[glossary_exclude]British military leadership prepared him for defense against cyber threats.
Oz Alashe MBE leads the UK cybersecurity firm CybSafe and has been the driving force behind the CybSafe concept, vision and platform. Oz is a former Lieutenant Colonel in the British Army and UK Special Forces. He has a successful track record of developing strategy, driving innovation and leading implementation in both the public and private sectors. His background gives him a unique insight into the socio-technical realities of cybersecurity and the sensitivities around changing human behavior.
We caught up with Oz at his West London home:
IG World: Where did you grow up? Go to school?
OA: I grew up in Hertfordshire, a county north of London. I went to a public school called St Albans School which was founded in 948AD, making it one of the oldest schools in the world.
What are some of your fondest childhood memories?
My fondest childhood memories are those with my family. My mother was always a positive role model for me, and I have particularly vivid and warm memories of her laugh and sense of humor. I was fortunate enough to grow up as one of three kids, and I have many happy memories of us playing together, especially on holiday. We used to travel a lot as a family: to West Africa, Europe, and the US. But it’s not just the holidays that I treasure. Even a simple outing to a restaurant or the cinema could become an epic adventure in my childhood imagination.
You are a former UK Special Forces Lieutenant Colonel, what key lessons did you take away from that experience that may apply to business? Cybersecurity?
The Armed Forces arguably invest more time and resources into training its personnel than any other institution in the UK. One of the biggest areas of focus is the area of leadership. Across all levels of leadership, the concept of “serving to lead” is nurtured and encouraged. I believe this has served me well, both in service and now, as a civilian in the business world.
First and foremost, leadership is about service. This means challenging and supporting in equal measure. It means putting others before yourself and doing all you can to create the conditions for those you manage to succeed at what they do. It means being clear in your understanding of the objective and providing clarity to those you are fortunate enough to lead. It means accepting that you’re not the smartest, fastest, or strongest in the room – in fact, it means actively seeking to fill the room with people much better at what they do than you!
It means going the extra mile, sometimes embracing discomfort, and embodying an example for others to follow.
What sparked your interest in cybersecurity?
I’ve always been involved in the securing and helping those that aren’t in a position to do it for themselves— hence I began my career in the military – and cybersecurity is really just an extension of that interest. I’ve also always been a technologist. Technology offers us huge potential to create a better society and it’s already helping us address some of the world’s most pressing problems in areas such as the environment, health, and education. On the other hand, although positive, digitalization has actually made us vulnerable as a society. Even in my early career, for example, some of the bad guys we were chasing were exploiting technology in order to fund or carry out their terrorist acts. So, for me, it’s about promoting the positives that tech has to offer, and combating the negatives.
What was your primary motivation in co-founding CybSafe?
The idea for CybSafe was developed in response to a number of problems that I saw companies facing during my time at Torchlight Group, a British counter-threat firm. Online behavior at work and at home has been the most significant threat to business security for a number of years. But while at Torchlight, I noticed that businesses often didn’t have the resources, time, or expertise to address this human aspect of cybersecurity effectively on their own. They also had no way of understanding the risk they were carrying in this area or knowing whether their supply chain posed them any risks. When awareness solutions were implemented, they were often inadequate – they didn’t actually change the way people were behaving, and businesses were none the wiser when it came to quantifying their human cyber risk.
All these training manuals, austere cybersecurity policies, and phishing simulations that businesses were inflicting on their staff were simply not working. Staff still had weak passwords, shared sensitive data, fell for phishing emails, and so on. I saw a genuine gap in the market for an innovative solution to this aspect of the cybersecurity challenge – one that would have a tangible impact on how people act. And so, I co-founded CybSafe in 2015, which launched to market in 2017.
How is CybSafe’s approach using advanced data analytics and cognitive technologies different from your competitors?
CybSafe’s first differentiator is the depth of our platform’s data analytics. The cyber risk of individual employees, the effectiveness of cybersecurity awareness programs, and ROI have all, historically, been quite hard to measure. This lack of raw data has led to difficult conversations at the C-level, because the CISO (or equivalent) hasn’t had any or much proof of existing risk, or proof that awareness programs were mitigating this risk. CybSafe addresses this with rich, actionable data and data visualization.
Our platform uses tens of thousands of data points per user to provide insight into individual human cybersecurity and data protection risk in real time. CybSafe’s reporting and analytics dashboards show customers whether their human cyber risk and resilience is where it needs to be and which interventions are working. It shows them the state of their cybersecurity culture, and how they compare to other companies of their size or in their industry. This means customers always have the information they need to make better decisions about cyber risk.
