Back to News
CodeSealer: Invisible End-To-End Web Security
In the last few years, the rise of mobility and cloud has changed the human interface with technology. All the data is being stored in the sky, and customers all over the world has acquired the technology as it facilitate their every single act. Anyone can share data in the air and authorized person at the other corner of the world can access it in moments. But the presence of data in the cloud also demands the invincible security. Customers expect the companies—who invent technology—to close the loopholes in their own technology and protect them, customers also expects the legislators—they choose to govern—to enforce new and stronger regulations for their protection, but still there is nothing like a story on front of a newspaper, something than can cause a severe disruption in the customer’s business.
This forced the Companies to invest billions to protect their own customer’s data and infrastructure, behind the firewall, but only a few have successfully secured their customers and users in front of the firewall. The whole scenario of the web security can be hence summed into– “Customers Expects It, Regulators Enforce It, Press Loves It!”
A Company Founded Exclusively to Enhance Web Security
According to an authentic market research, about 20,000 new malware versions are introduced daily. 75% of all devices are stimulated infected, and more than 40% of all users have been attacked–often without realizing it. Cyber crime has today surpassed physical theft and while physical robbery may lead to arrest, cyber criminals ordinarily continue doing illegitimate acts sitting in a remote area and in countries where it becomes difficult to prosecute them. Knowing that “Physically, you can rob one bank at a time; but sitting on a computer, you can rob 100 million bank users,” cyber crime is at the zenith today.
Realizing the need of the era, Martin Boesgaard, a well-known name within the IT security industry, founded CodeSealer in 2011 with the sole motive of minimizing cyber attacks.
CodeSealer: A Trusted Partner in Web Session Protection
CodeSealer, an international company residing in Copenhagen, protects its customers against Man-in-the-Browser and Man-in-the-Middle attacks. Where other companies protect by installing software on the device, CodeSealer is completely invisible to the user and also protects against unknown malicious malware and on infected devices.
While protection of the customers and their data is becoming increasingly important, only a few companies provide security against web attacks. That’s when CodeSealer becomes the perfect choice for the customers which provides completely invisible protection.
CodeSealer today holds several patents and uses traditional solutions including signatures and blacklisting, CodeSealer is going another way and today have what has been identified as a unique solution. The solution is deployed on existing platforms and infrastructure, without any additional hardware, and upon deployment, all the users get immediately protected.
Highly Acclaimed Products
Today when many companies have spread out their focus, CodeSealer remain focused on protection of web usage. CodeSealer offers two products providing full support against web attacks.
The browser is protected by encapsulating the client and constantly monitoring illegal changes, using integrity checks. If an attack is seen CodeSealer aborts the session and provides notification to the company. CodeSealer’s solution has a built-in dashboard, but the flexible solution also allows integration to the companies existing SEIM solutions.
Tonny Rabjerg: Highly Motivated Leader with Vast Experience
Tonny Rabjerg, CEO of CodeSealer has a broad international leadership experience within IT. Working for more than 30 years with application development and operation within companies such as SAS, Amadeus, Star Alliance and Danske Bank, he has a deep insight in IT Management. In his latest role, Tonny was responsible for Creation and Management of Danske IT and Support Services Indian, Private Limited, a subsidiary owned by a large Danish bank, managing more than 750 IT consultants and employees. Being appointed as a CEO of Security Ensuring Company, Tonny asserts “Entering into the security sectors does not only allows me to use my previous experience from the IT industry, but also an opportunity to see our product grow and gain market position, in a very interesting and expanding market.”
Widening the Reach across the World
While CodeSealer has been a part of sector solutions for the past 3 years, the company is now expanding its focus to new sectors and markets. The company already has partners in Indonesia, Dubai, Poland and cooperation with India, Italy, and Brazil and live customers in Indonesia. The firm was earlier focused on banks, but recently widened the focus to cloud solutions, such as HR and Financial systems, CRM and public sector, “Our solution isn’t specific to a sector as long as it is an online version using a web browser,” says Tonny.
