ICE71 AI-based Cyber Tools Guide

“Cyber AI can be a force multiplier that enables organizations not only to respond faster than attackers can move, but also to anticipate these moves and react to them in advance,”

– Deloitte Insights, ‘Cyber AI: Real defense’ (Dec 2021)

With growing complexities in cybersecurity, companies are looking to cybersecurity tools powered by Artificial Intelligence (AI) and Machine-Learning (ML) as the future.

Apart from applications in threat detection and user behaviour analytics, AI/ML may be used in other innovative ways to help security teams.

Here are ways that ICE71 start-ups are leveraging AI/ML to make better cybersecurity tools for businesses and organisations:

POLARIS
Web Application & API Protection (WAAP) platform
Polaris WAAP defends websites by using AI and ML to actively detect malicious activities and deter cyber attacks.

*Polaris has recently opened their WAAP to the public for free! Learn more and register here.

Aiculus
API Security
The Aiculus API protector uses ML to detect fraud and misuse in API traffic.
Amaris.AI
AI Cybersecurity/IoT tools
Amaris.AI’s AI Cybersecurity products provide PII anonymization, network segregation, data-at-rest encryption, and AI malware detection.
AmAICrypt – Virtual Disk Encryption Tool
AmAISound – AI Sound Event Recognition System
Amaris Take Action System-Guard (ATAS-Guard) – Surveillance system for monitoring user activities through images/audio
Anonymizer – Automated AI tool to detect, anonymize and redact PII data
Build38
Mobile Application Protection
Build38’s T.A.K solution uses AI in its app shielding technology.
“The App is continuously monitored and the security telemetry is analysed by an advanced AI engine on the cloud. Based on that you get insights, either through a dashboard or integrated in your SIEM, about the current and future threats in your App base.”
Cyble
Threat Intelligence
The AmIBreached tool uses AI and ML to analyze the dark and surface webs in real-time and to identify if an enterprise’s login credentials are exposed online.
CYFIRMA
Threat Landscape Management
DeCYFIR uses AI and ML for real-time insight and threat visibility by aggregating, correlating and analysing information from the open and dark web to identify and process potential threats at the planning stage of a cyberattack.
Cylynx
Fraud Detection
Motif is a graph intelligence software that translates graph data into business insights, speeding up data exploration, analysis and collaboration across teams.

To explore more cybersecurity solutions, check out the ICE71 Solutions Catalogue.

Last update: 2022-05-05

ICE71 Singapore Cybersecurity Start-up Map 2022

Presenting… the 2022 ICE71 Singapore Cybersecurity Startup Map!

Launched at our inaugural CISO-Investor Roundtable event, the map offers the most updated overview of Singapore’s cybersecurity demand. This comprehensive directory also serves as a useful tool for security leaders, investors, start-ups and SMEs looking for opportunities for growth and collaboration.

With this update, there are now 150 unique start-ups active in Singapore’s cybersecurity ecosystem up from 136 in 2020. 2 new categories, ‘OT Security’ and ‘Awareness and Training’, have also been added in this version as cybersecurity companies in Singapore continue diversify and reinvent themselves. You can also find or browse ICE71 start-ups and solutions by focus area using the ICE71’s new Start-up Catalogue and Solutions Catalogue.

Feel free to share this map but please drop us a message, and make sure to link back to this page and attribute ICE71.

ICE71’s Cybersecurity Outlook for 2022

2021 was an eventful year for the cybersecurity world. According to SonicWall, 470 million ransomware attacks in the first three quarters of the year alone constituted a 148% increase from the same period the year before, making 2021 the worst year on record. From double extortion ransomware attacks and Ransomware-as-a-Service (RaaS) to supply chain risks like the Apache Log4j Vulnerability, threat actors have diligently kept businesses on their toes with an ever-evolving medley of novel tactics. In fact, ‘cybersecurity failure’ was ranked a top 10 global risk alongside ‘climate action failure’ and ‘infectious diseases’ among others in the recent World Economic Forum Global Risks Report.

Infographic by Visual Capitalist

Like Greentech and Healthtech, cybersecurity innovation is a never-ending economic opportunity because threats are always evolving. In 2021, an unprecedented $21.8 billion in venture capital was invested into cybersecurity companies – a nine fold increase over the past decade. By mid-2021, cybersecurity funding had already surpassed the total funding of 2020. ICE71 start-ups that have benefitted from the boom include KeylessSecurityAdvisor and Build38.

Singapore’s cybersecurity start-up scene also made considerable progress with 6 cybersecurity deals worth US$408.2 million closed in 2021, 10 times of what was raised the previous year. While funding activity in the region has not quite matched up with the bustle in other cybersecurity hubs of the world, it is likely to intensify as more movers and shakers like Snyk set foot on our shores. (You can hear more about Snyk’s story in this ICE71 webcast on how to raise funding amid the pandemic.)

With increasingly competitive funding rounds, winning pitches will need to show their ability to address biggest threats and challenges looming ahead. We got together ICE71 start-ups to contribute their cybersecurity predictions for 2022.

2022 Cybersecurity Predictions by ICE71

1. Ransomware Causing Life-Threatening Consequences

Put the proliferation of inadequately regulated payment methods and the mounting pressure to pay ransom together and we get the winning formula used by successful threat actors. More actual physical damages (think fires, power shutdowns, human casualties, etc.) should be expected as ransomware targets expand to Internet of Things (IoT) and Industrial Control Systems (ICS). Not only are hackers finding new vectors to hold organizations at ransom, but techniques will also continuously evolve “creatively” to evade detections and decryption. Venkat Ramshet, Founder of FlexibleIR foresees that social engineering attacks will be prominent and adversaries may move from encrypting data to distributed denial-of-service (DDOS) attacks or defacement of websites. Adversarial attacks are unpredictable, and organizations must practice cyber resilience.

2. More Cybersecurity Regulation

Dr Magda Chelly, CEO of Responsible Cyber, believes there will be more regulations in place to tackle the ever-increasing threat of ransomware and payments for ransomware. In fact, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has declared ransomware payment illegal. 

Beenu Arora, Founder and CEO of Cyble, sees that the staggering record of breaches are getting regulators’ attention to impose penalties on organisations to do their due diligence. He believes that we will continue to see law enforcement in the private and public sectors crackdown on organised cybercrime rings. However, he likened the relationship between law enforcers and bad actors to a “whack-a-mole” game – when one adversary is taken down, others will take its place.

3. More Focus on Cyber Risk Quantification

With more organisations willing to invest in cybersecurity, there will be more focus on measuring the financial risks of cyber threats and solutions. Cyber Risk Quantification helps leaders to demystify cybersecurity and make more informed decisions. 

As the Greek philosopher, Heraclitus once said: “change is the only constant”. The world of cybersecurity is increasingly filled with more uncertainty, and it is expected that the attacks will continue to evolve, with the approaches becoming more sophisticated. Beenu concludes that even with the everchanging landscape, the basics still hold true: Practising cyber hygiene, keeping awareness programs, having strong governance, and treating cybersecurity as a technical problem are the basic attributes to being cyber resilient.

What used to be exclusively left to the organisation’s savviest individuals (aka the IT department) to deal with is now everyone’s collective responsibility as organisations brace themselves for greater threats and disruptions ahead.

Did someone share this with you? Get the latest cybersecurity start-up news and opportunities directly by joining our mailing list.

Notes from ICE71 x SFA Tech Showcase and Panel Discussion – Rethinking Blockchain’s $100B Problem Through Cybersecurity

In the wise words of Solo Kombani, COO of ICE71 start-up Aiculus, “the more powerful a tool is, the more robust our security measures have to be“. While Blockchain has opened up a wealth of opportunities for the FinTech industry, it has also become a high-value target for cyber criminals. Just as DeFi made headlines as the newest $100B sector earlier this year, bigger news was made when the industry saw a slew of high-profile attacks on DeFi platforms such as Cream Finance and Poly Network, highlighting very huge and present security threats.

In this joint Tech Showcase and Panel Discussion with the Singapore Fintech Association, we invited experts to discuss what Blockchain’s biggest cyber threats are and how companies can mediate these challenges with innovative tech offerings.

Key takeaways from the panel discussion:

  • Although smart contract technology has proved to be a revolutionary development with seamless transactions, equally debilitating vulnerabilities remain a top concern. Nevertheless, Veronica Tan, Director for Safer Cyberspace at the Cyber Security Agency of Singapore, believes that there will be more cybersecurity companies innovating to tackle challenges in this area.
  • 4 key areas of smart contract vulnerabilities have been identified by Ant Group – code security, logic vulnerability, business logic vulnerability and cross chain security. To address these, Derrick Loi, General Manager at Ant Group (International Business), shared that a multi-angle contract security analysis may be employed through static scanning, fuzzy test and formal business logic analysis.
  • Cybersecurity risks faced by traditional finance and DeFi are similar. As demonstrated by the recent spate of high profile hacks, Veronica pointed out that blockchain companies are also not spared from hacking incidents, hence traditional cyber hygiene measures must continue to be practiced in all organisations to ensure a safer cyberspace environment.
  • Gene Yu, Co-Founder and CEO, Blackpanda, also added that blockchain and cypto-affiliated companies may actually be considered higher risk than traditional finance as seen from the absence of cyber insurance companies that offer related coverage.
  • The Blockchain industry cannot simply mimic traditional bug bounty practices to raise it cybersecurity protection. Unlike traditional bug bounties, DeFi’s ‘bugs’ are associated with actual monetary value, said Anson Zeall, Chairman of Association of Crypto Currency Enterprises and Start-ups Singapore (ACCESS) and Co-Founder & Chairman of the International Digital Asset Exchange Association (IDAXA). Therefore, hackers have more incentive to who exploit DeFi bug and take off with rewards more handsome than typically offered by traditional bug bounties.

→ Watch the full session on ICE71’s YouTube channel or Facebook page.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

[FINAL REMINDER] Call Closes 31 Oct 2021!

PSA: The Cybersecurity Industry Call For Innovation 2021 closes 31st October 2021, 2359HRS (GMT +8)!

Send in your proposals to https://cybercall.sg/ by 31 October 2021 to stand a chance to

  • Receive up to $1M in funding from CSA
  • Work with key end-users to develop your innovative solutions
  • Address pressing challenges within technology areas including #AI, #IoT, #OT, #Cloud and #Privacy

See the challenges launched this year and highlights from key events below! ??

Don’t miss this opportunity!

Find out how to send in your proposals following the proposal submission template, and remember to complete all required sections before submitting. More instructions are available here.

For more information, visit https://cybercall.sg/. You may also direct submission enquiries to info@cybercall.sg.

ICE71 is a supporting partner for the Cybersecurity Industry Call for Innovation 2021.

GovWare x ICE71 Startup Pitch Pit 2021

The 3rd run of the GovWare x ICE71 Start-up Pitch Pit was held on 7 October, 10AM as part of the GovWare Conference and Singapore International Cybersecurity Week 2021. For this special edition, promising cybersecurity start-ups and SMEs from the ICE71 Community pit against each other as they pitched their solutions to a panel of infosecurity industry veterans, showcasing how AI is the next frontier of cybersecurity.

Missed it? Watch it below and stay tuned to find out who the winner was!

Judges
Benson Lau – Customer Success Director, Zencode (Hong Kong), Commitee Member, Hong Kong Startup Support Group
Claudia Marcusson – Strategy & Innovation Lead at SC Ventures, VC Investment advisor in Europe & SIngapore
Tony Jarvis – Security Principal at Citrix, CISO Advisor, vCISO
Guy Marong – Managing Partner, Cubic Consulting, Cybersecurity Consultancy in Luxembourg, Europe

Participating companies
TAU Express – Incorporated in 2018, TAU Express started as a spin-off from the SPIRIT Smart Nation Research Centre at Nanyang Technological University (NTU). TAU Express helps organisations unlock value and insights from massive amounts of documents using advanced AI techniques. Its document analytics platform is capable of parsing, extracting and categorizing unstructured documents to enable intelligent search and analytics, resolving complex productivity issues and help companies achieve digital transformation.
SecureAge Technology – Headquartered in Singapore, SecureAge Technology’s AIpowered Asset-based Cyber Defence (ABCD) serves as a Endpoint Protection Platform (EPP) solution, bringing together application control, cloud malware scans, vulnerability assessment, and seamless encryption of all files in one enterprise solution.
Flexxon – Founded in 2007, Flexxon Pte Ltd is a leading industrial NAND flash storage solutions provider that delivers a range of versatile advanced memory storage solutions, most notably its X-PHY AI embedded Cyber Secure SSD which leverages on its patented firmware to analyze the data access patterns to detect any anomalous attempts through AI and machine learning. With a key focus to serve Cybersecurity, Industrial, Medical, and Automation (CIMA) applications, Flexxon is dedicated to delivering robust data security solutions.
InsiderSecurity – Established in 2015, InsiderSecurity is an award winning, cybersecurity deeptech company based in Singapore. It develops specialized cybersecurity products that discover the internal cyber threat early, before there is any serious data loss. InsiderSecurity’s technology is especially useful to detect sophisticated threats such as SolarWinds.
Amaris.AI – Amaris.AI strives to advance humanity with trustworthy cutting edge Artificial Intelligence (AI) and Cybersecurity products, which determines AI model robustness against adversarial attacks and explain predictions. Amaris.AI offers a range of intelligent automation, AI cybersecurity and embedded AI hardware products for its clients.

ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 is proud to bring our start-ups to the global stage!

On 19 August, ICE71 partnered with RSA to host the August RSAC 365 Innovation Showcase. This session brought together an expert panel to discuss the Frontier Technologies of Adaptive Security, with a focus on API Threat Intel sharing, Graph Neural Networks and methods for securing legacy applications in DevSecOps. This was followed by two pitches by ICE71 start-ups – Aiculus and Scantist – who presented their groundbreaking ideas in the adaptive security space.

