Q. As the CEO of Libraesva what do you think is your most important priority?

It's quite simply, putting our customers at the heart of everything we do.  Our aim is always to maximise their investment with us and strive to ensure 100% satisfaction.

This isn't just something we say, we demonstrate a very personal service every day for our customers. Whether they have 10 or 10,000 users, we make it our business to know exactly who we're working with within the team.  Everyone gets the same level of attention whenever they need it and that applies to 90-95% of our installations, the rest choose to manage it themselves.

Q. Libraesva is growing very strongly, especially in Europe and the UK. Why are you outperforming your larger competitors?

There are a few key factors that have helped us position ourselves within, arguably, one of the most competitive spaces in IT.

Knowledge:  Firstly is our expertise and knowledge in the field of email. This is our sole specialism with all of our R&D is committed to solving email related problems.  All our technology centres around email.

Feature-set: Secondly, is the diversity and granularity of our feature set. We have one of the most comprehensive tools on the market but at a fraction of the cost of like-for-like providers.

Licensing Model: Thirdly, we have an all-inclusive licencing model.  This not only removes any added costs but also means our clients know that future developments of security features and capabilities designed to protect them will never be charged at an additional rate.  This ensures we increase the value of the product over time whilst maintaining pricing levels.

We listen:  By listening to customer feedback we're able to continually improve product features and useability to create a safer email working environment.

Q. Libraesva’s technology, attention to detail, rigorous testing, sandboxing and customer service has been shown to be second to none. How do you do that when compared to the resources of a company such as Mimecast?

We're two completely different organisations. As I mentioned before, we have a very personal service, are dedicated to and purely focused on solving email related problems.

We think our strength is recognising every client is different, has different environments, Different people and different ways of doing things. We understand and cater for that and what would normally take some organisations days or weeks, we are able to turn around in a few hours. This flexibility is what we're about and what we've found our customers are looking for.

We're also not a sales and marketing machine.  First and foremost, we're an army of security engineers and developers that specialise in email who are proactive when delivering the services we provide.

Q. As people prepare to take their first steps in a post- Covid world, what do you think Big-Tech companies should be doing to keep us safe from malicious hacking?

I believe that vendors need to stay committed to security and innovation, rather than to the potential high-yield revenue that the solutions they build can provide.

There's a line between useability and security and is one we tread very carefully, that can often be overlooked because businesses are prepared to pay. It’s in these grey areas that future vulnerability and loops that cybercriminals look at are leveraged. As vendors we have a responsibility to educate businesses on the current threat landscape and dangers, but not for the sake of selling our solutions.

A large part of how this can be done is by making evidence-based information available for customers to make their own minds up. 

It’s so important that the daily staff at these businesses are also equipped with the correct training, awareness and education that is complemented by the comprehensive network/security technology. This will provide the best possible chance that organisations mitigate a successful attack or data breach.

Q. What does next-generation email security look like to you?

Fundamentally it means looking after traditional approaches by focusing on people's relationships and trust and integrating metrics evaluated by individuals in their real-world email communications.

This means advancing beyond standard email hygiene and keeping users' mailboxes free from spam, malicious or unwanted traffic. “Next-Generation Email Security Solutions” should include a wide range of capabilities from targeted phishing and email fraud prevention to unknown threat detection capabilities beyond the traditional “sandbox”.

It should allow flexible connectivity to an agnostic set of mail server providers and allow organisations to assist on that journey, i.e. as they transition from on-premise exchange to O365 or Gmail.

It must also provide the necessary capabilities for outbound email protection, to ensure our own users do not become part of the problem, or aid the spread of attacks.  This also means preventing data leakage and supporting initiatives such as GDPR, as standard and including the hygiene capabilities needed.

Q. Among some audiences, email security is often seen to be less important than other security breaches. Do you agree?

I think a breach is a breach, it doesn't matter how it happened.  It's up to cybersecurity teams to establish priorities for their own businesses.  They know already that email fraud is one of the fastest-growing cybercrimes and will be taking the right steps if they need to.

“What's important” will be different per organisation and so steps to protect data and the levels needed will vary depending on risk assessment.

As an example, if an employee laptop is breached and the only data it contained was pictures of company logos, it's still classed as a breach.  Conversely, if databases containing credit card information and personally identifiable information are breached will not only land you with a hefty fine and have other implications as far as the ICO is concerned, but could also mean your reputation will be damaged significantly and could result in loss of trust by your customers.

With email, you have a central communication tool that stores your entire organisation's communication internally and to any other external companies, you communicate with. The email contains our internal discussions from day to day, all of our business-related information (to our lawyers, tax-related, staff HR and employee information.

A lot of confidential information, including a way to access all the other systems that are potentially viewed as “more important” via “forgot a password” that conveniently sends verification to your email to reset the current password! Security is a mindset and the same approach to security should be applied everywhere and the level of security should be relevant to the risk associated and degree of what needs to be applied to secure that environment.

Q. Covid-19 was a catalyst for billions of people to start working from home. What technological lessons has Libresva learned from that?

I suppose the biggest technological lesson learned here is that our organisations are changing every day so we all have to adapt to how we work.  Systems, processes and people need to keep up with that change in a synchronised way.

