James O’Sullivan, CEO and Founder of Nuke from Orbit: “We should all aspire to do more than just what’s required”

When James O’Sullivan, CEO and Founder of Nuke from Orbit, lost his phone he didn’t just release a scream of frustration. He created a company. In short, Nuke from Orbit was born out of his frustration that there wasn’t one killer switch to deactivate his cards – so he decided to create a product that did just that.

He describes Nuke from Orbit as “a digital panic button” that users can press to “immediately shut down access to all personal data”. And it’s more than your bank cards. “Banking, crypto, health, social media profiles, store accounts, and email are all closed off so that criminals cannot use logins and account information to steal your money or worse.”

It helps that James had plenty of experience under his belt. He wrote his first computer program in the late 1980s at the age of eight and created his first commercial product in 2009 in the form of Kobas. This comprehensive hospitality management platform is now installed in hundreds of pubs, bars, restaurants and quick-service locations across the UK. And it’s big business, managing close to half a billion pounds of trade each year.

Here, in this wide-ranging interview, James shares his thoughts on the biggest cybersecurity challenges facing companies today, what leadership figures should be doing about it and provides words of advice for anyone thinking of following in his footsteps. Fortunately, having your phone stolen isn’t part of his master plan.

Could you please introduce yourself to our audience and share how you ended up working in cybersecurity?

My name is James O’Sullivan, and I am the CEO and founder of Nuke From Orbit. I’m a serial entrepreneur, and like many entrepreneurs, I’ve always been driven to fix problems. 

That’s how I got into cybersecurity. My phone was stolen, and with it went access to bank cards and apps, social media accounts, email – my entire digital life. Shutting it all down took so long that I lost not only my phone but thousands of pounds as well. Like many people, I had always just assumed that if it were easy to load all this data onto my phone, it would be secure and easy to shut it down as well, but there was no single service covering everything. 

What was particularly ironic was that to authenticate myself with my banks and accounts, I needed to use two-factor authentication (2FA), and the only way to do that was with my phone. 

It seemed ridiculous that there wasn’t a single kill switch to invalidate my data, blocking access to critical apps and rendering my phone worthless. This issue is coming up time and again. We’re all encouraged to put an increasing amount of personal data onto our phones, with smartphones becoming central to most ways of life. If they get stolen, it’s really hard to protect yourself quickly. 

That’s where the idea for Nuke From Orbit came from. We’re a smartphone security platform, a digital panic button that decreases the impact of a security breach when you’re most at risk. Users can immediately shut down access to all personal data via our app. Banking, crypto, health, social media profiles, store accounts, and email are all closed off so that criminals cannot use logins and account information to steal your money or worse. 

What are the biggest cybersecurity challenges those in leadership roles are facing?

The biggest cybersecurity challenges are our ever-increasing digital footprints and, secondly, us as people. 

Whether you’re an individual or a business, more and more of your day-to-day activities are online, connected, and run through several devices. This brings masses of convenience, but it isn’t always that secure. In business, people talk about cyber hygiene principles, but no one gets taught them when they buy their first smartphone or set up a social media account for the first time.  

With more services and devices requiring passwords, it’s unsurprising that people struggle to remember and, in some cases, reuse PINs and codes repeatedly. In fact, 45% of us use the same PIN to access our phones and mobile apps.

The result is that when our devices are hacked, it’s much easier for criminals to break in and access our most personal data. 

There’s another reason phones are being targeted, and ironically, it’s thanks to increased security. The introduction and rise of app verification for card payments have had such a profound impact on card-not-present fraud that criminals must look for something else to exploit. Criminals have returned to the ‘shoulder-surfing’ tricks that existed around ATMs for years, but now, rather than one card, they can access them all. 

This is a concern for both individuals and businesses. Bring Your Own Device (BYOD) means that many employees use their phones to access company data, and even those who don’t will likely have conversations with co-workers in messaging apps.  

