Q&A with Shelton Newsham, Director and Founder at Newsham Business Solutions

Media 7 | May 12, 2021

Shelton Newsham, Director and Founder at Newsham Business Solutions, is a highly experienced board advisor, educator and public speaker and specialist in a number of areas enabling me to support management to identify risk, reduce exposure and achieve organisational objectives.He is a subject matter expert in many disciplines including process improvement, organsational assessment and information security. He has also worked closely with both UK Government agencies and international law enforcement.

If you are credible and capable of delivering then customer's confidence will grow, this will lead to more opportunities and business growth.



MEDIA 7: Congratulations on being named as one of the UK’s Top 30 Chief Security Officers at the CSO30 awards 2020. What has your professional journey been like?
SHELTON NEWSHAM:
Thank you, it has been an incredible journey for me. When joined the regional cybercrime unit just over 4 years ago, I had overseen several cybercrime investigations conducted by frontline police officers but the opportunity to run the prevent and protect teams elevated this to a different level. I was able to redefine our approach to cyber protection for businesses and our communities.

The cybersecurity industry has been incredibly welcoming, and I was able to build up key networks across the United Kingdom and beyond. I was able to collaborate with industry and academia to develop new products and provide them free to communities and businesses.

Professionally I was able to learn from some of the best in the sector, people at the forefront of innovation, and dedicated to making people safer. I gradually built up my expertise in several areas and was able to represent UK law enforcement at national and international events.
Being able to design and deliver the largest Police led Cyber engagement project was a real highlight, I was so proud of the National Matrix Challenge and how it empowered children and young people to learn about cyber. The support from all the police forces was fantastic, there remain some brilliant people in Team Cyber UK (Police cyber network).
I was honored to be named Cyber Policing Individual of the year in 2020 at the national cyber awards.

When I was named as one of the UK’s Top 30 Chief Security officers after being supported by industry, I knew I had achieved something special. This gave me the belief that I could make continue to help protect individuals and organizations but from outside policing. To ensure I was best placed to provide the business-focused Information security advice I also completed my MBA. I Left law enforcement in December 2020 and started Newsham Business Solutions Ltd, We’ve gone from strength to strength so I’m excited about the future.

M7: We are also delighted to hear that you will be speaking at Cybersecurity Festival! What topics on cybersecurity are you planning to throw light on for the attendees?
SN:
I am really looking forward to the Cybersecurity Festival, the agenda looks brilliant. I will be discussing the importance of security considerations during digital transformation. I have seen many businesses taking on a digital transformation program without driving this change with a security mindset. We expect teams to drive with speed, precision and agility undertaking transformations which will be making significant changes to process and systems, but it is far too easy to fall foul of focusing on a deliverable and not delivering a secure solution. It is a common theme but I will also be discussing staff awareness training and empowering individuals to be a crucial line of defense.


Finding the right individual who aligns their advice to your business objectives is an important factor in driving improved performance across the organization.



M7: How does NBS help companies by reviewing their business functions, risks, processes and implement solutions to ensure they achieve their organizational goals?
SN:
At NBS (Newsham Business Solutions) We want to support all organizations fully understand their information security exposure, many organizations are vulnerable through overprocessing or sudden expansion. Triaging organizations and following all the key business processes enables them to look at process improvement around information security. I believe that this should be carried out by someone independent as this will help identify gaps that may not be spotted by internal staff as its an accepted practice.  There is an added benefit that by saving money through improvement they can potentially reinvest in security.
I also support organizations that cannot afford a full-time CISO, providing guidance and define metrics to support board discussions.

I also feel that it is crucial that organizations consider all manner of solutions not just technical. A layered defense is important. Management controls are a great place to start, there are many low-cost, high-impact measures we can take before outlaying larger sums on other controls. For technical solutions, I will always work with that organizations to define the scope and objective before approaching the market and making recommendations. I have seen many organizations purchasing all manner of technical solutions which were not the right ones. It is important that the requirement is driven by the business not, other parties.

Finally, we all know our people are the biggest risk in terms of security incidents, I work with organizations to provide awareness training at all levels. Security must be driven from the top, but your staff must be supported and provided with guidance, confidence to report and clear processes to follow. Again, I like to bring back the human factor in delivery at the beginning ensuring specific organizations focused questions can be answered and you can see the confidence grow. This also means that the organization's mission is embedded in the training. I am a supporter of computer-based training after that initial people-focused engagement.


