Aviva Zacks of Safety Detective sat down with Martin Sugden, Boldon James’ CEO, and asked him about his company’s Classifier suite.
Safety Detective: How did you get involved in cybersecurity, and what do you love about it?
Martin Sugden: I have an accounting and HR background, so I have always been involved in areas of confidentiality. About 20 years ago, I joined Boldon James, which was a market leader in a military message handling system in the intelligence sector. Just when Big Data happened, there was a massive requirement for this type of capability and it just seemed obvious to drive the company more in that way. So, we moved from that to the military end of labeling and keeping ability through to full-blown integration with the standard cybersecurity tools that most people are familiar with.
SD: What would you say is Boldon James flagship product?
MS: That would be our Classifier suite of products, which gives the end-user the ability to put a label on a document, anything that they create. So, if you are working on a Word document, PowerPoint, Outlook email—you are the person who understands what it is you’re doing, you understand the context of why you’re creating it. Then we get you involved in its cybersecurity, right at the beginning. You give us an idea of what the value is and what it is that is in that document, and then that is going to create both a visual label and all the other layers of security. We will see the metadata tag that we create, and, therefore, be able to make much better decisions.
If you mark something internal or for a particular group of people, and then you put an external email address on it, we’re going to come up with a little speed bump that asks you if you really intended to send it to that person.
SD: What would you say are the worst cyberthreats out there today?
MS: I think the most prevalent is human error because people are not trained and can make mistakes. One of the reasons we designed our products the way that we did is that we can help people make the right decisions. But from a personal space, getting somebody to give you their bank account details and then fraudulently emptying the bank account of someone is probably the worst thing I can think of. But from a corporate space, certainly ransomware, finding yourself in a situation where you just can’t get your job done is clearly something that I think most chief execs stay awake at night thinking about.
SD: Where do you think cybersecurity is headed in the next few years?
MS: I think the main trend over the last couple of years has been around personal information security. Still, only around 50% of companies would say they are GDPR compliant and only 30% would say they are CCPA compliant. So, there is a lot of activity that’s going to come down the line in making that happen.
I think people look at artificial intelligence and machine learning as if they’re going to solve everybody’s problems, and they will realize three or four years down the line that if you just trained your users and gave them tools with which to help themselves, they’d be in a much better position.
SD: And how do you think that the COVID-19 pandemic is changing the face of cybersecurity for the future?
MS: Well, it’s interesting, isn’t it, how we started talking about data classification and where things were going in Big Data maybe 10 years ago now, we were talking about the fact that people used to think about their IT systems as almost like a castle. They put a firewall in place, everything else was inside. And then it’s slowly but surely broken down, bring your own device, people using mobiles. We have now got lots of people using the cloud. They are still using native applications, but they are doing much more of their business in the cloud. I think COVID-19 has pushed that right to the end. People have had to kit up with things like Zoom and allowing people in the organization to work at home, use their own devices, and use their own printers.
So, I am hoping it will break the old way of thinking. I think the more you look at where we are now with people working and not seeing people face to face, you’re going to understand that if you don’t train your users, make them aware of what’s going on, have tools that are intuitive and that work, and frankly, provide enough bandwidth for those tools to work, then you’re going to get left behind. Data loss will be more prevalent. Clearly, we are going to have to react to that, do more training, use tools that will help the user community.