Relying on just the solutions alone can be completely negated if our users/employees can provide a convenient way around technology.  A trained workforce will help reduce potentially the biggest risks to businesses out there today - ourselves and our users.

Email is at the heart of every business and for most the primary communication tool. With a shift to remote working, the ability to be transferred to a member of staff by telephone in the company you are contacting for many may not have been possible. This “new way of working” did not always come with a guide for employees and many found shortcuts and what was previously possible, was no longer possible. Employees were potentially more relaxed, or distracted with being at home and “just trying to get things done”.

We have seen a huge influx of traffic across the board since the first lockdown so with high volumes of email there are, naturally, more threats. Phishing campaigns targeting our need for information such as “new covid restrictions” or “new tax relief grant from the government available, claim £2400 if you’ve been working from home for more than 6 months” have been rife.

Enticing the unsuspecting, knowledge-hungry individuals into these campaigns means login details were stolen by malicious groups. We've been very successful in ensuring our customers are protected and have also provided a means for our customers to “safely phish” their own employees.  This helps cybersecurity teams understand which users provide the highest risk,  then educate them on the errors they’ve made and show them what to look for in future.

Gaps in company processes began to surface and provided unique advantages for cybercriminals to capitalise and exploit these areas. One particular area, around Business Email Compromise. This social engineering art of impersonating someone at the organisations and trying to have one of their colleagues believe it was them and sending in fake invoices was one attack that provided a very lucrative route to attacking an organisation.

We focus on the technical fit of our products to achieve what our customers' pain points are and are not at all focused on increasing our revenues just because we can. We are quite happy to walk away when a project is not a fit for our solution, where most would try to sell every customer every solution they have, regardless of whether there is a fit or not.

We often find the same businesses we’ve walked away from coming back at a later date to see how we can collaborate and their thinking may have changed but they know they will always get an honest, technical consultation from Libraesva and not just being sold at.

We are focusing on the product's capabilities and achieving better results for our clients, word of mouth is spreading like wildfire. We will never be involved in the marketing game of the big vendors, as we are a team of technical security specialists and we know who we are and what we are good at. It does help that we offer a comparable service to Mimecast, at nearly 50% of the cost that can arguably offer the same or better detection results.

For this reason, we are seeing a lot of interest in our products and we are experiencing healthy growth and will continue to focus on email security and expanding our worldwide operation to support more regions locally as time goes on.

Q. What advice would give a CISO if they were preparing to replace a legacy email security infrastructure?

I’d firstly say, don’t do anything right away. You first need to understand the application of email in your business, the various systems and tools that integrate with it, the people within the business and their level of expertise or awareness of cyber threats.

You may already have the tools in house to achieve what you need to, many systems purchased do not get implemented or even correctly can provide the coverage you need. By undergoing a risk assessment of your current solutions in place for email, you’ll have a good understanding of the coverage and protection you currently have;

Tools like our email security tester (www.emailsecuritytester.com), is free and allows you to test your current security defences to understand where the holes and the gaps are. There are many out there so do try more than one.  Ours is completely non-intrusive, takes just 15 seconds to launch and can be repeated as much as needed. A helpful report at the end can even help you with information on how to stop these threats from entering your business and what you need to do to fix any issues identified.

There are so many tools out there that claim to have a solution for email security that will solve all your problems which is simply just not true. Only by testing the product in a “real-world scenario” will you get an understanding of how the products are performing. Marketing is doing a great job of creating false promises.

Secondly, I'd say your cybersecurity should have multiple layers like an onion so you're deploying best of breed technologies (whatever they may be), rather than a single pane of glass with all your eggs in one basket.

Any product selection should be done after you’ve found out what you currently have and have worked out if it's enough to protect you and mitigate any associated risk,  That defines the level of coverage you need.

Q. On a more personal note, tell us some things we don't know about you!

I live in Lecco, on the Lake of Como in the northern part of Italy. The lake is famous for the natural beauty of its setting and for the handsome villas on its shores. Among the many noted lakeside resorts are Como, Lecco, Bellagio, Tremezzo, Menaggio, and Varenna. A truly wonderful place to live. The Libraesva HeadQuarters is also based in Lecco as well!

Q. What about hobbies?

I'm an avid skier, more specifically telemark skiing. Where ever I can, I like to escape into the mountains north of my home (on the lake of Como in northern Italy), with my family to enjoy time on the slopes.

Mountain biking is also another passion and if I’m not on the slopes or offroading, I can be found high in the hills or out exploring new routes. This is something I’ve done for many years and where I do a lot of my thinking!

Q. You're Italian.  Are you a Ferrari man?

My most treasured possession is my Land Rover Defender. Throwing it around a field in full throttle and taking trips off-roading is also something I am very passionate about. Cleaning it after, not so much!

Q. Do you have any pets and what are their names?

Yes, I have an Italian Poodle called Gulliver! He's around 8 years old, still a puppy in general and always with me when I’m taking long walks in the Italian countryside.

Q.  Mother's maiden name?

Nice try!

I've enjoyed sharing a little about our great company and hope you've found it interesting. Do get in touch with me or one of my team if you have any questions about email security, we're happy to help.