Michael Argast, CEO of cyber security company Kobalt, in Burnaby, B.C., on Nov. 11, 2020.DARRYL DYCK/The Globe and Mail
When two investors approached Michael Argast about starting a cybersecurity company focused on small- and medium-sized enterprises (SMEs), he immediately saw the potential.
Studies show cybercrime costs the world about US$600-billion a year, about 1 per cent of gross domestic product. In Canada, the cost from malware and people-based cyberattacks is estimated at more than US$9-million. What’s more, about 71 per cent of data breaches happen to small businesses and nearly half of them report being the victim of a cyberattack.
The SME market is “incredibly under-served,” in part because setting up a system is expensive, Mr. Argast says, which led to him create the Vancouver-based software-as-a-service (SaaS) company Kobalt Security Inc. in Nov. 2018 with co-founders and investing partners Pankaj Agarwal and Boris Wertz.
Kobalt enables SMEs to outsource cybersecurity, leveraging strength in numbers they don’t have on their own.
It also makes high-level security affordable for smaller enterprises, says Mr. Wertz, founder of Version One Ventures LLC, an early-stage tech investment fund.
Mr. Argast, left, and Warren Mok, a security operations manager, are seen in Burnaby, B.C., on Nov. 11, 2020.DARRYL DYCK/The Globe and Mail
“Kobalt is such an interesting start-up because the company’s ‘security-as-a-service’ offering makes first-class cybersecurity widely accessible for companies of any size,” Mr. Wertz says.
Kobalt initially decided to build its infrastructure from the ground up, a decision that Mr. Argast admits was costly and time-consuming. It neared the end of its first year with just a handful of clients and low monthly recurring revenues.
“We just weren’t able to build fast enough,” says Mr. Argast, Kobalt’s co-founder and chief executive officer. “The first six months was a lot of development and dead-ends and trying to figure things out. It was consuming a lot of expenses and energy and it was moving too slowly.”
Kobalt changed course and bought core technologies off the shelf to build custom innovations.
“That was a key turning point for us,” Mr. Argast says.
The company now uses Splunk, a software platform used to analyze data; Microsoft’s Azure Sentinel, an enhanced security information and event management tool; and Amazon Web Services' cloud platform as the foundations for its customized security platform.
In the second year, with the new approach in place, Kobalt grew quickly to serve more than 75 clients and reached just over $1-million in annual revenues.
What started as a group of half a dozen employees has since grown to 15 full-time employees and a virtual team of about 75 experts that Kobalt can call upon as needed.
The cybersecurity startup also recently raised $1.25-million in seed funding from a group of Canadian angel investors for continued growth.
The company was beginning to see the benefits of its pivot when the pandemic hit earlier this year. Mr. Argast wasn’t sure what to expect when businesses began to close their doors. The company paused some of it hiring and braced for a slowdown, which didn’t happen. Instead, business boomed as SMEs worried about the privacy and security of their computer systems being used by employees working from home.
In July, the Canadian Centre for Cyber Security issued an alert about “recent and continuing exploitation of network infrastructures in Canada.” It said cybercriminals took advantage of “vulnerable, less secure implementations of remote access services.”
“We’re seeing a significant increase in the attacks against clients, an increase in all sorts of fraud and compromise-type of attacks, business e-mail fraud and those types of things,” Mr. Argast says. “Another thing that is really common is e-mail account compromise.”
Kobalt has access to hundreds of threat intelligence feeds and its system is updated on an hourly basis, says Warren Mok, the company’s manager of security operations.
Monitoring at such a large scale allows Kobalt to be proactive in protecting clients' assets.
The company also has the expertise to conduct a thorough risk assessment and put in place appropriate security protocols, as well as train client staff on proper security measures, Mr. Mok says.
“Often the biggest problem is that SMEs don’t know what they’re missing, or they don’t know what they have. They want security but they don’t know where to start,” Mr. Mok says. "We help close the loop by monitoring the environment and the variables that are important to them.
“We treat ourselves as an extension of their team.”
By using commercial software like Splunk, Kobalt can monitor to detect any anomalies in the customer environment.
“That’s something that you would have to have one or two people to keep an eye on every single day and calculate the numbers yourself,” Mr. Mok says. “Customers in the small- and medium-business space don’t have the expertise or the staff to go after that kind of tool.”