Organisations need to do their research, whilst some organizations are transforming at pace others may benefit from transforming slightly slower. Understanding the market and the factors that will drive your business.



M7: What are the common types of cyberattacks an enterprise is likely to face? What are the preventive measures that companies should undertake?
SN:
Ransomware continues to be the biggest threat; threat actors are still finding this the quickest and easiest source of income. Organization's digital assets continue to grow as does the valuable data held by them. we continue to see medical facilities; academia, local government and private organizations targeted across the globe.

User training, robust backing up policy and technical controls are important. Organizations must remember that one technical solution will not stop every threat no matter the cost, remember a defense in depth is important.

Phishing, business email compromise and related frauds continue to have a serious impact on organizations many due to human error, lack of training is a big factor in this. Organizations need to invest in awareness training, empower their staff and with the right deliverables, you can evidence continual improvement and ROI.

Finally, it’s important to consider the expert opinion, many consultants work independently and will focus on the business requirements not upselling. Finding the right individual who aligns their advice to your business objectives is an important factor in driving improved performance across the organization.

M7: What do you believe are the top three security challenges faced by the companies in the post COVID-19 era?
SN:
Organisations must review their security monitoring capabilities and incident response protocols. They need to make sure that they have visibility of their new expanded operational environment. The pace at which organizations needed to change their normal working practices and move to remote working practices was in many cases transformation that was not previously planned. Organizations should exercise their current incident response, disaster recovery and business continuity procedures to identify further gaps that have developed.

Organizations should review their staff awareness training and consider the environments of their remote workers. Many end-users would have previously relied on office-based colleagues to ask for advice, this has obviously changed. End users are being actively targeted with social engineering, malicious calls which purport to be from the organization's IT support are successfully gaining remote access to systems. Physical security in the home and the correct management of documents also need to be reinforced. Our staff need our support, it is a change for organizational management and business processes but it's also a major change for staff.

From a technology point of view, organizations should review their endpoint protection, ensure appropriate asset management and patching is in place. It’s likely that BYOD is in place so those basic reviews must include end-user devices. Organizations may need to develop single sign-on or MFA for remote access, whilst these seems obvious it has been very difficult for some organizations to survive during the pandemic so some of these processes may have been missed or put on a ‘backlog’.

M7: What do you think is essential to stay competitive in a market that is going through constant digitalization?
SN:
Organisations need to do their research, whilst some organizations are transforming at pace others may benefit from transforming slightly slower. Understanding the market and the factors that will drive your business. I like to use the ‘porter five forces’ model to help organizations retain their competitive edge. Expert advice from security consultants with a business background is also beneficial, understanding the business landscape whilst driving security can lead to real growth.

M7: What is the marketing mantra that you swear by?
SN:
My core mantra is
Capability x Credibility = Opportunity

If you are credible and capable of delivering then customer's confidence will grow, this leads to more opportunities and business growth. I have built my career on being credible and supporting individuals and organizations.

Having a background in law enforcement is a unique attribute, my core belief remains ‘to protect and serve’. This transfers into the private sector, I continue to focus on protecting individuals and businesses that are integral to communities. If you are truly credible you will remain focused on your belief and not be tempted to change on a whim.
Capability to deliver on your words and business objectives builds trust, it also helps change behaviors.

For me empowering positive behavioral change around security is an opportunity we cannot underestimate. We can empower communities, build confidence, and secure businesses by delivering real engagement, support and understanding. That is the opportunity………create a safer world for all!

ABOUT NEWSHAM BUSINESS SOLUTIONS

Newsham Business Solutions is an Independent Information Security Consultancy that puts the organization’s requirements at the forefront of any recommendation. They investigate process improvement and management controls to reduce outlay but if technical solutions need to be considered we are truly vendor agnostic. Their services include organizational triage, consultancy, a virtual / Part-time CISO and awareness training for all levels of an organization. They can also support you through ISO 27001 and support physical security reviews.

