‘Don’t roll out the welcome mat for cyber criminals’

20th December 2018

Sarah Rees headshot

Sarah Rees

Hugh Neale“Cyber breaches are here to stay,” says Hugh Neale, co-founder of new cyber security start-up Zercurity. “Basically, you just need to be more secure than the guy next to you. Cyber criminals who are in it for the money will simply go for the easiest available target. You need to make sure that isn’t you.”

Hugh’s current mission is to help small companies avoid being the most accessible route to reward for criminals. Zercurity is a true new-born – Hugh has only been working on it full time for a matter of weeks when we meet – but it is developing rapidly via the cyber security accelerator programme CyLon, which Nominet supports. The 13-week experience has proved immensely rewarding for this cyber security expert, not least in helping him build formative relationships to get the word out there.

Hugh co-founded Zercurity with his long-term friend Egor Sidelska. The pair met on a computer science degree course at the University of East Anglia and “have a very complementary skill set,” explains Hugh.

Like most good business propositions, Zercurity will deliver what Hugh himself wished he’d had access to in his previous role at a fintech start-up. Tasked with implementing a cyber security posture from the ground up, he was increasingly frustrated but the fragmented nature of available tools, and the expense. “You end up having to tie all these solutions together yourself, which is extremely time-consuming, resource-intensive and therefore very challenging for smaller companies.”

“It made me wonder, how is everyone else managing? In short, they aren’t, and even well-resourced companies are falling behind on basic cyber hygiene. I want Zercurity to be the answer for them,” says Hugh.

In some ways, this is a job that Hugh has been in training for from the age of 8 when he built Lego ‘computers’ in his bedroom. “I think I was trying to make a computer before I even had one! I used to take the circuitry from all sorts of bits and bobs to make them work,” he remembers.

A family move to Korea and Singapore when he was ten allowed Hugh to get his hands on the latest technology. His parents “lost” him the moment he got his own laptop, and he pushed their patience to the limits when, during his teenage years back in the UK, he built a data centre in the garage. It cost a small fortune in electricity and “almost drove my parents mad,” he recalls.

His time at university was followed by founding his first start-up, but then he decided he needed a new challenge and successfully applied for a role with the Government, building defensive cyber security capabilities. This foray into a whole new world of cyber security “was incredibly overwhelming when you realise what goes on and what can be achieved, but I loved it.”

Hugh spent over three years working for the Government and is now applying his highly-developed cyber security skills to business practice, realising how often companies fail to make themselves cyber secure despite claiming it as an operational priority. “They are still being attacked in trivial ways,” he says, “but I can understand why people aren’t protected enough; cyber security is very complex and keeping on top of it is hard.”

He admits the scale of the challenge is a barrier – cyber security needs continuous attention and refinement – as is hiring the correct skills in the midst of what the Government calls a ‘digital skills crisis’. Most worrying for Hugh is that that too many of the tools available “take the responsibility away from an organisation and manage cyber security for them, when we should be helping people understand it more. If both managers and staff understood what can really happen when things go wrong, they would take the risks more seriously.”

They also must understand just how easy it is to become a cyber criminal today, continues Hugh. “All the tools for a cyber attack are available for free online with YouTube tutorials; the barrier to entry is really low. To be honest, if you annoy the wrong person and you don’t have a good security posture, that could be the end of your business within the week.”

Ignorance of security risks is also an element of innovative new technologies that scares Hugh. “People have got listening devices and video cameras in their homes, plugging everything into the Wifi that might itself not be secure. It’s so simple for hackers to get straight in there – all the information is available online. It’s worrying.”

The task of keeping our society and businesses cyber secure is vast, yet Hugh is not daunted by his chosen profession. “I find it really exciting,” he says. “You can never know enough because technology is constantly changing and there is a different challenge for every business. I’m hopeful that GDPR and other upcoming legislation will draw attention to the data breaches and force companies to make themselves more secure. We can’t keep rolling the welcome mat out for the cyber criminals.”

Hopefully Hugh’s new business, and those of his fellow cohort at CyLon, will form a small part of keeping the criminals at bay and our world a little more cyber secure for the years ahead.

Find out more about Nominet’s cyber security division, or read about other CyLon cohort members Catherine Parry and Kathryn Chamberlain.