CodeSealer recognized in Gartner Inc. “Financial Fraud Detection Strategy”
In June, CodeSealer participated in the Gartner Security Summit in Washington, the place where Jonathan Care and Tricia Phillips of Gartner, Inc. first presented their latest findings.
Their new Gartner report, Align Your Financial Fraud Detection Strategy with Gartner’s Capability Model, published on July 26, 2017, mentions CodeSealer as a potential vendor for User Interface Protection.
While protection such as behavior analysis and Firewall remain important defense perimeters a growing number of attacks are seen at the user device level, such as a browser, and new measures are needed.
Today it is estimated that only few (less than 20%) protects at the user device level. (UIP)
The new report from Gartner includes a new level User Interface Protection and states the following: “User interface protection (UIP): While the web application firewall protects against specific exploits, the UIP layer defends against specific business logic attacks that fraudsters use, including credential stuffing, impersonation using RATs, injection/medication of the Document Object Model (DOM), traffic interception and redirection, and session hijacking. UIP is commonly implemented as server-side scripts added to the website, and typically defends against advanced attack vectors such as Dridex, Kins, Zeus, Dyre and similar. Migration beyond this layer is typically driven by a need to defend against targeted fraud attacks by advanced fraudsters due to the high risk profile of the organization, either because of brand prominence or assets of value to an attacker.”1
Over the past, companies have focused on protection, behind the Firewall but with 10% (and growing) of all Cyber Crime happening at the browser level, the growing risk requires new defense perimeters.
Solutions, such as CodeSealer, can be integrated into the existing security infrastructure and combining UIP protection and monitoring with Risk Assessment tools will further increase the security level.
“Build an Application Stack That Is Extensible and Flexible, as No Single Vendor-Supplied Solution Will Fit All Fraud Prevention Needs”1
The number of security vendors are growing, and so is the need. No single provider provides a full security platform and lately it has been recommended that security is spread on multiple vendors, to allow full transparency.
CodeSealer provides INVISIBLE END-TO-END WEB SECURITY
• COMPLETELY INVISIBLE FOR THE USER
• NO INSTALLATION BY THE USER
• 100% USER COVERAGE UPON DEPLOYMENT, ON EXISTING HARDWARE
• PROTECTION ACROSS BROWSERS AND DEVICES
• PROTECTS INFECTED DEVICES
• PROTECTS AGAINST UNKNOWN MALWARE
For more information please contact Tonny Rabjerg, firstname.lastname@example.org and for the full report, please contact your Gartner representative. Gartner subscribers can click here to read the full report.
(note: text in italic represents the view of Gartner Inc., all remaining is written solely by CodeSealer)
1Gartner, Inc., Align Your Financial Fraud Detection Strategy with Gartner’s Capability Model, Jonathan Care and Tricia Phillips, July 26, 2017.d.
CodeSealer mentioned in Fintech Finance at Money 20/20
Money 20/20 in Copenhagen attracted financial experts from around the world, and is the largest financial conference in Europe. Codesealer was mentioned in the Fintech Finance magazine at the conference.
The article describes how focus is shifting and security becomes needs higher priority in future software development, but also how CodeSealer and our unique solution can support protecting the enterprises against manipulation of the web page (Fake News) and the user against attacks, and even without installation by the user.
CodeSealer invites to Webinar - 19 June 2017
At the latest Gartner Inc. Security Summit in Washington, Sr Analyst Jonathan Care presented his latest report on "Fraud Management Technologies", a report highlighting the need for new security measures to protect against new attack vectors.
CodeSealer intites to Webinar
PolaAt the latest Gartner Inc. Security Summit in Washington, Sr Analyst Jonathan Care presented his latest report on "Fraud Management Technologies", a report highlighting the need for new security measures to protect against new attack vectors.
Where traditional solutions have been built based on protection against known attacks, CodeSealer even protects against unknown malware and without installation by the customer, a clear advantage in a market where only 18% of users are willing to install security software.
80% of all companies are today vulnerable against web attacks, an area where 10% of all Cyber Crime happens, and with the increased Cyber Crime and new compliance regulations companies are putting their image at risk.
