Exclusive Networks NZ general manager Alex Teh has a mission - to get New Zealand enterprise up to speed with cybersecurity, and he says that the channel is the answer.
After selling his UK based cybersecurity company a year ago, he moved back to New Zealand and has spied a gap in the market that needs to be filled.
ChannelLife sat down with Alex to hear the numbers and get his perspective.Tell me the numbers, what are we talking about here in terms of cyber threat in New Zealand?
Well, we have the second highest rate of ransomware attacks in the southern hemisphere.
The international average for the number of days that it takes to detect a breach is 250; in New Zealand, it's 520.
One-fifth of our population has experienced some sort of attack, that's about 800,000 people.
The CEO of every publicly listed company has experienced phishing, or as we call it ‘whale-hunting', and because their email address and everything is out there, people are posing as CEOs in order to target others.Those are some confronting numbers. What are Exclusive Networks doing to help combat this?
It's Exclusive Networks' job, and the channel's job, to ensure that our partners are trained, have the right information, and have the ability to provide intelligent advice to their customers.
The world of distribution providing warehousing and credit facilities as value-added is simply not good enough anymore.
Distributors have to do a better job at education and training.
They should be a true extension of the vendor, technically, commercially, strategically, all of those important things that help partners grow their cybersecurity business.Why has NZ fallen behind other countries with this?
I don't know, I haven't been around for 16 years, but I see a market gap and there is a massive opportunity for organisations that can breach the gap.
I also think distribution has been cannon fodder for staff poaching, which means the good ones are always leaving for vendor jobs or reseller jobs because those organisations tend to pay more.
However, I think that gives distributors an opportunity to bring up, coach, train young, new blood into the industry.
I would prefer to hire a young, enthusiastic, intelligent person that I can mould than a dinosaur any day (we laugh). You can quote me on that.I will! As someone who has been on the outside for some time, how do you see the NZ channel?
We're quite mature as a channel-led business environment.
A lot of our resellers and managed service providers (MSPs) are quite advanced in the provision of managed services, cloud services, and outsource services.
As a market, we have developed that way due to the fact everyone is fighting over the same resources, which is why partners that have been able to build technical capabilities that can be provided to a wider group of organisations have been extremely important to the growth of the channel in NZ.
From a cybersecurity perspective, I think that the channel is learning to do more but when you look at what international organisations and international government bodies are doing around cybercrime, I don't think that we are doing enough.
Europe and Australia have introduced compliance drivers, the GDPR (General Data Protection Regulation) and the breach and notification law, which allow central government bodies to fine organisations for data breaches.
I think organisations that lose that data need to be held accountable and it is the channel's responsibility to provide the capabilities to provide defence against these types of leakage and attacks.There has also been a lot of progress in the technology of cybersecurity with the integration of AI.
Great that you brought that up, I grew up in the generation of The Terminator and The Matrix and my generation have a fear that AI could be the cause of global destruction just because they watched too many Hollywood movies but In my opinion, AI is instrumental in the provision of cyber defence.
You've hit the nail on the head. Although I'm fully in agreement that the adoption of cloud is fantastic for NZ companies, I also would challenge the fact that the security around cloud services such as Azure and AWS have not adequately been addressed.
When I've asked companies that are using AWS or Azure, "What are you doing about securing your data in the cloud?" many individuals that I've spoken to have said, “We haven't thought about that yet.
If I was a hacker or writing malicious code, that is gold. If I took out an MSP or a cloud provider I'd not only get that one company, I would get a whole variety of information from all their customers that I could take advantage of – just imagine if salesforce.com was compromised.'What can channel players do right now?
Build up their cybersecurity portfolio, rather than just focusing on having a good anti-malware product at the endpoint and having a good next-gen firewall product at your gateway.
I think that's the opportunity for the channel; you will see partners that specialise in security really thrive in the future because rather than selling them a firewall and an antivirus you're selling an entire solution set.
For example, when an organisation is looking at putting in a DLP product, they should look at the business outcome they are trying to achieve.
I would recommend they look at classifying and structuring their data before buying a DLP product and then making sure that when the DLP product is installed, we give their users the ability to transfer that information and data securely by providing a good managed file transfer product to use.
Putting in a solution set of products like that requires specialist value-add from a partner that has been trained to look at the workflow rather than just shipping a product to a customer.How long until NZ catches up with its data breach regulation?
Less than 5 years.
I think that journalists will catch onto the fact that many people are interested to find out what data breaches have occurred in NZ and which boards and IT departments have swept it under the carpet hoping they will never be found out.Do you think there have been any high-profile data breaches in the last few years that have gone unreported?
I know many and I've only been back in the industry a year.
I can't tell you about them as it's not my position and I have confidentiality agreements in place but the day will come where it's mandated for those companies to let the market know that they've been breached.
And that day will be very soon.