The panellists were:

  • (Moderator) Rajiv Menon – Managing Director at Cisco Investments and M&A for Asia Pacific and Japan
  • Dr Ong Chen Hui – Cluster Director for Technology Development, Infocomm and Media Development Authority
  • Mark Kraynak – Founding Partner at Acrew Capital

Breaking through the Complexities of Cybersecurity

As an expert in Graph Neural Networks (GNN), Dr Ong shared that GNNs are a method of machine learning designed to perform inference on data described by graphs. Graph processing has gained popularity and its usage is expected to double every year from 2019 to 2022. GNNs can be used to solve a variety of cybersecurity problems due to its pattern recognition. For instance, automating detection of botnet attacks and cybersecurity vulnerabilities.

Mr Menon also talked about the problem on the lack of application security experts as compared to developers. Mr Kraynak added that , this problem is due to the fundamental disparity between the two roles. Application security experts face a fundamental problem: the sheer number of alerts and connections to deal with are overwhelming. He believes that the best way to tackle the problem is to automate the process of meaningfully integrating threat intelligence into the right parts of vulnerability management – and this is an area where novel solutions and technologies are much needed.

Following this, Dr Omaru Maruatona, founder of Aiculus and Prof Liu Yang, founder of Scantist, took the stage to share how each of their solutions reduce organisations’ reliance on the expertise of security teams through automation and machine learning, thereby bringing much-needed value to the adaptive security space.

Watch their pitches below, or find it on the RSAC Innovation Showcase page!


Aiculus is an ICE71 Scale start-up which leverages artificial intelligence to provide adaptive and intelligent cybersecurity capabilities for businesses that use application program interfaces, or APIs. Their solution defends the organisation’s API stack without having to access users’ data, offering an additional layer of privacy to customers.

Scantist is a member of ICE71 Accelerate’s fourth cohort. The start-up has developed an application security tool that manages open source vulnerabilities and helps enterprise clients improve compliance on the application level.

Notes from InnovFest 2021: How to Keep Cybersecurity out of Jeopardy

On 14-16 July, ICE71 took part in InnovFest x Elevating Founders, the official start-up event of Asia Tech x Singapore (ATxSG). Industry experts were invited to participate in a panel discussion hosted by ICE71 on the rise of cyberattacks making headlines.

Moderated by Linda Nguyen Schindler, ICE71 Programme Head, the panel session provided critical insights into recent incidents that put cybersecurity in jeopardy.

The participating panelists were:

  • Abbas Kudrati – APC Chief Cybersecurity Officer at Microsoft Asia
  • Doug Witschi – Assistant Director, Cyber Crime Treat Response at INTERPOL
  • Magda Chelly – Head of Cyber Advisory at Marsh Asia
  • Selwyn Scharnhorst – Director, Ecosystem Development at Cyber Security Agency (CSA)

To begin the discussion in a fun and interactive manner, the panelists were tested on their knowledge of recent cyberattacks in a refreshing format, inspired by the classic American game show, Jeopardy!. Incidents named included the Colonial Pipeline Ransomware attack, JBS Meat Plant Ransomware attack, SolarWinds breach and a classified malicious attack on a national healthcare system.

ICE71’s first-ever game show. Up for challenge? Give this a try.

Here are some key points made during the panel discussion:

Firms are still lacking the basic hygiene and fundamentals of cybersecurity: Cyberattacks that crippled organisations did not involve sophisticated methods of attack, said Mr Kudrati. It was a laissez-faire attitude to cybersecurity that had left organisations vulnerable to simple and common methods of attacks (such as SQL injections and brute force attacks).

The stark reality is that companies are still putting cybersecurity on the back burner. “History doesn’t exactly repeat itself, but it rhymes a lot,” Mr Scharnhorst said. The main cause of such incidents can often be attributed to the lack of proper cybersecurity hygiene and awareness. Companies with these basics in place would have eliminated their risks at the most fundamental level. On raising awareness, he added that conversations on cybersecurity should not stop at the top, but continue at all levels to empower every employee in the organization.

Dr Chelly further pointed out that the quantifiable impacts of ransomware attacks are not limited to just the ransom amount, but also the damage caused by business downtime (loss of profit, and accumulating operational costs), legal liabilities and more. To put things into perspective, it would be more expensive to remediate losses than to implement cybersecurity protection. Prevention is definitely better than cure.

Common misconceptions about unaffordable cybersecurity costs: Cybersecurity could be expensive – but not always. It was raised in discussion that many economical cybersecurity solutions are readily available on the market. Furthermore, the Singapore government has made it more accessible for SMEs by providing grants for a list of pre-approved solutions. Organisations should look for solutions that fit their cybersecurity budget by weighing their risk appetite and quantifying the potential financial loss of an attack.

To pay or not to pay: This is the conundrum faced by many ransomware victims. There is no silver bullet for reversing a ransomware attack. “Paying a ransom would be equivalent to financing the criminals,” said Mr Kudrati. Ethics aside, paying the ransom would not guarantee hackers to hold up their side of the bargain. In addition, hackers would typically try to maximize profit through a multi-pronged approach. Hackers would first demand ransom from affected organisations. Then, they may seek ransom from individuals involved to exclude their personal data or IP from further exposure. Finally, hackers might even sell the stolen data to the organisation’s competitors!

How should organisations respond to a ransomware attack? Mr Witschi advised organisations to come forward and share the incident with a trusted cybersecurity community, as there could be solutions available to remediate the attack. Threat intelligence sharing would also help experts identify how the organisation has been impacted and take aggressive steps to contain the attack.

ICE71 is proud to be a part of InnovFest 2021. Miss the panel discussion? Watch the recording below ??

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

Interview with Pankit Desai, co-founder and CEO of Sequretek

We speak to Pankit Desai, co-founder and CEO of ICE71 Scale start-up Sequretek, one of the Financial Times’ most promising APAC companiesand more recently a RAISE2020 awardeeabout what it takes to get to such business apexes.


Q: What do you do at Sequretek?

I am co-founder and CEO at Sequretek, with primary responsibilities around business development, operations and fundraising. Prior to Sequretek, I have had leadership stints with IBM, Intelligroup, NTT Data for over two decades.

Sequretek offers solutions in Endpoint Detection Protection and Response (EDPR), Identity Governance and Administration (IGA), and Managed Detection and Response (MDR). A combination of our products and a 24×7 managed security services, covers majority of the problems that an enterprise might encounter.

Q: Can you share an example or two where Sequretek has helped your client to achieve simplicity in terms of security? 

Let me take two examples on opposing ends of a size spectrum.

One of the largest private sector bank (5,000+ branches) with over 125,000 employees and 700+ applications/services was struggling to get an answer to this question of “who has access to what”? They tried implementing traditional identity management solutions, but after spending a few million dollars and over two years, their coverage was barely 5% of the technology landscape. They evaluated Sequretek’s IGA and they were able to implement the product in six months and have covered more than 50% of the technology landscape, with balance being targeted for completion within the year. Their compliance organization which used to scramble resources every year before the regulatory audit or User Access Review requirements, now is able to get all of it done through a simple dashboard report.

India is home to over 1,500 co-operative banks. Most of these banks are in the rural areas and serve the farmers and poor people. These banks have been the backbone through which most of the government schemes for underprivileged get distributed. Over the past few years, these banks have invested in technologies to stay abreast of the transformation that is impacting the sector, and with it there have been several high profile cyber breaches. There is now significant pressure from the local regulator to invest in security to mitigate the risks. Most of these banks, lack skillset to understand what security measures they need to undertake to improve their security. We worked with their industry body to create a program that build a security framework around offerings that allowed these banks to improve their compliance and security posture without burning a hole in their pocket. The program had several technology awareness sessions, across the hierarchy, that were baked in to improve their appreciation of technology, till date over 1,000 people have undergone this training.

Q. Sequretek was rated as one of APAC’s fastest growing companies by the Financial Times for 2020. Congratulations! Can you share with us what got you here today, perhaps your business mantra for aspiring cybersecurity entrepreneurs?

Early this year Financial Times picked us as one of the fastest growing companies (#206/500) in APAC and just very recently, we were recognized as a winner in the category of tech centric companies sector agnostic applicability, at RAISE2020 a global AI event hosted by the government of India. While the first one was all about the financial success of the company, the second is a vote of confidence on our technology and ability to execute in the marketplace.

As an entrepreneur, it is indeed quite redeeming to see the company get to where it is today. While it may sound cliched, our mantra has always been “do right by your customer” and the rest will follow. We have put that thought process into practice and I am proud to see our customers’ stand by us through thick or thin. It doesn’t matter how good your product is, or how good of a team you have built for yourself, if you are not in a position to get a happy customer, it will not get you anywhere. As a company, we have barely spend any money in marketing, it is customer referrals that have allowed us to scale year on year.

Q: How is the cybersecurity sector like in India and Singapore, are opportunities and challenges the same? What are prospects you see in Singapore and the greater APAC region?

For most part cybersecurity in industry and geography agnostic, this has allowed most companies in this space therefore to scale without much requirements for localization as compared to some of the other technology areas. Having said that, there are nuances from a tech maturity levels perspective and local regulatory norms, that may change how customers in different parts of the world perceive the need for security. In India, you will find companies at the top end of the spectrum who have used technology to differentiate themselves at global scale and are understandably quite ahead in their security journey. On the other hand there are millions of small and medium enterprises for whom security is almost an alien concept, which is where most of the recent attacks are concentrated.

If I was to look at APAC region, one will find companies in Singapore for most part will be well versed in technology usage and a much better appreciation for the need in investing in cybersecurity. However, there are countries in south east Asia that are not at the same level, and the challenges that I mentioned earlier will definitely be present. I see our message of “Simplify Security” resonate across the region, for this very reason.

Q: Describe cybersecurity in less than 30 words.

Cybersecurity is an enabler to your transformation and not an inhibitor.

ICE71 x GovWare Focus 2020

GovWare Focus 2020 Virtual Conference and Exhibition, themed “Partnerships in Resilience and Advancement”, took place on 7-8 Oct. ICE71 was proud to be a Supporting Association for this major cybersecurity event and be a part of the first virtual GovWare-ICE71 Startup Pitch Pit.


Of all the virtual platforms we have been on so far, we must say that this conference had the best aesthetics, and we could sense the organisers putting a lot of effort in providing a unique experience. Moreover, we had many exciting things going on for us across the two-day conference!

First, there were the virtual booths at exhibition halls. ICE71 had our booth in Hall 3, and our start-ups 689Cloud, Cylynx, Digify, Red Piranha, Uniken, and WeSecureApp had their booths in Hall 4. It was a one-of-a-kind experience staying behind the screens while manning booths with avatar-like “representatives”. Through the booth chat function, we had fun interacting with visitors.

The ICE71 team caught up with our start-ups who had booth presence at GovWare Focus 2020

And on 1st Oct, at the Auditorium, we had the first virtual—albeit second—GovWare-ICE71 Startup Pitch Pit. Its first run was at SICW last year and the winner was Cyble.

Hosted by Linda Nguyen Schindler, ICE71 Programme Head, the 2020 Startup Pitch Pit featured four up-coming start-ups from the ICE71 community – each of the founders got onto the virtual stage to pitch their solutions:

  1. Val Bercovici of Chainkit, a cybersecurity start-up pioneering extended integrity monitoring for security, forensics and compliance. Customers report 39% of cyber attacks are undetected. Stealth technology heavily used by professional attackers, uses techniques invisible to leading cyber security tools today. Chainkit’s first to market SaaS solution lets customers wrap unbreakable digital Chains-of-Custody around all key systems and data, on premises and in the Cloud.
  2. Mitali Rakhit of Guardara, a technology company focused on building scalable, automated, smart software testing solutions to improve quality and security. Our first product, FuzzLabs, is a modern, powerful, and flexible smart fuzzer that utilizes “black-box,” dynamic testing to identify code defects, including vulnerabilities. We are a seasoned team with over 15 years of experience working for Fortune 500 companies and government organisations.
  3. Fabian Eberle of Keyless, a deeptech cybersecurity company founded by renowned security experts, experienced technologists and business leaders, bringing more than 10 years of research to life. Keyless is pioneering the world’s first privacy-preserving biometric authentication and personal identity management platform, combining multi-modal biometrics with advanced cryptography in a distributed cloud architecture.
  4. Sujeesh Krishnan of Kinnami, a cybersecurity start-up that provides a hyper-resilient data platform, AmiShare, that integrates data security, data protection, and data availability to help organizations combat growing cyberattacks and other disruptions. AmiShare secures data so that they can be accessed securely, efficiently, and with confidence about their integrity, on any storage device or platform. AmiShare also provides audits and alerts that enable proactive threat management.


The goal of the Pitch Pit is for start-ups to get real-world feedback and gauge potential interest in their cybersecurity solutions, from its distinguished panel of judges including:

  • Huang Shaofei, CISO at Land Tansport Authority of Singapore (LTA)
  • Tan Wee Yeh, Manager, Security Architecture – Customer Success at Microsoft
  • Steve Ng, Vice president, Digital Platform Operations at Mediacorp

After the start-ups went through 5-minute pitches and gruelling Q&A from judges (and the audience!), it was time to decide the winner. While the judges deliberated, pitch pit host Linda engaged the audience with an interactive cybersecurity trivia.

Judges had a challenging time deciding the winning start-up, as all of the pitches were good. But after considering various factors, including how innovative the start-up solution was and performance at Q&A, they decided that the winner of this year’s GovWare-ICE71 Startup Pitch Pit (drumrolls): Keyless! Congratulations to Fabian and the Keyless team!

