Holker IT - A Fresh Approach to IT Security
Holker IT is an IT consultancy firm that aims to improve clients’ businesses through strategic advice, cyber simulations, implementation and on-going support of IT systems and processes. We 've spoken to managing director and leading UK cyber security specialist Matthew Metcalfe to get an overview of his work and learn about his views on IT security. Share
What's inspired you to start Holker IT?
A desire to create an IT offering that is totally inclusive, covering all the needs of the modern business - not least in terms of cyber security.
I founded Holker IT in 2009, having previously spent 10 years as a network engineer (from leaving school). Initially, the company was just me and a computer, but we have grown significantly and now provide an end-to-end IT and security helpdesk support system for businesses large and small right across the UK.
We also deliver user awareness training and have a CRM platform for managing IT problems.
In our experience, internal IT departments are not particularly good at handling cyber risks, as they simply tend to fix problems with little to no security in mind.
Consequently, we have developed an IT security management platform that can deliver within an IT support desk environment.
What's unique about your product?
The main difference between us and other IT security providers is in the amount of time we invest into developing processes and how we handle helpdesk calls. We offer penetration testing and vulnerability scans with insightful analysis, but we don't stop there. It is rather pointless for a company to be working without user policies. Strangely, many SME businesses don’t bother with policies and that can put them at very high risk.
We audit network security using penetration testing and vulnerability scanning, and help firms to meet cyber essentials and plus standards.
We also offer ‘cyber wargames’, where we illustrate how a business would react at a time of crisis. For example, if your business was under attack, how would you respond, how would you involve your PR team, how would you know you're making the right decisions etc etc.
Our live interactive demonstrations and role-playing games are designed to answer all of those questions and cover every possible scenario. We have run them at special networking seminars in conjunction with a leading UK bank, and the feedback has been excellent.
Our systems maintain various processes that enable quicker patching, with standard templates for locking networks down, which is, in itself, quite a rare.
Our service combines both software and human support, which is critical. Most IT companies only provide one or the other. We offer end-to-end support because, the way we see it, there's no point doing testing and scanning without being able to fix the problems you find. So yes we provide the management platforms, but we also interact with our clients whenever they need us.
What are the most challenging aspects of IT security for businesses today, and how does Holker IT make it easier?
From the cyber security perspective, the challenge is overcoming ignorance. Generally, business people still don’t properly understand the threat and have no idea about the technologies being used for prevention and protection. Business owners don’t invest the time or the money to deal with the problem – and it is a massive problem. Instead, whenever a security issue arises, they turn to their IT department. That is usually their first big blunder as the IT department is often the biggest weakness in the operation.
Let me give an example. If someone was to break into your home and steal your TV, you'd call the police. They, in turn, would write a report and look for evidence on CCTV. However, if someone were to break into your business and steal money from your bank, there are no legal channels for recovery. Neither the bank nor the police can/will do anything to restore your money or secure your assets. You become a helpless victim, and that's something that people find very hard to understand.
The other challenge is to get businesses to react properly. Most of them will say they are covered, but they are usually miles away from adequate cover.
Finally, the biggest challenge lies in the fact that IT has never been properly regulated.
If you invented a new gas boiler, you'd need to have it certified, tested and approved for health and safety regulations before it could go on the market; but with IT, anyone can put anything on the network with no restrictions whatsoever.
Whether we're talking about a small business or a large enterprise, there's no regulation as to who can install the equipment and what processes need to be configured on the network.
The UK Government Communications Headquarters (GCHQ), together with the Secret Intelligence Service (MI6), is promoting the Cyber Essentials scheme, which sets standards for IT and security best practices.
Holker IT is qualified to deliver that scheme, which mitigates the most basic hacking risks. We've been implementing ‘Cyber Essentials Plus’ with our clients for quite some time now. Any changes in the scheme are managed by us, to maintain maximum compliance with regulations.
What people must try to grasp and understand is that the internet was never designed for security. If you happen to be the victim of a cyber-attack, good luck finding the offender among the 80 million suspects!
How do you see the future of IT security in 5 years from now?
I believe IT security and support will be managed by separate, dedicated teams, so eventually a security analyst will not be working with the IT department, but directly with security.
I expect to see a lot more complaints and problems arising about security. As a result, developers will have to write more security into their products.
At Holker IT we feel we are already a step or two ahead; we have spent the past couple of years establishing a dedicated cyber security department and have genuine top level experience and expertise in house. We will continue to take a proactive approach, but businesses really do need to wise up to the threat.
One thing is for sure - having the right level of cyber security is paramount and the days of cheap IT security cover are long gone.