Dark web, Cloud, reputational risk, and more
- Company: Digital Shadows
- What it does: Digital Shadows monitors and manages an organisation’s digital risk, providing threat intelligence across the widest range of data sources within the visible, deep, and dark web to protect their brand, and reputation.
- Founded: London, May 2011
- Founder/s: Alastair Paterson and James Chappell
- Size of team: 150
- Your name and role: Alastair Paterson, CEO, and co-founder
THE NEED TO KNOW
What is the ‘dark web’ and why must corporates be worried about it?
The dark web is part of the world wide web that is ‘hidden’ and not indexed by traditional search engines. It allows those that use it to remain anonymous and untraceable. It’s important to say that it can be a force for good, for instance allowing freedom of speech for those living under repressive regimes. However, its anonymity does make it easier for cyber criminals to operate. Corporates shouldn’t be “worried” by the dark web in itself but be aware there is a thriving cybercriminal eco system that exists throughout places on the Internet where stolen company and customer data is bought and sold.
What are the problems you trying to solve?
Security teams have spent the last 20 years protecting the company perimeter and network, keeping its data inside and building up the walls to keep the bad guys on the outside. That method no longer holds true now we have the cloud, social media, mobile devices, and the Internet of things. Digital Shadows focuses on managing these external, digital risks. We identify things like leaked data, brand and reputational risk and cyber threats to our clients. We take a proactive approach – we look at open Internet sources and cybercriminal forums for evidence of breach data being bought and sold. We look for ‘chatter’ amongst the criminals – if we see evidence of them looking to target one of our clients or a system they run, we alert them to it.
Do you use artificial intelligence to carry out this monitoring?
We use AI and machine learning techniques as part of our stack. We strive to monitor the entire Internet, across hundreds of millions of data sources in 30+ languages, automatically identifying risks. However, technology will only get you so far. Once our SearchLight solution has identified potential risks, it’s then over to our intelligence operations analysts to lift the signal from the noise, and then send our clients the priority cases.
What is your opinion on the recent data hacks at Yahoo, Equifax, NHS etc?
Even the most tech-savvy businesses are open to the menace of data breaches and cyberattacks. But there is a big difference between how some of these breaches have been handled. It is beholden on all businesses who have suffered a data breach to notify their staff, customers, suppliers and in some cases the regulator that their data might be exposed. Too many of these companies are getting caught completely cold – they have had no concept of their digital risk exposure. It means they’re not finding out quickly enough when or how they’ve been breached so they’re not on top of the incident.
How big is the market – and how much of it do you think you can own?
Cyber security is now one of the leading concerns of organisations globally. The market for what we do is huge since all companies face digital risks that can have a significant impact on their business. Our top verticals are finance, retail, technology, healthcare, pharma. We are the market leader in our space.
How do you make money?
Our clients come from a variety of different sectors and all have one thing in common – a need to ensure the vital information that runs their business is kept as secure as possible. We supply them with a 24 x 7 service to manage their digital risk across the widest range of data sources within the visible, deep, and dark web. Our clients typically pay for an annual subscription to our services.
Who’s bankrolling you?
‘Bank rolling’ isn’t quite the term I’d use – we are achieving high rates of organic growth with an enviable client list. However, we are of course really proud of the investors we have on board. In September this year we announced our Series C funding of $26m to (amongst other things) fuel global expansion. This was led by Octopus Ventures, with participation from World Innovation Lab and Industry Ventures. Our other investors include leading firms from the UK and US such as Storm Ventures, Trinity Ventures, TenEleven Ventures, Passion Capital, and Paladin Capital Group.
Who’s on your team that makes you think you can do this?
We have recruited some of the best in the business as well as having attracted some of the top investors in our sector from the UK, US, and Asia. From just myself and my co-founder, James Chappell, six years ago we now number over 150 people globally. We have also completed three funding rounds raising $49m in the process.
What advice would you give other entrepreneurs trying to secure that kind of finance?
It’s not just about the finance. Look to build a true partnership. We have in the past turned down offers from elsewhere because we didn’t feel the chemistry was quite right. So be patient, get a number of competing offers and don’t jump at the first one.
Do you have expansion plans? What do you believe the key to growing this business?
We are looking at Asia as the next move for us.
What metrics do you look at every day?
I look at a number of leading pipeline and revenue indicators to see how the company is performing and make sure we are well resourced for the expansion ahead of us. In addition, a critical area for me is our client happiness and engagement. I look at NPS scores and how much our clients are using our platform to keep a handle in that area. Happy clients are essential to building a successful company.
What’s been the most unexpectedly valuable lesson you’ve learnt so far?
“Hire the professionals then get out of their way”. At certain points in the company’s growth you need to make the big hires, trust them, and let them execute. Being an entrepreneur is a lesson in humility where you gradually hire people that are better than you at every role in the company. We’ve certainly done that now and have a stellar management team I’m proud to work with.
What’s been your biggest mistake so far?
We probably underestimated how quickly the company would grow in all respects and as a result have had some growing pains putting in all the infrastructure the company needs for this journey – it really is a new company every 6 months which is exciting but also challenging.
What do you think is on the horizon for your industry in the year ahead?
Unfortunately, we think there will continue to be more and more data breaches. It used to be a weekly occurrence we would see these arise but it’s now almost a daily occurrence. Attacks are getting more sophisticated and more targeted than ever before. Therefore, the cyber security industry must rise to this challenge and get even better at protecting the organisations that hold our valuable data.
Which London start-up/s are you watching, and why?
I’m a big believer in the nascent cyber security scene in the UK. I am excited about are Garrison, Panaseer and CheckRecipient. All have unique technology, great founding teams and are solving real problems with big markets.