First row from left: Pitch pit judges Huang Shaofei, Steve Ng, and Tan Wee Yeh. Second row from left: Start-up founders Val Bercovici (Chainkit), Mitali Rakhit (Guardara), Sujeesh Krishnan (Kinnami) and Fabian Eberle (Keyless, pitch pit winner)

If you are an organisation looking for innovative cybersecurity solutions or an aspiring cybersecurity start-up searching for insights on how your product will fit the market, please reach out to ICE71 and don’t miss catching the next pitch pit.

“In these dynamic times, it is becoming increasingly important for our cybersecurity community to come together in collaborative endeavours. We need to mobilise our strengths to propel cybersecurity resilience forward, especially in a COVID-19 world. Being the region’s first cybersecurity entrepreneur hub, at ICE71 we continue to carry the torch for cybersecurity entrepreneurship, seeking out great partnerships that can create impactful platforms for our start-ups to succeed and thrive.”

Through GovWare Focus 2020, our goal is to generate more awareness on cybersecurity entrepreneurship and on how start-ups are uniquely positioned to meet the rapidly changing demands of cybersecurity.  From ICE71 and our start-ups having an online presence at this premier event, to the first-ever virtual GovWare-ICE71 Start-up Pitch Pit, we are proud to be a Supporting Association of GovWare Focus 2020, and look forward to future partnerships together.” – Linda Nguyen Schindler, ICE71 Programme Head

See you next year!

ICE71 x Black Hat Asia: Hunting Cheese in Pandemic Pandemonium

ICE71 was a proud Association Partner of Black Hat Asia 2020, a signature technical cybersecurity conference that had happened in virtual format for the very first time.


On 1st Oct, founders and leaders across four ICE71 Scale start-ups were featured in the exclusive ICE71 x Black Hat Asia panel, “Hunting Cheese in Pandemic Pandemonium”. Joseph Gan, successful entrepreneur of homegrown cybersecurity start-up V-Key, moderated the panel. It discussed how agile cybersecurity start-ups can add value and reposition themselves during these dynamic times. The expert panel comprised:

  • Hrishikesh Dewan, CEO and co-founder of Ziroh Labs, a start-up providing advanced privacy preserving technologies without requiring data decryption,
  • Prof Yu Chien Siang, a veteran in the Singapore cybersecurity space and Chief Innovation and Trust Officer of Amaris.AI, a start-up that deals with the latest AI tech including adversarial AI, 
  • Kumar Ritesh, CEO and Founder of Cyfirma, a threat discovery and intelligence start-up funded by Goldman Sachs, and
  • Pedro Hernandez, Managing Director and Co-founder of Build38, a start-up that protects the mobile channel for their customers—mainly banks and service providers who use mobile applications.

Key panel takeaways include:

Accelerated business transformation encourages cybersecurity uptake. Start-ups like Ziroh Labs and Cyfirma, which have solutions catered to or can be adapted for cloud security, have experienced customer interest. Ritesh from Cyfirma quipped, “Cybersecurity all of a sudden became an urgency,” and later adds, “As soon as the lockdown has started to happen, they (clients and prospects) started to come back to us asking and worried about their data.”

Changes to business approach. Build38, for example, is taking a more tactical approach to their business messaging when it comes to helping their clients continue to thrive. Co-founder Pedro said they have shifted the client communication from achieving strategic goals (like preserving brand reputation and avoiding long term risks), to more tactical and short-term goals (like quicker time to market, reduced investment, and optimised resources).

Start-ups have also seen a shift in their target customer segments during COVID-19, as smaller businesses and end user demand for cybersecurity increase with the shift to remote working. According to Hrishikesh, co-founder of Ziroh Labs, “In most of the earlier part of 2019, we were mainly concentrating on the Fortune 100 to Fortune 1000 companies. But now we have pivoted a little towards SMEs as well. So that we can cater to all the different markets, and at a more faster pace.”

Educate, not sell your customers. Traditional methods like trade shows and meeting for a cuppa to grow business no longer apply—something the panelists agreed across the board. Digital marketing and content building is becoming prevalent when it comes to the need to engage customers during this time. “From Cyfirma’s perspective, at least, we have started to push a lot of educational, I would say, awareness programs to our potential clients and customers, as well as to the wider cybersecurity community,” Ritesh said.

“Hunt in the pack”. The panelists also agreed with the notion that cybersecurity businesses should work hand in hand together towards cyber resilience. Prof Yu of Amaris.AI urged local cybersecurity companies to join forces and leverage on their respective strengths: “We don’t have to just win as a party, we should win together. We have to be (hunting) in the pack. I took this story from Mr. David Koh who’s leading CSA—he said that we have many small companies, and unlike other companies like those in Taiwan and (elsewhere), where they all work together, Singaporean companies are fiercely competitive. They don’t have this idea that we will work with each other. We must change that.”

ICE71 Scale start-up leaders with moderator Joseph Gan of V-Key, at the ICE71 x Black Hat Asia 2020 live panel. Panelists discussed and gave their perspectives about how their cybersecurity start-ups are pivoting and adding value during these times.

In addition to the live panel, ICE71’s half-day digital conference, “Cybersecurity in the light of COVID-19” which comprised three back-to-back webcasts, was open for on demand viewing by the Black Hat community. The webcasts touched across different cybersecurity topics such as 5G / IoT security, Cloud Security as well as the human factor of cybersecurity.

ICE71 had a virtual booth over the four-day Black Hat Asia conference, where attendees could drop by, chat and interact with the ICE71 team to learn more about the region’s first cybersecurity entrepreneur hub (interestingly, Cyber N’US was on 2 Oct, which coincided with the last day of Black Hat Asia—ICE71 also had a virtual booth there). Having a virtual conference presence was overall an interesting, albeit new experience for most of us—definitely different from a physical conference experience, but with possibilities to know who’s who at the event, and connect with people whom we may never have brushed shoulders against otherwise. We could spark off meaningful “chats” and set up virtual meetings on the digital platform itself.

Looking forward to the next event!

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 celebrates Women in Cybersecurity

This month, ICE71 celebrates amazing women in cybersecurity across the world and in our community!

In support of International Women in Cyber Day on September 1st, ICE71 was proud to have collaborated with Cyber Security Agency of Singapore’s “SG Cyber Women X Series”. We had a live panel session on 17th September featuring 4 very inspiring women who have taken the leap of faith into the cybersecurity start-up world:

    • Magda Chelly, Founder of Responsible Cyber;
    • Kopal Agarwal, VP Business Development at Uniken;
    • Andrea Thniah, a recent Responsible Cyber intern;
    • and Mitali Rakhit, CEO and co-founder of Guardara,

together with moderator Sharon Ko, security expert from Microsoft.

Each panelist shared what it takes to thrive in the cybersecurity start-up world and valuable lessons learnt along way.

Only about 25% of the world’s cybersecurity workforce are women, according to a recent ISC survey. More can be done to tip the scale of diversity, and ICE71 will continue to support a diverse cybersecurity workforce.

Interview with Angie Huang, VP Global Business at ArcRan

Angie presenting about ArcRan’s iSecV Detector: an isolated add-on box, used to detect DSRC / C-V2X signals, and to analyze un-approved signal sources using the whitelisting mechanism

Angie Huang, VP Global Business at ICE71 Scale start-up ArcRan, shares her thoughts on winning First Place in “Young Award” for the Smart Application category, IoT and 5G security, why cybersecurity is like water, and more.

Q: Tell us about yourself and what you do at ArcRan.

I am the VP of Global Business at ArcRan. ArcRan is a company focusing on cybersecurity operation automation, IoT cybersecurity, and 5G cybersecurity products. We concentrate on constructing comprehensive and next generation cybersecurity solutions based on unique machine learning algorithms to help governments and enterprises conduct quick response to a variety of advanced cybersecurity threats and attacks.

Q: Can you share some examples of customer use cases?

The embracing of IoT by businesses has opened up enormous opportunities, but at the same time created new significant security risks as more devices get connected.

A smart manufacturing customer adopted our iSecMaster IoT Threat Detection solution to detect suspicious behavior and cyberattacks within their factory premises. The solution leverages and monitors wireless signals transmitted between devices and utilizes signal detection, machine learning and network behavior analysis methods to determine anomalies.

The growth of autonomous vehicles and Vehicle-to-Everything (V2X) applications also means more attack vectors and possibilities for hackers. With everything being connected, an attacker could tamper with the signal regarding traffic conditions, or fake messages being transmitted between vehicles. Autonomous vehicles makers have applied our V2X Threat Detection solution to detect security threats and protect their systems.

Q: Congrats on your recent win of “First Place in Young Award (Smart Application Category)”! Can you share more about this achievement?

Thank you. The “Young Award” is an annual award presented by the National Development Council and the Industry Development Bureau (Ministry of Economic Affairs) in Taiwan to recognize achievements in the digital industry, based on creativity, market strategy, functionality, market demand, and future development and growth. The award is divided into four categories: Smart Applications, Smart Health, FinTech, and Innovative Business Models. 

Our company has rolled out a complete portfolio of products to meet the growing demand of cybersecurity in the Smart Manufacturing industry, and we are honored and grateful that the judges could recognize the importance of the role our company is playing.

Q: What are emerging cybersecurity trends and opportunities?

New opportunities will begin to accelerate this year as 5G mobile networks start to roll out. We are noticing an emerging trend in IoT devices connected to 5G network, private 5G networks and Edge Computing.

Q: What are your thoughts around the impact of COVID-19 for organisations?

COVID-19 has drastically changed the business world and accelerated digitalization of business processes and the expansion of cloud computing. It has also refocused cyber security teams on Cloud Platform security, Data Privacy, Connection and Remote access, Security operational tools, and Policies. 

I believe this is a common challenge for organisations across the globe.

In Taiwan, we are also continuing to adapt cybersecurity strategies to account for increased threats to the new normal. Since Taiwan’s economy is driven by technology and manufacturing hubs, cyber security in hardware devices, IoT, supply chain and smart manufacturing will still be one the key areas of focus.

Q: Describe cybersecurity in 30 words.

Cybersecurity is one of the essential factors that determines whether an enterprise will be able to survive. However, cybersecurity is like water. Everyone ignores it until they actually need it.

Cybersecurity, as you know it, is about to change

By: Kumar Ritesh, Chairman and CEO of CYFIRMA

Pundits across the world have set their sights on a post-pandemic future, arguing that a new normal is about to descend upon us. While I recognise much of what the future holds is ambiguous, there is an area which will become our inevitable reality – cyberthreats that come with rapid digitisation.

According to a report by the Australian Cybersecurity Growth Network, global cybersecurity spending is set to increase by 86 per cent to US$270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.

To wrap their minds around post-pandemic realities, business leaders and CISOs would need to understand the cybersecurity impact of these strategic digital shifts. COVID-19 has become the catalyst to trigger change in the ways of managing and operating technology. Let me outline a few here.

 

Telecommuting is the only way of working for many

1. Adoption of virtual desktop will finally see an upswing:

With tele-working likely to become the norm, virtual desktops could become the security baseline for IT teams to enforce data management standards. Virtual desktops emulate a computer system so that IT can control access such as adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.

To meet the stringent criteria of regulatory and corporate compliance regarding data security, many companies will see the adoption of virtual desktops as the go-to solution.

2. We will notice surge in adoption of decentralised cybersecurity:

Traditional cybersecurity controls dictate a centralised approach where data is consolidated from different sources to perform analysis and investigation. With swift digitisation, security controls will shift to data sources, similar to the trend witnessed in IoT. We could start seeing a new wave of anti-virus, data loss protection, digital rights management and endpoint-based firewalls and other security controls gaining traction.

With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralised cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.

3. Rise in biometric way of authentication:

User access controls have largely revolved around one or two-factor authentication. These methods rely on ‘something you know (username)’ and ‘something you have (password)’ and given hackers’ interest in employees as the weak link to start a technical exploit, we will see cyberattacks directed towards individuals.

This means identity protection will be of priority and the best defence should focus on building authentication systems which focus on ‘who you are.’ This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice, and facial recognition technologies.

With biometrics, hackers’ attempt at impersonating you just got a lot harder than trying to break into passwords.

 

New processes will govern our way of work

1. Global privacy regulation and policies will require a re-look:

The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes. With remote working taking centre stage, re-evaluation of these policies is needed to address the new cyberthreats.

From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.

Governance around companies and employees’ social media profiles would also have to be included as these platforms are frequently trolled by hackers as they carry out reconnaissance before launching a cyberattack.

2. Cloud will become more important than ever before:

The shift to cloud services offers employees, customers, suppliers, and everyone else across the ecosystem a seamless and friction-less access to data and applications. Remote access by various users would compound security challenges and presents many new potential attack vectors.

In the post-pandemic world, IT resources would shift towards data, particularly keeping data secure across cloud platforms.

3. Containerisation technology will be extended beyond enterprise network to include endpoints:

IT architectures will extend containerisation and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerisation, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobile devices.

This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimise risk of cyber intrusion and data breach.

 

Technology and tools are taking over

Innovative technologies such as ML/AI, AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.

Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities. By digitising the previously labour-intensive processes, factory operators will enjoy improved efficiencies, but at stake will be cybersecurity, if it was not integrated during the early stage of transformation.

Cybersecurity teams who are saddled with events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, business can digitise confidently with external threat intelligence as the guiding beacon.

 

And let’s not forget people as critical cyber defenders.

Hackers’ technical exploits will flourish in level of creativity and ingenuity, and a digital ecosystem is the perfect playground for malevolent agendas. Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into the corporate network will also intensify accordingly.

Instead of seeing people as the weakest link, view them as your frontline defenders. Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.

