Information Age has partnered with Tech Nation to help explore 20 of the UK’s leading cyber security scaleups.
Tech Nation Cyber is the UK’s first national scaleup programme for the cyber security sector. It is aimed at ambitious tech companies ready for growth.
In a series of 20 company profiles, we will be introducing you to the cyber security scaleups that make up Tech Nation’s first cyber cohort.
12. XQ Cyber
All answers provided by Matthew Olney, content manager at XQ Cyber
What does your company do?
XQ Cyber’s vision is a society in which cyber security is simplified and made accessible to the masses. Our mission is to help our customers to avoid commodity cybercrime.
We offer an automated, cyber security testing and risk rating service, called CyberScore™. CyberScore™ helps organisations of all sizes to improve their cyber security by scanning their network, offering a clear view of risk, highlighting problems and providing easy-to-understand get well plans.
How do you differentiate to your competitors?
Our competitors tend to be network vulnerability scanning services and human-based penetration testing.
CyberScore™ goes way beyond traditional scanning services by automating the interpretation of vast quantities of technical data that would normally require a team of security analysts to deliver something useful. We tune out the noise and present clear recommendations for business and technical users, as well as peer-rated scores and trending data.
Human-based penetration testing is very expensive and is therefore typically an annual activity providing a one-time snapshot of posture, leaving customers out of touch for most of the year. Due to their technical nature, most organisations struggle to generate business value from penetration testing reports. By contrast, CyberScore is a much more affordable service, that makes business technical security risk easier to understand, and can be run every day of the year if so desired.
We’re different because we’re innovators and disruptors. We believe that current approaches to cyber security fail to deliver value for most organisations. Our aim is to automate our offensive cyber skills to solve this. We see very few cyber security companies asking their penetration testers to collaborate with software engineers to make life better for the mass market.
What are the common challenges in the cyber security space?
The biggest challenge is apathy.
When faced with a choice between spending money now in order to avoid the possibility of future jeopardy, or taking a chance and hoping to get away with it, human beings are notorious gamblers.
Many people feel that the problem is transient or that, because they are small or obscure, they are unlikely to be affected.
The phishing techniques law firms are falling for
Unfortunately, the cyber security industry often has a habit of making this sense of apathy and helplessness worse, either by peddling myths about the sophistication of the threat or by failing to simplify the solution.
This, perhaps, explains why getting buy-in from board members and directors is often cited as a significant challenge for cyber security professionals.
What are the biggest mistakes a company can make regarding security?
The biggest security mistakes tend to stem from a lack of critical thinking about threat and risk. Mistakes can be avoided by starting with a clean sheet of paper and listing the adverse business outcomes, many of which will already be known if risks are being managed, and asking how those outcomes could materialise due to cyber insecurity.
The biggest mistakes typically involve wasting money and resources, whilst failing to address the basics.
Cyber security is a complex issue that affects people, processes and technology. It is often tempting to throw money at the problem, building teams and buying technology, without necessarily having a clear understanding of what we’re trying to achieve.
ML and AI in cyber security: real opportunities overshadowed by hype
For most businesses, even large ones, the greatest threat posed is that of commodity cybercrime, rather than nation-state actors. Even when nation states are found to have been the perpetrators of attacks, they often have employed commodity methods.
Commodity cyber attacks are not particularly sophisticated and rely upon our inability to do some fairly basic things. These tend to be the dull, unglamorous and difficult things like knowing what the network looks like and understanding its overall security posture.
Many large organisations give up, thwarted by scale, and move on to more sophisticated solutions (designed to detect persistent intruders) before addressing these fundamentals. By doing so they effectively concede the network to the commodity threats most likely to materialise.
Provide your best practice advice/top tip for effective cyber security?
Aside from using CyberScore? One thing: patch your network.
Most commodity attacks would be mitigated by operating a well maintained, fully patched network. Your staff will always make mistakes and when they do, having a healthy network will help to limit the damage.
There are lots of other things you could do, like adhering to the Ten Steps to Cyber Security or the five controls of Cyber Essentials Scheme or following NCSC’s Small Business Guidance.
Of them all, patching is king.
What’s Next?
XQ will continuously evolve and innovate CyberScore™ to ensure that it continues to deliver value to organisations seeking to avoid commodity cybercrime.
Our next goal is to use automation to drive adoption of the UK Cyber Essentials Scheme by supporting certification based upon empirical evidence gathered from our customer networks.