Interviews

Will this new technology guide SMEs out of the cyber-security darkness?

13 min read

13 February 2019

Features Editor, Real Business

Hacker threats are getting more sophisticated. But that doesn't mean that cyber-security solutions have to be difficult to implement or tricky to use, says tech entrepreneur Jonathan Craymer. Shayype, is the technology that he believes will sort the cyber-security disconnect for businesses by solving the password protection problem first.

When many of us laymen think about the cyber-security industry, we picture an ecosystem that is both fascinating yet inherently complicated to understand.

Whilst cyber-security professionals are out there, using their degrees in computer-science and mathematics to fight off increasingly sophisticated cyber attacks, the rest of us are left feeling more in the dark about the issue than ever before.

Just how would those of us outside of the industry, with our limited understanding of hacker threats, protect our own valuable online information, and our businesses, in the process?

A culture of fear and ignorance has led to inaction

Added to this is the extra problem of some big consultancies, who, some smaller firms claim, have been taking a number of hacker-fearing businesses for a ride, and charging them big sums for rudimentary protection packages.

This has left a number of businesses none the wiser about how to actually prevent hacks from happening. Meaning that ignorance and fear about cyber-security, as well as over reliance on external actors for protection against threats, continues.

Shayype: A business that is cutting the issue down to size

Jonathan Craymer believes in the power of smarter passwords.

We meet with one cyber-security entrepreneur who says that smaller businesses, and SMEs in particular, shouldn’t fear hackers, nor their own basic knowledge of cyber-security.

Instead, his mission is to tackle the pandemic issue of password security in a way that gives users agency and operational ease. Say hello to Jonathan Craymer and his business, Shayype.

What was it about the state of the cyber-security industry that inspired you to start Shayype?

We could see that SMEs had become hugely concerned about the risks of hackers breaking into their customers’ data, and the potential for literally going to the wall due to factors like massive GDPR-related fines, loss of confidence and trust. Another factor is a social one, namely the public disgrace of becoming yet another company which can’t keep its customers’ data safe.

Why did you settle on the password security space?

I came up with the idea of using patterns instead of passwords, and am passionate about removing the risks, and the burdens, of ordinary people being forced to use passwords. Also, I feel that the tech world simply didn’t finish the job when it created the Internet. We all need a much better way for us all to prove who we are. This is it.

Give us three reasons why Shayype is the tool businesses need to use in 2019?

1) It’s easy to install: We’re offering a technology that, with a few lines of code, adds a security wrapper around existing online systems or applications, meaning there’s no need to ditch or re-write existing legacy systems.

2) It improves security: Once the wrapper is added, the application will never see the users’ credentials, meaning the user is isolated from the application and the application can’t be hacked using stolen or copied usernames and passwords.

3) It improves usability: Shayype creates the effect of carrying a key-fob, without the inconvenience of having something extra to carry;  the OTP is proof against shoulder-surfing and can’t be hacked, yet is more memorable than a fixed password.

Tell us more about the weaknesses you see in the password protection space right now?

Bosses these days are only too aware that ordinary passwords offer such little protection that continuing to force customers to use them – knowing full well how weak they are as a security measure – borders on negligence. Yes negligence. Yet if you visit almost any website with a customer login or “portal” area, you’ll find it’s still only protected by the standard pairing of user-names and passwords.

“There are other options of course, like two-factor (or multi-factor) authentication, but this can add so much to the inconvenience, complexity and cost of the whole relationship, that it’s clearly not popular.”

Customers don’t really want to have to carry extra bits and pieces with them, such as key-fobs, special cards, fingerprint readers or even have to call up codes on their phones. They just want to log in, simply and securely, and that’s the service we’re offering them.

What about “biometrics”, such as fingerprints, facial recognition, voice prints etc. Weren’t those supposed to solve many of these security issues?