Hacker groups will rattle the cages of government and businesses as digitisation efforts escalate. Cybersecurity strategies would have to shift downline towards the remote worker, decentralised controls, and enhanced policy measures. Digital transformation and cybersecurity are twin engines for sustained success, and this has just risen to the top of the boardroom agenda as economies awaken to the new realities of a post-pandemic world.

 

About the author

Kumar Ritesh

CYFIRMA Chairman and CEO, Kumar Ritesh, has 2+ decades of global cybersecurity
leadership experience across all facets of the cybersecurity industry. He spent the first half of his career as the head of cyber of a national secret intelligence service agency, gaining first-hand cyber threats and risks insights on a global scale before transiting into the commercial arena as a senior executive for multi-national corporations IBM and PwC. Ritesh was also the global cybersecurity leader for one of the world’s largest mining companies, BHP Billiton. Through his blogs and public speaking engagements, Kumar educates companies on cybersecurity risks, solutions and trends.

Headquartered in Singapore and Tokyo, CYFIRMA is a leading threat discovery and cybersecurity platform company.

CYFIRMA is also an ICE71 Scale company. 

 

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Nominations for the ‘Top 20 Women in Cyber Security in Singapore’ to be announced on Thursday, 13 August 2020

The ‘Top 20 Women in Cyber Security in Singapore is to be announced this Thursday as part of the global ‘Top Women in Cyber Security’ initiative established to recognize women who have advanced the security technology industry.

The winners represent women in cybersecurity in Singapore for 2020 who have made significant contributions, advanced the industry and shaped the path for future generations of professionals among other vital contributions.

Amongst the winners are representatives of leading government and industry firms, from banking, finance, automotive, consulting and includes the Cyber Security Agency of Singapore, with judges also representative of leading cybersecurity identities in Singapore, Malaysia and Australia.

CSA Cybersecurity Innovation Day 2020

Group photo with guest speakers and 9 awardees of the 2019 Cybersecurity Call for Innovation

ICE71 is proud to be a supporting partner of the second and virtual edition of CSA Cybersecurity Innovation Day on 30th July. The event saw highlights including exciting pitches by 2019 Cybersecurity Call for Innovation Awardees, with two ICE71-affiliated start-ups Scantist and Amaris.AI participating. It also provided opportunities for real-time, 1-1 business meetings with awardees, on top of enriching sessions featuring a keynote by security and AI expert Prof Dawn Song.

An initiative by the Cyber Security Agency of Singapore (CSA), powered by TNB Ventures, the online half-day event started off with a warm welcome by Guest-of-Honour Mr David Koh, CSA Chief Executive. Mr Michael Yap, Managing Partner, TNB Ventures then shared the journey and insights from the 2019 Cybersecurity Call for Innovation.

The main highlight of the day was the pitching session by 9 innovative cybersecurity companies who won the Call for Innovation award. Scantist, an ICE71 Accelerate alum, and Amaris.AI, an ICE71 Scale start-up, pitched their solutions together with other awardees. The innovations pitched were diverse, covering advanced malware forensics, adversarial attack on AI, OT protection, threat intelligence, data access security, application security, endpoint protection, and autonomous vehicle security.

Prof Liu Yang of Scantist pitching about the start-up’s software application security solution

Scantist is a local start-up spun off from years of R&D, with a focus on application security. In the presentation about their awarded project on AI enabled application security testing framework, Prof Liu Yang, CEO and co-founder of Scantist, spoke about the significance of application security: ”With the trend of digitisation, software is everywhere from websites, mobile apps to IoT applications. Software applications are critical means for delivering value of products and services. But the reliance on applications also means that they need to be secure.” Prof Liu shared that application security remains to be challenging amid a fast-paced, ever-evolving attack landscape, coupled with the lack of deep security expertise. “Infamous incidences around Panama Papers, Equifax, and Heartbleed arising from application-level breaches have led to substantial financial and reputational loss,” he said.

Amaris.AI’s Prof Yu Chien Siang giving an introduction on known adversarial attacks against AI

Amaris.AI, a full-stack AI start-up, provides a solution for adversarial attack on artificial intelligence. Prof Yu Chien Siang, Chief Innovation Officer of Amaris.AI, gave interesting examples on how AI can be fooled, including one that talks pandas and gibbons: “See the panda. You will see that if we add a little bit of unperceivable perturbation, the AI will be fooled and upended, and the panda ‘becomes’ a gibbon.” He cautioned on the security risks of current AI systems: “Almost all AI systems deployed now are without defences, if aggressively targeted, they will all be badly subverted, and these AI will also be automating such attacks.” Prof Yu urged the audience to think about potential impact in areas using AI, like autonomous cars and immigration biometrics.

Prof Dawn Song of Oasis Labs speaking about responsible data economy in the age of AI

It was great to see homegrown cybersecurity start-ups in the line-up of awardees, such as Amaris.AI and Scantist which are in the ICE71 inner circle, as well as Insider Security, a start-up that provides detection of unauthorised access to patient data – a relevant cybersecurity solution for healthcare IT systems.

Keynote speaker Prof Dawn Song, who also has her own start-up Oasis Labs, spoke passionately about the importance of privacy preserving data access in the age of machine learning, in her session on challenges and future direction for AI. She said, “Data needs to be protected not only at rest and in transit, but also when in use and in compute.”

There was also a fireside chat with students featuring Prof Song, a presentation by AiSP on security by design, and an IMDA sharing on opportunities for cybersecurity start-ups in the SME market.

The virtual event was a truly insightful experience. We look forward to more of such cybersecurity entrepreneurship initiatives in the future!

Watch highlights:

Catch up on the full event programme content here.

Interview with Omaru Maruatona, CEO and Founder of Aiculus

Omaru Maruatona, founder and CEO of ICE71 Scale start-up Aiculus shares about the increasing need for API security post COVID-19, the start-up’s recent fund raise circa SGD1 million, and more.


Q: Tell us more about yourself.
I was born in Botswana Africa and moved to Australia in 2015 on a scholarship to study Software Engineering. Since then I’ve worked in Botswana in a diamond mine, then moved back to Australia where I completed an industry PhD in applied Artificial Intelligence. I’ve also worked for a global financial services company and a big four consultancy firm before I founded Aiculus in 2017. I am currently CEO of Aiculus and am responsible for the overall strategy of the company.   

Q: What inspired you to start Aiculus?
I started Aiculus mainly because I saw a growing trend in the wide application and adoption of APIs and a gap in the way they were being secured. Globally, there’s been a massive uptake in connecting different systems and enabling digital service provision using APIs. Most countries have also moved to legislate the sharing of consumer data through open platforms such as Open Banking. Consequently, organisations have set up digital platforms to comply with these regulations and also to enhance customer experience. Given my background in software development, AI and Cybersecurity, I had a good idea of what it would take to develop a prototype to test the market so I took the leap of faith and went for it.  

Q: Could you share with us some real-world client use cases of your technology?
Most organisations with APIs have one or two layers of defence or security. These security controls are mostly at the perimeter and typically check for authentication and authorisation in incoming API traffic. We are currently working with a large corporate organisation to provide a behaviour-based API screening capability to detect the use of stolen credentials and account takeover attempts. With the increasing number of successful authentication bypass attacks and attacks using stolen credentials, a proven way to stop these is to inspect authenticated API requests using some form of Behavioural Analysis. This is the value proposition of Aiculus.

Q: Congrats on your recent milestone securing close to SGD1mil in seed funding round led by Cocoon Capital! What were learnings from the fundraising? What did it take to get there?
I think every start-up has its own context and therefore things that apply to them may be different. For us, what really took us over the line in terms of securing the investment was that we had a host of people who could speak on our credibility. In addition, we did our research and made sure we had defendable facts on market size, competition, growth drivers and product differentiation, to mention a few. 

Q: What are your thoughts about API security in the light of COVID-19? How relevant is this now – has the need increased or remains as important as ever, and why?
COVID-19 has compelled many companies to roll out massive work from home arrangements for employees. In addition, physical distancing measures have resulted in many people using digital services rather than the traditional in-person purchases for services. Because of this, the digital channel widened significantly and may never go back to pre-COVID-19 volume again. All this means that APIs, which power the communication between systems, are busier than ever and must be appropriately secured to sustain this new normal.    

Q: You recently set up a Singapore office. It’s a progression that we see since your days in ICE71 Accelerate to being a member with ICE71 Scale at present, and we are proud to have been part of your journey. What are your thoughts about business prospects in Singapore?
Thanks, ICE71 has been pivotal in Aiculus establishing in Singapore. From the beginning, Aiculus was founded as a global company because the problem we are solving is global. Although we can technically serve any customer wherever they are in the world, our expansion has to be incremental in order to be sustainable. SEA is a fast-growing region in the world, so it made a lot of sense to be in Singapore since this is the financial hub of SEA. In Singapore, Aiculus wants to be a critical part of the cybersecurity ecosystem, offering a product that provides great value to organisations who are using APIs.

Cybersecurity is a set of attitudes, technical and administrative controls methodically deployed to help ensure a digital service is resilient from deliberate or accidental disruption.

– Omaru Maruatona

Omaru is a valuable member of the ICE71 community. His start-up Aiculus was in cohort 3 of ICE71 Accelerate and is currently an ICE71 Scale company.

 

COVID-19: Productivity at the cost of security


In the RSA Conference APJ 2020 session “Getting the security and flexibility balance right in a COVID-19 world”, Magda Chelly, co-founder of Responsible Cyber shared her insights around digital transformation and security risk considerations in current times.

It’s ultimately about productivity
Improved and continuous productivity is a key driver of digital transformation for companies. It is less about regulatory or cybersecurity reasons. “In terms of APAC, I noticed that digital transformation adopted by companies are very much related to a sense of speed, to allow productivity to continue for employees.”

Amid COVID-19, health measures around the world have made remote work a necessity rather than an option. This need in turn pushes for digital transformation for many companies.

The perimeter is dead: Security without boundaries
With COVID-19 accelerating digital transformation, enabling employees to work from anywhere, cybersecurity risks are emerging with increasing prevalence of cyber attacks due to this flexibility of working.

There are COVID-19-themed attacks (link) in the form of phishing, malware and others, all of which exploit what makes us human, and contribute to an increased number of enterprise attack vectors. “As usual, the weakest link is the human factor,” Magda shared. Human fallibility remains to be the enemy of control, especially with phishing attacks.

On endpoint management, she cautions that companies might still be exposed to different risk scenarios. She cited an example on passwords. “We have seen new policies that passwords should not rotate, for example, but if your employees are working from home, and eventually working from their own devices, they are using those devices to perform business activities. They might be using
the same password for their social media and corporate accounts.”

And there are other unpredictable risk scenarios. Besides their own home WiFi, employees could be on insecure and uncontrolled networks in quarantining hotels, and VPNs may not work here. They might also have technical difficulties with work email and end up using their personal email, another bane of security.

New approaches to security
Magda urges cybersecurity professionals and leaders to go out of their comfort zone and adopt a data-driven mindset when it comes to assessing emerging cyber risks. “Have your 3, 5, 10 new emerging cyber risk scenarios, and then quantify them.” She recommends cross-collaboration with other business teams like IT and compliance to uncover factors for quantifying data, particularly those that make sense and matter to stakeholders.

When it comes to cyber resilience and awareness building, cybersecurity professionals need to increase their visibility and reachability within the business, not just through traditional means of communication like newsletters which can seem distant.

And as they say, the perimeter is dead. The future of security lies in a non-perimeter-based approach – and zero trust, which places users at the centre of the security strategy.

Magda is a thought leader and frequent speaker at cybersecurity forums and events. She is a valuable member of the ICE71 community, and her start-up Responsible Cyber is both an ICE71 Accelerate alum and an ICE71 Scale company.

ICE71 is a proud community partner of RSA Conference APJ 2020. Watch conference content on demand here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Interview with Kopal Agarwal, VP Business Development at Uniken

Kopal Agarwal, who helms ICE71 Scale startup Uniken’s APAC business, shares about mobile security in a post COVID-19 world and more.

1) Tell us more about yourself. How did you get to your role at Uniken and what do you do in this role?

I joined Uniken about 6 months ago to spearhead its growth plans in APAC. Prior to joining Uniken I worked in the financial services industry for 19 years. Most recently, I was with the Bank of Singapore, and prior to that I worked with Barclays and JP Morgan in Singapore.

I first got to know about Uniken when they pitched to me at one of my previous employers. I was so impressed with their security solution; I decided I had to be a part of this company’s growth journey.

2) What’s the Uniken story, ie. how did Uniken come about?

Uniken was founded in India 7 years ago. A fresh team came in three years ago and has built the Uniken of today – with the simple aim to make connections secure and easy. Adding security layers to your digital channels means adding friction to the customer experience. For an organization embarking on a digital transformation journey, this poses a big dilemma. Our patented security solution REL-ID was built with the key focus on driving customer engagement and eliminating every major vector of fraud and breach.

We have since expanded into Latin America, the US, APAC, Europe, Middle East, and Africa — with global headquarters in the US and regional APAC headquarters in Singapore.

3) Could you share with us real-world client use cases of your technology – for us to better understand what your technology is about, and why this is important?

Our product is industry agnostic, hence we work with various sectors such as financial services, education, airlines, and retail.  I can share two use cases clients consistently deploy our solution for. The first is around protecting mobile apps and all transactions conducted with them. The second use case is about 100% transaction verification in business banking. Both examples take fraud to zero for our clients and drive a tremendous amount of engagement given the ease of use.   Making security invisible and frictionless has its advantages across the board.

4) You’re very much in the news recently, from news about Bank of India using your REL-ID technology to REL-ID gaining FIDO2 recognition. Congratulations on these milestones! Could you tell us more about these achievements?

