It’s been more than 10 years since a tech-savvy beat cop named Jad Saliba handed in his police badge and reinvented himself as a startup founder.

A man of many skills, Saliba earned a diploma in computer science and network security from Mohawk College after completing high school. He spent a year as a site administrator with OpenText before becoming a constable with the Waterloo Regional Police Service in 2004.

After a bout with cancer, the young officer joined the force’s digital forensics unit. The tools available at the time were slow and limited. So, necessity being the mother of invention, Saliba developed his own faster solution for recovering and analyzing digital evidence. 

One thing led to another and Saliba decided to take the plunge into tech entrepreneurship. In 2011, he left the police force and teamed up with BlackBerry veteran Adam Belsher.

The pair have never looked back.

Today, the company Saliba launched – Waterloo-based Magnet Forensics – is a world-leading cybersecurity company listed on the Toronto Stock Exchange. It employs more than 400 people and its products are used by more than 4,000 public and private sector customers in over 90 countries.

The company’s IPO raised CDN$115 million last spring. The initial share price of $17 skyrocketed to $65 by September before settling back down to the $30 range by the end of the year.

Tech News caught up with Belsher recently to talk about the current state of cybersecurity and life as a publicly traded company.

Q – What are the most prevalent types of cyberattacks faced by companies, governments and other organizations?

A – The main threat that most organizations, worldwide, are currently concerned with is ransomware. It has become the weapon of choice for cybercriminals, who are using it to target small businesses, large enterprises, infrastructure and even governments. After gaining access to systems, cybercriminals are encrypting files and exfiltrating them for the purpose of extorting a ransom out of an organization. In less than two years, the average ransom paid increased to US$570,000 from US$115,123. This year, we’ve seen Colonial Pipeline and JBS Foods pay US$4.4 million and US$11 million respectively in ransoms. The problem has become so severe that the director of the FBI has compared the threat of ransomware to the 9/11 terrorist attacks. 

We’ve seen these attacks in Canada as well in 2021. The recent ransomware attack on Newfoundland and Labrador’s healthcare system was described as being the worst cyberattack in Canadian history. Enterprises, school boards, governments and transit systems have all been victims of ransomware in Canada this year and will need to shore up their cybersecurity strategies in order to prevent and respond to this threat in the future.

Q – When we think of cybersecurity, many of us think about solutions that protect systems from being attacked. Magnet is focused on investigating and analyzing attacks that have already happened. Tell us about that approach and why it’s important.

A – In the past, cybersecurity strategies were focused almost entirely on preventative measures. What security leaders, executives and their boards have since learned is that no security solution or service can stop every single cyber attack it faces. Cybercriminals are constantly growing in number, their attacks are becoming more frequent and their methods are now far more complex than they were even as little as five years ago. Governments, enterprises and other organizations have shifted their thinking as a result. We now understand that facing a cyber attack is no longer a possibility, it’s an inevitability.

Magnet Forensics’ solutions play a central role in post-incident cybersecurity strategies. They help organizations respond to cyber-incidents such as ransomware and business email compromise attacks. With Magnet AXIOM Cyber, they can investigate these cyberattacks and determine how they occurred, what data was accessed, exfiltrated or altered and in some cases, who was behind the attack. In a ransomware attack, for example, Magnet AXIOM Cyber can lead analysts to the first system that was compromised. From there, they can use our solution to track the steps of the intruder. Previous investigations have shown that one of the goals a criminal has in a ransomware attack is to jump from one system to the next in the hopes of gaining access to the most privileged data. If security teams can follow this movement, they can begin shutting down compromised systems and stopping cybercriminals from doing further damage.

Q – Remote work has surged due to the pandemic. What additional risks has this created for employers, and how is Magnet helping them respond to those risks?

