/*

Startups

Cyber security for punks. This IT company do things differently.

Video by Influence Media.

Computers are everywhere. All businesses rely on computers, IT infrastructure and the internet for at least some day-to-day operations and wherever there’s computers, there’s also a threat.

Statistics suggest that rather than being a thing of the past, cybercrime is on the rise across the world. But it’s not the hobby of a few bad eggs. Cyber criminals are often highly organised, with considerable resources at their fingertips.

The 2022 Global Risks Report from the World Economic Forum warned that 'cybersecurity measures put in place by businesses, governments and individuals are increasingly being rendered obsolete by the growing sophistication of cybercriminals.’ The 2023 UK government cyber security breaches survey reported that 59% of medium businesses and 69% of large businesses reported a cyber breach or attack in the last 12 months. Meanwhile, analyst firm Gartner predicted that by 2025, 45% of global organisations will be impacted by a supply chain attack.

It's a real and scary prospect for businesses of all sizes, and one on which many IT support contracts are won. But one company is taking a different approach.

Punk Security, who are based in C4DI Northallerton, are unique in several ways. For a start their multi-coloured, mohawked Zebra logo is a welcome splash of colour in an industry that isn’t always known for its vibrancy and represents their more positive approach to cybersecurity.

Why the Zebra? It’s the punk of the animal kingdom according to co-founder Daniel Oates-Lee. "We were told that nobody would like the company logo, by multiple graphic designers. But everybody loves it, and the stickers. They love the fact that it's completely different from everything else. We wanted to be different. We didn't want to just blend in with the rest of them." It seems like a pretty good strategy, and it seems to be working. They’ve grown to a team of 8, mostly remote workers, in two and half years.

We caught up with him to find out more about the company and the state of cybersecurity today.

Co-founders Daniel Oates-Lee and Simon Gurney

Helping the human squishy things

Punk Security’s approach to working with clients is not about fear mongering, says Daniel. “We help companies understand where they're weak and show them where they need to get to and help them along that process. Rather than selling this idea of fear and everywhere burning to the ground. We promote what we believe is going to help customers the most rather than just bolting everything down, so that nobody can do anything.”

Some cybersecurity measures can feel over the top and many businesses may feel that they’re not big enough to be targeted. The reality is of course, that any business is theoretically under threat and the weakest link is the human rather than the tech.

According to Deloitte, 91% of cyber-attacks begin with email, even if the final attack was administered differently. And in 2022, phishing attacks (those which attempt to trick the recipient into opening a malicious link or file) increased by 61%. They fall into the wider category of social engineering attacks which are increasingly becoming the primary weapon in a hacker’s arsenal. You can have all the latest anti-malware software on your system but there will always be a way into a company. The employees.

“Cybersecurity is getting better over time. But the biggest vulnerability we have unfortunately is the squishy things, the human elements,” says Daniel. “We help secure the human by doing live demonstrations, carrying out simulated phishing attacks, or we will give good security advice to employees about how to protect themselves on social media? What settings should they be enabling? How can they better protect themselves at home? Because that will leak into their business life as well.”

Of course, any technical advancement in cyber will soon develop vulnerabilities as criminals find a work-around, so it’s ultimately down to individual human awareness and procedure to ensure a company stays safe. He feels it’s not worth banging on about the multitude of threats that are out there.

“Everybody knows that bad things happen if you don't secure yourself properly.” They acknowledge that is a very real possibility but take a more pragmatic approach from there.

Working with the community

Punk Security started off the back of an 8-year friendship between the two co-founders, Daniel Oates-Lee and Simon Gurney and has grown since then, hiring developers and other roles along the way. The team is scattered across the UK with Simon being based in Northallerton and Daniel in Leek. But the advent of remote working tools means they’re able to easily work on projects concurrently.

As for what they work on? It’s quite varied. And often bespoke.

Clients vary “from the military, which are several 1000 people strong, to online music retail companies, which might have 20 people.” And the work they do all depends on the customer. Military contracts are understandably stricter and more directional whereas businesses may come with a problem, they just don’t know how to solve.