Thanks, and yes, we have been in the news a lot lately. Bank of India (BOI) was all about delivering for a customer.  They are our oldest customer and as they have grown so have we. For us it was about listening to them and their customers along the way and continuing to strengthen our product set to meet their changing needs.  As BOI saw the threat landscape change, they realized that deploying REL-ID across the board was the obvious choice, we had what they needed because we listened along the way.

Our recent FIDO2 certification is another example of listening to the market, i.e. in providing a password-less solution that meets an industry standard and in having a continual push for innovation. With FIDO2 our solution can allow our clients to use an industry standard for password-less cryptographic authentication and combine it with our other award-winning features, allowing customers to lower their cost of ownership while offering the range of client authentication techniques.

5) What are your thoughts about mobile security of the future? Will COVID-19 change anything in this space?

In the new normal post COVID-19, the way people conduct their lives will change and digital interaction will be the norm rather than an option. We now have to ensure security and convenience to meet the needs of the new normal. Just look at Zoom and why they have succeeded recently. They are simple, easy and consistent, but they forgot to focus on security and privacy.

The emergence of mobile as the dominant channel creates the opportunity for businesses to rethink their security paradigm, allowing them to pivot to a customer-centric model that delivers a better customer experience and unlocks the true power of digital transformation.

6) Describe cybersecurity in 30 words.

Cybersecurity is about protecting one’s systems, information, assets and dollars. But above these, it is also about respecting individual privacy and protecting the brand.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Why you should worry about ransomware breaches during COVID-19


Cybercriminals are taking advantage of the emergencies caused by COVID-19 to run more frequent ransomware attacks. Criminals aim these attacks mostly at hospitals and corporates, locking these organisations out of their critical systems, to extort payments.
Sudesh Kumar from Kapalya, an ICE71 Accelerate startup, shares more.

Ransomware are often spread through phishing emails containing malicious attachments, or through drive-by downloading. Over the last month, the number of phishing ransomware emails and attacks increased respectively by 4,000% and 350% with COVID-19 themed cyberattacks. There are about 13,000 malicious website domains using names related to COVID-191. Business networks are more exposed to potential attacks because of the high number of people working from home using corporate-issued laptops, smartphones and tablets, all of which may contain confidential, proprietary, classified and sensitive data. When cybercriminals compromise these files, they also extract the contents of these files and expose them on public-facing websites to further extort companies, if the victim companies deny ransom payment.

After a ransomware enters the system, it encrypts accessible files present on the computer and spreading through the network. These files become unusable unless decrypted with a special key owned only by the cybercriminal and released in exchange for a payment with an untraceable/pseudonymous methods (e.g. Bitcoin, Ethereum).

4 more concerns arising from an attack on top of a financial loss

Besides the loss in dollars and cents, 4 other key concerns arise from a ransomware attack:

1) There is no assurance that cybercriminals will release the decryption key after the payment, entailing a risk of permanent data loss;

2) During the time elapsed from the attack to the release of the decryption key (if at all), data and network are unusable, heavily disrupting time-critical applications such as hospitals;

3) After a first ransomware attack has been successful, there is no assurance that the victim will not face a cyberattack again, exploiting the same weakness used the first time;

4) During an attack, ransomware can transmit data from the computer to the Internet, causing potential leaks of sensitive or classified data (e.g. attacks by Maze, Sodinokibi, Nemty, Clop)

Conventional ransomware attack routes

Ransomware are often spread through phishing emails that contain malicious attachments or through unintentional download (i.e. drive-by downloading) when a user visits an infected website.

During ransomware attacks, attackers will compromise an individual host through phishing, malware, or exposed remote desktop services. Once they gain access to a machine, they spread laterally throughout the network until they gain access to administrator credentials and the domain controller. Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. In particular, the latest advancement involves “file-less” infection, where malicious code is either embedded in a native scripting language or written straight into memory using legitimate administrative tools, without being written to disk.

File-less ransomware

In file-based attacks, a binary payload is downloaded onto the target machine and executed to carry out malicious actions. Legacy antivirus can prevent these known attacks by identifying the signature. If the signature is found, the antivirus prevents it. File-less malware avoid this countermeasure by presenting no indicators of malicious executables on the target machine. Instead, attackers use legitimate tools built into the system like PowerShell, WMI, Microsoft Office Macros, and .NET for malicious purposes (Figure 1)2. This technique is called Living-Off-the-Land and the exploited legitimate tools are known as LOLBins). Many LOLBins are incorporated into the daily workflow of IT professionals, which makes blocklisting them impractical given how it would reduce IT’s efficiency and reach. The attackers have a set of tools they can leverage that are pre-installed on every Windows machine they want to target.

File-less ransomware are:

1) Stealthy: They exploit legitimate tools and are thus almost impossible to blacklist.

2) Living-off-the-land: Tools used are installed by default on most machines. The attacker does not need to create or install any custom tools to use them.

3) Trusted and Frequented: Tools used are frequently used and trusted. It is not unusual to see such tools operating in an enterprise environment for a legitimate purpose. A list of most recent file-less attacks is shown in Table 1.

File-less attacks can be a powerful tool for attackers, since they are able to bypass the majority of antivirus and next-generation antivirus products.

Final thoughts

Protecting files and folders on desktops, laptops, file-servers, smartphones, tablets and other user devices during this COVID-19 pandemic has become a necessity. In doing so, both private and public organizations must understand and mitigate the risk by encrypting files and folders on all devices, either inside or outside the organizational perimeter.

Using just perimeter defense and anti-malware or regular backup is no longer sufficient. A comprehensive organization-wide encryption must be developed and implemented.

References

  1. 4,000% increase in ransomware emails during COVID-19 | National Observer. Available here. (Accessed: 28th April 2020)
  2. Securely Support the Remote Workforce Surge | Unisys. Available here. (Accessed: 16th June 2020)


Author profile

 

 

 

Sudesh Kumar is CEO and co-founder of Kapalya, an ICE71 Accelerate 4 startup providing a comprehensive encryption management solution. Sudesh has more than 25 years of IT, mobility, security, networking, cloud computing and Project Management experience. Kumar has successfully delivered global multi-million dollar heterogeneous networking and transformational cloud services projects.

You may also be interested in:

In conversation with Sudesh Kumar of Kapalya, an ICE71 Accelerate 4 startup

ICE71 Demo Day: Nine companies, nine dreams, one virtual stage

25th June marked the Virtual Demo Day for our fourth and latest ICE71 Accelerate cohort, featuring nine startups from Singapore, Australia, Israel, the UK, the US and Poland.

To date, ICE71 Accelerate, ICE71’s accelerator programme has supported 34 cybersecurity startups and helped to strengthen Singapore’s growing cybersecurity ecosystem. And 16 of these companies from the programme have collectively raised SGD$18M.

In the Demo Day welcome address, Rebecca Floyd, Managing Director for CyLon Singapore described the exhilarating journey of making a wholly virtual accelerator programme a reality. “Necessity really is the mother of adventure,” she said, revealing the need for running a different kind of accelerator, and having an entrepreneur’s mindset to make things happen amid the challenges of the current pandemic.

Edwin Low, Director, Innovation & Tech Ecosystem at Infocomm Media and Development Authority (IMDA), said that ICE71 was formed to develop the cybersecurity ecosystem and provide support in terms of funding, go-to-market, facilities as well as community building.

In the two years since ICE71’s inception, we have made progress. Among the many milestones we had, we have trained over 80 cybersecurity entrepreneurs, accelerated more than 30 startups, and played a part in connecting our past cohort startups to potential customers and investors. Some notable results of connections made include funding raised from Cocoon Capital by Aiculus and Guardrails.

Our progress is driven by our co-founders Singtel Innov8 and NUS Enterprise, but certainly not without being in synergy with supportive partners giving us the uplift we needed. Edgar Hardless, CEO of Singtel Innov8, expressed, “Thank you to our partners who have supported us in this journey. Without the support of partners like IMDA, Cyber Security Agency of Singapore (CSA), and Cisco, we probably wouldn’t have reached where we are today.” Edgar was optimistic about existing capabilities to take ICE71 to the next level.

Prof Chee Yeow Meng, AVP for Innovation & Enterprise at the National University of Singapore (NUS) spoke about new cybersecurity challenges emerging from a remote work setting: “With COVID-19 forcing most of us to work remotely or study from home, new challenges have emerged for cybersecurity, driving a greater demand for cybersecurity solutions and creating opportunities for cybersecurity entrepreneurs.”

On the success of ICE71 Accelerate, CyLon has been an important programme partner for us. Grace Cassy, co-founder of CyLon shared about the proud partnership with ICE71 and how wonderful the journey was for them to be a part of helping to grow Singapore cybersecurity ecosystem.

The future is bright for cybersecurity entrepreneurs, but one of the key challenges remains to be how startups can rise above the noise and legacy in enterprises, and demonstrate immediate value in their solutions. They need to know how to convey their value proposition with key decision makers, particularly CISOs, to make headways. Keynote speaker Alan Jenkins, CyLon CISO-in-Residence had much to share on how startups can best engage with CISOs in today’s challenging environment.

While we look forward to many more milestones by ICE71 Accelerate alums, for now, congratulations to cohort 4 startups for completing this incredible journey and kickstarting another. It is great to see the new connections formed through ICE71 Accelerate between the cohort and our partners from the likes of CSA, Singtel Trustwave, NUS, and others. We can’t wait to hear of more exciting developments from our fourth cohort in the coming months!

Watch the pitches of each startup and connect with them directly by clicking on the links below:

Read about Demo Day in the news:

  • e27
  • AsiaOne
  • SBR Daily Briefing
  • Telecompaper
  • and more here.

Download the Lookbook here.

See the full Demo Day recording here.

Check out “In conversation” interviews with startup founders here.

ICE71 Accelerate alumni in the news!

Did you know that our ICE71 Accelerate past cohort alums have been making waves in the news? These include:

..and many more!

Meet the cohort 4 startups! Watch Demo Day at https://www.accelerate4-demoday.ranosys.net/client/ice_71/

ICE71 Singapore Cybersecurity Startup Map 2020

ICE71 proudly presents our 2020 Singapore Cybersecurity Startup Map, the latest (and greatest yet) version of it!

We’ve been continuously working hard to scour our island nation for cybersecurity startups – in this year’s updated map, there are 136 unique startups within the cybersecurity and associated fields, including endpoint security, cloud security, network security and IoT security.

Out of these 136 startups, half of the cybersecurity startup community are in our “ICE71 Inner Circle” of startups who come from our ICE71 programmes! 

You can check out our latest ICE71 Accelerate Cohort 4 startups on this map as well.

With more tech-savvy and nimble cybersecurity startups entering the space, launching new products and offering superior solutions, we look forward to continue supporting and strengthening the cybersecurity community in the region.

For the next version, do reach out and let us know if you would like to be listed on the startup map!

Investing in cybersecurity startups

As mobility and smart cities are developing, cybersecurity is becoming the hottest ticket to investing. Michael Blakey, Managing Partner and co-founder of Cocoon Capital shared his insights as an experienced angel investor and VC leader at this ICE71 Investor Series webcast.

Why invest in cybersecurity?

The amount of data and things that need to be secured is growing on a regular basis. Security business is fast-paced, with unfilled gaps along with rising technologies.

For large corporations and even governments, Michael said, “The big fear at the moment is not about the technology. It’s not about the IoT nor the smart devices, it’s about whether we will lose control (and be vulnerable to attacks). You’ve got to protect all these little devices, the cars and everything else which are moving around, and it’s much harder to do.”

There will be huge investment opportunities for cybersecurity companies if they can solve a relevant problem waiting to be solved. He opines, “If cybersecurity companies get their solution right, they can grow very quickly.”

Newbie tech investors: Good to know

For tech investments, it would take about 7 to 8 years before you see any returns, said Michael to would-be tech investors.

New investors can join other investor networks to gain experience and learn from them. This would also generate better deal flows as like-minded investors come together. “In Singapore, there’s a number angel investor networks like Angel Central and Bansea, you can join them and find people that have similar interest (in terms of the type of investee companies), and these people might be a little bit more experienced, people whom you can learn from. You can start small and learn through your mistakes. How everybody does investing would be different, there aren’t many many wrong ways of doing this but definitely not one right way of doing,” Michael shared.

People, especially founders, are key to an investor’s decision

A lot of emphasis is given to the founding teams when investors like himself needs to make a decision on what to invest in, especially when he can only invest in a few startups per year.

Founders must have the ability to build good teams that will consequently see through their product development and take to market. They should also have extensive market experience within the market of their target customer, particularly in cybersecurity. Any founder should correctly define the problem statement in those few crucial slides of their pitch deck. They must stand out to investors in the way they approach them. To Michael, demonstrating efforts in doing so would translate to how the same founder would attract a potential customer, a proof point for an investor to take the leap of faith.

Michael cites an example of investing in an ICE71 Accelerate cohort 2 startup, GuardRails, even though it is unusual to invest in a one-man team: “We invested in (one of your accelerator cohort companies, which was pretty much a one-person company and (the founder) had a couple of contractors that were were helping him. We spent a lot of time getting to know them figuring out if they have the right skill set, not just to build a technology but to build a team to one of the leadership capabilities.”

The other factors that influences his decisions as an investor include whether the startup is solving a real problem, and timing.

“Are they solving a real problem? I see some amazing technology that’s being built. But quite often, it’s technology that’s looking for a problem, not the other way around,” Michael lamented. “This is why I do more B2B than B2C. It’s harder with the consumers. With B2B, cybersecurity is (a real issue) that the board discusses.” He points out that cybersecurity is quite an interesting space to be in because it is something every board of every major corporation is concerned about. On timing, he’d ask if the cybersecurity startup is coming in too early or too late. He’d also ask, ”Where are they in terms of where the spaces (of opportunities) are?”