Learn more about our unique solution, protecting against Man-in-the-Browser at our Webinar
Check more at www.codesealer.com/webinar.html
CodeSealer today delivers a unique product to the market, to protect against Man-in-the-Browser and Man-in-the-Middle.
With the partnership, we will gain access to the large range of specialists within Gartner, Inc. specialists which are crucial for our expansion into new markets and sectors.
During our initial discussion with Gartner Analysts we have already presented how our product fits well into the market, as a security new layer, and the feedback and input received is valuable for our future development and market penetration.
Gartner, Inc. has with its’ many years of experience and knowhow an insight which we as a Fintech start-up can leverage on, an insight which will both provide us access to the vast number of reports available, but also a direct access to relevant key players in the security industry.
For many years, I have been using Gartner, Inc. as input in my decision making and I am now happy to use them as a partner in our market and product development, says Tonny Rabjerg.
CodeSealer delivers an INVISIBLE solution to protect against Man-in-the-Browser and Man-in-the-Middle, a solution which does NOT require installation by the user and even protects against unknown attacks. The solution is using dynamic obfuscation, encryption and monitoring of all activities in the browser.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. We deliver the technology-related insight necessary for our clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, we are the valuable partner to clients in more than 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, we work with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 7,900 associates, including over 1,700 research analysts and consultants, and clients in more than 90 countries.” – Gartner.com
CodeSealer: Invisible End-To-End Web Security
In the last few years, the rise of mobility and cloud has changed the human interface with technology. All the data is being stored in the sky, and customers all over the world has acquired the technology as it facilitate their every single act. Anyone can share data in the air and authorized person at the other corner of the world can access it in moments. But the presence of data in the cloud also demands the invincible security. Customers expect the companies—who invent technology—to close the loopholes in their own technology and protect them, customers also expects the legislators—they choose to govern—to enforce new and stronger regulations for their protection, but still there is nothing like a story on front of a newspaper, something than can cause a severe disruption in the customer’s business.
This forced the Companies to invest billions to protect their own customer’s data and infrastructure, behind the firewall, but only a few have successfully secured their customers and users in front of the firewall. The whole scenario of the web security can be hence summed into– “Customers Expects It, Regulators Enforce It, Press Loves It!”
A Company Founded Exclusively to Enhance Web Security
According to an authentic market research, about 20,000 new malware versions are introduced daily. 75% of all devices are stimulated infected, and more than 40% of all users have been attacked–often without realizing it. Cyber crime has today surpassed physical theft and while physical robbery may lead to arrest, cyber criminals ordinarily continue doing illegitimate acts sitting in a remote area and in countries where it becomes difficult to prosecute them. Knowing that “Physically, you can rob one bank at a time; but sitting on a computer, you can rob 100 million bank users,” cyber crime is at the zenith today.
Realizing the need of the era, Martin Boesgaard, a well-known name within the IT security industry, founded CodeSealer in 2011 with the sole motive of minimizing cyber attacks.
CodeSealer: A Trusted Partner in Web Session Protection
CodeSealer, an international company residing in Copenhagen, protects its customers against Man-in-the-Browser and Man-in-the-Middle attacks. Where other companies protect by installing software on the device, CodeSealer is completely invisible to the user and also protects against unknown malicious malware and on infected devices.
While protection of the customers and their data is becoming increasingly important, only a few companies provide security against web attacks. That’s when CodeSealer becomes the perfect choice for the customers which provides completely invisible protection.
CodeSealer today holds several patents and uses traditional solutions including signatures and blacklisting, CodeSealer is going another way and today have what has been identified as a unique solution. The solution is deployed on existing platforms and infrastructure, without any additional hardware, and upon deployment, all the users get immediately protected.
Highly Acclaimed Products
Today when many companies have spread out their focus, CodeSealer remain focused on protection of web usage. CodeSealer offers two products providing full support against web attacks.
The browser is protected by encapsulating the client and constantly monitoring illegal changes, using integrity checks. If an attack is seen CodeSealer aborts the session and provides notification to the company. CodeSealer’s solution has a built-in dashboard, but the flexible solution also allows integration to the companies existing SEIM solutions.
