Rob Demain, e2e-assure: “support people with processes and technology – not the other way round”
Following the increase of cyberattacks during the pandemic, organizations have become increasingly preoccupied with building a strong cybersecurity posture. Now, companies that want to protect their confidential data and reputation must support their employees with relevant security processes and technology.
Strong cybersecurity measures not only include using antivirus tools but also employing necessary cyber-risk management solutions to help detect, mitigate, and recover from attacks.
We’ve reached out to Rob Demain, CEO at e2e-assure, to discuss modern approaches to cybersecurity, effective risk management solutions, and the most prominent cyber threats.
Tell us a little bit about your history. How did e2e-assure originate?
e2e-assure came about in 2013 because I was deeply unsatisfied with the way cybersecurity was thought of and handled in organizations. At the time, I had more than twenty years of experience in building Security Operation Centers (SOCs) for all sorts of companies – from multinationals right down to SMEs – but the traditional delivery method for SOCs was completely wrong. This was because the focus was on getting a company to spend a disproportionately large chunk of the security budget on yet another piece of tech billed as the magic tool that would solve all their cybersecurity risk problems. But focusing on technology over people and a process is entirely wrong.
The people working in cybersecurity teams should be supported by processes and technology – not the other way round. I really wanted to flip that model on its head and make a difference, so I founded e2e-assure and have never looked back. We’ve strengthened and diversified from an original focus on government and the public sector to supporting clients of all sizes in all kinds of industries, and we remain completely technology-agnostic.
Can you tell us a little bit about what you do? What challenges do you help navigate?
e2e-assure provides the owners of cyber risk, including CISOs, CEOs, and CIOs, with confidence through a transparent and tailored SOC and Managed Detection and Response (MDR) service. Our focus is on people and the process, not selling unnecessary technology, so our services leverage value from existing investments to reduce the total cost of ownership. We form partnerships with our customers to share their cyber risk management and help CISOs and CEOs to prioritize risks and understand what to tackle first. We can support them with cyber risk strategy development, reduce incident detection and response times, and reduce the cost of recovery if a breach occurs.
The main challenges organizations face in terms of managing their cyber risk are a lack of people and/or in-house expertise. We support in-house teams or individuals by either fully outsourcing their SOC or integrating with any in-house resource to provide additional support. Our experts consult on building cyber strategies to protect key assets and identify threats and vulnerabilities, making companies more resilient over time.
Increasingly, organizations are coming to us with supply chain cyber security issues and we can actively monitor third-party tools, as well as review feeds and messages from partners and suppliers to reduce supply chain risk. We have been involved in delivering supply chain training to some of our customers.
We also work with organizations that are worried about obtaining cyber insurance, by helping them understand what insurers are asking for and how to satisfy their demands.
What types of technology do you use to detect threats before it is too late?
We are completely technology-agnostic, and our in-house SOC platform Cumulo allows us to connect to any technology our customers already have or are planning to purchase in the future. Cumulo is designed to give customers real-time insight, across their network, through a single pane of glass. It’s an end-to-end solution providing dashboards, metrics, and reporting on an organization’s threat profile that is customizable, transparent, and fits their budget.
Cumulo augments our clients’ existing security technology and fills any gaps they have. It also prevents duplicate costs, such as consumption costs, by storing logs and data in other tools and complexity.
The true value is a single view of your security information in one place, with a central view of your threats, attackers, vulnerabilities, and weaknesses without doubling up your costs. By integrating all threat intelligence together across different customers and technologies, your organization becomes iteratively more secure.
How do you think the recent global events influenced the ways in which threat actors operate?
Since COVID began two years ago, many organizations have moved to the cloud, often hastily, and a significant number haven’t secured it yet and are still getting to grips with it. The global acceleration of cloud migration has increased the attack surface, whether organizations are running a hybrid or full-cloud model. Of course, the onus is also on cloud software providers to increase their security provision, but it is the responsibility of the consuming organization to ensure recommended settings are in place.
More recently, following Russia’s invasion of Ukraine, we’ve been seeing a lot more ransomware attacks, as well as the previous increases seen due to the advent of ransomware as a service, and I see this problem getting much worse. The increasing supply chain attacks also mean that companies could be caught up in or affected by the fallout from attacks because their suppliers are impacted. Today, we haven’t yet seen the huge global attacks like NotPetya that some people have predicted. Although, we have seen new Wiper Malware that could have a similar impact.