Investing in cybersecurity post COVID-19

Investing will still continue, albeit at a much slower pace, so founders need to work a little bit harder and yet lower their expectations of fundraising.

He said, “The reality is, as you might have noticed, I never talked about traction, rather I’m looking at people. Whether it’s today, last year, or next year, good teams are still good teams. And if you talk to most people who’ve been around long enough, they’ll all say the best investments they have ever made are the ones in a downturn. So, for founders, you’ll just have to work that a little bit harder. Change your expectations. If you were looking to raise one and a half million, maybe reduce the target funding amount and expect the fundraising period to take longer.”

He cautions that valuations are going to be around 20 to 30% of what companies would have gotten in 2019. To tide through COVID-19 effects, he advises startups to look into sensible cost-cutting, like making necessary salary cuts to prep for the worst, and also demonstrate adaptability during this time.

Watch the full video to learn more!

Be a part of our ICE71 community for more updates like this. Join our mailing list.

An interview with Dean Bell, CEO of Sixscape Communications

We recently caught up with Dean Bell, CEO of Sixscape, an ICE71 Scale startup.

What’s your role at Sixscape?

I am the CEO of Sixscape Communications, overseeing all strategic responsibilities of the company from product direction, expansion, fundraising and growth. I have previously been involved in a number of cybersecurity companies and have spent the last 25+ years in the region.

What is Sixscape’s story? How did Sixscape come about?

Sixscape started as an R&D initiative with initial funding from Spring (Enterprise Singapore) and NRF and tasked ourselves with looking a definitive way of adding a layer of security to both existing and new communication and authentication mechanisms that would finally put an end to security and identity breaches. This approach needed to align with and enable compliance standards in addition to future growth technologies of 5G, IoT, and IPv6 to ensure that it not only scales but also addresses the new paradigms that these innovations bring. This journey brought Sixscape to a position of leadership in securing authentication and communication across email, IoT, unified communications and user/device authentication with end-to-end encrypted traffic between them in the enterprise.

Can you share some client use cases of Sixscape’s security technology?

We had one large naval client in Asia with over 30,000 users who had a need for a password-less authentication using a mobile phone, as an authentication device with a layer of security that could not be compromised. The customer needed authentication to devices and services across desktops, mobile devices, and their online portals and to be done in a seamless way that follows a common user experience but yet embeds security which cannot be compromised. They recognised that OTP, 2FA, and MFA are no longer fit for purpose in their current state and the need for an additional layer of security. The solution was to deliver the end-user experience with a layer of security in the form of PKI and digital certificates delivering crypto-authentication used at each end of the communication and authentication process to provide irrefutable identity and authentication of the device, the person and encrypting the communication between them. The SixToken solution was deployed in a matter of hours rather than days and weeks which a manual solution would have taken using Sixscape’s IRP (Identity Registration Protocol) automation.

Another client of ours, a large management university in Asia with over 2,000 users – established a need for digitally signed and encrypted email for their in-house and visiting faculty that could be deployed centrally and easily to all desktop, mobile and BYOD devices with zero-touch ongoing management. The main driver was the need for integrity of the sender with a proven identity for both internal and external users that would also aid in preventing phishing and business email compromise (BEC) . A further requirement was that of email privacy in the form of email content and attachment encryption which would be seamless to the end-user and both requirements were to be delivered with a centralised policy control for selective and group signing and encryption while maintaining an escrow facility for secure storage and recovery of the private key. The SixMail solution was deployed along with SixEscrow and IRP seamlessly to all users with low end-user friction.

During this COVID-19 period, how do you see the importance of Public Key Infrastructure (PKIs) in securing remote working communications?

PKI, although invented back in the 1970s has stood the test of time and, combined with digital certificates provides the only way to ultimately prove the identity of people and things, this is imperative when both of these variables are involved in home working. WFH means different things to different people, from being a known user with a known corporate device on a known corporate network accessed over a VPN, to a BYOD device with little or no security applied to it. In both situations, PKI and digital certificates can be centrally deployed within seconds to remote devices including BYOD, across both desktop and mobile, while ensuring that both device and user authentication (strong client authentication) is carried out.

Why look into Singapore for business expansion?

Singapore ticks all the boxes from being a worldwide recognized start-up hub, excellent technical and commercial talent pool, established and certain legal framework, tax-friendly with a strong economy, and respected position in the region and worldwide. We feel a sense of pride to be a Singapore based start-up and this is echoed by the feedback we get from international partners that we have signed from both a commercial and technology alliance perspective. Singapore and the technology it produces truly is on a worldwide scale and this is something that here at Sixscape we intend to build upon as we solve more problems in Cybersecurity and enhance our solutions to address both current and future requirements.

Describe cybersecurity in 30 words.

Cybersecurity is anything other than physical. We make the mistake that cybersecurity is all internet-focused, when many attacks are from the ‘electronic’ world also.

Sixscape Communications, an ICE71 Scale startup,  is a Singapore based cryptographic authentication and communications vendor focused on digital certificate-based security across email, voice/video/chat communications, IoT and password-less authentication. Learn more about Sixscape at https://sixscape.com/

In conversation with Sujeesh Krishnan of Kinnami, an ICE71 Accelerate 4 startup

We caught up with Sujeesh Krishnan of Kinnami, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I am Sujeesh Krishnan, CEO of Kinnami Software Corporation. We are a data security and privacy startup based in Boston, U.S., with teammates in Washington D.C., London, and Singapore.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

The original inspiration for the technology that Kinnami is providing comes from the realization back in 2006 – that it was so hard and too slow to share large files (pictures, videos, etc.) with non-techie family members around the world while also retaining privacy. Even today, that problem is not served well. Over decades in the data protection and security segments of the IT industry, we have become frustrated with the industry’s patchwork of solutions that have led to ever- greater disasters in the form of data leaks and most recently fake news – information that cannot be trusted.

Consequently, we have become determined to provide a better platform that prevents a number of essential problems in data security and protection. “Data without security is worthless. Security without data is pointless,” so separating the 2 topics, which has happened as a result of the evolution of IT over the last 30 years, is really just not a good idea. These need to be fixed together. Properly.

Kinnami’s vision is to completely alter the way organisations think of data security and storage and eliminate the current patchwork of solutions that serves as IT security today. Data security now keeps IT admins up and night and is a hot topic in corporate boardrooms. The ability to play a key part in addressing this big challenge is a huge motivation for us as a company.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

Kinnami enables organisations to protect sensitive data everywhere. Our innovative distributed data storage and security platform, AmiShare avoids the classic data security and protection patchwork. Instead it provides organisations with an easy way to secure the creation, storage, and sharing of data both within organisations and externally. AmiShare separates administrators and end-users’ responsibilities, aligning them more precisely with their goals. All this is verified by AmiShare’s auditing.

AmiShare enables organisations to manage the security of data by defining policies to control who may access them and where they are stored, providing protection wherever they are stored or shared. This includes data centers, cloud stores, laptops, mobiles, removable drives, and IoT devices. Security of stored data is enhanced by breaking data into fragments, individually encrypting fragments with individual encryption keys and storing them across multiple devices/servers.

Q: Who might find use for your solution?

Any organization that needs a more secure way to store, collaborate and audit the access of confidential information will find value in AmiShare. Some of our early markets of interest include regulated industries such as financial services, healthcare, supply chain, as well as academia, and military.

In today’s remote work from home environment caused by COVID-19, SMEs as well as enterprises will find AmiShare to be a better way to manage sensitive data that is being accessed on potentially unsecure devices and networks.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

We have found the programme to be of high quality, with extremely relevant topics for our company at its current stage of evolution. The ability to interact directly and build relationships with CISOs, subject matter experts, and successful founders, as well as peers has been invaluable. We have also appreciated the opportunity to connect with parties at Singtel, NUS, IMDA, and CSA among others, on a one-one basis and in exploring collaborative projects.

Learn more about Kinnami at kinnami.com

In conversation with Mitali Rakhit of Guardara, an ICE71 Accelerate 4 startup

We caught up with Mitali Rakhit of Guardara, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Mitali Rakhit, CEO and co-founder of Guardara, and we’re based in London, UK.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

My cofounder and CTO, Zsolt Imre, used an early prototype of our product at the world’s largest telecommunications device manufacturer, and was able to find more security and QA issues than a leading competitor. The client wanted to buy the product.

At Guardara, we are passionate about building a world with more secure code. Our dream is to be able to move fuzz testing earlier into the software development lifecycle and to be able to automate it completely.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

FuzzLabs is focused on fuzz testing for quality assurance. FuzzLabs can find more issues faster, is easier to integrate and more flexible. We are making the product as easy to use as possible in order to reach a wider audience.

Q: Who might find use for your solution?

Enterprise product security teams that work on high-availability products, such as ICS, IoT, medical devices, telecom, defense, aerospace, and automotive solutions.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

I have enjoyed getting to work with our fantastic mentors and peers in the cohort. I have learned that good things take time, and persistence is the key to success.

Learn more about Guardara at guardara.com

In conversation with Stephanie Robinson of Assimil8, an ICE71 Accelerate 4 startup

We caught up with Stephanie Robinson of Assimil8, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Stephanie Robinson, CEO and co-founder of Assimil8. We’re based in Brisbane, Australia.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

Assimil8 was formed in 2018 as I was struggling to bring together data sets from disparate systems in order to make high level
recommendations for relationship management – specifically, I could not see how relationships were connected without completing a time consuming and manual process.

Working together with my CTO and co-founder Simon Robinson to develop the IDRIS tool – a cybersecurity solution by our startup Assimil8 – has been an amazing experience. Having spent most of our lives overlapping careers, it’s been especially rewarding to move forward with IDRIS together by means of Assimil8.

Over the years we have had many ideas, but IDRIS was really the one we felt most strongly had all the ingredients for success, to meet a genuine need in a growing market. Our goal is to find partners who can recognise both the immediate cybersecurity market opportunity and the wider applications of this technology.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

We know that SMEs are asking for better value from their cybersecurity providers, more efficiency at a lower cost. We also know that SMEs are not only more likely to be the target of an attack, but that an attack is far more likely to result in the closure of the business.

Most SMEs receive raw threat data via a tool created for enterprise, so we asked ourselves this – why is there nothing on the cybersecurity market designed for this part of the economy, given that these businesses support close to three quarters of jobs worldwide? We believe it comes down to three critical factors – cost, skills and psychological barriers. It is not easy to get good cybersecurity advice, and to understand or act on it.

Our solution IDRIS utilises sophisticated graph technologies to provide visual network views, which allow the user to identify anomalies or patterns for investigation, without the need for high-level technical skills. IDRIS does not come with an enterprise licence fee, and with IDRIS it is far easier to interpret results than traditional rows of raw data. The tool can provide a view of threats across an entire network, increasing the likelihood of identifying a threat and, crucially, its connections within that network.

Q: Who might find use for your solution?

More than three quarters of small and medium sized businesses expect at least half of their cybersecurity needs to be outsourced within the next five years, and 78% of these businesses plan to invest more in cybersecurity within the next year, according to the results of a 2019 Continuum survey of global SMEs.

Our plan is to provide these outsourced service providers with a competitive edge in an increasingly competitive market. IDRIS will be launched using an open source model, and we would like to set the bar that any good forensic analyst service would be using IDRIS. Think of IDRIS as plain English for network threat identification.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

ICE71 Accelerate has been an excellent springboard for Assimil8 and finding a path to success for the IDRIS tool. Right from the beginning, the programme has provided access to networks and mentors. The focus and clarity this has given us in such a short period of time has helped us make huge leaps in the development journey of our product. We are excited to become a future success story for ICE71 Accelerate.

Watch Assimil8 pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Assimil8 at assimil8.com.au

 

In conversation with Valentin Bercovici of Chainkit, an ICE71 Accelerate 4 startup

We caught up with Valentin Bercovici of Chainkit, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I am Valentin (Val) Bercovici, Founder and CEO of Chainkit, based in San Francisco, California, USA.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

What inspires me every day is about levelling the playing field for victims of cyber crime and attacks – creating the next great cybersecurity company!

Cybersecurity has an existential crisis around the stealth of attacks. Privileged (admin or root) accounts are easily abused by malicious insiders and external bad actors alike. And with those escalated privileges, they execute their attack chains and cover their tracks with impunity. Balancing the canonical C-I-A Security Triad/Triangle with stronger integrity solutions for deep (military-grade) tamper-detection, solves this existential crisis.

At Chainkit we want to leverage absolute integrity to deliver the power of Provable Computing to the IT/OT industries. All layers of the computing stack (from transistors in processors to OSI L1-L7) only execute mathematically provable code, processing only authenticated data. All tampered code or data is immediately detected and isolated. This is the ultimate extension of the zero trust concept – beyond identity, endpoint and custom network segment.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

39% of cyber attacks are reported undetected by broad customer surveys – only during post-mortems by forensic investigators. Chainkit for Splunk and Elastic reduces undetected attacks by adding early visibility to deep tampering via military-grade detection of anti-forensic techniques. Before the attacks, Chainkit detects more insider threats, reduces dwell times, improves attribution and maximizes integrity monitoring for compliance.

Q: Who might find use for your solution?

Chainkit is a horizontal solution with a USD $1 billion addressable market today. We prioritize our sales on the most attacked industry verticals (government, financial services and healthcare). We offer specific value propositions for security analysts, threat hunters, compliance officers or auditors, and digital forensics investigators.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

The cybersecurity focus of the program is first-rate. The breadth and depth of industry-specific feedback we are receiving from customers, partners, investors and mentors is materially improving all aspects of our business, from sales and marketing, all the way to product development.

Additionally, the professionalism of the ICE71 and CyLon teams have been outstanding. Particularly their seamless transition from a traditional in-person program to a 100% virtual version of it.