Growing With Unique Solutions
CodeSealer has invested more than 50 years of development in its solution and today has a structured organization meeting requirements for an innovative solution and the highest of the quality in their solution. CodeSealers’ solution remains unique in the industry as it protects its end-users from the invisible – a key element in the solution. Along with the protection against unknown malware it increases the user acceptance and reduce the maintenance, and hence being accepted and acknowledged by the large spectrum of the industry.
In cooperation with the Danish Trade Commission in Italy, CodeSealer has entered into the Italian market.
The Italian market is an important market with many potential customers across our key sectors, Financial, Public, Accounting and Administration.
The first meeting with a large bank clearly indicated interest for our unique solution, not requiring any installation by the customer and a next step is being discussed.
Using the Danish Trade Commission is a part of our strategy, and our experiences from other markets has confirmed the effect and importance of the cooperation
CodeSealer raises 7 MDKK
81% INTEREST - HIGHEST EVER
In July CodeSealer was acquired by 2 private investors and has now raised an additional 7 MDKK in funding. The funding has been raised via Danish Business Angels, a group of investors supporting the innovation in the Danish market. At the presentation 81% of the participants indicated interest in investing, not only confirming the high interest for the security market but also for the solution offered by CodeSealer. “The increase in cyber crime and subsequent risk of negative press can cost millions for companies and along with new legislative regulations it has increased the interest for a unique products such as CodeSealer. We have over the last months seen an increasing demand from markets around the world and our new funding will allow us to implement our growth plans and further development” says Tonny Rabjerg, CEO of CodeSealer.
OUR UNIQUE SOLUTION
CodeSealer protects customers and end-users against Man-in-the-Middle and Man-in-the-Browser attacks, an area which today represents 10% of all cyber attacks and an area which is one of the fastest growing in cyber crime market. CodeSealer protects the customer by deployment of an INVISIBLE solution, not requiring any installation by the customer and protection of 100% of the users.
A successful week is coming to it's end. 3 Danish Fintech companies, CodeSealer, Festina Lente and Risk Butler meet potential customers and fintech companies in Sao Paulo.
The trip was organized by the Danish Consulate and Sao Paulo and during the week we met some of the largest banks in Brazil, investors, tax advisors and start-up companies.
I am extremely proud of the response we have gotten during the week, it clearly shows the interest for Danish innovation and the solutions we can bring to markets such as Brazil.
Getting to know the Brazilian market and it’s potential for companies such as CodeSealer has shown that Denmark has something to offer, even from small companies, but also that opportunities lies ahead if we as Danish companies work together with our Danish Foreign Ministry and it’s offices around the world.
Without the absolutely fantastic job done by Eva, Julia, Lauritz, Jessica and the rest of the staff at the consulate, we would never have been able to get access to banks having 80 Million customers or any of the successful investors in the market.
I am deeply thankful for the job done, everything just worked from the first contact to a well planned trip, down to the last detail, and at all time we felt the dedication and support from all. A special thanks to Julia, keep up the good work for CodeSealer and our colleagues in Denmark. Eva you can be proud of your team.
CodeSealer A/S signs partner deal with the Danish Trade Commission in Italy. As part of our new partner strategy we have today signed an agreement with the Danish Trade Commission in Italy. By signing the agreement we will get access to local knowledge and relations but also easy access to another interesting market. Our new partner strategy is to further increase partners around the world to promote, sell and ensure access to relevant customers
CodeSealer A/S extends it's partnership with the Danish Trade Commission and Innovation Center in India. Our collaboration with Tom Sebastian, provides us an entry to a very exiting market, both in respect to customers and partners, such as IT Service Providers. Since our first visit to India, we have been able to continue a very promising dialogue with several customers and with local help it has been like having our own setup in India. CodeSealer A/S is expanding the collaboration with the Danish Trade Commissions in Italy and Brazil and we hope to see the same results as in India
Recently the new EU Regulation on General Data Protection Regulation (GDPR) was passed in the EU. The new regulation focus on protection of customers and as such increase use of on-line channels.