In your opinion, what types of organizations should be more concerned about implementing proper risk management solutions?
The NCSC guidelines state that all organizations should assume breach, which means that no organization is safe, and everyone should prepare accordingly. It doesn’t matter if you’re a small start-up or employ thousands of people: if your organization has operations, data, IP, or even just a strategy document that attackers can access, then that can be ransomed.
There will be minimum cybersecurity requirements that certain types of organizations have to meet, which could perhaps be contractual. For example, if you’re part of the supply chain for a manufacturer or logistics company, then a competitive advantage can be gained from better cybersecurity. Likewise, regulated companies might need to prove that they have put certain security measures in place and are monitoring them.
Do you think small businesses and big enterprises should rely on the same security measures?
The definition here of what constitutes a small or large enterprise is a moot point in terms of cybersecurity risk management. A small hedge fund with just a few employees could make millions of pounds of profit and hold a large amount of data, ranging from consumer transactions to social media and app data, which attackers could target if the organization doesn’t have a strategy or the tools to protect it. So, the employee count is less relevant.
However, just because an organization grows and hits a certain number of employees or revenue, it does not mean to say that the cybersecurity tools in use will no longer work or that you need to massively increase the tech budget. Spending more on cybersecurity tools doesn’t automatically make your organization more secure: it comes down to people, processes, and an appropriate security posture. Organizations need to identify and prioritize the risks they are facing and then tailor their measures to these potential threats. So, building that roadmap and protecting your crown jewels, like data, IP, or operations, is crucial. Then, as you grow your organization, you build more into your cyber maturity program. If you are running a business and haven’t done that yet, then start as soon as possible!
Why do you think certain organizations are unaware of the risks they are exposed to?
I can’t emphasize enough how important it is that organizations would focus on building a culture of security with the Board leading as an example. Without board-level acceptance of the risks of poor cybersecurity, it’s difficult to create this culture. Many businesses don’t think that they need to worry about security risks because they’ve hired someone in the IT team to manage this, but that is not enough. In-house teams may be generalists who aren’t solely focused on cybersecurity.
Some organizations simply take an ostrich approach to security and assume that they won’t be attacked – perhaps because they think they’re too small and not of interest or that they have nothing worth ransoming. But just because you’ve not been attacked yet, it doesn’t mean you won’t be!
What new threats should the public be ready to take on in the next few years? What security tools should every Internet user implement?
With the merging of personal and work environments post-COVID, there’s a lot more pressure on people to be available at all times of the day, and attackers are taking advantage of this. This means that certainly, from a technology point of view, people are using their own devices for work or their work devices for personal use and forgetting to take the right security precautions. Mobile phone scams have boomed since the start of the pandemic, with fraudsters capitalizing on changing consumer habits over the period and you can be sure that new and more innovative scams will continue to be reported.
For individuals, certainly never give your personal details in response to a text, call, or email which doesn’t seem genuine. Use a password manager to create and store complex passwords for each account and avoid reusing any passwords. Multi-factor authentication (MFA) is also simple to set up for a lot of accounts, be that social, gaming, email, and it will often be enough to deter some attackers who will then choose an easier target. Many people don’t implement security updates frequently enough, so set your devices to update automatically or implement updates as soon as they’re available.
Share with us, what’s next for e2e-assure?
We want security to be accessible and affordable for every organization we work with. With this aim, we have just launched new services to help businesses using Microsoft Defender tools to substantially improve their cyber risk management. The services focus on maximizing the organization's investment in Microsoft Defender tools and cover endpoints, email, OneDrive, SharePoint, Office 365, and third-party apps, taking the weight off the shoulders of IT teams lacking the people and expertise to respond to alerts flagged by Defender for Endpoint and Defender for Business.
We also want to help customers scale and grow whilst improving their cybersecurity postures. Our new partnership with iomart was formed with this in mind and we’re now working together to deliver a combined service utilizing iomart’s cloud infrastructure and managed services backed up by our world-class 24/7/365 SOC service. The partnership means that customers can buy securely designed cloud services in the knowledge that they are also receiving ongoing protection from our MDR services. This is an exciting partnership, not only in terms of the customer growth potential for e2e-assure but also because we can better support customers now to scale and grow with confidence.
Finally, we want customers to be able to sleep at night but trying to obtain cyber insurance is keeping many of them awake. We are working with more and more customers to help them configure their existing technology and utilize features they weren’t initially aware of so that they satisfy insurers’ demands and qualify for cyber insurance.