Cheltenham Systems

Intruder Interview

I’m now a customer of Intruder, a cyber security start-up, run by Chris Wallis.

As I did with CyberShield, I thought an interview with Chris would be fun, and give him the chance to explain Intruder a bit. Here’s how it went.

JD: Firstly, what does Intruder do to help good people, and make bad people’s lives harder?

CW: We find the cyber security weaknesses that the good people have in their computer systems, and advise them how to fix them, before the bad people get there. This means by the time the bad person gets there, there’s no weakness to exploit anymore, so they can’t break in.

JD: Give me an example of how that would happen.

CW: So last year a company called Equifax was very dramatically breached by a publicly known weakness in some software they were using on one of their websites. The weakness wasn’t unique to them, it was discovered and announced by a security researcher and affected everyone using the same software. Equifax were even subscribed to a list of such weaknesses, but it fell through the gaps. What we do at Intruder is make sure these don’t fall through the gaps, by highlighting the most urgent weaknesses, without burying them under a list of all the others.

JD: Who’s in the team doing this?

CW: We have a team of security analysts who spend all their time looking at the latest weaknesses discovered by researchers, and deciding which ones are the most serious. When we see ones which we believe have the potential to cause a breach like at Equifax, we run proactive scans on all our customers looking to see if we can detect those weaknesses.

JD: Why would a sane small business trust your team to know what they are talking about? What are your creds?

CW: Well trust is quite rightly a huge issue for any business when it comes to choosing a security supplier, but luckily our team has a wealth of experience in this sector. I’ve previously been trusted by both the UK Government and a number of well known high street banks to test their security systems, and our CTO has built systems used by very well known international financial institutions, so we can honestly say we’ve got some of the finest people in the UK working in our team.

JD: Is this service of any use to a family, or to my mother-in-law, or is it only for serious businesses with lots of IT?

CW: The clients we’re currently working with generally will have some kind of in-house technical expertise, whether that be a programmer or an IT manager, as they will need to be able to perform the fixes as we recommend them, which may be slightly beyond the average computer user.

JD: Where is the business, now? Are you just a good idea and a website, or do you have paying customers?

CW: Absolutely, we signed up our first customer within three months of starting back in 2015, and are now well into the double digits in terms of customer numbers. We’re also working with a number of partners who we’re hoping will take us from the tens of customers we have now, and into the hundreds and thousands.

JD: Have you saved any of those customers from being hacked, so far?

CW: Without a doubt. We’ve found some really interesting stuff, and helped ward off attacks like the one that hit the NHS last year, but obviously I wouldn’t be able to go into too much detail about exactly what else we’ve found. 😉

JD: What do the Intruder management team really want to achieve, longer-term?

CW: Fundamentally cyber security is too complicated at the moment. It’s so difficult even some of the best known brands in the world are struggling with it, not to mention your average mid-sized business. We’d like to solve this, and grow our own brand until we’re known as the default choice for anyone looking for simple cyber security solutions.

JD: As a person who knows a lot about real-world hacks and cyber crime, what single piece of advice would you give to each of these groups:

i) a big corporate like M&S, BP, or Network Rail;

ii) a small business like a hair salon, a garage, or a corner shop;

iii) my mother-in-law, worrying about getting phishing emails, and having her savings robbed?

JD: Do you take your own advice? Is your own company cyber secure, or are you like a doctor that smokes?

CW: “Cyber security” isn’t a yes or no question I’m afraid. Even the big banks are not 100% secure, but they adopt a security posture that’s appropriate for their level of risk, as do we. That’s in fact all anyone should be aiming for. It’s just about figuring out what your main threats are, how likely are they to occur, and what do you need to mitigate them. That said, we obviously have to take security a lot more seriously than your average startup, as a breach could make a serious impact to our prospects.

JD: You’ve been part of the GCHQ/Wayra cyber accelerator for a while, now. Would you recommend it to others? If so, why?

CW: Absolutely, for the simple fact that you get to meet people who otherwise would never reveal to you the incredible nature of their work. The connections you can make are beyond that of any networking event you’ll ever go to.

JD: Tell me one juicy secret you’ve learnt from working with GCHQ experts.

CW: Well I would, but I’d be worried about not being invited back…. apparently revealing their secrets is “frowned upon”. Although, it’s surprising how willing they seem to open up these days, a lot of the work they are doing now is increasingly in the public domain, especially with the NCSC. I think as an organisation they’re really coming out of the shadows and onto centre stage.

JD: Thanks, Chris. Good luck to you and the Intruder Team.

If you want to try out their service (there’s a free trial available), check out their website (link above), or go straight to their sign-up page.

JD