A further increase of on-line channels as a distribution and sales channel is expected to increase sale and create new business in the range of 2.3 Billion EUR.
During the past, CodeSealer has actively participated in events in relation to the new regulation and our active participation in bodies such as Danish IT Association, Danish Industry Digital Association and Copenhagen Finance IT & Research has made us a valued provider of solutions in the compliance of the regulation.
Yesterday the British Chamber of Commerce, along with Dansk Erhverv and the EU had a full day seminar on the topic, opened by Mrs Vera Jourova, the EU Commissioner in charge.
While many companies focus on topics such as "The right to be forgotten" and assignment of a Security Responsible (DPO) only few have a plan for how to comply with "Privacy by Design / Default", meaning how do we design future on-line solutions with protection of data in mind?
While the new regulation won't take effect before May 2018, companies needs to understan, plan and execute now!
During the past months we have presented our product, WSF, as a lever in a total security setup. While most security products today focus on protection of data and access behind a Firewall, our product is designed to reduce the risk using on-line channels and to protect the customer and his/her data, by protecting against Man-in-the-Middle and Man-in-the-Browser.
We will continue our support for the implementation of the new GDPR and not least participate actively in fora such as the event yesterday and relevant industry bodies
Today India has more than 400 million banking customers and is one of the fastest moving markets on-line in the world.
In our search for new markets India is bringing huge opportunities within Banking and on-line companies.
The Danish Innovation Center, operated under the Danish Foreign Ministry, supports Danish companies in entering and setting up business in India.
The Innovation Center and CodeSealer will jointly meet potential customers and investors during the first week of April.
India is a very important market as in addition to the more normal customers it also gives access to a large number of IT development and hosting providers for which the unique WSF product can improve their deliveries and security.
CodeSealer joins the Danish IT Association and enters into the IT Security Advisory Group as member.
Being a member of the IT Association not only brings us closer to the colleagues and knowhow within the industry it also provides access to potential customers and a way to influence the Danish IT market.
CodeSealer is today an active member in DI-TEK, CFIR and now also the IT Association and is often used as guest speaker at events within the market. Our key message is that only by working together across sectors and industries can we provide the best possible security.
Cybercrime today has become an integrated part of our society and is today a multibillion dollar cost for the society. What can be done to protect your customer, your data and your business? The topic of this year’s ATV conference is how Denmark can protect itself against serious cybercrime. At the conference, speakers from government and private institutions will address how we as a society together can protect ourselves against attacks. CodeSealer will, at the conference, present its solution and participate in a panel discussion with 3 other vendors:
• CEO Søren Sennels, Dencrypt
• CEO Nikolaj H. Nielsen, Sepior
• Vice-president Research & Development, Tonny Rabjerg, CodeSealer
• Software Udvikler Anders Skovsgaard, TrustSkills.dk
While no company provides 100% security, a joint effort can lead to a significant security improvement in today’s setup. CodeSealer and its solution, WSF, is a key component in a secure setup and the way the solution encapsulates a web session handling provides an unseen security level for our clients and their customers.
The Red Herring Global Top 100 Award aims at high lighting the most promising and exciting startups from Asia, Europe and the Americas. Hundreds of companies from each region are reviewed in a thorough process that looks at all aspects of the company – based on both qualitative and quantitative metrics.
This year globally more than 2.800 companies within technology and life science participated, and the
200 finalists were invited to present their winning strategies at the Red Herring Global Final in Los Angeles, November 18-20 2013. The Top 100 winners were announced at a special awards ceremony on November 20 at the event.
“CodeSealer is very proud to have won the Red Herring Global Top 100 Award. First of all, it is a great recognition for all people behind our company. Furthermore, it confirms that we have set out the right strategic direction for the company, and that we have a unique product which helps customers solve recognized needs, which again represents a very large market with great growth potential for us,” says
Hans Middelburg, CEO of CodeSealer.
