Tell us about your company, MailGuard. What inspired you to begin this kind of service?
I founded MailGuard in 2001, after an email-borne virus caused significant havoc on the company that I owned at the time. I didn’t understand why my business was impacted, especially since we were paying for cyber security. The security we had in place was simply ineffective against new threats. That experience taught me just how vulnerable businesses are to cyber threats and inspired me to start MailGuard.
There are a multitude of e-mail and web security options available, what differentiates you from your competitors?
The main difference is in the approach. Most of the traditional options are reactive by nature. They focus on spotting the ‘bad’ email and trying to stop future emails that look the same by applying what’s referred to in the industry as signatures, for each threat. We take a different approach. By profiling both ‘good’ and ‘bad’ email, our AI (Artificial Intelligence) is more effective at spotting anything that looks unusual. Importantly, it also means we don’t stop ‘good’ email unnecessarily. In addition, the ‘old’ approach of identifying threats, releasing antivirus signatures, releasing a patch, and deploying to customers is outdated and slow. It can’t keep pace with the subsequent iterations of each threat as they hit inboxes. MailGuard’s Hybrid AI engines are predicting, learning, and anticipating new threats as soon as they begin circulating, which means we are up to 48 hours ahead of our competitors in stopping new criminal intent emails.
Following on that, MailGuard was one of the first companies to pick up on the Netflix phishing scheme. What are some of the steps you take to identify and prevent these types of attacks before they get into your customers’ inbox?
Our AI is finely tuned. I started this business back in 2001, so we have the benefit of years of intelligence and intellectual property. Our AI runs tens of thousands of checks on every email, compared to other solutions that might do a few hundred checks. On top of that, our engineers are constantly reviewing new threats to see how they perform against our system, and the team is continually trialing refinements to improve performance without adversely affecting customer email.
MailGuard uses a ‘hybrid AI’ system to help predict and prevent attacks – how does the system work? What does ‘hybrid AI’ mean as opposed to ‘full AI’?
Hybrid AI is actually what I described above. That is, it is a blend of human intervention and expertise, combined with the speed and power that the AI has accrued over the last 17 years. Human decision making can’t come close to the speed and accuracy of our AI, but we think it’s important that our engineers still examine new threats so that we have a close understanding of any new tactics that are being employed by the cyber-criminal networks. The cyber-crime networks we’re up against are very smart and sophisticated, and they move at high speed. We need to take every opportunity to stay ahead of them.
One of the most problematic issues with e-mail and web security is awareness. Indeed, more than 25% of PCs in 2017 are still not properly protected or not protected at all. What can be done to try and change this?
I couldn’t agree more. Education is incredibly important across every level of an organization and cyber-crime is first and foremost a human problem. Technology can only do so much. We need every person within an organization to understand the nature of the risks and threats to their business. That’s why I’m particularly dedicated to educating the public:
The book I wrote, ‘Surviving the Rise of Cybercrime’is aimed at educating non-tech executives about the risks of cyber-crime and what they can be doing to protect their businesses. Last year, I launched ‘Surviving the Rise of Cybercrime’at Australian Parliament House. We’ve garnered support from the Wall Street Journal to government to the corporate sector, like ANZ Bank. We ran a series of events for CxO’s with Alastair MacGibbon and Microsoft to raise awareness. I speak regularly at conferences and other similar events.
Many people and even companies are unaware of the significant damage, financial and other, that cyber-crime can inflict. How do you demonstrate the importance of technology like MailGuard when the ‘ROI’ and threat are often quite intangible for most users?
You’re right that it is a challenge. It’s easy to explain the potential financial impact, the legal and regulatory risks, or even the reputational damage that can be caused to the business or its leadership. Yet, regarding cyber-crime, it can be much more difficult to describe the potential damage. Unfortunately, many think it won’t happen to them. The truth, however, as many have said, is that a cyber-attack is not a matter of if but when. So, I hope that attitude is changing. The other factor is that many of the biggest vendors are not doing a good job, so business leaders are reluctant to try something new. If the big guys are ineffective, they often get stuck on the cost of an additional solution, or it will get caught in the weeds with their IT teams. That being said, there is certainly more awareness now than there was even 12 months ago. We get great support from government sectors, as well as our partners at Microsoft where we’re stacking with Office 365. With the General Data Protection Regulations (GDPR) in Europe, and Notifiable Data Breach (NDB) legislation coming into effect in Australia next year, I think the awareness among boards and executive teams will step up another level.