Businesses are finding themselves in the unviable position of having to deal with rampant cyberthreats while they push their Digital Transformation strategies forward and continue to navigate the remote workforce environment. Improving cyber-resilience can be a daunting task especially for organisations that have resource constraints due to the pandemic. Having visibility of technology ecosystems, from the perspective of attackers, is essential. Rami El Malak, CEO and co-founder of spiderSilk, the region’s first cybersecurity product company specialising in attack surface management and threat detection, tells Intelligent SME.tech why organisations of all sizes and cybersecurity maturity need to address this, as well as why the Middle East is a strategic growth region for the company.
Challenges and threats for SMEs
More businesses are digital today than ever before. As a result of that, digital footprints keep increasing, which means that there are significantly more entry points and vulnerabilities for cybercriminals to exploit. It’s no surprise then that we hear of new breaches with every news cycle.
We’ve seen a fivefold rise in the number of security incidents and breaches in 2020 and US$1 trillion was lost to cybercrime during that same year.
There are other trends that have exacerbated this issue. Cyberattacks used to be sophisticated and in the realm of nation states and cybercrime syndicates. But not anymore. They’ve been democratised so pretty much anyone with a couple of hundred dollars’ worth of tools can cause damage.
And these breaches aren’t just occurring due to persistency of intent by malicious actors but, interestingly, many of these data leakages are a result of a simple human error. More than half the data leakages that happened last year were the result of simple misconfigurations or human negligence.
With regulatory frameworks and data privacy laws coming into play, data breaches have also become more costly than ever, with the average breach in the region costing US$6 million (according to IBM).
Attack surface management
Historically, organisations used to be in a particular line of business and would use IT to support that. With the increase in digitisation and online presence, we’re seeing that IT is now at the core of many businesses.
And this has created new opportunities for organisations but also a host of challenges and risks that they need to mitigate.
Having to work with rapid development environments and third parties (vendors, agencies, partners, etc) means your technology ecosystems are expanding in size and frequently changing in nature. Being able to continuously keep track of where these assets might be hosted and the vulnerabilities and threats that they are exposed to has become a very complex proposition.
How spiderSilk helps organisations tackle some of these challenges
We are driven by a simple idea. The more we can make attack surface management mainstream, the harder we make it for cybercriminals to find assets to exploit.
We knew first-hand that security teams are stretched thin, so we needed to build a platform that could provide them with aircover and support. We had to help them achieve comprehensive visibility with zero effort or input from their end.
We help uncover the ‘unknown unknowns’ – assets that you might not have even been aware of, sitting out there on the open Internet and publicly exposed. But also visibility of where all their assets reside, geographically, as well as by cloud provider, or data centre.
Once that visibility has been achieved and maintained around the clock, we go through the threat assessment part of the platform, which runs a host of standardised and non-standardised threat assessments against all the assets that belong to that organisation.
We have a team of dedicated security researchers that are constantly researching the latest hacking methodologies that malicious actors are using. We analyse these, reverse engineer them and include them into our Threat Assessment Engine which then allows us to detect some of these threats that are specific to certain technology stacks. This is where the magic happens and how we have so far helped blue chip companies protect the data of over 120 million people from exposure.
But as previously mentioned, this problem is no longer centric to large companies but affects any entity that is digital enabled or Internet facing. With that in mind we focused on making the platform entirely autonomous so even companies with resource constraints can rely on having an external, 24/7 partner to rely on for cybersecurity so they can focus on other areas of their business and security.
spiderSilk technology use cases
The most important one is the comprehensive visibility and there are many examples of where we’ve alerted global organisations to the existence of certain assets that they weren’t even aware existed.
Second is third party risk. Many solutions that manage or report on third party risk depend on user and customer inputs to be able to monitor these assets and relationships. By continuously scanning the entire Internet and only using the name of the organisation for attribution, we’re not only able to pick-up all your assets but also ones that are by third parties or contractors and through which you may be exposed.
Third is misconfiguration. Simple misconfigurations, like a server sitting with a standard password or without a password protection, or any form of other misconfiguration, led to more than half of data leaks last year.
The fourth use case is what we call the non-coded threads. These are typically either business logic flaws or integration flaws that might leave data exposed if undetected and these non-coded threats are not covered by existing solutions.
Finally, we also detect source code leakage, which can include either exposed credentials or other sensitive information that might be damaging to the organisation.
Setting spiderSilk apart from other businesses
With our attack surface management platform, Resonance, the only thing that we require from the customer is the name of the organisation. Once that’s entered into the system, our platform is able to scan the entire Internet – more than 4.2 billion IP addresses on a continuous basis.
Through that scan we’re able to attribute which assets out there belong to your organisation and that starts to build your asset directory. And that’s fundamentally different from a lot of approaches being taken that are dependent on the customer telling the solution what their assets are.
Also, by being external and independent, it doesn’t require any integrations deployments which is a relief for many security guardians who may already have a host of intertwined solutions. The platform was built in such a way that it is a pull experience, not push.
It’s fundamentally meant to support security guardians and organisations by being autonomous and that’s where our customers, partners and MSPs have seen the most value from Resonance.
Why the Middle East is a prime location for this technology
The region has always been at the forefront of technology adoption and some of the largest organisations in the world are here. I grew in the region, so the business was launched here with the backing of Global Ventures, one of the top VCs in our market, as well as STV, the largest technology fund in the region and the investment arm of Saudi Telecom.
One of the things we’re very proud of is having started in the region but having global ambitions. The region has traditionally been a net importer of technology, specifically within the cybersecurity space, and we’re part of a movement that’s changing that narrative and putting the region on the map in terms of where technology is being developed and exported to the world.
spiderSilk’s strategy for growth, with advice for start-ups and SMEs
One of the most important things is to be able to demonstrate value and that has always been one of our key strategies.
Now, having demonstrated value and converted opportunities into active paying subscribers, we’ve gained the credibility in the market to go out and talk more about our solution and how it has benefited some of these major organisations and how we can further benefit others.
We very closely with several channel partners in the region and we’re heavily dependent on our strategy and growth with the channel ecosystem and the close partnerships that we’ve built.
In addition, when we built the platform, we made sure that it is managed service provider friendly and we’re working on a number of managed service provider agreements whereby they can offer that platform and solution as a service to their customers who require cybersecurity now more than ever before.
Best practice advice to regional SMEs on implementing a robust cybersecurity strategy
It’s very difficult to be able to build all the required capabilities in-house, especially at an early stage where there are competing priorities. My advice is start with the basics. Find a reputable company to partner with that can help to first address the status of their cybersecurity maturity and determine how they can best help them address their security requirements to make sure that they’re well protected.
Obviously, as a lot of businesses are heavily dependent on technology, and with data privacy laws in place, a breach or data leak can be detrimental to reputation and may even endanger the continuity of the business if not taken care of.Click below to share this article