Over the last couple of months I have been guest speaker at events at Finans IT, Copenhagen IT University, DataExpert I Holland and a number of smaller events, on the topic of IT Security and what can be done.
The topic has focused around the fact that while many companies spend large amounts on IT Security it is still debatable if it is enough and will ever be. Cyber crime is an increasing industry and my argument is “how many banks can you rob at the same time, 1 and how many customers can you rob in cyber crime, 100 millions. What are the risk of being caught in a physical robbery vs a cyber robbery?”
Customer Expects It.
Customers today expect that when they access banks, public sites and any other sites, such as Facebook, Twitter etc., that the companies are doing what is required to use it safely. We have data stored in multiple places and as a customer we won’t be able to use the new medias unless we can trust the companies. As a customer I have no idea how the company protects my data, where it is stored and who have access to it, so trust is a must
Legislators Enforces It.
Within short the customer data protection law is going to be tightened. The original law was introduced in 1995, and since then the use of the internet and sharing of data has significantly increased. Earlier companies have focused on protection of data residing within their data centers but under the new law the company will be responsible for all data, including that flowing via the internet, mails etc., and outside the company’s protected site. The fines introduced can be significant (5% of yearly revenue) and many companies are now awaiting the final introduction and their next step
Reports Loves It.
What is better for a reporter than a good story in the news about Facebook who has been hacked, the Se & Hør case or,,, well what is next. While the amount of money being stolen in cyber crime is still at a limited level in most countries the damage to the reputation is essential. What does it cost a multinational company having an ambitious online strategy if they show up in a shit-storm as insure, in the news? I personally think this is one of the key factors for many companies and their investment in security solutions and a driver towards a safer environment for us all.
We Have To Protect It.
So how can we as IT professionals protect it? When the IT security responsible asks for money and the CIO has to choose between the new system that can reduce costs and increase sale vs the investment in IT security, what do they choose, especially if they have never been attacked?
Over the past I have again and again iterated that the best solution is a close cooperation between public and private sectors and not least across the industries. While there shall be no doubt that I hope to sell our solution I also see a need for sharing of information and the more I as a vendor know about the attacks, the better a solution I can deliver to potential customers.
In general all industries have agreed not to compete on security, which I think would be stupid to do, but how good are they at sharing their information? After 27 years within the airline industry, 2 as director in Star Alliance, I cannot imagine an airline network without a close cooperation, something organized by IATA/ATA and the 4 large alliances. So can we ever fight cyber crime if we don’t share and work together? In several countries a closer cooperation has started, though often only between the larger companies and within the same industry so let it by my wish for 2016 that an even closer cooperation will begin and we can all be safe using IT.
While we may still need to do more it is also important that we acknowledge what is being done and the fact that after all it is still more dangerous to drive on a winter day than using on-line solutions, and more money is still being stolen due to customers being lured to give away credentials.
Over the recent years we have heard about the success of sites like Dating.com and the speed-dating events where singles have great opportunities to meet potential partners in life. Now speed-dating also exist in the B-2-B market.
Last week CodeSealer was present at the FST Summit in Dublin. At the Financial Services Summit (FST) more than 25 vendors were present to showcase and meet potential customers.
Before the summit the vendors could propose potential “dates” (clients) they would like to meet and then GDS, the organization behind, would invite the customers for a “date”
At the summit itself a number of interesting workshops were held but the major difference between this “dating” type event and a regular conference was that we as customers didn’t have a stand and weren’t relying on catching people’s attention, the “speed-dating” was already agreed!
A large room was prepared, where each of the 25+ vendors had a simple table, no banners, no glossy screen, but just 40 minutes to present what they could offer, talk about “speed-dating”.
CodeSealer had 14 pre-booked meetings and during the presentation one of our customer referred additional potentials.
In each block we had 5 40 minutes sessions to make ourselves attractive and get the customers attention. After 15 presentations in 1.5 half day we went home tired, but also very satisfied.