Tonny Rabjerg: Highly Motivated Leader with Vast Experience
Tonny Rabjerg, CEO of CodeSealer has a broad international leadership experience within IT. Working for more than 30 years with application development and operation within companies such as SAS, Amadeus, Star Alliance and Danske Bank, he has a deep insight in IT Management. In his latest role, Tonny was responsible for Creation and Management of Danske IT and Support Services Indian, Private Limited, a subsidiary owned by a large Danish bank, managing more than 750 IT consultants and employees. Being appointed as a CEO of Security Ensuring Company, Tonny asserts “Entering into the security sectors does not only allows me to use my previous experience from the IT industry, but also an opportunity to see our product grow and gain market position, in a very interesting and expanding market.”
Widening the Reach across the World
While CodeSealer has been a part of sector solutions for the past 3 years, the company is now expanding its focus to new sectors and markets. The company already has partners in Indonesia, Dubai, Poland and cooperation with India, Italy, and Brazil and live customers in Indonesia. The firm was earlier focused on banks, but recently widened the focus to cloud solutions, such as HR and Financial systems, CRM and public sector, “Our solution isn’t specific to a sector as long as it is an online version using a web browser,” says Tonny.
Growing With Unique Solutions
CodeSealer has invested more than 50 years of development in its solution and today has a structured organization meeting requirements for an innovative solution and the highest of the quality in their solution. CodeSealers’ solution remains unique in the industry as it protects its end-users from the invisible – a key element in the solution. Along with the protection against unknown malware it increases the user acceptance and reduce the maintenance, and hence being accepted and acknowledged by the large spectrum of the industry.
CYBER CRIME AS A GROWING MARKET
Las week I had an interview with an Italian magazine. We discussed how the Cyber Crime market has increased over the past years and not least how it is growing and hits all type of companies.
Today you can find job postings for a job as “hacker”, government hires IT professionals to perform Cyber Crime and it is assumed that the Cyber Crime market has surpassed the drug market in many countries.
A Cyber Crime attack can today be bought on the internet for as little as 50 USD, so just imagine what the result of a bad customer experience or a layoff may result in!
CUSTOMERS EXPECTS IT, LEGISLATORS ENFORCES IT, PRESS LOVES IT
While more and more business is done in on-line channels, it is also increasing the requirement for customer protection. It wasn’t many years ago where we installed multiple security solutions, until todays’ setup where customers expect sessions and browsers to be safe, and companies to take care.
While customers expects’ the companies to take full responsibility, we also know that as little as 20% of companies have protection for their users in the browser, and those who have solutions requiring installation has learned that this is past history.
THE BIG BAD EU GDPR
At the same time as the customer expects’ a safe environment, we see new regulations, such as the EU GDPR. What I expressed to the journalist, is that we should not see the new EU GDPR as an expensive limitation for companies but rather see it as a mean to protect all of us from the increasing Cyber Crime. Remember that the current regulation is from the very early days of the web and a time where Cyber Crime was a virus on a server or a DDoS attack.
Is there anything better than free publicity by the press? Well I guess it matters if the publicity is due to a security breach and a story about how customers were attacked and data was misused or lost.
While it may be easy to calculate the ROI for purchasing of IT Security Software vs theft, it may be difficult to do it against bad publicity and loss of customer trust.
The press just loves a good story, and Cyber Crime is selling, but don't forget that it also helps us by ensuring that companies takes responsibility.
Well those who say that they can provide 100% Safety can also sell "Sand in Sahara" and a 20 year old car as “Good as new”. 100% Security doesn’t exist, but having said this we can together make it safer, by increasing the skills and education around “responsible behavior”, implementation of relevant security products and a closer cooperation across sectors, companies and IT bodies.
“Having an alarm on my house doesn’t prevent anybody from breaking in, but hopefully sends to the neighbor instead”
I am looking forward to the result of the interview and not least how the increased awareness can help “Make IT Safe”, our new vision for 2020.