More THOUGHT LEADERS

Futurex’s Adam Cason advises, ‘To look at your data security posture with a critical eye’

Media 7 | December 1, 2021

Adam Cason, Vice President of Global and Strategic Alliances at Futurex speaks about some major cybersecurity developments retailers need to look out for in the next 5 years. Read on for his thoughts on the top security needs of brands and retailers....

Read More

'Data is the answer to a more effective digital transformation,' says SonicWall's Diane Walker

Media 7 | November 23, 2021

In this interview with Diane Walker, Senior Director of Demand Generation at SonicWall, we had the opportunity to peek into SonicWall's latest high-performance firewall models that are aimed to combat the unprecedented surge of malware and ransomware resulting from a rise in remote and hybrid workforces across enterprises. She shared meaningful insights into SonicWall's vision of cybersecurity, and how modern-day marketers need to reflect on the different levels of the digital buyer journey. Read on to discover effective approaches towards marketing to drive business growth....

Read More

No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks....

Read More

Futurex’s Adam Cason advises, ‘To look at your data security posture with a critical eye’

Media 7 | December 1, 2021

Adam Cason, Vice President of Global and Strategic Alliances at Futurex speaks about some major cybersecurity developments retailers need to look out for in the next 5 years. Read on for his thoughts on the top security needs of brands and retailers....

Read More

'Data is the answer to a more effective digital transformation,' says SonicWall's Diane Walker

Media 7 | November 23, 2021

In this interview with Diane Walker, Senior Director of Demand Generation at SonicWall, we had the opportunity to peek into SonicWall's latest high-performance firewall models that are aimed to combat the unprecedented surge of malware and ransomware resulting from a rise in remote and hybrid workforces across enterprises. She shared meaningful insights into SonicWall's vision of cybersecurity, and how modern-day marketers need to reflect on the different levels of the digital buyer journey. Read on to discover effective approaches towards marketing to drive business growth....

Read More

No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks....

Read More

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Lookout Announces Industry’s Only Endpoint to Cloud Security Platform

Lookout | January 31, 2023

Lookout, Inc., a business specializing in endpoint-to-cloud security, has announced enhanced capabilities and feature updates to its award-winning Lookout Cloud Security Platform, the only endpoint-to-cloud security solution available on the market. In addition to cloud, internet, and private applications, the cloud-native platform now includes a single policy architecture for administration and enforcement across all mobile devices. A single agent and a single control plane for mobile and cloud security services are also new platform upgrades, providing IT and security professionals with a cost-effective, streamlined administration experience. In addition, the Lookout Cloud Security Platform combines security service edge (SSE) with endpoint security to secure users and data regardless of location. It constantly monitors the risk posture of devices and users to provide dynamic and granular zero-trust access based on the sensitivity level of applications and data. As a result, it enables organizations to protect their workers, devices, applications, and data from unauthorized access and modern internet-based threats. In addition, the extended platform enables clients to make more educated choices about cloud security services using threat data from mobile endpoints. Lookout CEO, Jim Dolce, said, "Digital transformation and the significant adoption of the cloud have accelerated remote work and the use of mobile and unmanaged devices, which in turn exposes organizations to new security gaps that are ripe for exploitation from bad actors." He added, "Lookout's mission is to secure and empower the digital future where mobility and cloud are essential to all that we do for work and play; our endpoint to cloud security platform ensures that your data is protected – regardless of device, user or location." (Source – PR Newswire) The Award-Winning Lookout Platform The Lookout Cloud Security Platform integrates security services based on the company's unique technologies: Lookout Secure Private Access Lookout Secure Cloud Access Lookout Mobile Endpoint Security Lookout Secure Internet Access About Lookout, Inc. Lookout, Inc. is a cybersecurity firm that merges endpoint security with SASE technology to protect data while maintaining user privacy. Its single, cloud-native security platform protects data across devices, applications, networks, and clouds—a solution as fluid and adaptable as the current digital environment. Giving companies and people more control over their data empowers them to maximize its value and flourish. Lookout is trusted by organizations of all sizes, government agencies, and millions of individuals to safeguard sensitive data, allowing them to live, work, and connect freely and securely.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Lookout Announces Industry’s Only Endpoint to Cloud Security Platform

