Sophos’s Dermot Hayden: ‘IT security is critical to digital transformation’

5 Oct 2018

Sophos country manager Dermot Hayden. Image: Sophos

Security has often been the laggard in the digital transformation journey but that is changing says Sophos country manager Dermot Hayden.

Sophos Ireland country manager Dermot Hayden leads the Sophos business in the Republic of Ireland, Northern Ireland and the Channel Islands with management responsibility for all strategic sales, channel and marketing activities.

Prior to joining Sophos in 2009 Hayden held senior roles with Hewlett-Packard and, prior to that, he worked with Compaq. He is a graduate of both Athlone Institute of Technology and London Metropolitan University.

‘Most Irish businesses are well down the road of digital transformation as technology is increasingly used to solve traditional problems’

Security software giant Sophos is a UK-headquartered business founded in 1985 whose technology typically protects enterprises with between 100 and 5,000 employees. The London Stock Exchange-listed company employs more than 3,100 people worldwide and recorded 2018 revenues of $768m.

Tell me about your own role and your responsibilities in driving tech strategy in your organisation.

As a 100pc channel-focused organisation, Sophos’s business is transacted through our extensive network of accredited business partners. My role, and that of most sales professionals in Sophos, is to enable, support and collaborate closely with those partners to deliver Sophos IT security solutions to our joint customer base. The feedback we receive from our customers and partners in terms of challenges they are facing and developments they would like to see contributes directly to Sophos’s overall tech strategy and is what underpins the strong bonds we have with our channel.

What major product or IT initiatives are you spearheading?

Sophos is doing something that has never been done in the IT security market. We are succeeding at being a leading provider of both end-user security and network security. We’re now leading a new wave of security innovation with our synchronised security strategy. For the first time ever, this allows endpoint and network security products to actively and continuously share threat intelligence with each other to more effectively protect against today’s sophisticated threats.

All elements of a business’s security system across desktops, laptops, smartphones, tablets, servers, encryption, email, web, Wi-Fi and firewall need to be tightly integrated, communicating in a real-time, intelligent manner that’s managed via a single integrated dashboard if companies are to build a security system that’s truly fit for purpose. Sophos Central, with a synchronised security heartbeat, enables businesses to do just that by starting at whatever point in the process best suits them and then adding the other elements of a synchronised security system over time.

In addition, following the acquisition of Invincea in 2017, Sophos has now integrated world-leading deep learning technology into its endpoint security portfolio. Designed to detect and prevent unknown malware and sophisticated attacks via its neural network algorithms, Sophos is leading the way in the new wave of predictive security.

How big is your team in Ireland?

Sophos is headquartered in Abingdon, Oxford and we have an Irish office at the Airport Business Park in Cork. We currently employ 15 people across sales, software development and support in Ireland, with most based in our Cork offices and the rest working remotely.

What are your thoughts on digital transformation from a security perspective and how are you addressing it?

Most Irish businesses are well down the road of digital transformation as technology is increasingly used to solve traditional problems. I think, for many businesses who have made that transformation over the past 10 to 15 years, IT security lagged behind, often far behind all other considerations. However, that has definitely changed in the last four to five years.

For us, IT security is and always has been a critical element of digital transformation, but, historically, some organisations haven’t placed a high value on their security. I think it has taken some high-profile, headline-grabbing data breaches and increasing industry and government regulation to drive a change in mindset. Thankfully, IT security is now front and centre of all IT transformation projects, which is where it should be.

What big tech trends do you believe are changing the world and the IT security world specifically?

I think AI is the tech advancement that is having the biggest impact on the world of IT and beyond and will continue to do so for some time. It’s inevitable that as AI becomes pervasive in performing the more mundane, repetitive information processing tasks it’s largely focused on at present, we will likely move to a more advanced phase of AI where we see whole new opportunities and ways of doing business emerge that we can’t even imagine.

AI is also a critical element of IT security, given the huge amount of data processing and decision-making that is required in real time. Some IT security can be reactive and slow. As the volume and complexity of cyberattacks has continued to grow, legacy approaches have struggled to keep pace.

For example, SophosLabs analyses over 400,000 new malware samples every day. To make meeting this challenge even more difficult, SophosLabs found that 75pc of malware is unique to a single organisation.

Dealing with this huge volume of complex threats is best addressed with AI and Sophos’s deep learning neural networks. It’s an advanced form of machine learning, which helps us change the way we approach IT security. By integrating deep learning, our Intercept X solution is changing endpoint security from a reactive to a predictive approach to better protect Irish businesses against unknown threats.

In terms of security, what are your thoughts on how we can better protect data?

Businesses today, whether small or large, must live and learn to thrive in a world of ever-increasing cyber risk.

Risk is rising for many reasons, including an increasing attack surface area due to the growing use of mobile devices and cloud services, combined with the constantly increasing volume and complexity of cyberattacks. The attack surface area and volume and complexity of attacks is leading to increased data losses, which raises alarms and forces the question of what we should do differently.

Most Irish businesses do not have the team needed to make their current fragmented security solutions work in the coordinated way they need to in order to defeat this ever-increasing threat complexity. Layered, overly complicated and poorly integrated security systems are a legacy of the past, and pouring investment into IT security consultants to cobble together independent security products is not the answer. A fresh and radical approach is needed to put in place and to build a truly integrated and synchronised security system.

What are the latest tools and techniques hackers and bad actors are using to attack IT systems?

Ransomware is still one of the most widespread and damaging threats that Irish businesses face.

Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.

Ransomware’s success, if you can call it that, has largely been down to the sophistication of the attack techniques. The constant innovation by the cyber-criminals, combined with security holes within companies IT security defences and a lack of advanced protection technology, also contributes to its success.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years