Watch Chainkit pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Chainkit at chainkit.com

 

In conversation with Sudesh Kumar of Kapalya, an ICE71 Accelerate 4 startup

We caught up with Sudesh Kumar of Kapalya, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Sudesh Kumar, founder and CEO of Kapalya. We started Kapalya in Honolulu, Hawaii, but since 2018, we have moved to Berkeley, California which is in the San Francisco Bay Area in the US.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

It all started when I was tasked by the Hawaii State CIO to protect the 2016 presidential elections data from getting hacked. During that process, I discovered that no vendor had a comprehensive encryption management solution, so we decided to build such a solution and that was the inception point of Kapalya.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

The main problem we are solving is encryption key management across any organization, regardless of where that organization’s data resides – be it on laptops, desktops, smartphones, tablets, public clouds, virtual desktop environments and enterprise file-servers. We call it the Encryption Management Platform (EMP).

Q: Who might find use for your solution?

Since our inception was from the government, they are first target customers. However, our solution is good to be used by any industry and vertical, as all of them are susceptible to ransomware attacks – these include healthcare, legal firms, software development companies, accounting firms, financial services, oil and gas, manufacturing, logistics, insurance companies, to name a few.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Our biggest value derived from the ICE71 program is the level of connections made so quickly within SingTel, NUS, Trustwave, CSA and NCL. All of these are extremely valuable partnerships for us, which would have been very difficult to obtain on our own.

Watch Kapalya pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Kapalya at kapalya.com

 

In conversation with Avi Bartov of GamaSec, an ICE71 Accelerate 4 startup

We caught up with Avi Bartov of GamaSec, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Avi Bartov, CEO and co-founder of GamaSec, a company based in Tel Aviv, Israel.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

GamaSec was founded in 2006 with a mission to lower risk for small businesses. Back then, we were a security solutions advisor.

In 2017, we made a strategic decision to create alliances and partnerships with insurance companies. We realised that cyber insurance is going to see more focus with insurers worldwide, but most insurers do not have the background or the expertise in order to provide this kind of service. The missing piece of the puzzle was the growing need for a partnership between a cybersecurity company and an insurance company. Here’s where and how we come in — our technology, when bundled with cyber insurance policies provided by our insurance partners, reduce their exposure and increase their brand awareness.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution.

GamaSec provides a pre-breach virtual hacker technology designed to prevent cyber attacks, minimizing the exposures that cyber insurance policyholders face, instead of just risk mitigation.

Right now, we are working towards the next generation pre-breach cybersecurity for insurance carriers – with GamaEye. GamaEye is a powered GamaSec Patent technology that enables businesses of all sizes to detect combat and recover from web cyber-attacks in real time significantly reducing the risk of data breach.

It is a web attack detection technology that uses changeable deception elements to identify and reveal malicious activity targeted at business websites.

Q: Who might find use for your solution?

Insurance providers and brokers that are providing cyber insurance policies to small to medium-sized business owners. These parties would be our potential channel partners.

By blending in this next-level detection and prevention technology with their cyber insurance policies, our insurance partners would be able to reduce exposure and increase brand awareness.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Meeting people from different backgrounds and learning from their experiences, which helped the cohort members get feedback in improving our respective companies.

Watch GamaSec pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about GamaSec at gamasec.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

  • Cyble, an ICE71 Scale startup, is listed in Forbes’ 20 best cybersecurity startups to watch in 2020, based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets.
  • In a separate news on Silicon.co.uk regarding a potential data compromise affecting popular maths site Mathway, Cyble was quoted saying that hacking group called Shiny Hunters began selling the database of more than 25 million Mathway user credentials on illicit websites in early May, offering it for $4,000 (£3,285) in cryptocurrency.
  • ICE71 Scale startup Cyfirma is quoted in this Straits Times article about the recent cyber attack on ST Engineering’s US subsidiary. According to the cybersecurity firm, a group of hackers known as the Maze group had attacked VT San Antonio Aerospace and put about 50 megabytes of leaked data on the Dark Web and public forums.

More news on ICE71 and our startups here.

 

In conversation with Alessio Mauro of neoEYED, an ICE71 Accelerate 4 startup

We caught up with Alessio Mauro of neoEYED, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Alessio Mauro, from Italy, CEO at neoEYED, a US based company.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

I hate security and especially “passwords”! They are just stressful and a nuisance and… why are we using them yet, despite all the advancement in biometrics? My dream since I started this company was to simplify security and get rid of passwords once for all.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution.

neoEYED reduces up to 99% of digital identity frauds by using an invisible technology: behavioral recognition. We built a Behavioral AI, an AI trained to recognize the users just by the way they interact with their web/mobile applications.

It’s an invisible security layer that protects the users, without making any change in the user experience. More security, less stress.

Q: Who might find use for your solution?

Banks and fintech applications are the one who would really need these solutions to protect their users’ accounts, besides, any enterprises (including banks), regardless of the verticals, always need this solution to protect frauds inside coming from the employees or hitting them.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Being us in the virtual program we haven’t got the chance to live Singapore and all ICE71 events, but the team at ICE71 have always connected with relevant people and events to be in the startup scene.

Watch neoEYED pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about neoEYED at neoEYED.com

 

In conversation with Rohan Sood of Scantist, an ICE71 Accelerate 4 startup

We caught up with Rohan Sood of Scantist, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.
I’m Rohan Sood, Head of Operations at Scantist. We’re an NTU spin-off based in Singapore.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

The cyber-security lab (CSL) at NTU found multiple vulnerabilities in popular commercial software from Adobe, Apple and the likes as a part of it’s binary-level security analysis. These vulnerabilities were recognized by the vendor companies – leading to significant bug-bounty awards to the research team.

The ability to find commercially relevant vulnerabilities in some of the most sophisticated software platforms and products led us to believe that we had a unique value proposition to share with the world. We started Scantist with an objective to translate our research activities into a viable product that could be used to identify such vulnerabilities before the software is released.

Our vision is a world where applications function flawlessly – the way they were intended, without concerns for security. We aspire to be the one-stop shop for application security.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution and who might find use for it.

While cybersecurity has traditionally focussed on network and infrastructure layers, the application layer is emerging to be the preferred battleground for hackers and adversaries worldwide. Breaches like Equifax, Panama Papers and a host of Heartbleed-related attacks were all made possible owing to vulnerabilities in business-critical applications.

Scantist Software Composition Analysis (SCA) provides a developer-centric solution that integrates with existing workflows to proactively manage known vulnerabilities in software applications. Scantist SCA is the only tool that effortlessly scans all binary and open source code in a single integrated platform to provide targeted remediation advice with an extremely high-degree of accuracy.

Any organization – small or large – which develops or maintains software applications as a part of its core business operations is a potential customer for Scantist.

We are currently focussed on markets in Singapore, ASEAN and China.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

With cohort members as well as mentors from across the globe, we have really enjoyed looking at cybersecurity from a much-broader perspective than we previously had owing to our existing engagements being limited to the Singapore/ASEAN region. It has allowed Scantist to evolve and broaden its horizons by working towards being a global brand.

Watch Scantist pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about Scantist at scantist.com

 

In conversation with Barton Shields of Olympus Sky, an ICE71 Accelerate 4 startup

We caught up with Barton Shields of Olympus Sky, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.
I’m Bart Shields, CEO and CTO of Olympus Sky Technologies, S.A. , also known as Olympus Sky, and we originate from Łódź, Poland.

Q: What inspired you to start your startup?
Back then, I wanted to solve the number one problem within the automotive industry –  providing security inside of the vehicle.

Q: What fires you up every morning?
Knowing that this technology completely changes how security is done, in that it simplifies and automates communication security, while also simultaneously providing a solution that is more secure than the current, traditional means for providing communication security (i.e. PKI + TLS/SSL).

Q: What is your goal or dream for your startup?
This are two parts to this goal: 1) to make our core technology an RFC specification and communication-layer standard, and 2) to change how the world does security.

Q: What is the problem you want to solve with your product/ solution?
Traditional security is human intensive and utilizes a centralized approach for the creation and management of security credentials, making it costly to implement, costly to maintain, and difficult to scale. IoT is expanding at a pace that is difficult to keep up with. This is especially true for trying to provide security at IoT scale in a cost and time efficient manner.

Because traditional security was never meant to operate within the complexity and additional requirements introduced by the proliferation of devices that IoT brings. Only those with sufficient resources have the capabilities of addressing the security gaps, which because of the complexity more than often fall short.  It is no secret that traditional security is becoming more complex each and every year.  Thus, increasing the threat surface and costs of maintaining security.

To put it simply, traditional security is meant for point-to-point, static links.  IoT is by definition dynamic and multi-point.  Thus, traditional security is the square peg and IoT is the round hole.

Q: Tell us more about your solution and who might find use for it.

Our security solution, Autonomous Key Management (AKM) makes security not only affordable, but significantly decreases the threat surface because of its simplicity.  AKM is easy to deploy, easy to maintain, and easy to expand at IoT scale. AKM solves the high costs and difficulties of providing security at IoT scale. It is completely automated with one-time provisioning, removing the human factor and any requirement to connect to a centralized server.  Last, our security naturally provides multi-point, end-to-end encryption, something that traditional security is incapable of (ex. the Zoom video acknowledgement from April in which they stated that PKI and TLS/SSL are incapable of multi-point end-to-end encryption).

The primary customer case for our solution would be Industrial IoT companies.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?
Meeting the mentors and other teams in the programme.

Watch Olympus Sky pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about Olympus Sky at olympusssky.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

 

First 100% virtual ICE71 Accelerate programme


Our first 100% virtual ICE71 Accelerate programme had kicked off! The fourth cohort of the programme took place from 7 April – 25 June.  Here’s a quick look at each of the startups in cohort 4!

 

Assimil8

Origin: Australia
Co-founders: Simon Robinson, Stephanie Robinson

The Assimil8 tool, IDRIS provides decision makers with easy to read visual representations of large complex data sets. ASSIMIL8 makes data analysis more accessible by reducing the reliance on specialist expertise. The product we have developed, known as the Intuitive Data Relationship Inference System (IDRIS) can be used to quickly evaluate the risk context and threat of an individual cyber event or can be used continuously to review a complex network to identify threats.

www.assimil8.com.au

In conversation with Stephanie Robinson, CEO


Chainkit

Origin: USA
CEO: Valentin Bercovici

Chainkit is a cutting-edge technology that detects invisible threats, dramatically reduces dwell time from months to minutes, and delivers absolute system attestation.

Anti-forensic techniques are silently tampering with indicators of compromise, extending dwell times into months. Forensic artifacts lack attestation of integrity for investigators to use in determining attribution. These conditions put organizations at unacceptable risk of undetected cyber attacks, as well as out of regulatory compliance. Chainkit for Splunk and Elastic is the first solution to focus exclusively on the previously invisible 39% of undetected cyber security attacks. Results include less cyber damage and stronger regulatory compliance, supporting lower insurance premiums, in an era of universally increasing cyber risk.

www.chainkit.com

In conversation with Val Bercovici, Founder & CEO


GamaSec

Origin: Israel
CEO & Co-founder: Avi Bartov

Gamasec utilizes the newest and most advanced technologies to stop cyber-attacks via websites reducing cyber insurance exposure GamaSec is a pre-breach tool which enables small and mid-sized businesses to combat and recover from cyber attacks. By using cutting edge virtual hacker technology to identify and eradicate dangerous malware threats and website application vulnerabilies reducing cyber insurance risk and exposure.

www.gamasec.com

In conversation with Avi Bartov, Founder and CEO


Guardara

Origin: United Kingdom
CEO: Mitali Rakhit

FuzzLabs, their first product, can be used to identify a wide range of issues, not only native software flaws, such as memory corruption. It is possible to test web applications and web services, find problems such as unhandled exceptions, issues related to performance, and a lot more.

www.guardara.com

In conversation with Mitali Rakhit, Co-founder and CEO


Kapalya

Origin: USA
CEO & Founder: Sudesh Kumar

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application. This ubiquitous encryption solution protects all your corporate data by seamlessly encrypting files on end-points (computers/mobile devices), corporate servers and public cloud providers. With Kapalya, users have the ability to share encrypted files across multiple cloud platforms.

www.kapalya.com

In conversation with Sudesh Kumar, Founder and CEO


Kinnami

Origin: USA
CEO: Sujeesh Krishnan

Kinnami is an end-to-end data security firm that equips organizations to secure, proof and audit sensitive information at rest and in-transit in data-sharing applications Kinnami is an end-to-end data security firm that equips organizations to secure, proof and audit sensitive information at rest and in-transit in data-sharing applications. It’s core product, AmiShare, uses distributed and encrypted storage to secure and protect confidential data across devices and users everywhere. Data is broken into fragments, encrypted, and distributed across a network of servers, devices and the Cloud. AmiShare strictly audits access to data and secures data right where it is created or stored ensuring that data is protected even as it moves.

www.kinnami.com

In conversation with Sujeesh Krishnan, CEO


neoEYED

Origin: USA
CEO: Alessio Mauro

neoEYED helps banks and enterprises to reduce frauds just by looking at the way users interact with application and devices neoEYED is a Behavioural AI. A fraud detection/prevention solution that recognise the users just by looking at “how” they interact with the applications and type their passwords. The result is a secure, frictionless, layer that continuously monitors the behaviour of the users and protects them from any unforeseen frauds without asking for any additional permissions or personal information. Invisible, simple, secure!

www.neoeyed.com

In conversation with Alessio Mauro, CEO


Scantist

Origin: Singapore
Head of Ops: Rohan Sood

Scantist is a local cybersecurity startup focused on managing open source vulnerabilities and improving compliance on the application level Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its deep research and expertise to provide vulnerability management solutions to enterprise clients.

www.scantist.com

In conversation with Rohan Sood, Head of Operations


Olympus Sky

Origin: Poland
CEO & CTO: Bart Shields

Olympus Sky Technologies (OST) has developed a new way to think about cybersecurity, up-ending 30 years of static, heavy certificate-based solutions such as PKI. We have implemented this technology into a product suite that we call Zeus. Zeus is used to secure complex supply chains, from cradle to grave, as well as providing secure communication, including authentication of both hardware and virtual (electronic images/software) assets. Best of all, the product is simple to understand and simple to use, requiring no skilled administration or IT security experts.

www.olympussky.com

In conversation with Bart Shields, Co-founder, CEO and CTO


Watch cohort 4 startups pitch at ICE71 Accelerate 4 Virtual Demo Day

Chris Roberts: Hacking Sheep, Ships, Stations & Everything in Between


We recently had our ICE71 Distinguished Speaker Series with Chris Roberts who shared his journey in cybersecurity, what he feels about the current state of the industry, and more.


