John Maynard, Adarma: “the competition for cyber talent is tough and it’s only getting harder”
The cyber threat landscape is constantly expanding with emerging threats that exploit the newest vulnerabilities.
It’s becoming increasingly important for organisations to recognize the role that threat intelligence and threat landscape mapping have in the realm of company-wide cybersecurity. However, as building security systems from scratch is a more complex project than businesses are willing to take on, and given the shortage of cybersecurity professionals, many organisations turn to managed security services and threat intelligence providers.
Cybernews reached out to our CEO John Maynard to discuss the evolving challenges in the cybersecurity field and the best practices for tackling them. What follows is a transcript of that interview.
How did Adarma originate? What would you consider your biggest milestones throughout the years?
Adarma was founded and is led by industry experts and as such, we understand the difficulties organisations face when protecting themselves and their customers against an increasingly complex and harmful threat landscape.
Adarma was formed in 2009 and focused on providing threat management and SOC services to the financial services industry. In 2016, we were ranked as the UK’s 40th fastest growing technology company by the Sunday Times Hiscox Tech Track 100 league. In 2019, we separated from the ECS Group and rebranded as Adarma with investment from LivingBridge (mid-market private equity) and were named ‘One to Watch’ Security Company by Computing Security Awards. Splunk has named Adarma as an ‘Elite’ partner and their largest and most accredited partner in Europe.
2020 was a record year with revenue rising 27%, and we were named by the London Stock Exchange in the “100 companies to inspire Britain” report. In the same year, John Maynard was appointed CEO and CrowdStrike became a strategic partner.
Over the past two years our Managed Security Services, particularly Managed Detection and Response, have grown 70%+ each year. We are rapidly expanding the team and have taken headcount to over 300 permanent members of staff, complemented by our investment in software that underpins our capability and roadmap.
Our heritage as threat-centric cybersecurity practitioners means we have deep industry knowledge and insight and as such have gained deep experience delivering value from cybersecurity investments in the real world. The Company’s revenue has increased from £8M in 2014, to over £42M, representing a CAGR of 30%. We have invested in senior leadership, sales and marketing, delivery, and infrastructure and expanded our portfolio and partner ecosystem. We expect Adarma’s revenue growth in 2022 to significantly outpace the average market growth rate.
Can you tell us a little bit about what you do? What services do you provide to ensure security?
Adarma is the UK’s largest independent cyber threat management company serving the FTSE 350 across a range of industries. We partner with our customers to help protect against a range of cybersecurity threats delivered via cybersecurity consulting, engineering, technology, and managed security services tailored to our client’s unique requirements. Our lead offering is our market-leading Managed Detection and Response capability.
Our offerings help customers to manage their attack surface and build and operate best-in-class detection and response services, allowing them to reduce risk and increase cyber resilience in their organisations.
We continue to invest in our market-leading security platform that underpins our Managed Detection and Response capability, and in our Threat Intelligence teams. This allows us to further advance our ability to support customers across a range of industries to detect and respond to ever more complex cyber threats.
You often stress the importance of threat intelligence. Why is it so crucial?
If you accept that a cyberattack on your business is inevitable, you need to keep ahead of what threatens your business as both you and those threats change and evolve over time.
Threat intelligence plays a pivotal role in helping organisations shift their cybersecurity strategy from reactive to proactive. It allows us to analyse and understand the multitude of factors that motivate cyber threat actors in how they target organisations and what drives their attack behaviours.
By adopting the attacker’s perspective using threat intelligence, organisations can more effectively optimize their prevention and detection capabilities. Intelligence provides a comprehensive picture of the real-time threat landscape while also forecasting potential areas of emerging risk.
Armed with this picture, organisations are better able to anticipate threats, understand the implications of their decision-making, identify their high-value assets, and prioritize areas requiring remediation.
Threat intelligence is essential for enabling cybersecurity teams to make faster and more informed data-backed decisions that will directly impact the organization’s cyber resilience. By ensuring your threat intelligence is credible and relevant, you can start to:
– Gain the ability to quantify and outline strategies of mitigation or elimination of unnecessary risk
– Set out clear prioritized investments
– Respond faster to incidents
– Get ahead of attackers
How do you think the recent global events affected the way people perceive cybersecurity?
With cybersecurity incidents making headlines around the globe, people and businesses are increasingly aware of the risk that cyber threat actors pose and the potential of a devastating impact of an attack. Last year, we saw numerous cyberattacks targeting supply chains, causing widespread system downtime, economic loss, and reputational damage, for example, the Colonial pipeline attack, which resulted in a six-day stoppage that led to US fuel shortages and prices increases.
While recent high-profile attacks by notorious cyber crime gangs, such as Conti, LockBit, and DarkSide, have revealed just how structured, targeted, and persistent these threat actors have become. These attacks have also highlighted to people how digitally dependent we are and how a cyberattack could potentially lead to life-threatening consequences in the real world.
The invasion of Ukraine by Russia has also highlighted how weaponized cyber has become and how it can be used to influence global matters, with malicious groups attacking critical infrastructure and international bodies to sway the current geopolitical situation.
