Aviva Zacks of Safety Detective sat down with Martin Sugden, Boldon James’ CEO, and asked him about his company’s Classifier suite.
Safety Detective: How did you get involved in cybersecurity, and what do you love about it?
Martin Sugden: With a background in accounting and HR, I have always been involved in areas of confidentiality. Around 20 years ago, I joined Boldon James, which was a market leader in a military message handling system in the intelligence sector. With the Big Data era on the horizon, there was a massive requirement for this type of capability, and it seemed obvious to drive the company more in that direction. We then moved from that to the commercial end of labeling through to full-blown integration with standard cybersecurity tools that most people are familiar with.
SD: What would you say is Boldon James’ flagship product?
MS: That would be our Classifier solution, which gives the end-user the ability to put a label on a document or any file that they create. If you are working on a Word document, PowerPoint, or Outlook email—you are the person who understands what it is you’re doing and you understand the context of why you’re creating it. This means you are the best person to determine the security sensitivity of that document. This is the point where Boldon James comes in and gets users involved directly in cybersecurity. The user is the main person that can determine what the value is and what is in that document, and then Classifier creates both a visual label and the other layers of security needed. We will see the metadata tag that we create, and, therefore, be able to make much better decisions.
If you, as a user, mark the document as internal or restricted to a particular group of people, and then you accidentally put an external email address on it, the Classifier solution is going to come up with a prompt that asks you if you really intended to send it to that person.
SD: What would you say are the worst cyberthreats out there today?
MS: The most prevalent threat is human error because people are not trained or can make mistakes. One of the reasons we designed our products the way that we did is to enable people to make the right decisions. From a personal perspective, getting somebody to give you their bank account details and then fraudulently emptying their bank account is probably the worst threat I can think of. But in the corporate space, certainly ransomware, finding yourself in a situation where firstly you just cannot access data you require to get your job done and secondly, having to pay a significant ransom to (possibly) recover your data is clearly something that I think most chief execs stay awake at night thinking about.
SD: Where do you think cybersecurity is heading in the next few years?
MS: I think the main trend over the last couple of years has been around personal information security. Statistics show around 50% of companies would say they are GDPR compliant and only 30% are CCPA compliant. So, there is a lot of activity that is going to come down the line in the future.
I think the industry is looking at artificial intelligence and machine learning as silver bullet solutions, but in the future, the likelihood is that they will realize that by training users and providing them with the correct tools and responsibilities, they will be in a much better position to defend against threats wherever they may come from.
SD: Lastly, how do you think that the COVID-19 pandemic is changing the face of cybersecurity for the future?
MS: At the beginning of this interview, we started talking about data classification and where things were going in Big Data maybe 10 years ago. Now, the discussion is about the fact that people used to think about their IT systems like a castle. They would put a firewall in place, everything else was placed inside. But that perimeter defense has been steadily broken down with the advent of bringing your own device and mobile use. Now we have lots of people using the cloud. They are still using native applications, but they are doing much more of their business in the cloud. I think COVID-19 has rapidly accelerated that digital transformation. People have had to get to grips with things like Zoom and allowing people in the organization to work at home, use their own devices, and use their own peripherals such as printers and so on. From that perspective, the traditional network perimeter has been smashed.
I think a legacy of COVID-19 will be to break the cycle of the old way of thinking. I think the more you look at where we are now with working practices and the fact that you’re not seeing people face to face, the more it will become evident that if you don’t train your users, if you don’t make them aware of what the risks are, if you don’t have tools that are intuitive and you don’t have tools that work, and frankly, if you don’t provide enough bandwidth for those tools to work, then you’re going to get left behind. Data loss will be more prevalent. Clearly, we are going to have to react to that, do more training, use tools that will help and engage the user community more effectively.