Digital transformation is taking over the world, with new advanced tech getting released faster than we can keep up. But with great changes come even greater responsibilities, especially when in cybersecurity.
The speed of digitalization brings about exciting opportunities – as well as new attack vectors for cybercriminals.
Cybernews reached out to Kieran Fowler, Head of Cyber Consulting at Waterstons, which provides NCSC certified cybersecurity consulting services in risk assessment and risk management, to discuss the current state of global digitalization and the challenges that come along with it.
Tell us how it all began. How did Waterstons come about in 1994?
Sally Waterston, later joined by her husband Mike, created Waterstons all those years ago in Durham. They laid the foundations upon which we are built; great people, honesty, integrity, and kindness.
We’ve grown from that small family consulting business to a global organization offering a full range of services, including our cyber division. Preserving the culture isn’t easy, but we work hard to maintain the values the business was born with, and our founders remain an active part of the business today.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
We are an IT and business consultancy, and the cyber division I work in helps businesses with information security. We have a wide range of skills from security management and virtual-CISO to technical pen-testing, and we run a 24/7 security operations center.
To our clients, we’re trusted advisors who help them understand and manage their cyber risks. We’ve helped a lot of them attain certifications they need to open up business opportunities, including Cyber Essentials and ISO 27001; and helped them to meet cyber insurance requirements.
What would you consider the main problems that companies run into on their digital transformation journey?
There have been plenty of worrying headlines underlining that security is a fundamental part of any digital transformation journey. Often the problem isn’t being unaware of that but more of not knowing where to start addressing it. Cyber security requires access to a multitude of skill sets and specialisms – and there’s a global skills shortage in nearly all of them. It can be very difficult to know what skills you need and then where you can find them.
Ultimately, however, digital transformation isn’t about digital, tech or cyber security at all, it’s about people. To be able to successfully transform, every member of every team needs to be on board and on the same page about what is truly needed, realistic and possible. Often the biggest challenge in a digital transformation journey is understanding what that is, not simply assuming, to ensure that any changes made are for the right reasons across the board.
How did the recent global events affect your field of work?
It depends on which events you mean! During COVID, I was nervous for a few weeks when clients battened down the hatches as we went into the first lockdown. It was understandable that they would cut costs as much as possible with unknown hardships ahead and many businesses focusing on survival. It quickly became apparent, though, that organizations working remotely brought larger attack surfaces and needed more security support not only to survive but even thrive in uncertain times. We helped many clients adapt to new ways of working without compromising and often improving their security.
More recently, events in Ukraine have seen organizations re-evaluating their susceptibility to cyber-attack in line with a worsening threat landscape. The National Cyber Security Centre (NCSC) did a great job highlighting the types of cyber-attacks that we might see and provided timely advice on mitigation. We’ve seen businesses that were previously struggling to implement critical patches or update unsupported operating systems granted the resource to address their security concerns as a result.
Why do you think certain companies still hesitate to digitize various processes?
Those organizations working in competitive fields are much more likely to have highly digitized processes. After all, necessity is the mother of invention, and the drive to reduce operating costs is more significant when it represents a competitive advantage. Businesses that are more hesitant to digitize processes often simply aren’t seeing the need to do it yet. Many consider the initial cost, training, and effort not to be worth taking on to fix or improve processes that are working for them.
Customers also display very different appetites depending on who they are engaging with, and these are rapidly changing. Even in sectors we’d expect to be less digitally aware, we’re seeing evolution; campsites, for example, are starting to digitize as taxi companies did a decade ago.
What aspects of our daily lives do you hope to see automated or enhanced by technology in the upcoming years?
My biggest hope is that we can address climate change without human cost (e.g. ensuring people can afford to heat) in sustainable ways using technologies like self-driving cars. Many vehicles lie idle for 23 hours a day, and vast quantities of CO2 are generated just to manufacture them. Summoning an autonomous electric car, letting it drive you to your destination, and then seeing it go on to be used by another person instead of sitting idle will reduce the number of vehicles we need on the roads and the levels of pollution from burning fossil fuels.
Cars are expensive to own, but if we started using them efficiently, costs could be greatly reduced. There are lots of technologies out there that can protect our environment and at the same time improve lives and save money; increasing mobility or the services we can access. Some just need investment whilst others will require a cultural shift to normalize their use.
Smart cities with efficient traffic management, collecting refuse when it is needed, and optimized street lighting can again help us address the climate crisis without negatively impacting our lives. We just need to make sure that as critical services are interconnected, their security remains proportionate and supportive to these endeavors.
Talking about cybersecurity, what would you consider the key tools every company should implement nowadays?
Ransomware is rife; it has been a pandemic within *the* pandemic. I would recommend everyone to move from ‘protect only’ to ‘prepare and protect’ mentalities. It’s no longer about thinking it won’t happen because you have a tool or control to stop the attack.
It’s about knowing how you will respond WHEN it happens. Well-implemented backups that are off the domain (if you are compromised, they are safe) and which can be relied upon to restore from could be the difference between recovering from an event quickly or suffering a catastrophic, business-crippling incident.
What tips would you give to companies looking to create more engaging customer experiences?
Over half of Waterstons’ new business comes from word-of-mouth referrals. This is only possible if we deliver great experiences to our customers. Underlining that point; we don’t have a Sales Director, but we do have a Client Experience Director. My tip would be to give customer experience the attention and investment it needs to do well in your organization. Consider the entire customer journey, ask for (and deliver) meaningful feedback and learn from your mistakes.
80% of organizations believe they are delivering a “superior experience” to customers (Bain and Company), but customers only agreed with this statement 8% of the time. In many businesses, there is a gulf between how well they think they’re doing and how their customers feel. It is critical to recognize and understand those gaps, which only comes from a deep understanding of your customers and addressing their needs with quality interactions.
Would you like to share what’s next for Waterstons?
I have been incredibly fortunate to attract some brilliant people to join our cyber division, and they are helping our clients in ways that we haven’t been able to in the past. We have a CREST-certified Security Operations Centre and Penetration test function, and we’re now further developing our incident response capabilities to help those in urgent need following a cyber-attack.
In the wider business, we’re always looking for new ways to serve our clients – whether that is opening new offices globally or launching new services. We’re currently working on offerings in sustainability consultancy and value creation to support our customers in becoming leaders in their sector.