We hear from KTW.Legal about their time meeting with C4DI in London.
10 Year Celebration to Mark Completion of Hull Tech Campus
A fifth and final building means the vision is complete and on Wednesday 22nd November, the campus was lit up all in blue for its grand opening alongside C4DI’s 10th anniversary celebration.
We welcomed over 100 guests from across the C4DI network, Hull’s business community and beyond, to hear about where we’ve come from, join in the celebrations, and check out the new digs!
Cyber security for punks. This IT company do things differently.
Computers are everywhere. All businesses rely on computers, IT infrastructure and the internet for at least some day-to-day operations and wherever there’s computers, there’s also a threat.
Statistics suggest that rather than being a thing of the past, cybercrime is on the rise across the world. But it’s not the hobby of a few bad eggs. Cyber criminals are often highly organised, with considerable resources at their fingertips.
The 2022 Global Risks Report from the World Economic Forum warned that 'cybersecurity measures put in place by businesses, governments and individuals are increasingly being rendered obsolete by the growing sophistication of cybercriminals.’ The 2023 UK government cyber security breaches survey reported that 59% of medium businesses and 69% of large businesses reported a cyber breach or attack in the last 12 months. Meanwhile, analyst firm Gartner predicted that by 2025, 45% of global organisations will be impacted by a supply chain attack.
It's a real and scary prospect for businesses of all sizes, and one on which many IT support contracts are won. But one company is taking a different approach.
Punk Security, who are based in C4DI Northallerton, are unique in several ways. For a start their multi-coloured, mohawked Zebra logo is a welcome splash of colour in an industry that isn’t always known for its vibrancy and represents their more positive approach to cybersecurity.
Why the Zebra? It’s the punk of the animal kingdom according to co-founder Daniel Oates-Lee. "We were told that nobody would like the company logo, by multiple graphic designers. But everybody loves it, and the stickers. They love the fact that it's completely different from everything else. We wanted to be different. We didn't want to just blend in with the rest of them." It seems like a pretty good strategy, and it seems to be working. They’ve grown to a team of 8, mostly remote workers, in two and half years.
We caught up with him to find out more about the company and the state of cybersecurity today.
Helping the human squishy things
Punk Security’s approach to working with clients is not about fear mongering, says Daniel. “We help companies understand where they're weak and show them where they need to get to and help them along that process. Rather than selling this idea of fear and everywhere burning to the ground. We promote what we believe is going to help customers the most rather than just bolting everything down, so that nobody can do anything.”
Some cybersecurity measures can feel over the top and many businesses may feel that they’re not big enough to be targeted. The reality is of course, that any business is theoretically under threat and the weakest link is the human rather than the tech.
According to Deloitte, 91% of cyber-attacks begin with email, even if the final attack was administered differently. And in 2022, phishing attacks (those which attempt to trick the recipient into opening a malicious link or file) increased by 61%. They fall into the wider category of social engineering attacks which are increasingly becoming the primary weapon in a hacker’s arsenal. You can have all the latest anti-malware software on your system but there will always be a way into a company. The employees.
“Cybersecurity is getting better over time. But the biggest vulnerability we have unfortunately is the squishy things, the human elements,” says Daniel. “We help secure the human by doing live demonstrations, carrying out simulated phishing attacks, or we will give good security advice to employees about how to protect themselves on social media? What settings should they be enabling? How can they better protect themselves at home? Because that will leak into their business life as well.”
Of course, any technical advancement in cyber will soon develop vulnerabilities as criminals find a work-around, so it’s ultimately down to individual human awareness and procedure to ensure a company stays safe. He feels it’s not worth banging on about the multitude of threats that are out there.
“Everybody knows that bad things happen if you don't secure yourself properly.” They acknowledge that is a very real possibility but take a more pragmatic approach from there.
Working with the community
Punk Security started off the back of an 8-year friendship between the two co-founders, Daniel Oates-Lee and Simon Gurney and has grown since then, hiring developers and other roles along the way. The team is scattered across the UK with Simon being based in Northallerton and Daniel in Leek. But the advent of remote working tools means they’re able to easily work on projects concurrently.
As for what they work on? It’s quite varied. And often bespoke.
Clients vary “from the military, which are several 1000 people strong, to online music retail companies, which might have 20 people.” And the work they do all depends on the customer. Military contracts are understandably stricter and more directional whereas businesses may come with a problem, they just don’t know how to solve.
“We also do a lot of open-source projects. That’s where we are developing capabilities for the community to use our software for free and to enhance their cybersecurity posture.” They’re very much involved in the cybersecurity and developer sphere and are hoping to do more training around DevSecOps. This endeavour goes beyond setting up systems after the fact but rather feeds security into the very early processes of development at a software company. And it was a key part of setting up Punk Security. It's a creative and innovative side of the business that is not always found in IT companies and it fits with their ethos of sharing what they know and working at the cutting edge of IT.