We went home with 13 dates, or you may call it “appointments”, of which 4 have already led to agreed follow-up meetings and the remaining customers are still being approached. As a new vendor in the market of IT security getting 13 concrete appointments may require a lot of calling and not least a lot of coffee meetings with people who you hope can guide you to the decision makers, and here we met 13 in 1.5 days, and where most are the actual decision makers.
I just love speed-dating, at least the kind where I can be loyal to my wife and bring results to CodeSealer. We may have an INVISIBLE product but we want to be VISIBLE in the market of Web Security.
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
While this may not entirely be the case, as it is also about protecting your data, ensuring your operation and reducing your losses, it is for sure an important driver towards more security against Cyber Crime. Only by having trust from your customer can you make them transfer from traditional channels to online channels.
Yesterday CodeSealer participated in a very interesting conference, arranged by Atlantsammenslutning. Speakers at the conference were public and private companies, including Military Intelligence (FE), responsible for the new Cyber Crime strategy in Denmark, Syddansk University, Digitaliseringsstyrelsen, Police Cyber unit NC3, key speaker Dutch Cyber Security and Huawei along with security specialists and companies.
The key message in the conference was, Cyber Crimer is here to stay, or even more Cyber Crime will just grow over the coming years and government and criminals invest huge sums. Several of the concrete cases were discussed, such as CSC, Ransomware attacks and not least the recent terror attack in Denmark and how Cyber Terror in the future can be a threat to our society.
It is today estimated that 26.000 new malwares are introduced DAILY, and based on the latest report from Kapersky hackers has stolen more than 6 billion from banks.
The conference again confirmed that beside the huge challenge to keep up with the hackers, security is still being down prioritized compared to commercial projects. Somehow this can be compared to the recent attack on Denmark where police has asked for more training over years, and now after the terrible attack everyone agrees that it is needed. So do we really need a serious attack in Cyber Crime, before the money is invested in the best possible solution?
It was also stated, and to which I agree, that even with the best possible solution we cannot protect 100%, but at least we can make it more difficult. I compare this to locking your car, it doesn’t prevent it from being stolen, but locking your car, having electronic keys and maybe even an alarm increases the effort required. So having a Firewall and virus scan do protect a lot of potential attacks, but is it enough or do you need to look for additional solutions?
Several of the speakers also, again, highlighted the need for closer cooperation between the public and private sector but also within the private sector.
I have now participated in several conferences, heard the statements multiple times, and despite of this the reality is different. This was also the key message from COPITS and not least by the Dutch Cyber Security Council. It was interesting to see how far Holland is with their National Security Strategy. Denmark is still in an early stage, we have a strategy and now we need to move from words to action. In Denmark we do have security boards within separate industries, such as financial, but cooperation across industries are basically non-existent, something they have solved in Holland by having councils across public and private sectors, meeting on weekly basis and with dedicated employees, something similar to lobbying within the EU
During my previous roles within the airline industry, I have learned how important cooperation and network is, and for many years I have been member of boards within IATA/ATA/UN, and to a large degree this is the reason that we today can fly across multiple carriers in a seamless way. So where is the cooperation within Cyber Crime?. I can only recommend a closer cooperation and personally I try to connect to as many as possible to move towards closer cooperation, especially between public and private sector.
Overall a good conference, the knowledge about Cyber Crime is there, a large range of products can protect against known and unknown attacks, so next step is full scale implementation of strategies and solutions, at CodeSealer we are ready to be part of this
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
During the last days, we again and again have heard about companies and public sectors who have been hit by, often professional, hackers.
Based on a recent study, cybercrime may cost as much as 500 Billion USD on a worldwide basis, and just imagine how data theft and destructive hacking can impact the western world and soon be seen as cyber terror.
Having worked, only a few months within the industry of web security, it has opened my eyes on how important electronic security is for all sorts of companies, being it banks, governments and any other company transferring customer and critical data across the internet.
