'The reality of the malware industry is it has got incredibly sophisticated'

Ronan Kavanagh, CEO of TitanHQ, talks cybersecurity, and how to stay safe online

With our work and social lives moving even more online in the past 18 months or so, cybersecurity has become more important than ever. Phishing and data breaches have become part of everyday life, while the ransomeware attack on the HSE's systems earlier this year, and the recent attempted cyberattack on NUI Galway, have underlined just how much is at stake when it comes to protecting our digital information.

TitanHQ is, as the name suggests, a giant in the cybersecurity industry. Founded in Galway in 1999, the company has grown into a major supplier of security solutions, and has been around to see the industry evolve over more than two decades.

"In the last six, seven, eight years we've seen some fairly dramatic changes both in how products are delivered with the emergence of the cloud, and how products are sold with the emergence of SaaS based business models," said Ronan Kavanagh, TitanHQ CEO. "And that really has moved into how customers are delivered products. Now, instead of customers largely buying products directly, they're going to managed service providers who offer a suite of different services to their downstream customers, and those managed service providers have become our core customers. We've grown a very successful business around that cohort."

That success saw private equity investor Livingbridge take a stake in the company in June of last year, catalysing further growth.

"When we took in the investment we had about 60 people, we've just over 100 right now, and we're continuing to grow at pace, and we'll continue into next year adding more people to the business," Kavanagh said. "We've really built out our development team and we've added to the management structure of the team. We've brought in an new CFO in Brian O'Driscoll, and a new CTO in Sean Morris, who came to us from Fidelity Investments. That's really added to the weight of the team and opened up possibilities for us as a business.

"Currently we service about 8,000 customers in about 150 countries. We would be in the top few largest indigenous cybersecurity companies, and even software companies, in Ireland at this stage. We are quite a success story, and certainly a success story in the west of Ireland."

Best in Class

The company's three flagship products - email security solution SpamTitan, WebTitan, its browsing security tool, and email archiver ArcTitan - won a total of four Best in Class awards at the prestigious Expert Insight Awards earlier this month, ahead of some of the biggest names in the industry.

But investments and awards aside, one of the biggest drivers of growth for TitanHQ is the sheer size of the problem it works to solve.

"Really the underlying issues that we try to solve and prevent are continuing to grow in terms of volume, sophistication, and consequence," Kavanagh said. "Certainly NUIG and the HSE are localised views of that, that's happening everywhere. We've seen the global elements of these as large industries are taken down and are affected by either ransomeware or phishing attacks, or various elements of malware that have really huge financial consequences for them.

"The HSE have been months trying to get back to normal, so notwithstanding the financial, there's a human cost to that. We know NUIG was severely disrupted by a malware attack. So the visible consequences, and the financial consequences, of these incidences are really ringing home with people. And the reality is they are becoming more sophisticated, they are becoming more prevalent, and they're affecting all different areas, not just large entities like the HSE and NUIG but also smaller businesses, many of which you just don't hear about.

"We've seen that in our business, so I think if we went back five or six years ago, the competitive conversations we were having to win business was very much a feature-led conversation, can your product do 1, 2, 3, 4, 5. That has now reversed back to where it originally started, which is, how much security can your product give, and is it world class? Because if it's not I don't want it, and I'll pay more to get one that will prevent the bad stuff happening, because the consequences of the bad stuff are so severe that people will pay money to ensure that they get the best protection out there."

'A healthy degree of scepticism or paranoia when you're online is no bad thing'

Malware - or, more specifically, the avoidance of malware - has become a part of all our lives. It has become a huge industry in its own right, targeting everyone from individuals to corporations and countries.

"The reality of the malware industry is it has got incredibly sophisticated," Kavanagh said. "Now you can go online and you can choose the malware you want, and who you want to target it at, and you can pay for that privilege. It is an industry in its own right. It's a segmented industry, and some people go for the big fish and some people go for the smaller ones, and they all have different financial rewards and ROI models, so it's like any other business. It's run with that level of sophistication on the other side of the fence.

"So you when you see things like NUIG, that will have been targeted by a certain segment of the malware audience. And then there are consumer based attacks that are very different in their nature, and they are trying to get a different revenue model built around it. So it's all about different models. They're just mini businesses, and as long as they make money they'll keep going.

"Some of it is very scattergun, botnet, they're just knocking on doors and seeing what they can get through, and it only takes one."

Not only is the malware industry incredibly sophisticated, it really does just take one weak link to bring down a whole system. So how can we avoid falling into their traps?

"I'd always go back to basics," he explained. "Having things like an email security product in place, or a web screening product, they are the basics. Ensuring that as users they are aware of what's good and bad, and what they should or shouldn't be doing. Those things are key to safety, not opening a mail that just doesn't seem right, or being somewhat paranoid is how I'd describe it. A healthy degree of scepticism or paranoia when you're online is no bad thing."

Data security

Of course, the cybersecurity industry has grown in recent years, keeping pace with the malware industry. What's more, many of the recent changes in how we work and live online have resulted in greater data security built into the systems we use.

"The last five or six years, there has probably been more change in the infrastructure of how organisations work with respect to IT than there has been previously, and a lot of those changes are quite useful and good from a security perspective," Kavanagh said. "Certainly the emergence of cloud based solutions, where instead of organisations getting software and hosting it, and having to manage all that goes with that, the majority of these are now becoming cloud orientated solutions, where your supplier will be responsible for the inherent security of your data. Those solutions are just going to continue to grow.

"The challenge for businesses is to make sure that they're picking a good one, and the inherent security in what they're doing is there to the level it should be, and knowing what that should be. So choosing suppliers who are going to advise you on that is incredibly important.

"There's a juggernaut in the whole SaaS arena, which is Microsoft, and the solutions they bring to bear, and from a security perspective, particularly for small and medium businesses, those tools are hugely important. And where they really come into their own is remote working. They're basically the basis of remote working now.

"Remote working is the other huge game changer in the last three years. It's just changed how businesses have to operate, and how they need to support their employees and provide services to their employees, and build that into their thinking, but also ensure that they're building security into their thinking, because instead of having to look after one building they're looking after lots of different things. That just creates a lot more opportunity, so you have to be very careful about how you think about that."

Despite the many changes in how we use the internet in recent years, email remains both the most common mode of communication for businesses, and the most common source of malware.

"Despite its obituary being written several times, email is still the main business tool out there, and it's still the main vector for most attacks," he said. "We've been in that market a long time, and it's really become a premium product again because of the nature and consequences of phishing attacks. Email security has jumped to the top of the queue again from the point of view of importance. It's just important that people do that right, because of the consequences. And it is the main vector still for malware."

Again, individuals are potentially the weakest links in the data security chain, and it just takes one poor decision to break that chain and allow cybercriminals access.

"It's so important that employees are trained, and taught about internet safety and what's good and bad, and how to spot things, because they're typically the lowest common denominator that the bad guys are looking for," he added. "So the more you can build security awareness in your organisation, the better it will be for you."

You can find out more about TitanHQ's security solutions at www.titanhq.com

 

Page generated in 0.4804 seconds.