Gone are the days when the cybersecurity landscape was fairly straightforward, where you could have a firewall in place on your perimeter, deploy some relatively basic endpoint security and introduce prevention policies that would make you secure,” says Roddy Maccallum, regional sales manager for Scotland, Check Point.
Cybersecurity has, by no means, ever been straightforward. However, looking back, the landscape some 10 years ago may seem lightyears away compared to the perilous environment in which organisations and companies now operate, Maccallum suggests.
However, from the ashes of global cybersecurity incidents, such as WannaCry and NotPetya, there has been an awakening among both organisations and consumers alike. The game has changed, and to stay secure, to protect customers and stay afloat, organisations must change.
Speaking to DIGIT, Maccallum and Check Point senior account manager, Tracy Scott, discuss the lightning-fast, ever-changing cybersecurity landscape and, crucially, Scotland’s place in this global industry. Between them, they have nearly 30 years’ worth of experience working in the IT and cybersecurity industries; watching both evolve and grow around them.
Working with Check Point’s partner community in Scotland, the duo is well-placed to see the changing demands and requirements from organisations across a host of sectors – encompassing finance, manufacturing, energy and government.
“From our perspective, what we’re seeing from our customers is that the world has changed over the last couple of years, and it has changed very quickly and very aggressively,” Maccallum explains. “In recent years we’ve witnessed the emergence of tech-generated threats, cloud – be it public, private or hybrid – the rise of IoT devices and the growing number of people using mobile devices.”
These gadget-focused consumer trends, which leave consumers and organisations potentially at risk, combined with an aggressive new cyber landscape, makes for a lethal concoction, Maccallum suggests. And, while companies race to adapt, they quickly encounter the harsh reality of this new world; infrastructural and budgetary restrictions.
“We’re seeing a lot of state-sponsored and multi-vector attacks, such as WannaCry or NotPetya, and what this means is that it’s now a very complex process that organisations have to go through, and they’re often dealing with very complex infrastructure. This means that it can be tough to secure in the modern world,” he says.
A common response that both Maccallum and Scott encounter at Check Point is that organisations increasingly look to consolidate down and simplify these complex environments to make it as secure as possible; a task that can be fraught with difficulty.
“Naturally, everyone wants to move to that next-generation security,” Scott says. “But having the resources internally and the budget to do that is often a major issue.”
Budgetary Restraints in a Tricky Environment
Budgetary restraints are a common stumbling point for organisations seeking to bolster their cyber defences, both Scott and Maccallum insist – particularly among SMEs who lack the same financial muscle that large companies can boast. For businesses of this size, recent events have raised the stakes, especially when consumer data is in the equation.
One year on, the EU’s General Data Protection Regulation (GDPR) still highlights the importance of stringent organisational security, Maccallum says. A cyber attack on a large corporation, although highly-damaging and concerning for consumers, will not have the same outcome as a successful attack on a small business.
“For a large enterprise or government agency, if they were to be hit with a successful phishing attack or a ransomware attack, they may be able to recover from that fairly quickly,” he says. “The big challenge is for a small-to-medium business, though. That could cripple an organisation of this size and potentially shut it down, which would obviously affect employees and their livelihood. They have a responsibility to ensure they are taking the relevant steps to secure their organisation,” Maccallum adds.
Scotland’s Place in a Global Community
Scotland’s growing reputation as a leading hub of cybersecurity innovation places it in an interesting position on a global stage, Maccallum and Scott agree. The nation’s academic institutions continue to produce excellent talent and trailblazing spin-outs and, with a supportive Government in Holyrood as well as a vibrant community, the country certainly is a standout in 2019.
“I would argue that Scotland is one of the real global leaders when it comes to IT, and maybe not only from a security perspective,” says Maccallum. “The community we have in Scotland in IT is absolutely cutting-edge. I think we’re a real player in what is a growing global market and, as a nation, we’re doing really good things.”
Although Check Point’s roots are in Israel, the company watches Scotland’s cybersecurity community with interest while it gradually expands its presence here. Indeed, long-term, Scotland could take Israel as an example in regards to its start-up scene. The Mediterranean country is one of the leading technology start-up hubs on Earth.
This flourishing reputation in the cybersecurity industry has also prompted Check Point to bring its GPX conference to Edinburgh for the first time. The inaugural Scottish event in Check Point’s calendar is due to take place at the Waldorf Astoria in Edinburgh on June 13th.
Launching the event here, Scott says, underlines the company’s growing desire to expand its presence in Scotland but also to capitalise on the strength of the nation’s tech community.
“We’ve got some of the top people from our organisation to come over and provide insight on cybersecurity,” Scott explains. “Although it’s a Check Point event, it’s not just Check Point focused and is about the industry and these key topics.”