A story of how a military veteran team used strategic risk management in the battle to secure financial data
Can you be trusted with sensitive data?
Today, data is currency. And for those who deal in currency itself the race to keep ahead of the risks at play has never been tougher.
As the value placed on data grows each year, the threats against this most valuable asset vary from malicious insiders through to sophisticated AI-driven malware and are only set to rise – hackers launch an attack every 39 seconds. These threats are coupled with unwieldy digital infrastructures that create a suite of ever-changing risk factors.
The average data breach reaches $3.9 million in direct damages, and that’s not to mention reputational costs. The RI Global Trends 2020 report ranked data privacy as the second most impactful factor on a company’s reputation and – for the finance sector – this is of paramount importance. After all, who would place their trust – and money – in an enterprise notorious for data breaches?
The number of financial data breaches reported each quarter continues to soar. However, for Jean and Guy – co-founders of Qohash – the scale of the problem has been glaringly evident for years.
Our founders first met during their service with the Royal Canadian Airforce where detailed risk assessments were mission-critical. However, the ability to make logical decisions in complex and time-pressured environments is no easy feat. Supported by some high-performing technology to help process the amount of information and variables at play, they realized a similar approach could help turn the rising tide of data security threats. And as of 2018 Qohash as we know it today was born.
Part One: The issue with data today
The finance sector faces some of the largest and most insidious threats in today’s data-driven world. With zero-latency transactions and facial identification being the expected standard, the question of whether or not to go through a digital transformation is long obsolete. Information is now the lifeblood of operations.
“We began seeing a huge increase in data volumes all over the financial industry, coupled with a rise in the complexity of use cases that obliged organizations to shift the way they operated, basically, around that data,” says Jean Le Bouthillier.
Whilst companies have a vital need to use data, doing so safely is highly intricate. Digital infrastructures are variable, complex, and growing exponentially; from the hundreds to even thousands of networked devices, cloud to on-prem server interactions, and sensitive communications sent daily.
Although many sectors face similar challenges, the finance sector is the most affected with the most nuanced problems. Qohash tailored their concept to provide a solution that was bespoke to this form of data protection.
“We wanted to prevent the possibility of highly sensitive information being stolen. We wanted to prevent big data breaches, like the notorious Edward Snowden case, from happening again” adds Guy Veilleux.
Most cybersecurity solutions rely heavily on automated detection and screening methods. Whilst no doubt a useful tool to have in the arsenal, Jean and Guy placed greater value on knowing your enemy and arranging your assets strategically – two lessons learned keenly from their prior roles in the Royal Canadian Airforce.
This concept became the backbone of Qohash’s signature product, Qostodian — a cybersecurity platform that could deliver this missing ingredient to ensure enterprise data was classified correctly and therefore always properly protected.
Part Two: Location, Location
Even startups with the most novel idea have no guaranteed pathway to success. Every great concept needs to be supported by the right team and the right plan of action.
It was because of this that Jean and Guy chose to set up shop in Quebec City. Despite many Canadian companies flocking to Toronto or Montreal, Jean and Guy saw the potential of this fast-growing tech hub in 2018.
“After giving it a lot of thought, I convinced Jean to found Qohash in Quebec City. We considered San Francisco (California), Waterloo (Ontario) and Montreal (Quebec), but I thought Quebec City was perfect because of its great tech talent pool and strong entrepreneurial spirit”, explains Veilleux.
Québec City’s secret is that it has brought together and developed the most important ingredients to create a thriving technology ecosystem: state-of-the-art research centers, programs to support technology entrepreneurs, access to a wide range of financial and legal services, a qualified and skilled workforce, and close regional cooperation amongst all stakeholders in the business and high-tech sector. And it’s such critical mass that has helped Québec City-based tech companies raise $193 million ($147 million USD) over five deals in Q2 2018, up from $8 million over one deal in Q1 2018.
Qohash worked with the support of start-up accelerator Le Camp to kick-start operations in 2018. Quick to attract the attention of both the Province of Québec and the Government of Canada, Qohash started to build their first team and began to tackle risk management.
Part Three: The crack-force behind Qohash
Another lesson Jean and Guy learned from their time in the RCAF was the importance of selecting the right team for the mission at hand; one which has a varied skillset and can cope with a fast-paced environment.
Soon, the leadership team had a new set of experts to help scale the company further: Dany Grimard as Chief Financial Officer, Jean-Pierre Pelletier as Head of Operations and HR, Sophie Lapointe as Head of Marketing and Vicky Tremblay as Head of Product.
They foster a team-focused environment where everyone is autonomous but works in a collaborative manner. “Since I joined Qohash, I’ve learned to be even more flexible and adaptive than I was. Having fixed ideas and believing one’s knowledge is the only valid one is a sure way to fail in any startup. At Qohash, I seek advice from various people to help me shape my decisions, putting the collective intelligence to good use” says Lapointe.
“To control chaos, we adopted a responsibility angle with our employees. We decided to explain every reason for our actions. This enabled a trustworthy environment where we expect that everyone can share their problems. Besides, we base our growth through the
build-measure-learn methodology,” explains Pelletier.
The value placed on the team is visibly reflected in their overall business policies. In fact, 10% of the company itself is employee-owned through the stock options on offer in efforts to emulate the Silicon Valley model of empowered employees who can, in turn, hope to build their own startups.
Part Four: Early achievements
Creating an environment of growth based on analysis and innovation was the foundation for Qohash. Since operations began in 2018, the team has since created a thriving office of 25 in the Saint-Roch neighborhood of Quebec City. From this foundation, Qohash recently closed a seed funding round, signed pilot agreements with large Canadian financial institutions and is developing its positions as cybersecurity ally for Canadian institutes, such as Polytechnique Montreal.
Conclusion: Full breach control
Qohash recently helped a large bank to improve its data loss prevention scanning performance tenfold and reduce scan failure rates by 30%. It’s figures such as these that will help financial institutions deal with trends in mobile malware, the raised stakes of innovative ransomware, constant automated attacks, and the threat of insider breaches.
“We provide a robust system to financial institutions that allows them to locate their sensitive data, protect every file, ensure its integrity and, very soon, validate its value,” concludes Grimard.