurity, its challenges, the evolving landscape, and the proactive steps individuals and businesses can take to protect themselves, making it a valuable piece for readers’ awareness and understanding. I interviewed an expert in the field and distilled essential information from technical, business, and leadership perspectives.

Cybersecurity is a buzzword — scary but has no human face. It’s so abstract that we cannot see it clearly. We hear about phishing emails, ransomware, and hacking, and the dark cloud of the Dark Web is growing. But do you know what is behind those ominous scenarios?

To avoid this avalanche of threats and scary operators, we need real humans (or put a face to these things) to help us understand what is happening and how to protect us from these dangers. One of these clever and generous people is Simon Howard. He will guide us on the cybersecurity journey towards safer waters.

Nestled in a modern and, to some extent, even quirky office in Wellington, a stone’s throw away from the buzzing waterfront, we sat down for a chat with one of New Zealand’s top cybersecurity leaders, Simon Howard, the CTO and founder of ZX Security, part of the newly formed Bastion Security Group.

Having built his business from scratch to a staff of over fifty, Simon shared insights into the challenges and thrills of growing a tech company in the current landscape and his views on cybersecurity.

Let’s dive in. At the end of the article, you will find a handy list of ways to conduct your personal cybersecurity audit to keep yourself safe. Additionally, if you are unfamiliar with any cybersecurity terminology, you can refer to the glossary of terms provided at the end.

“So, what made you start the company in 2013?” I asked Simon, who sat comfortably on the couch of the meeting room overlooking the stunning Wellington view.

He smiled, his long hair lending him more the appearance of Bob Marley than a successful CTO. He said, “I’d just left another company and needed a vehicle to earn money. A friend had a contract I could dive into immediately. And just like that, the company was born, initially to fulfill a six-month contract.”

Simon explained that from there, it was all about scaling. “Each time we got more work, we brought another person on board.”

A hacker grew into a businessman on that journey. If you have ever been in a growth business, you know it requires “blood, sweat, tears, and some serious money — investors’ or revenue from the organic growth.” Simon has been dealing with all of them.

Fuelled by Sweat, Not Investment

When asked about investors, the answer was straightforward: “It was all self-funded.” Organic growth has made it possible to focus on essentials, learn the basics of growth business, and lead with wit, wisdom, and will. To develop further, however, we worked with Quadrant Private Equity to fuel our next growth stage as part of the Bastion Security Group”.

Simon has been the Duracell Bunny of Goodwill. He has been educating people about cybersecurity, and his keynotes, presentations, and conference talks have helped prevent businesses from losses and pain caused by cybercriminals.

There is substance and deep-rooted expertise from organic growth and protecting IP while generously sharing the knowledge with the market. This generosity has paid back. Simon has built an impressive local and global network around the growing industry. While being open and transparent, he also has protected his own IP and created a streamlined business on the way.

The Challenges of Scaling

The entrepreneur pointed out that growth phases are the trickiest bit. “Different challenges arise when you go from zero to ten employees, then ten to twenty, and now we’re at the hundred-plus bracket. It demands a lot more structure and systems.”

Simon started as a hacker and nerd and saw his way leading to leadership and corporate strategy. He has had his hands dirty but kept his mind open and curious. Helping the company grow has meant that the founder has to grow even faster.

In addition to running his company, Simon is also a member of the Institute of Directors in New Zealand. “That experience and governance training at the Institute enhanced my financial literacy massively,” he said. “It forced me to think of the business in a broader context.”

Tackling COVID and Talent Hunt

COVID was a “hairy situation,” but they came through unscathed. The foundation was solid, and the company retained customers despite the unexpected shifts the pandemic caused in many businesses.

However, the industry is notoriously short of talent because of the global demand and increasing complexities of the digital sectors. A staggering 92% of cybersecurity professionals report skill gaps, according to ISC2, and they predict a need for four million cybersecurity professionals globally.

The talent shortage is a global phenomenon. 700,000 professionals entered the field globally during the last 12 months. Against this backdrop, ZX Security has strategically and cleverly tapped into the local potential “already when they are still very wet behind the ears”.

When recruiting talent, he mentioned partnerships with the Summer of Tech and helping to run a hacker conference for 16 years. “We have a rigorous selection process that even includes a hacking challenge,” he said, describing their impressive and thorough induction programs for the new recruits.

Building and Retaining the Team

The training is comprehensive. “New staff shadow our consultants before gradually working on engagements,” he noted. As for retention, “Generous benefits, bonuses, commissions, and, of course, a culture that makes people want to stay.”

The company has great perks, like free fruits, snacks, and Friday breakfasts. It helps build a culture of trust, commitment, and collaboration. You can sense it while visiting their office: the vibe is fun, focused, and free-spirited, yet professional and businesslike.

Competition and Collaboration

The market is growing so fast that backlogs pile up for every serious business in the field. It speaks volumes to look at the recent statistics, according to CERT NZ. A $3.7 million direct financial loss was reported in Q1 this year. In Q2, the number was up by $1.7 million. But it is not all about money; the impact is more profound and broader, from company reputation to individual suffering, stress, and uncertainty.

