Hello Frank, can you please introduce yourself briefly, tell us a little about your background and what has been driving you in the cybersecurity environment in recent years?
I’ve been “hanging around” in the cyber security market for more than 25 years, have worked in sales for various companies and have now been with Mimecast for almost three years, where I’m responsible for the DACH sales team. Why? The market and the demands placed on companies have changed massively in the last 2-3 years. On the one hand, the world of work, communication and collaboration has turned 180 degrees during and after coronavirus. Remote & New Work are no longer just buzzwords, but have become a reality for companies. Secondly, and in line with this, the German “fear of the cloud” is finally diminishing; on the contrary, we are finally seeing a trend towards cloud usage thanks to applications such as M365. That´s very exciting!
What characterizes Mimecast?
Mimecast is a leading provider of professional cyber security solutions in the areas of email and collaboration tools. Cyber risks have risen sharply in recent years, and 90% of phishing attacks still originate from a single email. However, we are currently seeing that attackers are increasingly using tools such as Microsoft Teams, Zoom or Slack, which have been used more and more “since the pandemic”, as gateways.
Our solutions are easy to integrate into existing architectures and have always been cloud native. We take a 360-degree approach and offer not only IT solutions, but also training and, true to our motto “Work Protected”, simply everything that helps to protect the data, employees, and communication of our more than 40,000 customers worldwide.
How does Mimecast help companies?
Mimecast helps companies to strengthen their resilience against old and new cyber risks and to raise awareness of them among their workforces. The economy as a whole is facing several major challenges that it must master simultaneously. In the face of global unrest, we are losing sight of the fact that the digital transformation, which has accelerated during the pandemic, is still far from being mastered in many companies. This is especially true for SMEs!
The increase in remote working, the associated rise in email traffic and the use of collaboration tools are placing completely new demands on the security of an equally growing number of end devices, which are not always easy to manage with limited in-house IT resources.
At the same time, not everyone is yet fully aware that cybersecurity is everyone’s responsibility in a highly networked world. Every little negligence opens up new angles of attack for cyber criminals. Attackers have long since set their sights on Teams, Slack or Zoom and are also using the opportunities offered by AI to make phishing attempts even more convincing.
Which companies are interested in your solutions?
We are currently launching a number of offerings on the market that are specifically aimed at small and medium-sized companies, such as Cloud Integrated.
They have the highest demand for cybersecurity that can be seamlessly implemented and managed at a manageable price. Cloud Integrated offers comprehensive protection, can be integrated into existing architectures in just a few minutes and is also affordable for smaller companies. However, our customer base includes companies of all sizes and from all industries.
Do Mimecast’s solutions even make sense for small and medium-sized companies? Aren’t large companies more likely to be the focus of cyber criminals?
Unfortunately, cyberattacks affect companies of all sizes and in all industries. Especially within the ecosystems and supply chains of a networked world, practically any economic player, right down to the solo self-employed, can be a target.
As already mentioned, it is mainly small and medium-sized companies whose human and financial resources are often too limited to be able to get back to work quickly once a ransomware attack originating from an email has occurred. On the other hand, they also do not have the means to bridge long downtimes. For them in particular, professional security solutions are therefore of vital importance. The aim of any security strategy should be to maintain business operations and ensure availability in the event of a cyber incident. Companies in the critical infrastructure sector – including financial service providers of all kinds, for example – and their suppliers are even obliged to do so under the IT Security Act.
So, cybersecurity is more important for small and medium-sized enterprises than for large companies? Many companies are already using the M365 E3 or E5 packages. They are already well protected against cyber-attacks by the integrated security solutions, aren’t they?
The integrated cybersecurity of M365 alone does not offer sufficient protection. For example, eleven per cent of emails were marked as secure via Microsoft E5 but were not. AI-supported detection blocks all email-based threats. Mimecast provides an additional layer of security, making it an essential addition to M365.
What advice would you give CISOs?
Any chain is only as strong as its weakest link. Even the most sophisticated and comprehensive cyber security strategy can fail if just one employee falls for a well-crafted phishing email and reveals their login details on a cloned page. The attackers can then remain undetected in the system for weeks, stealing data at their leisure, encrypting it or rendering it unusable and causing damage to the company.
Cybersecurity is therefore not just a technical issue, but also one of awareness and, above all, of corporate culture. Employees must have the knowledge and resources to be a strong link in the chain. However, they also need contacts they can turn to in confidence if they have clicked on the infamous link – and without fear of sanctions. Of course, technical solutions remain a key pillar. Cyber criminals are now using AI and machine learning, making their attack methods more sophisticated. Companies can only stand up to this if they make use of these technologies for their own defence.
Cybersecurity concerns everyone. Companies of all sizes, but also individuals and private persons. Data or identity theft has tangible economic and legal consequences. Corresponding regulatory requirements apply to everyone, violations and negligence can be justiciable and lead to penalties and claims that can threaten a company’s existence. The intangible effects of cyberattacks, such as stress, psychological strain, damage to reputation and image, should also not be underestimated.
What is different are the specific challenges. The cyber risks that large companies tend to have to deal with include, for example, securing supply chains, protecting their own brand or large workforces with a correspondingly large number of decentralised end devices and access points, which may also be subject to different legal systems and jurisdictions, depending on location, when it comes to data transfers, for example.
Thank you for the interview!