CodeSealer INSIBLE END-TO-END WEB SECURITY participates actively in industry bodies such as IT-Association Security Council, DI Danish Business Association Digital Cooperation and Copenhagen Fintech, and delivers security solutions against Man-in-the-Browser and Man-in-the-Middle attacks, completely INVISBLE and without installation on the users device.
Over the last couple of months I have been guest speaker at events at Finans IT, Copenhagen IT University, DataExpert I Holland and a number of smaller events, on the topic of IT Security and what can be done.
The topic has focused around the fact that while many companies spend large amounts on IT Security it is still debatable if it is enough and will ever be. Cyber crime is an increasing industry and my argument is “how many banks can you rob at the same time, 1 and how many customers can you rob in cyber crime, 100 millions. What are the risk of being caught in a physical robbery vs a cyber robbery?”
Customer Expects It.
Customers today expect that when they access banks, public sites and any other sites, such as Facebook, Twitter etc., that the companies are doing what is required to use it safely. We have data stored in multiple places and as a customer we won’t be able to use the new medias unless we can trust the companies. As a customer I have no idea how the company protects my data, where it is stored and who have access to it, so trust is a must
Legislators Enforces It.
Within short the customer data protection law is going to be tightened. The original law was introduced in 1995, and since then the use of the internet and sharing of data has significantly increased. Earlier companies have focused on protection of data residing within their data centers but under the new law the company will be responsible for all data, including that flowing via the internet, mails etc., and outside the company’s protected site. The fines introduced can be significant (5% of yearly revenue) and many companies are now awaiting the final introduction and their next step
Reports Loves It.
What is better for a reporter than a good story in the news about Facebook who has been hacked, the Se & Hør case or,,, well what is next. While the amount of money being stolen in cyber crime is still at a limited level in most countries the damage to the reputation is essential. What does it cost a multinational company having an ambitious online strategy if they show up in a shit-storm as insure, in the news? I personally think this is one of the key factors for many companies and their investment in security solutions and a driver towards a safer environment for us all.
We Have To Protect It.
So how can we as IT professionals protect it? When the IT security responsible asks for money and the CIO has to choose between the new system that can reduce costs and increase sale vs the investment in IT security, what do they choose, especially if they have never been attacked?
Over the past I have again and again iterated that the best solution is a close cooperation between public and private sectors and not least across the industries. While there shall be no doubt that I hope to sell our solution I also see a need for sharing of information and the more I as a vendor know about the attacks, the better a solution I can deliver to potential customers.
In general all industries have agreed not to compete on security, which I think would be stupid to do, but how good are they at sharing their information? After 27 years within the airline industry, 2 as director in Star Alliance, I cannot imagine an airline network without a close cooperation, something organized by IATA/ATA and the 4 large alliances. So can we ever fight cyber crime if we don’t share and work together? In several countries a closer cooperation has started, though often only between the larger companies and within the same industry so let it by my wish for 2016 that an even closer cooperation will begin and we can all be safe using IT.
While we may still need to do more it is also important that we acknowledge what is being done and the fact that after all it is still more dangerous to drive on a winter day than using on-line solutions, and more money is still being stolen due to customers being lured to give away credentials.
Over the recent years we have heard about the success of sites like Dating.com and the speed-dating events where singles have great opportunities to meet potential partners in life. Now speed-dating also exist in the B-2-B market.
Last week CodeSealer was present at the FST Summit in Dublin. At the Financial Services Summit (FST) more than 25 vendors were present to showcase and meet potential customers.
Before the summit the vendors could propose potential “dates” (clients) they would like to meet and then GDS, the organization behind, would invite the customers for a “date”
At the summit itself a number of interesting workshops were held but the major difference between this “dating” type event and a regular conference was that we as customers didn’t have a stand and weren’t relying on catching people’s attention, the “speed-dating” was already agreed!
A large room was prepared, where each of the 25+ vendors had a simple table, no banners, no glossy screen, but just 40 minutes to present what they could offer, talk about “speed-dating”.
CodeSealer had 14 pre-booked meetings and during the presentation one of our customer referred additional potentials.
