Educating SMEs about cyber security

In an interview with SME Horizon, Paul Hadjy, Co-Founder, Horangi Cyber Security explains how his company helps small and medium enterprises in the Asia Pacific region use technology to mitigate risks

Can you tell us about Horangi?

Me and my co-founder started Horangi in 2016. I worked in Palantir Technologies and Grab before setting up Horangi and my CTO was in Trustwave Spiderlabs. Both of us had been in cyber security our entire career.

When I worked with Palantir and Grab in Singapore I noticed two major problems. First, I realized that there weren’t enough cyber security professionals in the region. It was more of a global problem really, much more acute in nature. The second problem was that it was very hard to explain cyber security in terms of business context. I had to learn how to do that. In Palantir I was talking to mostly executives and at Grab I was working directly with executives and having to solve cyber security problems in a way that didn’t hurt the business.

Then came a point where I was doing consulting on the side and we made an original version of a product we made for ourselves and that kicked off outside the company. Our first customer was the Korean government and that’s why we came up with the name Horangi which is the Korean word for tiger. 

In 2017 we raised our series A which was about three million. Now we are about 80 people, sixty of those are in Singapore. There are quite a few scattered in Thailand, Indonesia, Hong Kong, Philippines and Korea.

Your company is targeting SMEs in the region. SMEs are probably the most deficient when it comes to cyber security. What is the biggest challenge that they face when it comes to awareness and implementation?

For SMEs specifically, there is a bit of an education piece. So helping them to understand why cyber security is important. Most people in Singapore and in the region have installed security cameras for physical spaces such as a storefront. This is not as good as actual investment in cyber security. 

The Singapore government is doing a great job of educating the market. According to statistics from Microsoft, 60 per cent of SMEs that face cyber-attacks go out of business the following year. Our company focuses on helping companies come up with a plan and our technology helps mitigate the risks. To have a plan in place is very important.

Big enterprises can afford to patch together 15-20 vendors and make something that is workable and get a plan ready but for SMEs the entry point is a steep learning curve that can be intimidating. What, in your opinion, is the key priority for SMEs?

In my opinion, it differs based on business lines. Technology SMEs’ needs will be different from traditional SMEs. I would say that policies and procedures should be the first step. Making sure people in your organization are aware how cyber security can affect them and think about it as part of their daily job.

Step two is putting in technology mitigation measures in place like the products and services that we offer or other companies offer. So step one is getting a plan or a policy in place. Prioritizing policies is almost always one of the things for SMEs.

Companies such as Singtel also push towards cyber security. How do you compete with the big guys like them who have way more resources?

In terms of certifications, we are more certified in this region. We work with our customers and help them solve problems holistically. We have a conversation, understand their risks and help mitigate their risks. I think a lot of people prefer this holistic approach.

Security as a service for SMEs. When it comes to choosing AWS over Google Cloud as a platform. Why do you choose AWS as a platform?

We chose it in 2016 because then there wasn’t much else at that time. Though, in hindsight, I’m glad we did. We built our platform to be entirely serverless. Our producsts can scale up or down. This makes our margins easier to manage and costs we can reflect back to our customers. As a business we only pay when our customers are using it makes it easier to manage and makes it reasonable for our customer base. 

There is a bit of learning curve in taking people from a traditional IT infrastructure but AWS is providing a lot of training and once you get going, it goes strong. It is automated so there is continuous development to make our product better and faster. We are a SaaS platform so all our customers use the same platform and we can use machine learning and Artificial Intelligence to understand the types of risks and help mitigate it.

We work with AWS libraries but we have developed the codes ourselves.

If you look at the next 3 to 5 to 10 years, what are the biggest vulnerabilities that SMEs will face? Enterprise and govts are better placed to defend themselves than SMEs. Do you agree?

The beautiful thing about cloud is that there are similar protection measures because of companies like us building things that scale whereas we see the same amount of attacks that governments may see. The scary thing is that SMEs can be targeted. There are SMEs working on some pretty cool things like research in technology so they are exposed to threats. Data is sensitive and some of the stuff must be just as interesting as what the government has. People need to realize that this is the new security. Not just look at it as cyber security 

Plan over the next few years?

We are releasing a new product called Warden helps monitor infrastructure of our customer base and helps protect against threats. We are focusing on scaling and selling across the region for the next year. We are also building our team and the cyber security community in the region. Partnering with schools such as NUS and organizations in Korea as well. Our plan is to grow the cyber security community and among the youth. We need more cyber security professionals. We need to build the expertise. We plan on getting into new markets and getting new products and offerings, being close to our customers and working with them to solve the problem.

What is the rough breakdown of the SMEs you work with. Technology or manufacturing customers?

Our ideal customers are companies that are transitioning to the cloud. Go Jek and MoneySmart for instance. They were born in the cloud, they have been in the cloud their entire existence. We also help traditional companies in securing their IT infrastructure. So while we are focusing on companies moving to the cloud, we also help traditional companies with instant responses, pen testing etc.

How do you see the new technologies such as quantum computing? Commercialization might be miles away but it might have serious repercussions for encryption, Internet of Things. How do you see new technologies impacting the cyber security scenario?

Machine learning, AI will solve a lot of problems but there is a nefarious side to it. Just as we can use it to help people, people can use it for stealing. So it’s a game and that is exciting, It is constantly changing. New technologies are being released on both sides. Applications that are boundless. It is very exciting.

One of our differentiators is the product and services combination as SMEs needs the help and education to solve their problems. The way they think about risk is different. Cyber security is essentially risk. As long as the leaders understand what risk looks like, they can make good decisions aimed at cyber security and that is what we help our customers do.