This week, I will, on behalf of CodeSealer, be guest speaker at “Digital Experience 2014” in Holland, a seminar organized by DataExpert. At the seminar I will present the unique solution developed by CodeSealer, but I also look forward to learning from the participants and key speakers and not least to have open discussions on how to prevent cybercrime in the future
While I do feel, that the press often overreact in their message, with focus in the negative, and Breaking News can be anything from a cat being hit by a car to a terrible disaster in the world, I do feel that cybercrime is a matter we should all be aware off. It should not stop us from using the amazing world of IT and the internet, but we all have to be aware and use our common sense, and act accordingly, by not sharing our information and protect it from being hampered or stolen. Do you know that most crimes today happens due to people being negligent with their data, passwords etc. rather than due to hacking and phishing
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Each day we read about cyber crime, hacking of personal data, financial theft and infiltration of large corporate and public institutions, so should I be scared or am I in safe hands
Well during the last 2 weeks I have worked on a competitor analysis and in depth understanding of the players within web and user security.
The latest report from Intel, indicate that cyber crime yearly cost the society more than 500 Billion USD.
The cost is not only what is being stolen but also calculating what companies and institutions are using in preventing data and financial theft.
In addition to the cost aspect, it is also important to remember the negative publicity you may experience, not to forget your difficulty in transferring your customers from traditional channels to electronic channels, something I think is often forgotten but which can be critical and costly to ignore.
A lot of the theft is caused by customers negligence with password and other authentication data, but also due to a wide range of attacks and latest by hacking requiring ransom money.
During my analysis, it is clear for me that no single product or vendor provide 100% security, if this is actually possible. I am surprised about the large number of vendors, being large or small, within the field of IT security, many with very smart solutions. Most larger institutions install a range of the products available in the market and this should provide a significant level of security. In my analysis I have also looked at different levels of security:
• Virus Protection
• Profiling and behavior analysis
• Web Session Protection
• Forensic Analysis
In addition to the harmful attacks we have also read about monitoring by authorities, use of our data for commercial aspects etc. For the monitoring by the authorities, I am personally of the opinion that I do not have anything to hide and if it can help the world being a more safe place, please feel free to monitor me.
For commercial usage I am somehow in doubt. In some way I am frustrated on how companies are selling my behavioral data and how this is used for commercial purposed. As an example, I have looked at a new B&O speaker and now I get advertisement about B&O speakers on all pages, facebook and I don’t know where. On the positive, having worked many years with CRM and digital marketing I am also aware how it helps companies providing relevant offers and products, rather than spamming me with un-useful products. I still remember when my bank offered me a child savings account, where what I needed was a retirement fund, should mention my kids are all older than 18.
So, should I be scared or am I in safe hands? I cannot say that you are in safe hands, but what I can clearly state that both vendors, companies and the authorities are doing what they can to protect you, and after all despite the huge losses I feel quite safe and compare it to, “Should I be afraid of flying?”
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Today I was a guest speaker at the ATV Innovation Network within Finance IT, conference at DTU in Copenhagen. The topic was Cyber Crime and what is being done to prevent attacks, as has been seen in the past.
The presenters included institutions such as Center for Cyber Crime, DK Military Defense. Estonian Cyber Crime prevention and specialists within the FSA and universities. Discussions on what is being done today, how can the universities adjust their curriculum within the security field and how do you balance data protection and the need for access to data to prevent crimes, were discussed.
The panel I participated in discussed how private startups can support the industry, why does new companies enter into the field and is there a future for the many startups.
The following are some of the key points from the conference:
•Cyber Crime is moving from Cyber Crime to Cyber Terror, something I have addressed in a previous blog. Each day we ready about terror attacks, causing insecurity, but imagine what would happen if we didn’t have electricity for a week and couldn’t use our visa card to buy our daily groceries nor get money from the ATM, Cyber Terror is a serious threat to our society.
•Companies and the public sector spends’ an increasing amount to protect their data and customers. Despite large investments, I have met companies that rather invest in commercial products and less so in security solutions. My fear here is not so much the financial impact, but more so that customers become doubtful of online solutions and chose a different vendor providing additional security, or a traditional distribution channel. It was stated that as many as 16% have chosen not to use an online solution due to fear of data and financial theft.