To add salt to the wound, in New Zealand, CERT NZ reported a 36% increase in malware and phishing and credential harvesting increased by 26%. Globally, the cybersecurity market is estimated to be USD 354.7 billion from 2019 to 2027, according to Linkedin.

Screenshot by the author from Linkedin Cyber Security Market | Share, Growth, and Industry Analysis Report 2021–2027.

A safe place to aim high

However, New Zealand is an excellent place to build a global cybersecurity business. It is the second safest country in the world, according to Global Peace Index 2018. Being in a safe, stable, and democratic society gives one the upper hand to watch trends and build responses. But as Simon stated, it is not time to be complacent but to get everybody on board with cybersecurity.

Surprisingly, there’s more camaraderie than rivalry among security companies in New Zealand. “We’re actually good friends with other business owners in the space. There’s enough work to go around for everyone.”

“Time is the enemy; we need to keep ahead of the bad guys to protect our customers,” says Simon.

Looking at global stats from Fortinet, it becomes clear that it is almost an uphill battle. While the cybersecurity budgets grow, so grows the dark business. Cybersecurity Ventures estimates the cost to protect us will be at least $1.75 trillion between 2021 and 2025.

Navigating the Future

Despite the digital advancements and increased use of AI, Simon believes that the fundamental risks remain unchanged, particularly concerning emerging challenges such as cloud security and the Internet of Things (IoT).

“People are still ignoring basics like two-factor authentication,” he said. One trend that Gartner identified is the human-centric security design, which seems to resonate with Simon. Another significant trend is enhancing people management for security. The dial is moving from a hard-core technology approach to this human-centric, educational approach, which Simon sees as essential to mitigate cybersecurity risks successfully.

During the conversation, Simon referred to the trends currently on top of every sensible board of directors and company leadership agenda. The hot topics are the IoT, Hybrid working, State-sponsored attacks, Ransomware, and Cybersecurity talent shortages. But these are bubbles on the surface, and below them are the undercurrents that need a strategic approach rather than quick fixes and ambulances at the bottom of the cliff.

Organizations need to transform from isolated cybersecurity operating models into supporting the holistic value creation of the company with cybersecurity as a leaver and not just cost.

It is not anymore an IT issue, but should be part of every board’s strategy agenda.

But the corporate world is just one part of the problem

While organizations are becoming more aware, private homes and individuals offer almost free reign for hackers to test their skills.

With everything digital, cybersecurity is part of the everyday life of ordinary people. With an estimated 43 billion IoT-connected gadgets, securing these contraptions is becoming increasingly important.

You might have a handy online remote control of your heat pump that a clever hacker can use to crawl into your wifi and all other connected devices. Or your fancy camera doorbell is also a way to open the front doors and the backdoor for a hacker to get into your files.

Have you thought about what your cybersecurity weak links are? Do you have a two-way authentication for the apps and sites you visit? Can you smell a rat in a phishing email? Or can you discern the real Nigerina price from the one who wants your money instead of giving you some? Sometimes, a scam tastes so good that even the most vigilant ones click the fraudulent link.

“Organisations are reaching a maturity stage where detection and response capabilities are now vital. We’re lagging behind the U.S., but we’re getting there,” he concluded and added how important it is for each individual to get their heads around these things.

The pandemic saw a seismic shift from offices to hybrid work models, which didn’t come without work for Simon and his growing teams. How do we allow people to remote work efficiently yet securely is the billion-dollar question — and market. It is a market where corporate solutions and individual employees’ gadgets, apps, and approaches are interlinked in a complex world that is very hard to manage and impossible to predict.

Cybersecurity is not a linear road where you can add just some toll stations and speed cameras but a kaleidoscope that changes the picture every turn.

Crooks are not only in the shadows of the dark web but hiding in plain sight

Simon said that state-sponsored cybercriminal actions are notorious ways, for example, for North Korea and Russia to fund their other operations, like wars and tightening their grip on citizens by surveillance.

“We all know how it happens, but it is almost impossible to do anything to it,” says Simon, “People need to be more vigilant, and governments and companies should emphasize educating people about these risks and how to mitigate them.”

Simon sees that almost every time, a lack of communication and, ultimately, lack of detection helps the cybersecurity breaches, making them more severe and harmful. “Like ransomware, for example,” explains Simon.

Faizan Fahim’s article states, “The average ransom amount rose to $220,298 in 2021, up 43% from the year before”. The ransomware attacks are estimated to cost the world $20 billion in 2021 alone.

“In ZX Security, we offer full spectrum service to identify risks, mitigate them, and train and educate our customers to become aware, competent, and proactive,” explains Simon, “we cover cloud security and physical security with the risk analysis and strategy development. We work closely with our customers to ensure that the human factor that so often is the greatest risk factor is taken into consideration properly”.

As per Simon’s example, every company should regularly audit its cybersecurity strategies, policies, and practices — and constantly educate its people.

“We assess our customers’ cybersecurity maturity, services, and infrastructure to provide them with a clear picture of their situation,” explains Simon, “We test and train and repeat and rinse if you like because cybersecurity is not a one-off commodity but an ongoing process”.\

You need professionals to help you, but too often, the reputational risks, shame, and mere ignorance of the leaders keep the backdoors open for attacks. Nobody knows the actual size of these unreported losses, but Simon says it is significant and growing.