A – One of the greater challenges organizations have encountered in moving to hybrid or remote work models is the increased security risk. Even if additional steps are taken by employees to boost security, home networks will never be as secure as those in an office. At home, parents, partners, children and friends who might have less knowledge in identifying potential cybersecurity risks will all be connected to the same network that employees are using to access their company’s critical systems and data. If one of them accidentally clicks on a malicious link, a cybercriminal may be able to gain access to the network and every device on it.

Without the extra layers of security on office systems, employees may also be intentionally and inadvertently contributing to more insider events. Our solutions are helping organizations identify insiders who are responsible for leaks, misappropriating data and even executing malware against their own employers. They’re also helping identify inadvertent data leakage incidents such as when an employee uploads files to personal cloud storage or accidentally sends an email to the wrong recipient.

One of the most common insider events organizations are currently facing is the data exfiltration that’s happening when employees are resigning. The U.S. is currently undergoing “The Great Resignation” and setting records for employees stepping down from their roles. That spike of resignations is coinciding with a 61-per-cent increase in data exposure events. To identify data exfiltration and data leakage, organizations are using our triage tool, Magnet IGNITE, to scan for insider activity by examining USB connection history, recently accessed folders and files and cloud storage. 

Triaging also balances the need for security measures with the privacy of employees because it limits the need of analysts to perform full forensic scans and sift through all of an employee’s digital activity. If the triage results in a positive hit, a full digital forensic analysis with Magnet AXIOM Cyber will reveal what data was taken and provide employers with the necessary evidence to get it back through legal action.

Q – In the span of a decade, Magnet has gone from scrappy startup to publicly traded company. What has changed for the company as a result of going public?

A – I still remember meeting with Jad Saliba in our accountant’s office a little more than 10 years ago to discuss starting a company. Magnet Forensics had already grown significantly since that day, but our initial public offering earlier this year accelerated our growth plans.

To put our growth plans into action, we’ve needed to bring on more talent. We’ve been steadily adding employees throughout our history. In December 2020, we had just under 300 employees. Now, we’re over 400 and we’re going to continue to hire in Canada and globally in 2022.

Another central part of our growth plan is to explore acquisition opportunities. We’ve been more active on that front since the IPO with our acquisition of DME Forensics. DME’s solutions recover video and metadata evidence from video recorder systems such as CCTV cameras. One of our strengths is our ability to combine and organize evidence from a variety of sources so that investigators can have a single view of all the critical evidence in their cases. We identified video evidence recovery and review as areas we needed to grow in and our acquisition of DME is helping us to achieve this goal.

Q – Given the global nature of cyber threats and the political turmoil we’ve seen around the world, what has it meant to Magnet’s success to be headquartered in Canada? 

A – Some of the best tech and cybersecurity talent in the world is being developed in Canada. The talent being cultivated locally, through our universities and colleges, in Waterloo is world-class. We started our company in Waterloo and have benefited immensely as a result. The majority of our employees are based here and many had years of experience in working with other local tech firms before joining us.

Outside of Waterloo, we’ve seen significant jumps taken by the Ottawa, Halifax and Calgary tech ecosystems in recent years. Ottawa was the first Canadian city we expanded our operations to outside of Waterloo. Five years after we began our expansion there, we now have more than 30 full-time employees. Earlier this year, we also started hiring in Halifax and Calgary. All three cities have leading post-secondary programs that are fostering the next generation of tech talent in Canada. Being headquartered in Canada has allowed us to closely follow and capitalize on this extraordinary development of tech talent in Canada.

 Beyond talent, we’ve also benefited with strong relationships with our Canadian customers, especially in the public safety realm.  While we have over 4,000 public and private sector customers in over 90 countries, being able to connect and discuss the acute challenges related to cyber-investigations at depth has helped us shape our product roadmap and commercialize our solutions globally.

 We’re hopeful that we see more structured co-development opportunities with Canadian public and private sector organizations with mandates to address cybercrime. This is the approach being taken by leading cyber-jurisdictions in the world as having such capabilities and globally relevant cyber-companies at home will be critical to national prosperity, security and sovereignty in the future.