Lookout | January 31, 2023

Lookout, Inc., a business specializing in endpoint-to-cloud security, has announced enhanced capabilities and feature updates to its award-winning Lookout Cloud Security Platform, the only endpoint-to-cloud security solution available on the market. In addition to cloud, internet, and private applications, the cloud-native platform now includes a single policy architecture for administration and enforcement across all mobile devices. A single agent and a single control plane for mobile and cloud security services are also new platform upgrades, providing IT and security professionals with a cost-effective, streamlined administration experience. In addition, the Lookout Cloud Security Platform combines security service edge (SSE) with endpoint security to secure users and data regardless of location. It constantly monitors the risk posture of devices and users to provide dynamic and granular zero-trust access based on the sensitivity level of applications and data. As a result, it enables organizations to protect their workers, devices, applications, and data from unauthorized access and modern internet-based threats. In addition, the extended platform enables clients to make more educated choices about cloud security services using threat data from mobile endpoints. Lookout CEO, Jim Dolce, said, "Digital transformation and the significant adoption of the cloud have accelerated remote work and the use of mobile and unmanaged devices, which in turn exposes organizations to new security gaps that are ripe for exploitation from bad actors." He added, "Lookout's mission is to secure and empower the digital future where mobility and cloud are essential to all that we do for work and play; our endpoint to cloud security platform ensures that your data is protected – regardless of device, user or location." (Source – PR Newswire) The Award-Winning Lookout Platform The Lookout Cloud Security Platform integrates security services based on the company's unique technologies: Lookout Secure Private Access Lookout Secure Cloud Access Lookout Mobile Endpoint Security Lookout Secure Internet Access About Lookout, Inc. Lookout, Inc. is a cybersecurity firm that merges endpoint security with SASE technology to protect data while maintaining user privacy. Its single, cloud-native security platform protects data across devices, applications, networks, and clouds—a solution as fluid and adaptable as the current digital environment. Giving companies and people more control over their data empowers them to maximize its value and flourish. Lookout is trusted by organizations of all sizes, government agencies, and millions of individuals to safeguard sensitive data, allowing them to live, work, and connect freely and securely.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Arkose Labs™ Introduces Arkose Email Intelligence™

Arkose Labs | January 30, 2023

Arkose Labs™, one of the worldwide leaders in bot management and account security, announced the launch of Arkose Email Intelligence™. This new tool prevents bots and bad actors from using fraudulent or dangerous email addresses to target online services and apps. Legacy email intelligence systems are not optimized and are too costly to utilize in high-volume applications such as new account registration that are targets of bot-driven assaults. Arkose Email Intelligence combines email risk discovery with the industry-leading Arkose Protect, a bot detection and challenge platform, to create the first email intelligence solution. This solution prevents bots and bad actors from using fake, throw-away, and other high-risk email addresses to develop synthetic online accounts and launch volumetric account takeover (ATO) attacks. In the second half of 2022, the creation of bogus accounts increased by 81% compared to the first half. Additionally, 11% of all attack attempt sessions were ATOs in 2022 and were of the same severity. Extremely high market demand exists for an email intelligence service that is both highly effective and reasonably priced. Existing services are exorbitantly costly, often compelling CISOs and product teams to use email intelligence at restricted locations more profoundly in the user flow of an application, such as during the payment transaction. This trade-off leaves important occasions, such as the creation of a new account, exposed to assault and misuse by email addresses that are fake or high-risk. Arkose Email Intelligence is meant to provide robust abuse protection at a much lower cost than previous industry solutions. This allows businesses to afford email intelligence beyond standard transactions. In addition to combating automated and fraud farm attacks, Arkose Email Intelligence offers organizations over forty relevant data insights. These extensive data points and signals give a multidimensional perspective of the risk connected with the email address, allowing for additional threat assessment and decision-making. About Arkose Labs Arkose Labs is one of the industry leaders in bot management. Its novel method identifies genuine user intent and mitigates threats in real time. In addition, risk assessments and interactive authentication difficulties degrade the return on investment (ROI) behind attacks, ensuring long-term security and enhancing consumer throughput. The firm, headquartered in San Mateo, California, with operations in Brisbane and Sydney, Australia, San Jose, Costa Rica, and London, United Kingdom, placed 106th on the North American Deloitte Fast 500 list for 2022.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More