“Hackers are addressing specific organisations and individuals. And the level of sophistication is rising”

Ed Macnair

In an exclusive interview with Business Leader, Ed Macnair, CEO of cloud security platform Censornet, discusses the trends we are currently seeing in the world of cybersecurity.

What were you doing before founding Censornet and how long have you worked in cybersecurity?

I’ve been in cyber security for 22 years. My passion has been to centre cyber security protection around the user — not just the network. Over these two decades, we’ve seen remote users become the norm, rather than the exception.

It’s why, prior to Censornet, I founded a company called SaaSID in 2011. It was the very first Cloud Access Security Broker (CASB) at the time. The term CASB was yet to be coined. We sold the business to Intermedia in 2013. In hindsight, that sale was too early, as the market we began to address back in 2011 is now massive!

When I acquired Censornet in 2014, I had a vision of creating a cloud platform that could solve the cyber security needs of the mid-market. The technology architecture was already there, ready to be innovated to rid the market of costly and complex solutions. This is what attracted me to Censornet — it was ahead of the market in so many ways from the very start, particularly with its access anywhere-first approach.

What trends are you currently seeing in the world of cybersecurity, particularly where mid-market organisations are concerned?

There is almost a perfect storm of potential exploits. Cyber-attacks (especially spear-phishing attempts) are much more targeted at the mid-market. More and more, hackers are addressing specific organisations and individuals. And the level of sophistication is rising. That, married with the almost universal acceptance of remote working, which has obviously been driven by the pandemic, is creating this downward cyber security pressure.

Adoption of remote working has changed the way in which organisations connect to applications and resources. People are realising that VPNs aren’t enough. That a poor user experience and poor performance are the net results of using this technology. It means the traditional network perimeter is dying, and a new cloud-based approach is emerging.

The key problem is that the mid-market is grossly underserved. Despite facing all the same security challenges and issues as larger enterprises, they don’t have the resources or tools to address them. To help shift this imbalance, we are starting to see signs of cyber defences becoming more autonomous and integrated.

Why do you believe there is such a rush to get acquired amongst technology and cybersecurity founders?

Right now, the market is very, very frothy. Valuations are at an all-time high. A lot of strategic acquirers are looking to fill gaps in their portfolio. Alongside that, cybersecurity has become mainstream over the last couple of years. When I say mainstream, I mean that it has established itself as a Board-level issue. So, all in all, it’s a very buoyant market.

When the market is buoyant, cybersecurity founders are drawn in. Often, founders work extremely hard to self-fund their companies, so the sign of a high valuation is very attractive. They have a vested interest too, having likely mortgaged their house, or borrowed from family and friends. It’s this self-funding dilemma that is often the cause of British entrepreneurs selling too early. And, at a time when cyber security awareness is peaking, it is making for a cyber security gold rush.

How important is budget in the world of cyber protection for businesses?

Having a budget for cybersecurity is critical. It’s as critical, if not more critical, than the rest of the IT spend. Most mid-market companies do have a cybersecurity budget. I think you’d have to really have your head in the sand not to.

What we are seeing now is budgets increasing. Most mid-market organisations realise they face the same cybersecurity challenges as large enterprises. And they are looking at how they can bolster their defences.

What future trends do you expect to see in cybersecurity?

We will see the de-perimeterisation of security. The fact that a lot of users became remote in the last year and a half accelerated this shift. Suddenly, perimeter defences didn’t cut it because employees weren’t behind the perimeter. It has triggered a move away from legacy, network-based security and a de-prioritisation of firewalls and VPNs. The importance of these technologies is fading into the background.

There will be a move to Zero Trust going forward – a ‘trust no one, protect everyone’ mantra. It will require strict identity verification for every person and device trying to access resources, regardless of their location – whether they are working from home or in the office.

Zero Trust is the first stop on the road to SASE. That is what’s next for cyber security. It’s the combination of network-as-a-service and security-as-a-service which offers a single, cloud-based solution to the global security needs of a mobile workforce.