In each block we had 5 40 minutes sessions to make ourselves attractive and get the customers attention. After 15 presentations in 1.5 half day we went home tired, but also very satisfied.
We went home with 13 dates, or you may call it “appointments”, of which 4 have already led to agreed follow-up meetings and the remaining customers are still being approached. As a new vendor in the market of IT security getting 13 concrete appointments may require a lot of calling and not least a lot of coffee meetings with people who you hope can guide you to the decision makers, and here we met 13 in 1.5 days, and where most are the actual decision makers.
I just love speed-dating, at least the kind where I can be loyal to my wife and bring results to CodeSealer. We may have an INVISIBLE product but we want to be VISIBLE in the market of Web Security.
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
While this may not entirely be the case, as it is also about protecting your data, ensuring your operation and reducing your losses, it is for sure an important driver towards more security against Cyber Crime. Only by having trust from your customer can you make them transfer from traditional channels to online channels.
Yesterday CodeSealer participated in a very interesting conference, arranged by Atlantsammenslutning. Speakers at the conference were public and private companies, including Military Intelligence (FE), responsible for the new Cyber Crime strategy in Denmark, Syddansk University, Digitaliseringsstyrelsen, Police Cyber unit NC3, key speaker Dutch Cyber Security and Huawei along with security specialists and companies.
The key message in the conference was, Cyber Crimer is here to stay, or even more Cyber Crime will just grow over the coming years and government and criminals invest huge sums. Several of the concrete cases were discussed, such as CSC, Ransomware attacks and not least the recent terror attack in Denmark and how Cyber Terror in the future can be a threat to our society.
It is today estimated that 26.000 new malwares are introduced DAILY, and based on the latest report from Kapersky hackers has stolen more than 6 billion from banks.
The conference again confirmed that beside the huge challenge to keep up with the hackers, security is still being down prioritized compared to commercial projects. Somehow this can be compared to the recent attack on Denmark where police has asked for more training over years, and now after the terrible attack everyone agrees that it is needed. So do we really need a serious attack in Cyber Crime, before the money is invested in the best possible solution?
It was also stated, and to which I agree, that even with the best possible solution we cannot protect 100%, but at least we can make it more difficult. I compare this to locking your car, it doesn’t prevent it from being stolen, but locking your car, having electronic keys and maybe even an alarm increases the effort required. So having a Firewall and virus scan do protect a lot of potential attacks, but is it enough or do you need to look for additional solutions?
Several of the speakers also, again, highlighted the need for closer cooperation between the public and private sector but also within the private sector.
I have now participated in several conferences, heard the statements multiple times, and despite of this the reality is different. This was also the key message from COPITS and not least by the Dutch Cyber Security Council. It was interesting to see how far Holland is with their National Security Strategy. Denmark is still in an early stage, we have a strategy and now we need to move from words to action. In Denmark we do have security boards within separate industries, such as financial, but cooperation across industries are basically non-existent, something they have solved in Holland by having councils across public and private sectors, meeting on weekly basis and with dedicated employees, something similar to lobbying within the EU
During my previous roles within the airline industry, I have learned how important cooperation and network is, and for many years I have been member of boards within IATA/ATA/UN, and to a large degree this is the reason that we today can fly across multiple carriers in a seamless way. So where is the cooperation within Cyber Crime?. I can only recommend a closer cooperation and personally I try to connect to as many as possible to move towards closer cooperation, especially between public and private sector.
Overall a good conference, the knowledge about Cyber Crime is there, a large range of products can protect against known and unknown attacks, so next step is full scale implementation of strategies and solutions, at CodeSealer we are ready to be part of this
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
During the last days, we again and again have heard about companies and public sectors who have been hit by, often professional, hackers.
Based on a recent study, cybercrime may cost as much as 500 Billion USD on a worldwide basis, and just imagine how data theft and destructive hacking can impact the western world and soon be seen as cyber terror.
Having worked, only a few months within the industry of web security, it has opened my eyes on how important electronic security is for all sorts of companies, being it banks, governments and any other company transferring customer and critical data across the internet.
