Aviva Zacks
Aviva Zacks of Safety detective asked Nathan Collins, Sales and Marketing Director of PAV, how his company stays ahead of the competition.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Nathan Collins: I started way back in the 90s as a support consultant for a company called Stratus. From there, I went into data and information management, working for a company called CommVault where I stayed in a variety of roles for 12 years. It was whilst at Commvault I started to fully appreciate the value of data, managing data for the cycle, maintaining consistent copies, and creating datasets that were impervious to change, enabled compliance, and governance. But now, the most important thing is the ability to recover against a plethora of use cases.
What I really like about cybersecurity is that it’s essential. There are a few things in life that are essential, and security online is absolutely up there with taxes. Every organization needs to be concerned about cybersecurity; even the US Treasury got hit a couple of days ago. No matter how big or small you are, you will be affected. So it’s an essential technology type to have today.
SD: What services does PAV offer?
NC: Our focus is in three areas: modern workplace solutions, which is quite pertinent right now; data and governance solutions, which involves maintaining data through its lifecycle no matter what happens; and collaboration or communication technology, which is understanding every part of the technology stack that your employees use and trying to integrate that appropriately.
All of these underpin the user—the employee—and that’s really important, but it does it in subtly different ways. All three value propositions help the users maintain productivity while reducing risks of falling into cyber traps such as phishing, whale hunting, ransomware scams, or simply ticking on the wrong thing, causing a bad secondary effect.
SD: What verticals use your services?
NC: Our primary routes to market are currently local government, education, finance, legal, retail, not-for-profit, manufacturing, and engineering.
SD: How does your company stay ahead of the competition?
NC: Every 18 months, we assemble a steering committee and attempt to figure out what the future for IT and technology looks like. Following this, we put into action a plan to start to implement it ourselves. In 2018 we rolled out our unified cloud management platform, which was full integration of Salesforce, Microsoft Teams, SharePoint, Breadwinner, and Xero. These are all cloud-first technologies that allowed us to manage the productivity of our sales and support organization from a ticketing, cost, and communication standpoint. The intention is a high degree of integration between all of these cloud technologies to create institutional memory relating to all communications with our customers and suppliers. A useful secondary effect was the improved, enhanced productivity as well as the ability to access the platform anytime and from anywhere.
SD: What are the worst cyberthreats out there today?
NC: Not in a derogatory way, but I have referred to them for about 15 years as Code 9s; the worst problem is us, our employees, the people that are 9 inches away from the keyboard. People are being sent messages that claim to be from a supplier. Cybercriminals have acquired details from all sorts of hacks, and they include email addresses, passwords, dates of birth, accessed applications, aliases, social media connections, etc. They have a very rich understanding of you or your employee as a result.
The biggest threat is incoming, targeted to individuals in a very unique way and often not only to disrupt but often these days to solicit a financial benefit from an organization or person through the implied release of proprietary information or the denial of access to previously available customer records.
Technology is great and it can cover a lot of the bases, but unless the individuals are educated appropriately that anything that comes via email and text needs to have another level of security and scrutiny, there will always be the probability of being susceptible to an attack no matter what technology is deployed or whatever the insurance policies you have in place. No matter who your IT support Is with, or who is providing you with technology, or who is pen testing your environment against cyber threats, your lowest hanging fruit to the cybercriminal are the people within your organization. So that’s what we’re most concerned about. People, then processes, and finally the tools to effect change.
SD: How do you see cybersecurity developing in light of the pandemic?
NC: In the last 10-15 years, organizations have gotten very complicit. Staff was mostly working from offices with a small proportion of remote workers. Organizations invested massively in centralized IT with powerful core networks and firewalls and created DMZ areas for anything awkward. They’d have RDS or VDI systems in place and end-user compute was mostly restricted and secure. We got signs that things were changing 5-10 years ago with the rise of consumer-grade/shadow IT services with the likes of Dropbox and other cloud technology where data would slide out of the governed locations with users driving the change based upon ease of use and lack of available corporate tools. More recently, Office 365 has accelerated decentralization but in a very productive way.
Staff in many legal, finance, industry, commercial offices are not required to be in the office for the foreseeable future. The traditional character of blue-collar workers absolutely needs to be in the factories completing their daily tasks but even in manufacturing and engineering establishments, the office staff have disappeared out of the workplace and no longer need to work centrally. Tactical solutions are available to allow that to take place and that has changed everything. Working from anywhere is now commonplace and its adoption was massively accelerated in the last nine months. This is the only positive thing that COVID has had as the necessity for staff to work centrally fuels the carbon economy. We can clearly now see that employees can work remotely and with the correct tools and enablement, this can be enabled to be both productive as well as secure. The net of all of this could be a huge green advantage for many years to come.