•Industrial espionage is an increasing market for hackers. Over the past we have seen attacks on several companies. Imagine how this could influence a country such as Denmark, being an innovation market. If we cannot protect our innovation what do we have left as a market?
•Hackers have changed from individuals sending a signal to highly professionals and government controlled bodies. In the last days we have heard how terrorist may have hacked the US government, but also how certain countries may have attacked companies such as Sony. It was stated that attacks sometimes are being planned for several months and recently North Korea increased their workforce in the Cyber War area to more than 6.000 employees.
•Universities needs to focus more on security solutions in their curriculum. While Norway today have a dedicated educations within the field of IT Security, Danish universities doesn’t even offer it as a single semester. Do we have sufficient skills to prevent the Cyber Crime, and how do we keep up with the pace in which new attacks are being developed. Somewhere I read that 1.000+ new attacks are introduced daily.
•There is no such thing as 100% solution, and only by working together can an optimal security be provided. While CodeSealer today provide a unique security for Web Browsers and Sessions we don’t provide a 100% solution. Only by implementing multiple and complimentary products will an effective solution be available.
My presentation was focused on the solution available from CodeSealer, a unique solution in which we obfuscate the code, perform further encryption and encapsulate the web browser, all in a way that no interaction is required by the user. Today it is estimated that 80% of all devices are infected but as our solution doesn’t try to clean the device, but instead protect against the attack it is a very efficient solution.
I also addressed the fact that no solution provide 100%. I today have an alarm at my house. This won’t stop the burglar from entering, but it will hopefully send him to neighbor instead. A security solution won’t protect against all persistent attacks, but hopefully send the hackers to less secure companies.
The key element of the day is that we have to stand together and a close cooperation is required if we want to protect critical data and companies.
When I first started in CodeSealer I contacted a number of government agencies. I asked if I could join their networks and also if we could work together and share information across our organizations. Unfortunately, no such network existed between public sectors and commercial companies. Do I need to say that I was very surprised? It is the commercial companies who will often develop solutions which will make the public sector safe. The public agencies have insights’ into attacks for which our solution shall protect and instead of using the synergies, we all spend extra resources doing similar investigations and solutions. During my time in the travel industry I participated in bodies such as IATA, ATA, UN and Star Alliance, all organizations in which companies, despite being competitors, worked together to make efficient solutions at the lowest possible price while providing customer benefits.
• No solution protect 100%
• Hackers become more and more sophisticated
• Only by cooperating can we provide the best possible security solution
• Provision of Security solutions is an increasing market
So are we doing enough? Well I think a lot is done but we can for sure do much more, but feel assured we do what we can and the dedication I experienced today makes me calm and feel secure.
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
While we have all heard about Cybercrime during the past years, how we have to be careful about our passwords and our bank transaction we have only seen the beginning of what may be an even bigger problem.
Pictures have been stolen from Facebook and Instagram. Sony has been hacked by unknown sources and now a nuclear plant in South Korea has been under attack, again by unknown sources.
Since 911 we have all feared another attack on the western world and each day we see horrible pictures from around the world where people lose their lives to physical terror.
Do we now see a new form of terror? Just imagine what would happen if hackers close the financial sector! No ATM, no credit card, no salary not to mention the fact that companies couldn’t sell and buy. Just imagine what would happens if we lost electricity, traffic lights went black, trains stopped, heating stopped and hospitals only operated as long as back-up power worked. Just imagine what would happen if the cooling for the nuclear plant went off, and the air traffic control went silent!
FBI IC3 group has stated that only by working together can we provide the best possible protection! Despite of this companies are still working alone to prevent attacks and only little cooperation is done within specific sectors. Many companies are investing huge sums to protect against attacks and the number of solutions available in the market is endless, though none provide a 100% security by itself.