“We also do a lot of open-source projects. That’s where we are developing capabilities for the community to use our software for free and to enhance their cybersecurity posture.” They’re very much involved in the cybersecurity and developer sphere and are hoping to do more training around DevSecOps. This endeavour goes beyond setting up systems after the fact but rather feeds security into the very early processes of development at a software company. And it was a key part of setting up Punk Security. It's a creative and innovative side of the business that is not always found in IT companies and it fits with their ethos of sharing what they know and working at the cutting edge of IT.

“The idea of DevSecOps is about bringing developers and operations teams together so the developers can help operations teams deploy their software and diagnose problems. So as the developers write their piece of code, we will scan it for what we call secrets. These are like hard coded passwords, or API keys or certificates that shouldn't be being leaked in the source code.”

“We’re building a platform to be able to upskill people and teach them more about it and we've got a few more open-source projects that we're planning on working on as well.”

Such is their commitment to open source and community that they’ve made use of the C4DI community to run events. Joining C4DI was about having a central physical presence in Northallerton and Daniel says that “from there, we started using C4DI for its events and its connections to the wider area.”

"In conjunction with C4DI, we ran a cybersecurity event in Hull where we carried out a live Hack taking business people through what would happen in a ransomware event and then showed them how to prevent it. That was also in conjunction with Northeast Cyber Resiliency Centre which is a police funded charity organisation. So, the police gave their experience of various different cyber-attacks, along with our live demo."

Their involvement in military projects as an Armed Forces Covenant signed business is also relevant to an area of cybersecurity that is growing.

A classic devs laptop emblazoned with the Punk Security logo (top right) amongst others…

Where is cyber heading?

Cyber in the military is a topic that our speaker is familiar with as a member of a reservist unit, and hackers are increasingly being deployed in warfare.

As far as why it’s being used, he says “it's being able to carry out an action without firing any typical weapons” that will make it increasingly appealing as time goes on. But he cautions the threat is not solely from the likes of “Russia and China, that people do seem to focus on. There are also some really good hackers in Brazil. Or North Korea.” The totalitarian state in particular is renowned for being a hotbed of ransomware and ultimately there are links back to China and Russia, relaying internet through the former and activity often being linked to Russia.

But innovation will continue and there are positives to hold onto about how companies like Punk can stay ahead of the criminals. One such innovation that has entered every part of industry is, of course, AI. Daniel is open minded.

"We've been investigating how we can use it as part of testing our systems. And we've got it to build what we call zero day attacks in a matter of hours. So I think this is going to be another useful tool to help bolster our cybersecurity. But on the flip side, it's also going to make our adversaries, the attackers, lives a little easier as well.”

Ultimately the reason companies like Punk exist is to ensure most employees and workers don’t have to worry about these threats too much. For them, the focus is clear and Daniel talks about “building a firewall inside the person”. Stay alert and take your time to establish whether what you see in front of you is legitimate. And you’re doing the best you can.

Taking Law to the Next Level With Tech

Taking Law to the Next Level With Tech

Ancora Law started as a one-man commercial property solicitors firm wanting to do things differently and embrace technology to provide a better service.

It’s proven to be a success and along with the help of C4DI’s community and prestige, Ancora has since grown into a team of four with plans to expand further.

We chatted to Matt about the story so far.

The Healthtech Startup Flexing Their Muscles in Hull

The Healthtech Startup Flexing Their Muscles in Hull

Rob Lewis started 54 Degrees North in 2016 to build successful Healthtech products. Their new app FLX helps people take care of their musculoskeletal health. In this interview we look at the challenges of setting up in the Healthtech sector.

Printing Money. How This 3D Printing Startup is Part of a Manufacturing Revolution.

Printing Money. How This 3D Printing Startup is Part of a Manufacturing Revolution.

In this month’s interview we chatted to NFire Labs founder and CEO, Alex Youden. We talked about where 3D printing is heading, how this young entrepreneur started and why not everyone should go to university.

Why Social Media Comes First for Hull's Newest Marketing Company

Why Social Media Comes First for Hull's Newest Marketing Company

In this month’s Real Stories we speak to Matt Johnson of Different Resonance, a Hull based social media first marketing agency. We talk about the power of social media marketing and the opportunities Hull has to offer.

Changing fashion, fighting burnout, and winning over Cath Kidston. The story of Bombyx PLM.

