In association with
Razorblue
Exacerbated by the rise of AI, cybersecurity is a priority for every company. BUSINESSiQ Editor Mike Hughes talked to Stephen Ayers at razorblue about their strategies and solutions
After 17 years in business, and now with more than 180 staff across seven offices, I would imagine IT experts razorblue have seen it all. They have found solutions to every kind of challenge for start-ups wanting the best connectivity through to large corporates wanting to outsource their IT function.
So when it comes to cybersecurity – a permanently growing and morphing threat to all of them – my own approach will be familiar.
At work it is thankfully handled by a team at Newsquest, but away from their guardianship, I’m a bit of a liability.
I may download Norton or McAfee, but after that emails that have a familiar ring to them will be opened, recommended software downloaded and conversations started with people I have never heard of, but who seem “decent enough”.
My main excuse is one that many businesses may use “why would anyone want to break into my system – there’s nothing here they’ll need”.
But every IP address has its own value, and as one part of a corporate structure every doorway has to be kept securely shut.
Stephen Ayers, as Head of Products & Vendors at razorblue, is part of the team setting up the company’s new Managed Security and SOC service – to keep it at the forefront of a battle against an enemy that can change its tactics, troops, and weaponry at the click of a button, so he has to be confident he has the answers.
He certainly has the pedigree to build a service capable of keeping pace with a phenomenal matrix of cybersecurity threats.
Stephen, a Newcastle lad, was brought on board about five years ago because the extraordinarily rapid growth of the team meant they were becoming a force to be reckoned with and needed to agree some long-term strategies about how they dealt with a growing list of suppliers and products.
Before that he had worked in MSPs (Managed Service Providers – third-party companies that remotely manage a customer’s IT infrastructure) for more than 23 years. He started in the industry at a North East firm when they were first setting up.
“It was a great time to start my career,” he tells me at razorblue’s Stockton offices. “I was 18 year old, it was the company’s first week and we were building desks and painting walls – really starting from scratch.
“But it turned into a very good stint, from being four or five users to about 150 and a £20 million turnover. But it got to a stage where I just felt I was ready for a change. I had only ever seen it done one way and was ready for a new challenge.
“The North East is a small world, so I already had a couple of people I knew at razorblue, and we had some good relationships. It also felt right, it was run in a similar style, and I liked the way razorblue did things.
“The account management team sole responsibility is to support the client and become their IT presence and guidance.
“That’s always been kind of my direct and focused style.”
He came in as the head of sales for the North East division, which was then just a small team of four or five and is now nearer 20.
As the momentum grew and the skills in his team were expanding, he was offered the chance to build again – this time to face the hackers, from individuals looking for a quick win to international empires targeting millions of people and businesses every day.
Stephen explains: “There are a lot of security products out there and a lot of buzzwords around like SOC and SIEM (security information and event management), so we had customers saying ‘I want a SOC or a SIEM’ and not really knowing what they really needed.
“Some firms may think that it’s only advantage is as an insurance requirement or as part of the Government’s Cyber Essentials scheme that covers things like tendering or selling to the NHS.
“But we know the market and have handled concerns that are constantly rising on the security side because it is unfortunately just too easy to be a threat – and I think artificial intelligence is going to make it even easier.
“What we found very quickly is that around 90 per cent of issues come from human error, which means a lot of the time the initial mistake is made by somebody within your own business.
“These sophisticated attacks are so intelligent and well-designed that they are very easy to fall for, so we’ve tried to make sure that we’re building packages that meet individual requirements.
“What we won’t do is just go and pick out the SOC product and then go and resell that. We want to add value and make sure that we’re bringing something to the table. So, we’re working to design them into add-ons to our managed IT packages that the majority of our customers have.
“We become their IT presence and their support to give them the kind of services that each business needs. We use providers solutions and try to make them our own so we can take ownership, look after the product and look after the client.”
The responsibility is huge – with a razorblue “filter” expected to catch any attempt to infiltrate a system. Even then, if anything gets through it will be spotted so quickly that it won’t have been able to go deep enough to cause long-term issues.
This is where the true team-building skills that Stephen and the other razorblue leaders have really start to be the difference, because this is all about trust.
These clients are going to open their books to razorblue’s team so that everything is on show and a full assessment can be made, so they have to be really secure in that decision.
There is also a significant cost if the job is going to be done well – so who you bring in as an IT partner is a key decision where reputation, client base and people skills will be as vital as the innovative technology.
As well as having the right tools to tackle the problem they have to be people experts as well, recognising patterns of behaviour and repeat offenders, understanding why people are making the threats and why the people on the receiving end are reacting the way they do.
As I said earlier, it can all come down to one Mike making one slip which means the defence then has to be reactive instead of proactive.
“If there is any kind of highlighted risk, one of our team will take the responsibility for that and it becomes their job to investigate it, report on it and decide on the next step of remediation before the issue spreads across the business,” said Stephen.
