5 Minutes With: AJ Thompson, CCO, Northdoor

Tell us a little of yourself and Northdoor

Northdoor is an IT consultancy that was founded in 1987. Our focus is helping organisations across their entire data journey. We have long-standing partnerships with some of the biggest players in the IT sector, including IBM, Dell and Microsoft. Our offerings span three main IT categories: Store, Protect and Use. I am CCO, and have been with the company for 23 years. I am responsible for commercial strategy and ensuring our business focus remains on our clients’ needs.  

What are the main cybersecurity threats facing businesses today? 

Cybercriminals are becoming increasingly sophisticated in their approach, and as we have seen over the past year or so are playing on the uncertainty and change in most work practices.

As a result, phishing attacks - targeting the employees with convincing emails and malicious links - are continuing to be a successful tactic for cybercriminals. 

However, one of the most consistent and successful attacks over the past year or so has been the targeting of supply chains. No matter how sophisticated your own defences are, if your partners have poor cybersecurity, criminals can gain access through the ‘back-door’. In an increasingly connected world, criminals can get to your data, via partners, negating any investment you have made in your own security. 
Therefore, having a 360-degree visibility of vulnerabilities within your supply chain is going to be critical. 

Why are so many businesses vulnerable to cyberattack? 

The pandemic hasn’t helped. Employees working at home, outside of the corporate environment, are more vulnerable than ever to the cybercriminal’s sophisticated attacks, particularly if they are using their own laptops that may have not been updated. 

Another reason is the increasingly sophisticated approach of cybercriminals. Whether it is a direct attack or one through the supply chain, they now have extraordinarily convincing phishing emails, that have tricked even those who ‘should know better’ including the FBI. As a result of their considerable success, cybercriminals are also increased the number of attacks they are attempting. 

What cybersecurity advice do you have for smaller firms with limited budgets? 

Managing cybersecurity in the current environment is a real challenge, particularly for companies with a small - or even no - IT team. Looking at bringing in IT consultancies is one way of ensuring increased security, and can prove more cost effective than hiring an in-house team. 
For the basics though, ensuring that staff are educated as to what the latest threats are, what to look out for and how to deal with them is crucial. Adopting a ‘zero-trust’ approach to all aspects of your cybersecurity can prove an effective method of stopping cybercriminals gaining access to your systems and data. 

This essentially means that every email, every attachment, every message is treated with suspicion until proved otherwise, no matter who sent it. This approach adds a layer of extra security that makes it hard for cybercriminals to gain access. 

What does the phrase ‘Industrialised cybersecurity’ mean? 

This is essentially ensuring cybersecurity is ingrained in every part of your business, including: ppdating software; installing new patches; ensuring policies and solutions are in-line with regulation; and taking a zero-trust approach to every aspect of your day. These are all tasks required to help keep cybercriminals out. 

Automating or ‘industrialising’ these processes takes the responsibility away from individuals. It ensures they do not fall between job roles and that security solutions are implemented quickly and accurately. 

What is the most challenging aspect of your job? 

The speed of change in the IT industry. It was only two years ago when most organisations had most staff in the office. The move to remote working and the ability of most organisations to move extraordinarily quickly, was incredible to see.   

We moved from a traditional resell model seven years ago to focus on data. We make sure your IT suits your business requirements, that it is safe and that it allows you to use data to drive your business. It’s summed up in our strapline: Store IT, Protect IT, Use IT. 

Where do you see cybersecurity being in five years? 

It’s hard enough to predict cybersecurity over the next few months. What is starting to happen, albeit slowly, is that both providers and users are starting to take cyber risk more seriously. The insurers who provide cyber-risk cover have realised that the risk is both real and expensive to fix. As a result, rates are on the way up.

Providers also realise people want integrated solutions, not a dozen apps that don’t talk with each other. And there is an ever-growing awareness that the supply chain is crucial to an organisation, and businesses must ensure they work with vendor companies who are cyber-secure. Half of breaches are through suppliers, which is an extraordinary statistic.  

What’s the most rewarding thing about your job? 

It’s always good to receive peer recognition for your work, and we recently won an award for Best Security solution at a leading IT awards, for our work with The Salvation Army on their supply chain cyber risk. It was especially rewarding as it was the first event we had attended for almost two years, so we could catch up with friends and colleagues. 

Who inspires you professionally?  

I came into this industry back in 1988. After a year of learning about computers I started to work with a chap called Tim Noon. He took me under his wing and taught me the number-one rule: clients come first, no matter what. 

I left to join Northdoor over 20 years ago and he is still one of my suppliers to this day. He once drove overnight from Oxfordshire up to Edinburgh to deliver a memory card to a client’s data centre, as he knew how important it was to me. We still speak every couple of weeks.