Recommended reading: Decoding the 21st century Rosetta Stone: is your business speaking the language of modern connectivity?

What are some prevention strategies you believe every business should adopt?

First, people need to know the basics. Good password and PIN management should be a minimum, including regularly changing them, having different codes for different apps, and using biometric data. While losing a smartphone undercuts the value of 2FA, enabling it where possible is still important. 

In addition, we all need to be more vigilant of our surroundings. Every cash machine in the country has stickers and warnings telling people to shield their PIN, and we need to get into the habit of being like that with our phones. Screens are large and have high resolutions, so it’s easier to see what someone is doing from far away. 

Be conscious not just of people around you, but of CCTV, particularly at large events; gangs are known to exploit lax cyber defences in connected physical security systems and use them to monitor attendee phone activity. 

Finally, manually sign out of apps and ensure that critical services have a limit on how long they stay open after the last activity.

Businesses should also be aware of whether employees use personal devices for work-related activities, as this can be a window into corporate systems. If they do, it’s important to have a clear policy on what to do if their phone is stolen, whether it’s their own or a work device.   

Which cybersecurity best practices are being adopted with the most success by companies?

Cyber hygiene principles are the easiest to implement, as they involve training your staff correctly and embedding those practices into everyday life. They’re also easier to deliver when you’ve just one IT person covering everything and not a dedicated security team. 

A lot of cybersecurity is about knowledge: knowing what not to do (having the same password for everything, for example), what to do when something goes wrong, and, most importantly, knowing what could be affected. If you handle sensitive data, there will be certain rules and regulations you must follow; it’s much easier to demonstrate compliance and respond as required if you know where that data is stored, and which devices have access. As such, asset registers are also a best practice all businesses should employ, covering everything that touches the company – including employees’ own devices. 

All of this comes down to training staff. This can be hard to do when you’ve got limited resources, but businesses must make sure everyone knows that cyber security isn’t the responsibility of one person or team but the entire organisation. Companies that can embed that into their cultures are the ones most likely to enjoy cybersecurity success. 

Recommended reading: Cracking the compliance code: navigating AI implementation 

What role do you think governments play when it comes to cybersecurity?

It’s not straightforward. Technology evolves faster than governments, and this is an issue that needs solving. But it also indicates that regulation should be a minimum, not the goal. So, whether you’re a company developing new cyber defences, a business working out what it means for you or an individual going about your life, we should all aspire to do more than just what’s required.

When people speak about the government, most people will think about regulation. And I think that’s certainly a key role; it would be great if everyone just accepted that the connected nature of the world today means everyone has a cyber responsibility, but unfortunately, not everyone operates like that. 

There’s law enforcement as well; cybercriminals must be identified and brought to justice. Government needs to be aware that this requires cooperation across a huge number of organisations, public and private, regional, national, and international, from the PC on the street to elected decision-makers and everyone in between. 

And that means education. Whether it’s resources for businesses, teaching in schools, or workplace guidance, governments are uniquely placed to provide structure, standards, and guidelines on what people should know and how to respond. 

What advice do you have for aspiring professionals wanting to work in cybersecurity?

Cybersecurity is a booming industry. It’s fast-paced and changing all the time, and there’s always a demand for talent. People think it’s all technical skills, and knowing your way around technology is important, but so too are what we might call people skills: the ability to communicate effectively, to empathise, and to think creatively. Whether you end up working in a team within a larger business or as part of a security vendor, there’s a good possibility you’ll need to convince non-experts they should follow what you’re saying. You’ll only be able to do that if you can speak to them in a way they understand and see the world from their perspective. 

Innovations like AI have enormous potential in security, both positive and negative. Keeping abreast of the implications of AI on cyber security is critical, and there are always certifications to be acquired. While these may not always be up to date, they’ll give you a fantastic grounding in the foundations needed, upon which you’ll be able to build and develop your knowledge and areas of expertise.