Cyber threats have become genuine concerns amongst large and small companies. Particularly smaller companies without IT departments are at risk: according to Small Business Computing, 58% of all data breaches worldwide occurred at small businesses. To add insult to injury, last year's State of Cybersecurity in Small and Mid-Sized Businesses report showed that 61% of companies surveyed had a cyber attack in the past 12 months. Half of those involved information from staff and customers. As always, this scenario poses opportunities to entrepreneurs. We spoke to Martin Brandt, who co-founded Cyberfenders with Andrew Smith, about why cybersecurity should be on anyone's mind.
Q. What does Cyberfenders do, exactly? When/by whom was the company founded? With what purpose?
A. Cyberfenders helps mid-size businesses orchestrate cyber environments where protection, detection, and correction of security threats happen simultaneously. With our international product partnerships and expertise, we offer enterprise-class skills and services to deliver what mid-size businesses expect.
Cyberfenders was founded at the end of 2017 by us, the shareholders of Applxbridge (Pty) Ltd. This company was established in 2003, focussing on Enterprise & Mobile Software Development. It operated its own datacentre for various software projects. Cybersecurity was always a critical part of the software development lifecycle, which Andrew was responsible for. In 2016, we acquired all of Applxbridge, hoping to steer the organisation into new markets. After winding down its software development responsibilities to improve the focus of a small, but a highly skilled team, Cyberfenders was established.
Q. What are your key services?
A. We offer very comprehensive Cybersecurity services, which goes way beyond traditional anti-virus solutions. These include the formulation of appropriate cyber defence strategies, the development of integrated security management strategies, cloud protection, assessments & compliance solutions, educating end users in terms of breach protection, and various other services.
We are also an accredited McAfee Managed Services partner, meaning we can sell various product solutions to customers who often have some cyber defence investments in place. We don’t believe in fork-lifting for the sake of product sales, tactical service delivery and advisory is our most vital contribution.
Q. What type of companies do you typically serve? Only in SA or elsewhere too?
A. We serve the mid-market, which we believed is largely underserved. Large IT service providers don't often understand the mid-market can be prohibitive. To smaller service providers, however, Cybersecurity is just a byproduct. This means they address the most obvious defence mechanisms only.
We are currently operating in the Western Cape, but our online Peer-to-Peer learning supports locations from anywhere in the world. Our growth goals include operating outside of South Africa, specifically where we can operate a 24/7 monitoring centre to serve territories north of us.
Q. How big is the threat of cybersecurity these days? What are these threats, precisely?
A. This is a big challenge worldwide. Cybersecurity breaches are on the increase, the visibility of these incidents in the media has made many businesses nervous. Added to this, credible studies have forecasted that 3.5 million cybersecurity jobs across the globe will not be fulfilled by 2021. Specialist cyber defence skills are becoming problematic for businesses to attract and retain. The other challenge is one of belief. Smaller businesses believe that cybercriminals are only interested in enterprises with valuable financial data or trade secrets. This is incorrect. Statistics have indicated that smaller businesses suffer cyber attacks more often. We can only assume that cybercriminals encounter them as being more vulnerable.
Many business leaders believe that a threat is primarily a computer virus, or a hacker. However, many threats occur from within where users are simply not cyber-risk prepared. The growth of Cloud and other connectedness solutions such as IoT and Mobile means there are new vulnerabilities to deal with that impact beyond a firewall and typical desktop anti-virus.
Q. What/who are the prime targets of cybercriminals?
A. We have several blogs on our website in this regard. We detail some of the threats, which are very diverse. These threats range from phishing attacks (email scams that trick users) to hacking, and even cryptocurrencies undergoing a wave of cybercrime. There are also many instances of malicious code that exploits operating systems and databases. Cybercrime has moved beyond government and enterprise businesses. A recent 2018 report indicated that it costs the global economy $600B annually, South Africa and Africa are part of these statistics.
Q. What is your main advice for companies in Africa in terms of boosting their cybersecurity?
A. The technology landscape is changing rapidly: users are more interconnected than ever, shadow-IT is becoming a business norm, and new technologies become part of the overall IT strategy. Given this, a holistic understanding of every digital touchpoint in the business, ideally per business function, is important.
So, for example: what does HR, Marketing, Sales, and Finance do that requires digital intervention; and what is needed to protect business interests in the way they transact. For us at Cyberfenders, we help our customers “know what they don’t know”. My advice to any business leaders regarding their data capital is to “know what you don’t know”, and thereafter identify an appropriate risk-mitigation strategy. Then operate that strategy according to the acceptable levels of risk that the business understands, and review each time a process or way of working changes. This includes the continuity measures a business should execute if a cyber breach does occur, which is so often overlooked.
Q. What is the best thing about being an entrepreneur?
A. As an employee, we often need to adapt to change led by others, whether we are passionate about those changes or not. As an entrepreneur, we can shape change ourselves.
Q. What is your ultimate goal? Where do you see yourself and Cyberfenders in five years from now, realistically?
A. At this stage of a business lifecycle, it’s too early to have an “ultimate goal”. I prefer to look at short-term business objectives and a vision. For the former, we want to operate a quality business that delivers tangible returns for all our stakeholders. That means more customer success stories, a great brand to work for, and an operating model that helps us reinvest in our growth without onboarding risk capital. In terms of our vision, I believe there are areas we can innovate. This includes new cyber defence assessment methods and tools, as well as our digital Peer-to-Peer learning known as the “Digital Defence Dojo”, which is specifically driven by the skills shortfall. Both are aimed at showcasing our talents, better business engagement for our customers, as well as forging strong trust relationships. Trust is the single most important brand-value for us, without which, a cybersecurity business cannot trade.
Q. Anything else you would like to add?
A. I enjoy collaborating with others, so if there’s anyone who wants to share some ideas, or look at market opportunities together, I welcome them to connect with me on LinkedIn: https://www.linkedin.com/in/martbrandt/