Our second differentiator is that, unlike competitors, CybSafe intelligently processes data to evolve the platform through machine learning on the basis of user understanding, content preferences and role-based or industry-specific risk profile. This means that advice, guidance and training content becomes increasingly personalized to the individual over time and supports users at the right time, in the right way, and in a way that is much more likely to influence behavior. All of this reduces risk more effectively, efficiently and in a less time-consuming manner.
A third differentiator is our science-based design. CybSafe has been rigorously developed, tested, and applied by in-house behavioral science experts in collaboration with academic research partners. CybSafe’s Research Advisory Group – which includes world-renowned academics from UK universities and the UK’s National Cyber Security Centre (the NCSC acts as a bridge between the industry and government) – means that everything we do is aligned as much as possible with academic research in the space.
What is the greatest looming cybersecurity threat that could have a major impact on societal stability and security?
Nation-state and state-sponsored actors have been on the rise, certainly for the last couple of decades. They pose the most serious national cyber threat. Utility firms, government organizations, other publicly-owned organizations (particularly those managing national infrastructure) are most at risk. In some senses, we’ve already had a taste of what’s at stake. Back in 2016, NotPetya, eventually attributed to Russia, caused chaos in the utility sector, as well as in financial services and transport. The attack paralyzed networks worldwide, costing FedEx and Maersk about $300m each. Then in 2017, US nuclear, energy, aviation, water and critical manufacturing industries were all targeted along with government entities in a highly sophisticated phishing campaign. Again, Russia appeared to be behind the activity.
What are some future developments and threats in cybersecurity that might emerge in 5-10 years?
The growth of the Internet of Things is bringing dramatic changes to the cybersecurity landscape. As connected devices increase in circulation by the day, the attack surface area increases and so does the level of threat. Vulnerabilities in these devices are almost inevitable. And once a critical mass of machines is compromised, criminals can launch DDoS attacks. From the human cybersecurity perspective, which is what I’m most interested in, many things won’t actually change over the next 5-10 years.
Cybercriminals are still profiting from the same run-of-the-mill techniques, and victims are unfortunately still making the same errors. Conventional attacks—such as delivering malware (especially ransomware) through social engineering—will remain a threat. However, of course, we’ll witness new sophisticated attacks coming onto the scene. When it comes to the social engineering threat, hackers are constantly devising more credible scams. Classic 419 (e.g. Nigerian advance fee) scams are still circulating (and fooling a small minority) but highly persuasive, believable spear-phishes are on the rise. At CybSafe, we also expect the targets of human cyber-attacks to change. Recent reports indicate that cybercriminals are shifting away from attacking consumers, and are attacking businesses more frequently instead.
You were made Member of the Most Excellent Order of the British Empire (MBE) for your military service; could you tell us more about your social causes and mentoring activities?
The MBE is an honor for me and was awarded for “personal leadership in the most complex and sensitive of conflict environments.” I like to get involved in social enterprises and charitable groups that are supporting people—usually, young people from more deprived areas who haven’t necessarily had the right opportunities. I believe that everyone has the potential to achieve, but not everyone has the right environment or the right support that would allow them to succeed and thrive.
What is your favorite sports team, and why?
My favorite sports team is Arsenal football club. Based in Islington in North London, the team wasn’t too far from home, and my whole family are Arsenal fans. Naturally, I became a supporter.
What do you like most about living in London?
London is a buzzing city that’s switched on 24/7 – the kind of place where there’s always something to see and do. It’s also a diverse city— outward-facing by nature and an extraordinarily positive place to live.
What is your favorite London pub? And why?
I live in West London in a place called Chiswick. There’s a little bar there called The Old Fire Station that serves great drink and food.
OZ ALASHE, MBE LEADS THE UK CYBERSECURITY FIRM CYBSAFE AND HAS BEEN THE DRIVING FORCE BEHIND THE CYBSAFE CONCEPT, VISION AND PLATFORM. OZ IS A FORMER LIEUTENANT COLONEL IN THE BRITISH ARMY AND UK SPECIAL FORCES. HE HAS A SUCCESSFUL TRACK RECORD OF DEVELOPING STRATEGY, DRIVING INNOVATION AND LEADING IMPLEMENTATION IN BOTH THE PUBLIC AND PRIVATE SECTORS. HE IS AT [email protected][/glossary_exclude]
Robert F. Smallwood, MBA, CIP, IGP, is a thought leader in Information Governance, having published seven books on IG topics, including the world's first IG textbook which is being used in many graduate university programs as well as to guide corporate IG training programs.