This week, I will, on behalf of CodeSealer, be guest speaker at “Digital Experience 2014” in Holland, a seminar organized by DataExpert. At the seminar I will present the unique solution developed by CodeSealer, but I also look forward to learning from the participants and key speakers and not least to have open discussions on how to prevent cybercrime in the future
While I do feel, that the press often overreact in their message, with focus in the negative, and Breaking News can be anything from a cat being hit by a car to a terrible disaster in the world, I do feel that cybercrime is a matter we should all be aware off. It should not stop us from using the amazing world of IT and the internet, but we all have to be aware and use our common sense, and act accordingly, by not sharing our information and protect it from being hampered or stolen. Do you know that most crimes today happens due to people being negligent with their data, passwords etc. rather than due to hacking and phishing
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Each day we read about cyber crime, hacking of personal data, financial theft and infiltration of large corporate and public institutions, so should I be scared or am I in safe hands
Well during the last 2 weeks I have worked on a competitor analysis and in depth understanding of the players within web and user security.
The latest report from Intel, indicate that cyber crime yearly cost the society more than 500 Billion USD.
The cost is not only what is being stolen but also calculating what companies and institutions are using in preventing data and financial theft.
In addition to the cost aspect, it is also important to remember the negative publicity you may experience, not to forget your difficulty in transferring your customers from traditional channels to electronic channels, something I think is often forgotten but which can be critical and costly to ignore.
A lot of the theft is caused by customers negligence with password and other authentication data, but also due to a wide range of attacks and latest by hacking requiring ransom money.
During my analysis, it is clear for me that no single product or vendor provide 100% security, if this is actually possible. I am surprised about the large number of vendors, being large or small, within the field of IT security, many with very smart solutions. Most larger institutions install a range of the products available in the market and this should provide a significant level of security. In my analysis I have also looked at different levels of security:
• Virus Protection
• Profiling and behavior analysis
• Web Session Protection
• Forensic Analysis
In addition to the harmful attacks we have also read about monitoring by authorities, use of our data for commercial aspects etc. For the monitoring by the authorities, I am personally of the opinion that I do not have anything to hide and if it can help the world being a more safe place, please feel free to monitor me.
For commercial usage I am somehow in doubt. In some way I am frustrated on how companies are selling my behavioral data and how this is used for commercial purposed. As an example, I have looked at a new B&O speaker and now I get advertisement about B&O speakers on all pages, facebook and I don’t know where. On the positive, having worked many years with CRM and digital marketing I am also aware how it helps companies providing relevant offers and products, rather than spamming me with un-useful products. I still remember when my bank offered me a child savings account, where what I needed was a retirement fund, should mention my kids are all older than 18.
So, should I be scared or am I in safe hands? I cannot say that you are in safe hands, but what I can clearly state that both vendors, companies and the authorities are doing what they can to protect you, and after all despite the huge losses I feel quite safe and compare it to, “Should I be afraid of flying?”
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Today I was a guest speaker at the ATV Innovation Network within Finance IT, conference at DTU in Copenhagen. The topic was Cyber Crime and what is being done to prevent attacks, as has been seen in the past.
The presenters included institutions such as Center for Cyber Crime, DK Military Defense. Estonian Cyber Crime prevention and specialists within the FSA and universities. Discussions on what is being done today, how can the universities adjust their curriculum within the security field and how do you balance data protection and the need for access to data to prevent crimes, were discussed.
The panel I participated in discussed how private startups can support the industry, why does new companies enter into the field and is there a future for the many startups.
The following are some of the key points from the conference:
•Cyber Crime is moving from Cyber Crime to Cyber Terror, something I have addressed in a previous blog. Each day we ready about terror attacks, causing insecurity, but imagine what would happen if we didn’t have electricity for a week and couldn’t use our visa card to buy our daily groceries nor get money from the ATM, Cyber Terror is a serious threat to our society.
•Companies and the public sector spends’ an increasing amount to protect their data and customers. Despite large investments, I have met companies that rather invest in commercial products and less so in security solutions. My fear here is not so much the financial impact, but more so that customers become doubtful of online solutions and chose a different vendor providing additional security, or a traditional distribution channel. It was stated that as many as 16% have chosen not to use an online solution due to fear of data and financial theft.
