What’s your biggest challenge right now?
I would say our biggest challenge is educating our customers, getting the message out about the severity of cyber security, getting the message out about how to protect them, getting them to take it seriously. The biggest mindset or response I see is that it’s not going to happen and my company is not a target. I don’t lock my door, I’m up here in Maine. No one’s going to want my stuff.
In fact, small- to medium-size businesses are the No. 1 target of attack. Small businesses represent 46 percent of attacks. (Hackers) are looking for data mostly that they can sell on the dark web or that they can try to encrypt and hold hostage with ransomware so they can get some kind of Bitcoin payment for. (Bitcoin is a type of digital currency, often referred to as an online version of cash.) The latest statistics I see is that right about half of all Bitcoin transactions are done illegally through cyber security breaches.
You are looking at PII, so personal identifiable information, and that can get you all kinds of access. From an identity theft standpoint, I could open accounts, I can open up credit cards, I can find, you know, those kinds of things. Anything personally identifiable, your address, where you went to school, all of that, up to and including social security numbers. But then the other aspect is you get access to companies’ data and information, and the mother lode there is normally within that you have X amount of employees. When I’m met with that, when I’m able to access the customer or the company server network, I most times will have access to all of the employees as well as the company information, including financials, customers.
I will say the response (to learning about cyber threats) from anyone who has suffered a breach is never one of doubt. They want to act swiftly because they have learned the lesson. You ever hear of a person complaining about auto insurance who has been in a head-on accident. But trying to convince other folks, it’s all over the map. There are folks that say, yes, there’s nothing there to get. Let them try to get my Social Security number; my credit score is awful. Businesses say there’s nothing really there. It’s just kind of putting their head in the sand.
We’re starting to see it become more accepted. It used to be met with more — I don’t want to say resistance — but, um, doubts. And now all of a sudden it’s starting to become a specialty as things hit home with the city of Augusta (which was targeted in a ransomware attack), all of those things happen. And like I said, people who have experienced this want to move full speed ahead as quickly as possible.
How were you influenced to go into this business?
In 2011 when we first started, we were more or less a software reseller. And we started to move to the IT side because our clients wanted our software to work, and we realized that our software would only work as good as their computer networks were set up. So kind of kicking and screaming, we decided we were going to look into it. In 2013 is when we started doing the managed IT services.
Cyber security is just the natural evolution of where this is going. We had been doing a lot of what is considered cyber security today before it was really a popular term, similar to the word cloud. Before people started calling it “cloud,” the technology was there before, but it’s just easier to stay cloud. It’s kind of the same thing, that cyber security has now become more of a defined marketing thing. And so because of that term, we’re able to now identify some of the things that we could do. For example, IT is just making sure my computer is going to work when I push a button and pull up a document. The security of that — how safe is the data? Does someone have access to that? Has someone had access to it? It’s the difference between owning a house and making sure the plumbing and electrical works versus having a security system.
How do you manage the changes your clients encounter when using technology?
So I think that there’s a couple of different pieces to that. The first one is that it’s up to us. (Cyber crime) is moving at such a fast pace. By the time marketing departments can come out with a product, it’s already obsolete because the bad guys are writing this stuff daily. And so one of the things that we make sure that we spend a lot of time and a lot of resources and energy on is keeping current. Daily, literally: What is new, what is new? And then one of the things that helps us provide the service to the client is because things are new all the time. You pay for something and then it’s, you own it and that’s it. We continue to update, update, update to new technology. That’s really the only way you chase this.
If you had some kind of vaccine for polio that goes back to the ’60s, it’s not going to work today. It literally is the same kind of mentality. “Well, I have antivirus.” You got that two years ago, and since there there have been 640,000 viruses. That’s not going to work. We have no choice but to keep up consistently with that. And then at that point, it’s continuing to educate our clients and making sure that they have the latest offerings that are keeping them safe to guard from the newer threats.
You said you were dragged, kicking and screaming, into this business. How did you know you this is what you would be doing?
We couldn’t find anyone to do it how we wanted it and how our customers wanted it. That was something that was stable and would work. And so after looking around to find out, is there anyone doing IT? Is there anyone doing secure IT with the right kind of best practices? We said, you know what we’re going to do ourselves. Our reason for existence is to bring technology to businesses in the state of Maine that can increase their profitability and use it to help them serve their customers. We weren’t able to do that without getting into it.
We started with having our first technical hire. It was almost six years (since) he came on board and we now have a total of 13. It started literally in my living room. And it’s just kinda been organically growing like that. Now we have relationships with the high schools, colleges and technical institutions, just because we’re trying to identify players and people that looking for careers, how we can look at the best of the best.
We were measured and focused with how we went after the right kind of people. I believe 80 percent of our technicians have come through the community college system. So we work very well with them. I serve as the co-chair of the Maine is IT Advisory Board at (Kennebec Valley Community College) and we’ve worked with colleges on internships. We have worked to identify people and ask them where they want to be in two years, three years? Well, here’s what we want, so let’s start getting you some experience, and start going through these certifications. They’re able to make $40,000 just starting out. So we’re home-growing them, and people don’t need to leave also to get a cyber security job.
Where do you think you and your business are going to be in five years?
Our goal has always been to deliver cutting-edge technology solutions to Maine businesses. As fast as the technology comes out and based on our current growth rate, we are going to have a substantial footprint in helping a good majority of Maine businesses with cyber security. We don’t invent anything, we just make the process better.
We know if (cyber criminals) try to get into one of our customers, they are going to be unsuccessful most of the time. And if they do succeed, we are going to have the appropriate components and practices in place to minimize the risk and cost.
It’s a numbers game. Twelve percent of the people click on the link (in phishing emails). So numbers tell me if I send out 10, I’ll be a t 1.2 people clicking on it. They’re also getting very good. You can tell someone all day long, show them, and sometimes it doesn’t click. One of the services we offer, is that we pretend we are the bad guys. We put these emails together and get them to click. So we see who’s prone to clicking and who’s not in your organization, and it puts up a dashboard to the owner that says you’ve got five of your 100 employees who click.
This is changing so fast, there has to be a human education element. They’re getting better. It’s not just increased attacks, they are also getting smarter. That’s why in five years the cost of cyber crime they are projecting to be $6 trillion, which will be the largest criminal active group globally including drugs.
The same computer that you use to pay your bills and (use) your bank account — you’re not going to have the same security. You might as well have someone standing in your house looking over your shoulder.
Part of our education initiative is the Hack the Hacker event. We have an Augusta one Nov. 4 and Westbrook is Nov. 8. The part that we’re taking seriously is the educational component and how do we beat the hackers at their own game.