When it comes to cyber crime threats, are you in flight or fight mode? Nicola Whiting, COO of data security expert Titania, tells Frank Tennyson it pays to be ready for an attack
%image(15748035, type="article-full", alt="Nicola Whiting "vision" notes (c) Antony Thompson/TWM")
Cyber crime is a hot topic these days. Whether it’s foreign powers supposedly rigging elections, or Facebook users having their data stolen for nefarious purposes, the world’s consciousness has become increasingly focused on digital security.
Add into the mix incoming EU legislation – General Data Protection Regulation or GDPR, designed to give EU citizens more control over their personal data – we all have a heightened awareness of the misuse of some of our online information
But is this increased mindfulness enough? One company, Worcester-based security firm Titania, is on the front foot in the fight against hackers. Yet, COO Nicola Whiting believes knowledge doesn’t necessarily translate into action.
“People might know about the problem but as human beings, when confronted with danger, we often have a fight or flight response,” she says. “People often ignore the problem because of the fear involved.
%image(15748036, type="article-full", alt="Nicola Whiting, Chief Operating Officer of Titania (c) Antony Thompson/TWM")
“Business owners are more interested in doing things like growing, recruitment and so on. So when you are facing fear, people tend to remove themselves from that environment and they leave the room mentally.
“They might be at a seminar on GDPR but they are not engaging and certainly not taking action. Our industry job is to stop talking about fear and start talking about hope and what we can deliver!”
Fortunately no-one can accuse Titania of not delivering since its founding in 2009. Started by tech whizz Ian Whiting (Nicola’s husband), it is a business based on identifying a need and providing an ingenious solution.
Nicola explains: “My husband started out with the premise he wanted to solve his own problem. He was a check team leader doing security audits of more devices than he could really handle. That was because, at that time, it involved the very technical job of a line-by-line analysis of how that device was configured and where the weaknesses were that somebody might exploit.
%image(15748037, type="article-full", alt="Nicola Whiting "vision" notes (c) Antony Thompson/TWM")
“Typically that job would take him half a day and he’d have to write a report, which would be another half a day. That’s a lot of manpower for a single device.
“So he built a tool – the first version of Nipper [Titania’s auditing product] – which would automate the whole process. Rather than taking a whole day to do the process, it took about a second.”
Titania effectively started in a bedroom in 2009, and Nicola joined in 2011. The company has since expanded rapidly and is now widely regarded as the leader in supplying security and compliance configuration tools in the UK and, increasingly, globally.
Clients include giants in retail and manufacturing, telecommunications, banking and financial and government and military agencies. Nicola cites one example of their client, the US Air Force, who might have 150,000 devices to audit, which would be 150,000 man-days to potentially do the job properly.
%image(15748038, type="article-full", alt="Brunel table in Titania offices (c) Antony Thompson/TWM")
“Obviously they don’t have that time,” she says. “So now you can see that automation isn’t just convenient – it’s essential.
“That’s what automation does. But what automation means it frees people up to do something more productive.
“You’ve got experts, those cyber generals. in their fields effectively filling sandbags, sticking fingers in dykes – and that doesn’t make sense on any level.
“By automation doing its job, you are freeing those cyber generals to have a helicopter view, to be strategic, to plan what their next mode of operation is.
%image(15748039, type="article-full", alt="Nicola Whiting, Chief Operating Officer of Titania (c) Antony Thompson/TWM")
“Our device back in 2009 was the first in the world, and therefore the best in the world. And I’m pleased to say it’s still the best in the world.”
The villain in the cyber crime theatre is the hacker – a boffin with expertise in code and the brain the size of a planet. However, whilst Titania are crusaders against their menace, Nicola says that there is a common misconception as to their MO.
“Hackers are actually less sophisticated then they have ever been before,” she adds. “Before, hackers had to be pretty smart, they needed to know how a modem worked, they needed to learn code. Now all they have to do is download an app from the Dark Web and run it.
“What’s happening is a massive explosion of crime in this area. Attacking an unprotected, or poorly protected organisation is very low risk and potentially high reward.
“Criminals follow the money and where is the money? It’s online. It’s extortion by code. What’s driven us is the desire for hackers not to have an easy option. Hackers shouldn’t have an easy option.
“We say as an industry that there is anywhere between 50 and 75 per cent likelihood of small or medium businesses being hacked. I don’t like those odds.
“As a tribe of people we decide we are better than this. We want to empower our cyber experts so they can focus on the things that grow their business.”
Throughout our conversation, Nicola constantly refers to “people” (Titania doesn’t have “staff” they are part of a “team”) and the human condition.
Fifty people, ranging from their 20s into their 60s help drive this exciting company forward in their impressive headquarters just outside Worcester city centre.
But whatever their demographic (and Titania has a thriving apprenticeship program), the team share similar attributes. A wish to learn, to improve, to contribute.
Nicola explains: “Interestingly a lot of people who join Titania are not technologists. They are people with a strong curiosity, a strong desire to develop and learn and a strong desire to be the best they can be.
“What we all have in common is an understanding that a person who wants to learn will want to learn forever. If you don’t have those people and you are a fast growing organisation like ourselves, then something pretty bad happens. You outgrow your people and they get disillusioned.
“Everybody wants to feel they are part of something bigger, they want to feel valued. And that is something I think Titania is pretty good at.”
Rapid expansion saw Titania move into their latest premises in 2014 and the team are currently developing a floor in Security House to cope with their growth. So what of the future?
“Ninety per cent of our business is export so the next step is going to be working more with overseas partners,” says Nicola.
“We are working with some pretty big partners because they are in the defense industry, therefore we are developing our capability further in automation. We are already the most accurate, stopping hackers having the easy option, but we are always looking forward.
“Our goal is freeing people up to work on the things that help grow their business. As I keep saying, ultimately, technology isn’t about wires or computers, it’s about people and that’s what we invest in.”
Titania’s culture
Nicola sets out the values that came from her team and them apart
1. Choose positivity.
It’s about your mental attitude. It means you bring your best self you are capable of on that day.
2. Be a titan.
It’s about being accountable, about learning, sharing collective knowledge. It’s about team.
3. Go give.
Every member of our team has been given a book by Bob called The Go-Giver. The premise of the book is that your true worth is determined by how much more you give in value, than how much you receive in payment. I don’t care if I’m paying someone £1,000 per day, if they are giving £2,000 worth of value for that day.
4. Have fun.
We celebrate our successes, whether it be personal milestones, business wins or our fabulous cabinet full of awards!
Nicola on GDPR...
“GDPR will be a set of regulations that we have to follow. It was designed because people were just fed up of losing their data. They are fed up with Facebook type things happening. They want to be able to trust the people with which they are engaging. Trust is everything.”
“Will it work? I’m not sure. Cowboys who play fast and loose will still find a way around the regulations. But it will encourage people to be more security conscious.”
“Facebook lost value as company and Equifax’s stock is still down. This is heartening because this will certainly focus minds in the boardroom. Organisations are having long-term hits. It hits them where it hurts.”
“Security is about the basics. It’s cyber hygiene – not complex. But we are not managing to do these basics in a consistent way.
As an industry we are failing our end users.”