•Industrial espionage is an increasing market for hackers. Over the past we have seen attacks on several companies. Imagine how this could influence a country such as Denmark, being an innovation market. If we cannot protect our innovation what do we have left as a market?
•Hackers have changed from individuals sending a signal to highly professionals and government controlled bodies. In the last days we have heard how terrorist may have hacked the US government, but also how certain countries may have attacked companies such as Sony. It was stated that attacks sometimes are being planned for several months and recently North Korea increased their workforce in the Cyber War area to more than 6.000 employees.
•Universities needs to focus more on security solutions in their curriculum. While Norway today have a dedicated educations within the field of IT Security, Danish universities doesn’t even offer it as a single semester. Do we have sufficient skills to prevent the Cyber Crime, and how do we keep up with the pace in which new attacks are being developed. Somewhere I read that 1.000+ new attacks are introduced daily.
•There is no such thing as 100% solution, and only by working together can an optimal security be provided. While CodeSealer today provide a unique security for Web Browsers and Sessions we don’t provide a 100% solution. Only by implementing multiple and complimentary products will an effective solution be available.
My presentation was focused on the solution available from CodeSealer, a unique solution in which we obfuscate the code, perform further encryption and encapsulate the web browser, all in a way that no interaction is required by the user. Today it is estimated that 80% of all devices are infected but as our solution doesn’t try to clean the device, but instead protect against the attack it is a very efficient solution.
I also addressed the fact that no solution provide 100%. I today have an alarm at my house. This won’t stop the burglar from entering, but it will hopefully send him to neighbor instead. A security solution won’t protect against all persistent attacks, but hopefully send the hackers to less secure companies.
The key element of the day is that we have to stand together and a close cooperation is required if we want to protect critical data and companies.
When I first started in CodeSealer I contacted a number of government agencies. I asked if I could join their networks and also if we could work together and share information across our organizations. Unfortunately, no such network existed between public sectors and commercial companies. Do I need to say that I was very surprised? It is the commercial companies who will often develop solutions which will make the public sector safe. The public agencies have insights’ into attacks for which our solution shall protect and instead of using the synergies, we all spend extra resources doing similar investigations and solutions. During my time in the travel industry I participated in bodies such as IATA, ATA, UN and Star Alliance, all organizations in which companies, despite being competitors, worked together to make efficient solutions at the lowest possible price while providing customer benefits.
• No solution protect 100%
• Hackers become more and more sophisticated
• Only by cooperating can we provide the best possible security solution
• Provision of Security solutions is an increasing market
So are we doing enough? Well I think a lot is done but we can for sure do much more, but feel assured we do what we can and the dedication I experienced today makes me calm and feel secure.
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
While we have all heard about Cybercrime during the past years, how we have to be careful about our passwords and our bank transaction we have only seen the beginning of what may be an even bigger problem.
Pictures have been stolen from Facebook and Instagram. Sony has been hacked by unknown sources and now a nuclear plant in South Korea has been under attack, again by unknown sources.
Since 911 we have all feared another attack on the western world and each day we see horrible pictures from around the world where people lose their lives to physical terror.
Do we now see a new form of terror? Just imagine what would happen if hackers close the financial sector! No ATM, no credit card, no salary not to mention the fact that companies couldn’t sell and buy. Just imagine what would happens if we lost electricity, traffic lights went black, trains stopped, heating stopped and hospitals only operated as long as back-up power worked. Just imagine what would happen if the cooling for the nuclear plant went off, and the air traffic control went silent!
FBI IC3 group has stated that only by working together can we provide the best possible protection! Despite of this companies are still working alone to prevent attacks and only little cooperation is done within specific sectors. Many companies are investing huge sums to protect against attacks and the number of solutions available in the market is endless, though none provide a 100% security by itself.
