Stop us if you have heard this one before: Who led the digital transformation of your company, the CEO, CTO or COVID-19? Light-hearted jibes aside, there is more than a grain of truth to the joke. Given the stay-at-home orders and restrictions against large in-person gatherings, the COVID-19 pandemic has accelerated digital transformation as more and more businesses move their operations online, with digital workplaces rapidly replacing traditional offices. And as with any new workplace, security is paramount.
But how do you keep yourself safe in a digital environment?
The key is to look at yourself from a hacker’s perspective and consider what information you have made available for hackers.
Mr Mikko Niemelä
Founder and CEO Cyber Intelligence House
“Everything you put online needs to be resilient enough to be there,” he said, explaining that hackers base their attacks on all the available information they can find on a potential target. “Hacker robots automatically scan and look for potential targets. When those are found, human hackers use this to support their attacking attempts.”
This is where Cyber Intelligence House comes in. Like a medical check-up that screens for health problems before they worsen, the Singapore-based company’s cybersecurity system provides a snapshot that helps organisations discover and respond to emerging cyber exposure threats.
Building the blueprints of the house
After a decade spent working in the offensive side of cybersecurity, Mr Niemelä founded Cyber Intelligence House in 2015 to specialise in monitoring and detecting cyber exposure.
“While testing and identifying vulnerabilities and weaknesses of systems and organizations, we noticed a new trend in demand. Our customers started asking if it was possible to detect if someone has breached them already,” recounted Mr Niemelä. “After some research, we found that organizations value information about attack preparation and their overall exposure.”
Just like in health screening, early detection is key in cybersecurity as well: even the smallest cyber exposure incident—such as a data or password leak—could lead to further and often more devastating attacks.
Cyber Intelligence House provides helps to ensure that organisations can react early to breaches and implement the necessary steps to mitigate risk and deter attackers.
Some of Cyber Intelligence House’s solutions include a crawler data acquisition system that searches for exposed information in real-time and visualises vulnerable assets to provide an attacker’s view of an organisation. Their Personnel Risk module also pulls data from multiple online sources to identify publicly-available information that could compromised individuals in the organisation. Without revealing personal details, the module also suggests ways individuals could minimise the risk of harmful exposure online.
Finally, the company’s unique automation infrastructure allows for continuous testing and monitoring across a variety of digital assets while their in-house team of analysts stand ready to provide further advice.
Taking the steps to a safer digital future
According to Mr Niemelä, a robust cybersecurity system is especially relevant for increasingly digital businesses. The sort of organisations that stand to benefit most from Cyber Intelligence House’s services are those that have many visible internet-facing ICT assets such as servers, extranets, firewalls, web applications and interfaces.
“The more digital the organization goes, the more exposure they have. Their attack surface is large and the greatest successes come from reducing this surface and then monitoring it,” he said. Cyber Intelligence House currently works with a broad range of clients, which includes companies, government agencies, regulators, investors, e-commerce platforms, and even law enforcement agencies such as Interpol and the United Nations Office on Drugs and Crime.
Cyber Intelligence House has seen its reputation boosted after recently being accredited by IMDA, a move that Mr Niemelä said has brought them both credibility and potential new clients. "The evaluation process was very comprehensive and companies who can’t deliver what they promise will never be able to pass it. It also helps our clients in their procurement as they don’t need to conduct extensive validation,” he shared, adding that more SMEs are now more open to work with them to assess their cyber security risks.
Of course, Mr Niemelä, who has also written a book on cyberattacks, is not resting easy just yet. Over the next five years, he plans to expand his customer base and raise the standards of cybersecurity across even more industries.
“We want to utilize our technology and make exposure monitoring a standard cybersecurity process in all sizes of companies,” he said. “Many attacks would have been prevented if only the organizations had known what they looked like from the outside.”
This feature is the fifth in a series of articles profiling accredited companies under IMDA’s Accreditation@SG Digital (Accreditation@SGD) programme. First launched in July 2014, Accreditation@SGD contributes to an innovative infocomm media ecosystem by accrediting promising Singapore-based tech product companies to establish their credentials, build business traction, and help them to grow and compete in the global market. The evaluation process provides an independent third party evaluation on the SGD-accredited companies’ claimed product core functionalities and ability to deliver.
As of February 2020, over S$430 million worth of project opportunities have been created for accredited companies. Close to 1,000 projects have also been awarded. For more information, please refer to this link: www.imda.gov.sg/accreditation
.webp)