From threat to opportunities

So, what’s next for this ‘still very young’ entrepreneur? “We’re on a growth mission, eyeing new service lines in New Zealand and globally.”

As we wrapped up our chat, it was clear that for this Kiwi cybersecurity leader, the mission is far from over. Whether scaling, navigating growth, or battling ever-evolving cyber threats, the challenges are plenty, but so are the opportunities.

So, now it is your turn to look at your cybersecurity, and to do so, below is a handy list for you to think about and apply.

Have you done your cybersecurity audit? These are the basic steps you to take:

Do you have strong passwords? Use passwords that have a mix of letters, numbers, and symbols. The name of your first pet may not be the best possible password. Avoid using the same password for multiple accounts. You can also use a password manager for better security.

Two-factor authentication (2FA) is a must. Activate 2FA on all accounts that offer it (e.g., email, social media, banking).

Do you regularly update all software to the latest versions, including operating systems and applications? If not, do it now, and don’t wait for the rainy day. Crooks wander around the internet every weather.

Is your home wifi network secure? Password-protect your wifi network and avoid public wifi for sensitive transactions. You should also change your wifi router’s default username and password.

Do you have a firewall and antivirus detection installed? If not, activate your firewall and install reputable antivirus and anti-malware software.

Are you aware of how phishing works and how to be more aware of it? Be cautious of unsolicited emails or messages asking for personal information. Verify the authenticity of requests for sensitive information by checking the email address and the sender. If in doubt, don’t click anything.

Do you regularly back up your data? If not, set up a backup process because when brown substance hits the fan, you have a backup to save your rear side.

Make sure that your social media settings are up to date. Review and adjust privacy settings on all social media platforms you use. And on top of that, be mindful and careful of the information you share publicly.

Do you know your device’s security settings? If not, learn them and use them. Use lock screens on all personal devices. It is also a good idea to encrypt sensitive data on your devices. Consider installing tracking software in case of loss or theft. Apple’s exosystem has this feature as part of the operating systems, so turn it on to have some piece of mind.

Do you have a Virtual Private Network (VPN) in use? It can be vital to protect your sensitive information, especially if you use public networks.

Be vigilant and regularly audit the security of your devices and approaches (as well as your bad habits with them). Stay informed about new cybersecurity threats and best practices.

Make sure that your financial transactions are safe. Monitor bank statements for any unusual activity. Use only secure methods for online transactions.

Educate yourself constantly. Participate in cybersecurity awareness training or courses if possible — there are great tutorials online (but don’t click the dodgy ones).

Cybersecurity Terms Used in This Article

CERT NZ: Computer Emergency Response Team New Zealand — The organization responsible for computer security incidents in New Zealand.

Phishing refers to a cyber attack where attackers attempt to deceive individuals or organizations into divulging sensitive information, such as login credentials, credit card details, or personal information. This is typically done through fraudulent emails, text messages, or websites that mimic legitimate sources.

Ransomware: Malicious software that encrypts files on a user’s computer, demanding a ransom for their release.

IoT: Internet of Things — Network of physical devices embedded with software, sensors, and connectivity to collect and exchange data.

State-sponsored attacks: Cyber-attacks conducted, supported, or tolerated by a nation-state.

Two-Factor Authentication: A security process that requires users to provide two different authentication factors to verify their identity.

Remote Work: Working from a location other than the office, commonly from home.

Dark Web: A part of the internet that isn’t indexed by search engines and is known for hosting illegal activities.

Hacking Challenge: A test or competition to demonstrate cybersecurity skills, often part of the recruitment process.

Hybrid Working: A work model that combines both remote and in-office work.

Thank you for reading my story. For more technology, creative marketing stories, and neuroscience findings, you may subscribe to my newsletter, FreshWrite, here.

Technology
Cybersecurity
Business
Cybercrime
Leadership
Recommended from ReadMedium
avatarVasileiadis A. (CyberKid)
Shodan: The most dangerous search engine in the world!

Almost all of us have used a search engine like Google or Bing to find material online. These search engines scan the entire internet and…

6 min read
avatarNir Eyal
How to Stop Overthinking

Pull yoursefl out of a cycle of negative thoughts

6 min read
avatarLiu Zuo Lin
I Added An Awesome Programming Monitor To My Setup

I’ve not heard of a programming monitor in the past. Until I recently added one to my setup — BenQ RD280U, a 28-Inch 4K monitor

6 min read
avatarBen Jones MD PhD
Omega-6: The Trojan Horse in Your ‘Healthy’ Diet — An MD PhD Explains

Discover how to eat for longevity in a world of omega imbalance

26 min read
avatarAdam DeMartino
“You Can’t Eat Technology.”

tl;dr: My old company, Smallhold, raised a lot of money by branding a mushroom farm as a technology company to justify it. We built an…

11 min read
avatarTony Yiu
The Mother Of All Real Estate Bubbles Is Probably Coming

Interest rates are coming down which means home prices are going up

4 min read