The world is changing and while we should all be aware of potential danger we also have to live a normal life. We all know that an accident can happen the next time we take our car, but that doesn’t stop us from driving. As such we should not get paranoid and stop living, but we shall continue our life and trust that government and private companies are doing what they can to protect us, and so far they have done a great job. So with this I wish you a Merry Christmas, hope you will enjoy the holiday, switch off the electricity and light a candle, not because you have to but because you can, and enter 2015 in a safe manner, Happy Holidays
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
Tomorrow is “Strømmens Dag”. On my way to the office, I listened to the radio, and the debate about what would happen if the electricity power suddenly disappeared. BS Christian, a man for whom I have a lot of respect, talked about how being without power can bring of closer to the basic values, but also how vulnerable we today are due to our dependency on power 24/7. Just imagine a world without power, traffic lights in black, the fridge not working, no heating, no banking transactions, no Dankort, no,,, the list can continue forever.
Last time we experienced a major outage was in 2003. I remember the day, do you? I was at a conference in Helsingborg, my car was in the garage. We couldn’t get out as the gate was closed, and when they finally managed to open the gate the ferry didn’t sail as the loading bridge wasn’t working. Having lived 3 years in India, where power failure is quite normal, you suddenly realize how important electricity is for our society.
Well we can be relaxed, we live in Denmark, good power supply, safe infrastructure and power 24/7,,, or is it safe?
In the new National Cyber Crime Strategy, done by the Danish Military Intelligence, on behalf of the government a breakdown of the Danish power supply has been identified as a top priority. So is Cyber Terror a potential threat?
In the same program they also talked about how attackers have hacked Gribskov commune and is now asking for ransom to release the data again. In a time where we know that 80% of all devices are infected, agencies such as the FBI is being hacked, how can we secure ourself our society and our power supply against Cyber Crime and Cyber Terror.
While the new Cyber Crime strategy addresses some of the potential threats, outlined reporting strategies and potential security risks what is being done to prevent these. It is also stated that there is no such things as a 100% security. With countries having as much as 6.000 employees to perform Cyber War it is impossible to have a 100% security.
I think the latest attacks and the potential risk in infrastructure shows that additional focus is required. The government has assigned responsibility to several agencies, but only by cooperating across the public and private sectors can we create the best possible security, so let’s get started,,, and please switch off the light tonight to save some energy and enjoy being able to switch it on again tomorrow!
Published by Tonny Rabjerg, CIO - https://tonnyrabjerg.wordpress.com/
For questions and comments, please contact us:
Well I guess this is of no news if you are today sitting as a CISO or security officer in a company. It is assumed that somewhere between 20 and 50.000 new attack vectors are introduced on a daily basis.
Lately we have heard about Ransomware and how all kind of companies and users were being attacked and suddenly security companies were rushing into the field of protecting against Ransomware.
While companies and security solutions become better in protecting behind the Firewall and the infrastructure, attackers start looking for new vulnerabilities. Today 10% of all cyber attacks are assumed to be Man-in-the-Browser attacks (Web attacks).
Attackers do know that most end users/customers aren’t maintaining up to date protection and according to numbers from FBI as many as 70-80% of all devices are today infected by some kind of virus. So when looking for the weakest link in the security setup, attackers are moving towards attacks via the users instead, a place which in most cases isn’t protected by the traditional solutions.
Where users believe that they are protected by SSL/TLS encryption (the keylock) most attackers attack after the data has been decrypted so where Man-in-the-Middle attacks may be rare, Man-in-the-Browser attacks are increasing.
Recently I met a bank that provided free software to be installed by their customers, and had advised that it was mandatory to do so. It turned out that as little as 12% of the customers had installed the software on their device, leaving the bank vulnerable and risking lack of local compliance to regulations, such as the future EU GDPR.
Today several companies provide protection for Web attacks and protection against Man-in-the-Browser and Man-in-the-Middle, but most of the solutions either requires that the user installs software on their device or they only protect against known attacks already identified and updated in signature files, this is where CodeSealers’ solution is different.
So next time you speak to your bank, your HR provider, your public service institute, your gaming company, your online retailer, your travel system, your,,, maybe you should ask if it is safe for you to use an online access and web browser, and if they protect against manipulation of your data!