DEFINING A DECADE
10 years of growth for Corsham ’ s CND
Computer Network Defence ( CND ) are a specialist cyber security consultancy and recruitment agency . Founded in 2004 , the firm has been at the cutting edge of cyber defence for nearly twenty years . We met CND ’ s Founder and Chief Executive Officer , Andy Cuff , to find out more about the company ’ s growth and how the field of cyber security has evolved in the last decade .
How has CND grown as an organisation in the last ten years ? Our growth has been steady and organic . The past few years has seen a year-on-year increase in turnover of around 20 per cent , with profit being reinvested in people and technology .
What ’ s driven its growth ? Reputation . We have no sales staff and are reliant on word of mouth and reputation for new clients . In order to maintain our position , we must be ethical and deliver the ultimate affordable service to our clients . In essence , our clients are our sales team . It also helps that we only employ nice , yet highly capable , people . Our staff are our ambassadors , and our clients love them .
Has your offering changed / adapted ? Massively - the cyber sector is moving at a phenomenal pace . 10 years ago , our work was predominantly long contracts , on site , with huge enterprises . Now it is all sizes and types of business , from milkmen to the military , from banks to biomass generators , and from superyachts to spacecraft . Client sizes vary from Fortune 100 right down to micro businesses . We have had to remain agile both in the spread of services and also how they are delivered .
Has the team grown ? Our permanent headcount rose from just five to over 30 , with an equal amount of cyber security contractors . The issue we faced was finding the right people . We could find capable staff and we could find nice staff , but finding nice and capable staff was a challenge ! The pandemic forced us to adopt remote working and with that brought a huge pool of potential new recruits . We haven ’ t looked back and now have nice and capable staff up and down the country .
What have been the biggest changes / challenges for the cyber industry in the last decade ? The cyber industry has witnessed significant technological advancements in the past decade . The advent of cloud computing has changed the security posture of many organisations , moving them from the comparative safety of an office sitting behind firewalls and a secure boundary , to a more distributed model . Security has now caught up and cloud services can be secured . In essence we have moved from an M & M with a hard shell and a soft centre , through to a marshmallow ( where security wasn ’ t really defined ) to a gob stopper , where there is defence in depth right down to the endpoint and user . That ’ s if you have followed best practise !
One of the big things introduced in the past five years was GDPR . It was the buzz word on everyone ’ s lips for several years but now seems to have been overshadowed with talks of Artificial Intelligence ( AI ), ChatGPT and the Internet of Things ( IoT ). What do you think are the biggest concerns for business in terms of cyber security in the next ten years ? Artificial Intelligence and Machine Learning aren ’ t a new thing . We were using it in cyber 25 years ago to find the proverbial needle in a digital haystack . When it is used for good it is really , really good , and when used for bad , it could be catastrophic . For instance , if we look at phishing ( aka Business Email Compromise ) it has evolved from mass emails which were poorly written and easily spotted , to what we see now , which is criminals researching their victims and constructing extremely realistic emails . When we run phishing simulations on our clients using current criminal techniques , we regularly see over 50 per cent of the staff fall victim to the attack on the first test . It only takes one victim to destroy a business . It ’ s only a matter of time before AI is used by criminals to deliver phishing emails tailored to individuals . I predict that Metaverse Security will be something to look out for . The Metaverse is an advanced Web3 version of the current Internet which offers 3D interaction and decentralised applications to form the next generation of digital world and is essentially any technology which provides an immersive experience .
What are CND ’ s plans for future growth ? CND has never had a formal business plan , if we did , it would need to be rewritten every two months . We have to remain agile and quickly react to any arising threats .
If you could share three top cyber security tips , what would they be ? 1 . Don ’ t be complacent : if you use email or the Internet then you are at risk . We still gain too many clients because of them being breached .
2 . Patch / update your computers and phones : this will remove many vulnerabilities that the attackers are trying to exploit .
3 . Multi Factor Authentication : this is where , in addition to your password , you submit a code from another device such as your phone .
For more info : www . cndltd . com
“ 10 years ago , our work was predominantly long contracts , on site , with huge enterprises . Now it is all sizes and types of business , from milkmen to the military , from banks to biomass generators , and from superyachts to spacecraft ”
THE BUSINESS EXCHANGE 2023 31