New Barracuda Networks CEO on UK plans, Kaseya cyber-attack and why he is not yet declaring a vaccine mandate
Barracuda Networks' new CEO Hatem Naguib chats exclusively to CRN after taking over from BJ Jenkins
Security vendor Barracuda Networks recently announced the appointment of its new CEO in Hatem Naguib, the company's former COO of almost three years.
It saw ex-CEO BJ Jenkins step down from the job after almost ten years at the helm, though he will remain on the company's board despite also taking up a new role as president of Palo Alto Networks.
Speaking exclusively to CRN, Naguib discussed a range of topics from the company's UK and Europe channel plans to the cybersecurity threats facing tech firms like Barracuda Networks that work with MSPs, following the recent devastating cyber-attack on Kaseya.
How did this role come about and why was the decision made to appoint you as the new CEO?
I think anytime you have a company of our size, it's incumbent to always be thinking of the succession planning strategy, especially at the leadership level. BJ had always had in his mind that about 10 years was a good time for him to do what he wanted to do, and then leave it to the next leader to put their footprint on it.
An opportunity came up for him that I think he felt was something that he had wanted to do for a long time, which is to be in the enterprise space and pursue a leadership role within that context, and so the timing worked well. We had already put a succession plan in place, and we decided that this was the right time to make that plan.
What role do you see the UK playing moving forward and what plans do you have for growth?
For us as a company, over a third of our business is now international, which, if you look from five years ago, has grown substantially. We've made substantial investments across the globe, especially in Europe and Asia Pacific.
I would say, for us, in terms of the UK's maturity, its capabilities, our engagement with our channel partners, all the products that are leveraged, it is closest to the US in terms of how we operate it. The UK continues to be one of the most strategic regions we have as part of our growth strategy.
We feel that there's a strong momentum now in the market around security. I think it's the combination of the continued investment in people and growth that we want to do in the UK and the innovation that we've been doing. It's going to help us grow in those geographies.
A significant part of your business is email security. With the rise in other forms of communication like Slack, which was recently acquired by Salesforce, and Zoom, does email security have a future?
We think email is relevant and continues to be relevant. We think that because of Office 365 and Gmail, email is now a cloud conversation, not just simply a collaboration conversation. A lot of our customers really have to think about it in the context of what their cloud strategy is.
When you think about email, you think about Slack, you think about Zoom, all of these components kind of driving together become, for us, an important market that we want to pursue, because they're a very large threat vector by which a lot of the attackers are now leveraging as a capability that they want to access.
How much pressure does the recent cyber-attack on Kaseya and others put on companies like Barracuda Networks that work with MSPs?
Look, I think it's unquestioned. I think everybody in the security industry is constantly vigilant and on alert. I think we what we're witnessing right now, because of the proliferation of technology and because of how lucrative these attacks have become, the attackers have moved on from what were the original high value targets, which are banks or big institutions. It's very easy to weaponise the ability to go after a mid-market company or a software company that's not as big as a Microsoft or a Google.
We're all interconnected now in ways that make us better as companies, but also more exposed because you can get into the supply chain and look for the weakest link and be able to then expose companies associated with that. And things like the Kaseya attack and the Solar Winds attack are all indicators of how to do that.
I think that the vigilance is key also, because it's clear that these attackers are also exploiting the zero-day vulnerabilities. We have built around an ethos within the technology space that if we find a vulnerability we publish it, we tell everybody that this is an exposure, go ahead and go fix it. And they're finding ways to get in before anybody has a chance to even fix it, to be able to create exposures.
Did the Kaseya attack change anything in the way you go about dealing with cybersecurity threats and how much of your time and resource is put into addressing this threat?
To be honest, I think all of us do that. I think when something like that happens, you basically pull the team together and you say, ‘okay, let's go back and look at it again', just to make sure that we're not missing anything.
I don't think anybody in this space doesn't look at all of their components to ensure that they have the highest level of vigilance and security. It's all part of what we have to do as a company. I think we all recognise and see the threat landscape is significantly evolved not just individually but through the gangs that can do this.
And unfortunately, they have the ability to operate from anywhere in the world, which makes the vulnerability that much more. But our vigilance is and has continued to be very high.
There's been some big cybersecurity acquisitions recently, including NortonLifeLock acquiring Avast. Will we continue to see this and what does it mean for the industry?
I do think so. I think more than other parts of the technology stack, there's this merging and then unmerging that goes on within security.
That means acquisitions are going to be part of the play. I think as the landscape evolves, all of us are innovating as much as much as we can and there's a lot of money from investors that encourages the constant innovation.
And so every other day, there's going to be a new startup that comes in and says ‘I'm going to take a different way of trying to try to address the problem'. I think that's always good to see and that's a good sign that there is both opportunity, but also a lot of investment going on to make sure that eventually security becomes permeated throughout what we have to do.
What does the cyber threat landscape look like post-pandemic and what are the main threats you see moving forward?
I see that we have a potential for a new normal that indicates that we will be perpetually hybrid, and perpetually moving in and out of phases. And anytime there are those types of changes, you have to be vigilant on what your security capabilities are, because that can open exposures associated with what you need to do.
I think the second thing I would say is that it's very clear now that this is not just an enterprise issue, this is an everybody issue - every company, big or small, every public sector, big or small. It's staggering the amount of attacks that have gone on in the public sector during the pandemic.
And then finally, I think it's important for us to recognise that you can't take a siloed perspective in how you solve this problem. So even if you're just a local business, you have to really think about people accessing you from anywhere in the world. If you're a smaller business or a mid-market business, you have to think of your supply chain.
A lot of big vendors have issued vaccine mandates and have adopted hybrid working models. Where does Barracuda Networks stand on these issues?
Unlike the very large companies, we haven't declared a mandate for our employees. We have offices across the world and the situation is very dynamic across the world. It's impossible for me to actually be declarative even within the United States, just because I think we're still in the middle of dealing with this.
I think companies have to recognise and understand how to make hybrid working work. It's not clear yet how we'll make that work but it's clear that we're going to have to, and so we're spending a lot of internal time thinking about how we make sure we can accommodate for that.