“The idea of DevSecOps is about bringing developers and operations teams together so the developers can help operations teams deploy their software and diagnose problems. So as the developers write their piece of code, we will scan it for what we call secrets. These are like hard coded passwords, or API keys or certificates that shouldn't be being leaked in the source code.”
“We’re building a platform to be able to upskill people and teach them more about it and we've got a few more open-source projects that we're planning on working on as well.”
Such is their commitment to open source and community that they’ve made use of the C4DI community to run events. Joining C4DI was about having a central physical presence in Northallerton and Daniel says that “from there, we started using C4DI for its events and its connections to the wider area.”
"In conjunction with C4DI, we ran a cybersecurity event in Hull where we carried out a live Hack taking business people through what would happen in a ransomware event and then showed them how to prevent it. That was also in conjunction with Northeast Cyber Resiliency Centre which is a police funded charity organisation. So, the police gave their experience of various different cyber-attacks, along with our live demo."
Their involvement in military projects as an Armed Forces Covenant signed business is also relevant to an area of cybersecurity that is growing.
Where is cyber heading?
Cyber in the military is a topic that our speaker is familiar with as a member of a reservist unit, and hackers are increasingly being deployed in warfare.
As far as why it’s being used, he says “it's being able to carry out an action without firing any typical weapons” that will make it increasingly appealing as time goes on. But he cautions the threat is not solely from the likes of “Russia and China, that people do seem to focus on. There are also some really good hackers in Brazil. Or North Korea.” The totalitarian state in particular is renowned for being a hotbed of ransomware and ultimately there are links back to China and Russia, relaying internet through the former and activity often being linked to Russia.
But innovation will continue and there are positives to hold onto about how companies like Punk can stay ahead of the criminals. One such innovation that has entered every part of industry is, of course, AI. Daniel is open minded.
"We've been investigating how we can use it as part of testing our systems. And we've got it to build what we call zero day attacks in a matter of hours. So I think this is going to be another useful tool to help bolster our cybersecurity. But on the flip side, it's also going to make our adversaries, the attackers, lives a little easier as well.”
Ultimately the reason companies like Punk exist is to ensure most employees and workers don’t have to worry about these threats too much. For them, the focus is clear and Daniel talks about “building a firewall inside the person”. Stay alert and take your time to establish whether what you see in front of you is legitimate. And you’re doing the best you can.
Award winning cyber-security company to hold hacking competition from old Northallerton prison
Finding tech talent in a shifting business landscape
From Fruit Boxes and Boxing to Business. What Tommy Coyle did next.
Vertual show off their impressive 'flight simulator' for doctors in member spotlight event
The team at Vertual was delighted to be featured in the first-ever Company C4Di Spotlight event, organised by Tina Swann.
The spotlight event was a chance to share an overview of our company, our products, and our customers.
It began with an introduction from Jan Antons, Business Development Manager at Vertual. Jan introduced the benefits of simulation and how it can bridge the gap between theory and practice. An introduction to radiotherapy followed. This included the size of the global market and how radiotherapy has progressed over the years. This was illustrated by an image of Jan as a junior radiographer practicing with a colleague during her training on a treatment machine much less advanced than the technology used today!
Jan explained that VERT is like a flight simulator, applied to radiotherapy. It allows learners to see the patient virtually on a treatment couch, to learn experientially, and to make mistakes in a safe environment.
Once the scene was set, James Ward, Chief Technical Officer, and co-founder of Vertual talked about the Company’s history and growth., He explained that the founders have been excited to see VERT so widely adopted around the world and pleased to see how our customers are using it to improve radiotherapy education.
James also talked about a willingness to collaborate with other members of the C4Di community and shared that Vertual is actively recruiting software engineers.
Daniel Owen, a product specialist, and therapeutic radiographer who until recently was treating cancer patients at the Christie hospital gave an entertaining and insightful presentation of VERT, the flight simulator for radiotherapy. Dan explained how radiotherapy is delivered and how VERT can be used to inform patients about their treatment.
The attendees appeared fascinated by the technology and were invited to have a hands-on demonstration with the Compact VERT system. There were lots of interesting questions about radiotherapy and our solution and some new ideas were generated as a result of the discussions.
Finally, Tina Swann appeared with some lovely pizzas from Bert’s. What a fantastic and tasty end to the event!
A huge thank you to the C4Di team for the invitation and to Influence Media for the photography. The team is looking forward to attending events featuring other members of the community.
The Gloves Are On. How Ansell Are Changing the Game for Protection.
The Hull startup helping brands get in stores quicker and react to current events
Taking Law to the Next Level With Tech
Ancora Law started as a one-man commercial property solicitors firm wanting to do things differently and embrace technology to provide a better service.
It’s proven to be a success and along with the help of C4DI’s community and prestige, Ancora has since grown into a team of four with plans to expand further.
We chatted to Matt about the story so far.