As a result, organisations are recognizing the urgency to harden their cybersecurity posture and the need to take a proactive approach to secure their digital environment. Due to a dearth of cybersecurity professionals, the complexity of the threat landscape, the high cost, and the difficulty of building a SOC internally, we’re seeing more and more organisations turning to managed security service providers and managed detection and response where they can be supported 24/7.
Despite all the solutions and providers available today, some companies and individuals still refuse to update their cybersecurity. Why do you think that is the case?
Assessing and improving an organization’s cyber risk can often be a daunting and complex task. Business leaders can often feel overwhelmed at the prospect of updating their legacy systems or undertaking the mammoth challenge of building an entirely new system from scratch with security built-in.
On top of that, there is a cybersecurity talent shortage, so even just acquiring the staff with the requisite expertise and cyber skills to plan, build and run their security can be a time-consuming and costly experience. The competition for cyber talent is tough and it’s only getting harder as the demand for cyber professionals increases.
To help overcome hesitancy/reluctance on the part of The Board, it’s important that the technical IT security function can communicate the risk and potential cost of leaving the organization vulnerable to attack. There is certainly a skill in translating the technical requirement into a quantifiable reduction in business risk that the board will understand and appreciate in ROI terms. Having said this, we see that increasingly board members are aware of, and understand, the risk of cyberattack and are making it a priority to address any shortcomings.
The top three threats we see board members most concerned about are ransomware, insider threat, and supply chain risk. In fact, in our recent Ransomware Readiness report, we found that 58% of UK businesses with over 2,000 employees had experienced a ransomware attack, so the threat of ransomware is particularly top of mind among our clients.
Your 2022 Ransomware Readiness Report uncovered some interesting points. What would you consider the key discoveries?
In January 2022, Adarma undertook research across 500 UK organisations with over 2000 employees. We asked the senior leadership of these organisations (director level and above) a series of questions to uncover how concerned business leaders are about ransomware, how confident they are in their organization’s ability to deter or prevent an attack, how able they are to respond to an attack and to understand the steps they have undertaken to minimize this significant risk.
Our research found that a staggering 58% of respondents have experienced a ransomware attack, and, perhaps worryingly, that 67% of those felt the best way to resolve the situation was to pay the ransom.
Given that more than half of respondents reported having already suffered an attack, it’s not surprising that 94% of organisations are either concerned or very concerned about ransomware attacks. However, 96% of business leaders are confident in their organization’s existing measures to deter or prevent a ransomware attack, while 95% are confident they have the correct measures in place to respond in the event of a ransomware attack, despite 22% not having a cyber incident response plan in place.
A cynic might also say it’s convenient that 48% of business leaders would hold the IT Security team accountable if they suffered a breach, while only 22% thought the CEO or Board should be to blame.
Share with us, what would be the first steps for companies looking to improve their cyber resilience?
Your business changes, grows, and transforms at a pace. Understanding your attack surface and the risk it poses is the first step. Only then can you manage any unnecessary risk and apply controls accordingly to harden your organization in preparation for when a threat reveals itself.
Attackers will exploit windows of opportunity to bypass your defences. Having the ability to continuously monitor your estate, power tuned detection content and trained experts with tested skills to investigate, hunt, and respond to threats in real time is key. This ensures that when an attack happens you can recover with speed and confidence.
Talking about individual users, what security solutions do you think are essential for personal devices?
The simplest thing individuals can do to improve their personal online security is to follow good password practices. It’s common for people to resort to simple, easy-to-remember passwords reused across most, if not all accounts. This is a recipe for disaster and could result in identity theft or account takeover. Length and complexity are essential for a strong password, as passwords with these characteristics require more effort and time for an adversary to crack.
Passwords should contain at least ten characters and include a combination of special characters, as well as upper-case and lower-case letters, and numbers. Having said this, the rule of thumb when it comes to passwords is that you should never reuse them. Reusing passwords is a massive red flag and can leave users’ accounts susceptible to being compromised.
To maintain healthy password habits, it’s important that people make their passwords manageable. This can be done by striking a balance between memorable and complex passwords. Password managers are a useful tool for overcoming the challenges of traditional password security methods as they help to maintain good password practices.
Password managers generate complex, random, and unique passwords for all the individual sites a user visits and store them all securely so users don’t have to worry about remembering them. They also alert users if they are re-using the same password across different accounts and notify them if a password appears within a known data breach so that they know to change it.
‘Hercules’ is designed to significantly enhance our customers’ ability to respond to threats effectively, rapidly, and at scale. We believe this development will help to further cement our position as the UK’s leading cyber security management company with a reputation for plain speaking, transparency, partnership, and service excellence.
Our ‘Hercules’ roadmap brings to market innovative new cyber security services, while scaling rapidly in the context of a global cyber skills shortage, including:
– Creating an inclusive entry point for young people from diverse academic backgrounds into the Cybersecurity sector to accelerate skills and competency for security analysts and security operations managers.
– Maturing approach and developing industry-leading capabilities in attack surface management, detection and response, and threat intelligence. This includes a cloud security centre of excellence to further establish industry leadership in detecting threats across cloud and hybrid IT environments.