“The very nature of the work means we will supply all the expertise 24/7 so there are no weak links in a client’s system.”
Stephen says one of the first steps is to get to know that system inside out and make sure at least the basics are in place and then the add-ons can be blended in.
“The first step is to make sure our clients have patch management, this is massively important to make sure that you are patched to the latest version of the software. So, if there are any Microsoft bugs, they are on the latest version – that is the minimum requirement and if you are a supported customer of razorblue you will have that.
“The add-ons mean that before we even look at our SOC / MDR services (Detect), your environment is in the right space and if we look down our checklists that you’re protected to the best of your ability and the best of our ability.
“The first add-on is Prevent which includes Vulnerability management that will give you regular scanning, supporting any risks and making informed decisions with the clients or bringing our solutions to the table to secure an environment. Within this there will be a technical strategy led by razorblue, and we’ll be making sure that we have regular catch ups with the client to go back go through the information.
Personal errors are still a big way of gaining access, because the attacks can be so clever – a lot of the time it will be something as simple as a link that takes you to a page that looks exactly the same as your main login. Instantly, they’ve got a username, a password and they’ll find a way in.
“We’re also including user awareness training, which will include training plans and videos as well as scenarios and simulated attacks using the sort of approach that people may have regularly fallen for.
“This involves sending something into the customer base and seeing how they react – who has clicked on it and who has opened a link. For me, this is all about education for the staff so that the company becomes more secure.
“Personal errors are still a big way of gaining access, because the attacks can be so clever – a lot of the time it will be something as simple as a link that takes you to a page that looks exactly the same as your main login. Instantly, they’ve got a username, a password and they’ll find a way in.
“I know a lot of these strategies very well, but it is still shocking to me how quickly somebody can do damage or make financial gain in such a short space of time – and it is constantly on the rise.”
Advances like AI mean the training at Stockton and the other six sites is continuous, with an awareness that the cybercriminal themselves will be highly skilled. Stephen says there are ‘interesting’ times ahead.
“Because of rapid developments like AI, different ways of getting into systems are going to be developed all the time. So we have to be on our toes with every product and service as AI is used to break something and fix it for different users. It’s a different world now, so we can’t rest and think we are on top of it, we have to be constantly moving to protect people who have trusted us with their security.
“razorblue will always be a managed IT provider, but I think this is the next big progression. We’ve always done security as part of our toolbag, but now we are moving to the next level.”
Razorblue CEO Dan Kitchen writes for BUSINESSiQ, looking at the factors behind his company’s rapid rise and the goals it is aiming for in 2024.
The second half of this year has been about bettering ourselves, having spent the last three years on a very rapid growth curve – we’ve taken time to analyse our systems, processes and service offerings to make sure they’re ready for the next round of tech change and innovation.
A huge amount of work as gone into our new Security Operations Centre (SOC), a strategic move to provide full 24/7 proactive security analysis and threat hunting, protecting our clients from cyber risk around the clock. With this ready for launch from early next year, we’re looking forward to making the North East a hub for cyber security skills.
We’ve also been lucky enough to win three separate Business of the Year awards, a national nomination for MSP of the Year, and a “Growth Explosion” award. We have also won a few partner awards with industry leading giants like Mimecast and N-Able. All of these awards are a testament to our entire team.
In the people department, we were delighted to welcome George Galloway to our commercial team, boasting over 30 years of invaluable IT industry wisdom. We’ve also added a new CFO and expanded our finance team.
We have also had a whopping 76 new starters this year, making #teamrazorblue even bigger and stronger – investing into our team is a priority, for us, nurturing our people is a no-brainer.
In the new year – we’ll see adoption of AI and Microsoft CoPilot grow. We’ve been improving our skills and credentials in this area and are ready to help businesses take steps on that exciting journey – where they can work more efficiently and We want to deliver cutting-edge end-to-end solutions tailored to our clients’ evolving needs and these services aim to provide seamless business integration, scalability, and data-driven decision-making.
“It’s not just about innovation; it’s a cost-effective strategy to empower our clients with scalable and industry-compliant solutions, ensuring they thrive in today’s dynamic business landscape.
We have more strategic acquisitions in the pipeline which will see us expand into new regions, and add more services to our portfolio.
One of the challenges every business faces at the moment is a skill shortage – and we aren’t alone in this. Scaling up to 200 staff isn’t a walk in the park, especially when it comes to employing the right tech talent.
Staying on top of the tech game is a must for razorblue, and we’re all about keeping those standards high.
We invest a lot of money to grow our team so they can flourish with us, but we remain firmly focused on our mission to be the go-to IT partner in the region, and the journey is looking good.
The region has some great businesses and success stories, and it’s a great region to be a part of.
We’re proud to have joined the Northern Echo’s Level Up campaign, which demonstrates the enormous capabilities and talent in the North East.
Sitting on the discussion panels is really beneficial – hearing thoughts from other business leaders on how they’re combatting some of the issues we are facing as a business provides us with great insight.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here