The world is changing and while we should all be aware of potential danger we also have to live a normal life. We all know that an accident can happen the next time we take our car, but that doesn’t stop us from driving. As such we should not get paranoid and stop living, but we shall continue our life and trust that government and private companies are doing what they can to protect us, and so far they have done a great job. So with this I wish you a Merry Christmas, hope you will enjoy the holiday, switch off the electricity and light a candle, not because you have to but because you can, and enter 2015 in a safe manner, Happy Holidays
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Tomorrow is “Strømmens Dag”. On my way to the office, I listened to the radio, and the debate about what would happen if the electricity power suddenly disappeared. BS Christian, a man for whom I have a lot of respect, talked about how being without power can bring of closer to the basic values, but also how vulnerable we today are due to our dependency on power 24/7. Just imagine a world without power, traffic lights in black, the fridge not working, no heating, no banking transactions, no Dankort, no,,, the list can continue forever.
Last time we experienced a major outage was in 2003. I remember the day, do you? I was at a conference in Helsingborg, my car was in the garage. We couldn’t get out as the gate was closed, and when they finally managed to open the gate the ferry didn’t sail as the loading bridge wasn’t working. Having lived 3 years in India, where power failure is quite normal, you suddenly realize how important electricity is for our society.
Well we can be relaxed, we live in Denmark, good power supply, safe infrastructure and power 24/7,,, or is it safe?
In the new National Cyber Crime Strategy, done by the Danish Military Intelligence, on behalf of the government a breakdown of the Danish power supply has been identified as a top priority. So is Cyber Terror a potential threat?
In the same program they also talked about how attackers have hacked Gribskov commune and is now asking for ransom to release the data again. In a time where we know that 80% of all devices are infected, agencies such as the FBI is being hacked, how can we secure ourself our society and our power supply against Cyber Crime and Cyber Terror.
While the new Cyber Crime strategy addresses some of the potential threats, outlined reporting strategies and potential security risks what is being done to prevent these. It is also stated that there is no such things as a 100% security. With countries having as much as 6.000 employees to perform Cyber War it is impossible to have a 100% security.
I think the latest attacks and the potential risk in infrastructure shows that additional focus is required. The government has assigned responsibility to several agencies, but only by cooperating across the public and private sectors can we create the best possible security, so let’s get started,,, and please switch off the light tonight to save some energy and enjoy being able to switch it on again tomorrow!
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
For questions and comments, please contact us:
Well I guess this is of no news if you are today sitting as a CISO or security officer in a company. It is assumed that somewhere between 20 and 50.000 new attack vectors are introduced on a daily basis.
Lately we have heard about Ransomware and how all kind of companies and users were being attacked and suddenly security companies were rushing into the field of protecting against Ransomware.
While companies and security solutions become better in protecting behind the Firewall and the infrastructure, attackers start looking for new vulnerabilities. Today 10% of all cyber attacks are assumed to be Man-in-the-Browser attacks (Web attacks).
Attackers do know that most end users/customers aren’t maintaining up to date protection and according to numbers from FBI as many as 70-80% of all devices are today infected by some kind of virus. So when looking for the weakest link in the security setup, attackers are moving towards attacks via the users instead, a place which in most cases isn’t protected by the traditional solutions.
Where users believe that they are protected by SSL/TLS encryption (the keylock) most attackers attack after the data has been decrypted so where Man-in-the-Middle attacks may be rare, Man-in-the-Browser attacks are increasing.
Recently I met a bank that provided free software to be installed by their customers, and had advised that it was mandatory to do so. It turned out that as little as 12% of the customers had installed the software on their device, leaving the bank vulnerable and risking lack of local compliance to regulations, such as the future EU GDPR.
Today several companies provide protection for Web attacks and protection against Man-in-the-Browser and Man-in-the-Middle, but most of the solutions either requires that the user installs software on their device or they only protect against known attacks already identified and updated in signature files, this is where CodeSealers’ solution is different.
So next time you speak to your bank, your HR provider, your public service institute, your gaming company, your online retailer, your travel system, your,,, maybe you should ask if it is safe for you to use an online access and web browser, and if they protect against manipulation of your data!