Yes, but the problem is, fingerprints and the like can also be stolen and can’t be reset or changed. When did you last wipe a cup you used in a café? It’s covered in your prints. And what happens once a hacker has stolen something you’ve come to depend on, like your thumb? How will you feel knowing it’s in the hands of criminal gangs?

“Yet this is exactly what happened to millions of US Government staff in 2015, when it was announced hackers had stolen up to 21.5m records from the Office of Personnel Management.”

This scandal included the theft of 5.6 million users’ fingerprints. As a result, many secret agents realised they were no longer secure even if working undercover with assumed names, as they could still be identified by their “dabs”.

What is the solution you’ve come up with?

Our ShayypeTM system literally gives you a code – or a “one-time password” (OTP) – on the screen in front of you, in a form only you can recognise. So, a customer doesn’t have to carry anything, yet they can log in anywhere in the world, but at the same time they have the comfort of knowing that the code they type in, even if captured and re-used immediately, is of no use to the hacker.

How does the user read off a code that no-one else can recognise?

It’s very simple. The “new” set of numbers are hidden in a small (5×7) matrix of squares. Each square has a single digit number, and your key to extracting the right ones is a simple pattern or shape, which you have to set up just once. You never touch the matrix, as this would betray your pattern “secret”.

“Instead you just read off the numbers and input them, as if you were typing in an ordinary password. Another great thing is that tests we’ve carried out show that such patterns are easier to remember than passwords.”

Where do you want to take Shayype in the near future?

We’re hoping Shayype will become a universal way for us all to prove who we are online, on the phone or face-to-face, and we see it therefore becoming a new “ingredient” in the security mix.

“We’d love people like Facebook, Twitter, Google etc. to start using it – but that’s for the future.”

Meanwhile to make it easily available to SMEs who need something much better than passwords right now, we aim to offer a remote authentication system, designed to act as a secure off-site “wrapper” around any existing password system.

The great news is that this will be very easy to install via a few lines of code, using our library of APIs (Application Protocol Interfaces) which may connect to a cloud-based service, depending on customer requirements, or it could run on the customer’s own server.

Just how secure is this technology?

The real advance here is our “back end” which stores the users’ secure patterns. We have filed for a patent on this. It uses technology which means that even if a hacker were to break in, they wouldn’t get away with anything they could use to access customer data.

Your business is based in Peterborough. How different is the experience of starting a business outside London?

I was born in London and love the capital. However, with modern – and hopefully now more secure – communications, anyone can set up and run a successful business anywhere in the world.

The city of Peterborough has become something of a ‘tech hub’. Why do you think this is?

Like many newly-expanded cities, Peterborough embraces technology and innovation and is also a great place to live and work, with excellent communications.

“We also have an active development agency (Opportunity Peterborough) which had the foresight to award us a grant.”

This funding in turn came to OP via the Government’s Smart Cities Demonstrator Fund, which is another tremendous initiative.

You’re close to Cambridge. How important are world-leading universities for fostering the next great generation of tech minds and tech entrepreneurs?

We love the fact that we’re based in Cambridgeshire, which many outside the UK think is the same as being in Cambridge itself! However, we have several conversations on-going with academics and businesses in Cambridge itself, which we aim to build on.

Do you think businesses across the sectors need to take a more proactive approach to their cyber-security issues?

Definitely. Our basic proposition is that if you equip all your customers, staff, contractors etc with an OTP facility, you’ll at a stroke remove what is still one of the hacker’s favourite ways in.

“One question we like to ask is, if you were travelling far away from home, everything got stolen and you had to ring a call centre for help, how would you authenticate yourself?”

Where else will Shayype fit in the technology of the future?

The Internet of Things (IoT) badly needs something like this. Shayype we believe will be able to give connected devices one-time login codes, which will protect them from hacking – provided such devices have enough in-built intelligence.

Also, blockchain. For instance, most cryptocurrency wallets we’ve seen are only protected by passwords. We can change that.