Changing fashion, fighting burnout, and winning over Cath Kidston. The story of Bombyx PLM.

Lucy Blackley is the founder of Bombyx PLM, a manufacturing tech startup that has seen huge growth over the last 18 months. We sat down and chatted about where the business is now and how even in a digital company, the real world has a big role to play.

How to set the right goals

This is a guest post by Timo Rein, the co-founder and CEO of Pipedrive. Every self-help book, motivational seminar and sales training weekend hammers the idea of goal setting into us. The reason for this is that setting a solid goal adds tremendous power to your efforts - whether it be growing the number of customers you have at your startup, or setting a number for how many new conversations you need to start next month.

I’m 90% sure that you’re setting the wrong type of sales goals - and so did we in the past. What do I mean by that? Most companies set result-oriented goals. While you need to keep an eye on how you perform, you shouldn’t put the result-goals in focus, because they simply won’t help you grow your business. Here’s why.

There are good and bad goals

Did you know that more than 80 percent of companies set the wrong kinds of goals for their sales staff? Goals that you can’t possibly meet? In a recent study, it was shown that setting results-oriented goals made achieving those very results nearly impossible.

Think about it, if a VP of Sales could directly manage revenue, then every salesperson in the world would be filling their bathtubs with gold coins. Of course, and rather unfortunately, this doesn’t happen. The reality is that we can’t control results - we can only manage our own actions.

The good news is you can achieve astounding sales results by setting activity goals. In fact, the results that come out of carefully planned and managed activities can far exceed any results-oriented goal you may have set in the past. If you’ve set up a sales management system for yourself and your team, you can easily measure the difference activity goals make.

A blast from the past

Imagine a bookseller who sets a goal to sell $1,000 in books each day. What if he sold nothing after talking to 17 people? What if prospect number 17 happened to be a very harsh rejection? It would get you down and make it harder to keep going. Take it from us, before we founded Pipedrive, we got our start in sales in exactly this way.

Now, what if the same bookseller had an activity goal of talking to 20 prospects each day. Even if 17 were to say no, it wouldn’t matter - he would only have three prospects left to talk to.

Ironically, when you take your focus off the results and put it on activities, you start feeling better, and become more effective. Take Michael Phelps as an example. When he dives into the Olympic pool, his mind is not on the gold medal at the other end. His focus is on getting every move right - exactly like he’s done it a thousand times before during training. If he gets every move right, only then will the gold be in his reach - and that much he knows.

You get results by focusing on the things you can do, not on the things you can’t do anything about

Everyone you start a sales conversation with will not end up buying from you. It’s a matter of putting the right number of conversations into the front end of your pipeline and managing them along the way to ensure the right number of closed deals come out of the far end. It’s not that you never think about your desired results, it’s just that you don’t let them monopolize your focus.

So instead of worrying about a specific result, set an activity goal to initiate 10 new conversations and make 4 demos every day, for example. You don’t know which of the 50 people in your sales pipeline will end up converting into a sale. The goal is to focus on making a powerful and effective presentation to each and every prospect, instead of worrying about what may or may not happen with the conversion.

Setting solid activity goals will build your confidence and reduce the sting of rejection. When you take your focus off of what might happen and put it on the activities that you can do, you’ll find yourself exceeding any expectation of results you could ever have hoped of achieving.

Start setting activity goals now

There are two things you can do already today to get started with setting activity goals:

  1. Count the average number of your key activities including meetings, emails, follow-up calls, new conversations initiated per week, or per day, etc.
  2. Set yourself daily and weekly activity goals based on how you’re doing compared to your current business and revenue results. You can use the Sales Pipeline Calculator for this.

One final tip I have for you is to start tracking your progress and the impact the activity goals make by making use of a web based CRM we built for SMEs and growing businesses. If you have comments or questions, feel free to post a comment below, or get in touch via twitter.

About the author: Timo Rein is the co-founder and CEO of Pipedrive. Timo has 15+ years of sales pipeline experience as a salesman, sales manager, and software entrepreneur. Before co-founding Pipedrive he helped to build a leading sales and management training house in the Baltics and was among the top 1% of door-to-door salesmen with Southwestern Company.