How he got started with cybersecurity and his first hacking experience

Chris attributed this to his ATARI game days around the time he was 13. He mused, “I hated losing the games, so I would load the programs up, arrow them out, drop them into the command line and see how they actually worked. And then I loaded up a basic shell and just really started to figure the code out from there. At the time my father was still around, he would play a game, sometimes winning and sometimes losing, while I could play a game and become a trillionaire after like 20 minutes because I’ve hacked the system. That got me started with hacking.”

Getting a foot in the door 

His advice for aspiring youth who want to venture into cybersecurity? They need to have a good attitude, and know how to reverse engineer solutions. He said, “If I’m looking at somebody who’s new, I don’t care about the qualifications. What I care about are what they think, how they feel and how they can demonstrate it.”

For those who want to get into the red or blue teams, he’d ask: “Have they built their own machine at home? Have they figured out how things work? Do they know how to reverse engineer? Have they broken things to be able to then figure out how to repair them?” 

Someone new to the industry doesn’t only learn cybersecurity skills. Newbies should  take a proactive step in connecting with the cybersecurity community, for example, through a platform like LinkedIn. To succeed, It’s important to have good communication skills, both verbal and written, together with a collaborative mindset.

Need for effective communication

Chris lamented about one of his biggest frustrations in cybersecurity, the lack of effective communication within the industry.

He spoke about acronyms and jargons in cybersecurity.

“People outside our industry go: “How can you explain security in the language I need to understand?” This is where you talk about risk, and where you basically put your point in human terms,” Chris said.

It doesn’t matter whether it’s a CEO or CIO who’s trying to explain to leadership about risk.  He said, “Risk reduction is about mitigation controls and compliance regulations.” And if it’s a technical person trying to educate the end user about passwords, it’s ultimately about “how it’s meant to keep the end user safe”, and how the end user can “teach his family to be safe” too.

What deception technology is about

Chris explained this as “using technology to effectively lie to someone who’s trying to break into a system”. In the case of hackers, the better the system lies to them, the more interaction they would have with the system, ultimately triggering alerts.

“Or look at it as building an architecture that camouflages itself effectively,” he said. If there is a request from an attacker, the deceptive system is like a “butler”, serving the attacker deceptive credentials and setting off an alarm.

On hacking cows and other things

Chris has hacked everything from cow pedometers to milking machines to ships.

Once, he overrode GPS tracking data from a cow pedometer database, and at one point he tracked 0.25 million herd of cows virtually lurking around a friend’s house! He’s also made milking machines stop and “line dance” every 12 hours. 

About two years ago in Turkey, he hacked into a ballast control system of a ship at a harbour. Ballast control systems give stability to ships. Hacking into these systems could potentially make ships roll in the middle of a harbour. Chris has approached a few shipping companies to caution about these insecure systems but to no avail. It’s challenging to responsibly disclose the security loopholes to the company, and most of the time it falls on deaf ears. He said, “They just want to focus on getting the ships from point A to B.” 

How startups can get a foot into the door despite legacy issues

Startups need to learn who can they can work with or have access to a particular company in a particular industry.

“It isn’t all about doing it yourself, you need to make friends, talk to people and present your ideas.” 

He suggested startups to ask for advice, and even form partnerships, stating Attivo Networks as a good example. Startups need to think about how they can help make an existing process more effective and reduce risk. He said, “Don’t go out and solve the world. Think about how to help others become effective.”

Top challenges CISO are facing and what keeps him up at night

Chris’ take on the top challenges of CISOs are:

1) Visibility: CISOs need to have visibility of all their network endpoints to know the location of their risks.

2) Too many tools, too much inefficiency: Particularly in big organisations, CISOs can have too many security technologies in place. These could just be at 30 to 40 percent capacity.

3) Regulatory and compliance: This includes data privacy, which continues to be a huge concern for CISOs.

So for startups, offering to add another security tech to the mix might not be ideal. Instead, offer something that could give CISOs the visibility they need and could make make existing systems more effective, while ensuring regulatory needs are met.

As security people, we have one job and one job only, and that is to protect the people around us.”

Rather than throwing in and relying on more technology to secure systems, he feels there is a need to take a step back: “We’re so focused on tech, we forget about the humans and processes,” and added that we should instead ask this: “What can I do to help?”

Watch the video of the whole conversation including the interactive Q&A at the end:

 

 

Interview with Sai Venkataraman, CEO and co-founder of SecurityAdvisor

We spoke to Sai Venkataraman of SecurityAdvisor, an ICE71 Scale startup, on how the startup came about, the gaps seen in human firewalls, and more.

1) Tell us more about yourself and your role at Security Advisor. 

I am one of the co-founders and CEO of SecurityAdvisor. Previously I was a VP at Fortscale, a pioneering UEBA firm acquired by RSA, and I was a director for product management at Intel Security/McAfee. I also spent several years at Bain and Company as a management consultant.  

2) How did the idea for Security Advisor come about?

My co-founders and I who were in senior product roles at McAfee started this company together. As colleagues, we would discuss how each of our products were producing hundreds of thousands of cybersecurity incident alerts, a scale impossible for most enterprises and mid-market companies to handle. And human actions caused most of these incidents, as it’s the human who falls victim to phishing, clicks on different links, and shares the data. 

Back then, the only choice a CISO had to reduce the number of incidents and improve cybersecurity was to conduct user training, and users hate this. So we wanted to come up with something more intelligent that could be a personalised cybersecurity advisor to the human, a “Siri” for cybersecurity. We wanted to provide micro-messages to users to help them avoid common cybersecurity errors.

That’s how SecurityAdvisor came about.   

3) There’s been a lot of talk around building human firewalls. And yet there are still cyber breaches happening due to lack of employee cyber awareness. What is the greatest gap you see here and what is the one thing organisations need to know to narrow this gap?

We looked at this problem we faced in our own work life. We used to take training modules, and found that we never paid attention. Today, building human firewalls mean cybersecurity training. But people can find such training a chore and administrators cannot properly measure training ROI. This is the biggest weakness around most human firewall initiatives, the reliance on training and the time required to train users. Is it possible to engage users without having to train them, for example, through personalized tips that are relevant, AI-based and take less than 30 seconds? Can we save time for both the employee and the organization?

4) Can you share a use case or two with your solution?

We provide quantifiable security outcomes. For example, with one of our first customers, we reduced monthly detected infections by 99%. Our technology integrated with their endpoint security solution, Palo Alto Traps, and identified certain high risk users who kept getting infected every month. We found the root causes of these infections to be human actions around clicking on risky emails, or certain online behaviors. We then rolled out a contextual and almost real-time security awareness training program for users who kept getting infected. Over the next 3 months, 50% of the users who were getting infected became secure and 99% of the infections went away. 

The above example is just one use case. We can drive secure human behavior in positive ways too, like turning on two-factor authentication, using rights management tools or sharing data safely with the right permissions. We can also reduce data leakage, malware and phishing click rate, among other things.

5) Describe cybersecurity in 30 words.

Cybersecurity is about technology (AV, Firewall, SIEM etc.), processes and most importantly, people. The carbon-based parts of your network are as important as its technology.   

Security Advisor is an ICE71 Scale startup. Learn more about SecurityAdvisor at securityadvisor.io and more about ICE71 Scale at ranosys.net/client/ice_71/scale

 

ICE71 featured on CNA’s “Secret Wars: Conflict in Cyberspace”

Watch the 2-minute ICE71 feature from 34:59 onwards!

Featured ICE71 leaders:
Edgar Hardless, CEO of Singtel Innov8
Prof Chee Yeow Meng, Associate VP, Innovation & Enterprise, National University of Singapore

Featured ICE71 Inspire 4 participants:
Terrence Tan, Jennie Duong

Episode summary:
Cyber & physical worlds collide as cyber attacks damage nuclear facilities and kinetic attacks provoke cyber attacks. As cyber warfare lacks rules, blurs war & peace and endangers civilians, the world needs new international laws, alliances, and enterprises to grapple with state-led cyber attacks. Singapore is marshalling its youth and innovation to grow a cyber defence ecosystem.

Watch this Secret Wars episode on CNA’s YouTube channel.

About the Secret Wars series: Cyberspace is a hidden battlefield where nations wage secret wars. Nations use cyber operations to steal information, spread falsehoods, puppeteer societies into conflict and disrupt the infrastructure, businesses and services we rely on. In today’s interconnected society, no one is safe from cyber warfare. This series explores the ways countries can be held hostage in the face of cyber terrorism.

Source: CNA

 

COVID-19: Security challenges of remote working

As countries around the world undergo semi- to complete lockdowns, employees are increasingly working from home to adhere to national health measures. However, this shift has presented several security challenges.

Zoombombing

Use of Zoom video conferencing has surged since the dawn of COVID-19 as organisations scramble to continue business-as-usual meetings online. The platform recently drew a lot of flak for its security issues, with the most recent being Zoombombing where uninvited people break into and disrupt business meetings.

Closer to home, the Ministry of Education recently banned the use of Zoom when obscene images appeared during home-based learning through the video conferencing platform.

Home network security isn’t as robust

Accessing work files or emails through a home WiFi adds another security variable – these networks aren’t typically as sophisticated or secure as office networks. They don’t have firewalls or threat detection systems in place, for example.

“Many organizations would kick in their Business Continuity Plans (BCP) where ‘work from home’ and telecommuting would form the cornerstone of their response. This, however, presents a whole new set of risks associated with unsecured and untrusted remote networks, giving hackers opportunities to access organizations’ data and assets. Hackers can leverage rogue wireless access points, deploy malware to harvest credentials and other sensitive data. Even with VPN access, hackers could exploit vulnerabilities and breach poorly secured client devices. Perimeter defence with network protection is just one aspect of cybersecurity. We recommend businesses take a proactive approach: know the risks and threats before a cyberattack takes place. Businesses should have the ‘hacker’s view’, and join the dots between threat actors, motive and campaign,” says Ritesh Kumar, Chairman and CEO of Cyfirma.

Large corporations have security measures such as VPN tools in place, but that may not be the case for smaller businesses. That said, even leading corporate VPNs have vulnerabilities. And it takes pure diligence on the IT teams’ end to promptly patch these security flaws.

Cloud security challenges

Cloud computing is taking center stage for many organisations during this period, but accessing business resources conveniently from the cloud comes with a price – an even greater need for a secure cloud infrastructure, and the right process controls that go with it.

Unfortunately, many companies aren’t there yet when it comes to cloud adoption.  There are security considerations in terms of proper workforce training, identity and access management, cloud data loss, cloud misconfiguration and others.

Some companies, however, are ahead of the pack. Steve Ng, VP of Digital Operations at Mediacorp, shares: “Fortunately for our Digital Group, we have adopted and have been operating on Cloud technologies for many years. We have security best practices in place, continuous monitoring and alerting, and people trained to operate from anywhere. Accessing corporate services is also a breeze. We have security best practices and solutions in place to ensure safety and ease of use for all employees.”

Need for remote incident handling

Remote working doesn’t mean IT and risk teams should lose their grip on handling cybersecurity breaches or incidents.

Having an incident response playbook may help here. “You should be able to easily manage a cyber incident sitting at home and using a mobile. Quickly come up with tasks needed to handle an incident and assign it to your team. Use a playbook which gives step-by-step instructions to handle the attack,” says Venkat Ramshet, founder of FlexibleIR.

 

The CISO Conundrums, Part 4: Metrics

In the final part of our 4-part “The CISO Conundrums” series, we explore success metrics challenges that CISOs face.

Measuring success

Peter Drucker said, “if you can’t measure it, you can’t improve it.” And you also wouldn’t be able to tell how well you did either. In the CISOs’ case, it’s often difficult to find appropriate metrics and measure business alignment.

According to thycotic’s report that touches on how CISOs set key metrics and manage business alignment – 52% of survey respondents are struggling to align security initiatives to business goals, and 28% don’t have a clear understanding on the success metrics used by rest of the business departments.

CISOs would be seen as effective and could be successful in their cybersecurity initiatives if they can clearly demonstrate how these initiatives contribute to business success. Part of doing this well includes being great listeners and understanding what it takes for the broader part of the business to succeed.

Justifying costs

When it comes to justifying costs to purchase or improve an existing security solution before any incident happens, CISOs face an uphill battle. It’s usually when a real attack or incident happens that all eyes turn to a CISO – then in a blink of an eye, he or she becomes empowered to spend what is needed to mitigate the breach. 

Lenny Zeltser, CISO at Axonius suggests risk, cost and context to be areas a CISO should cover when trying to build up a proactive business case for justifying spending that can enhance the organisation’s security posture.

It’s challenging to get mindshare at the board level when reporting on a technical area like cybersecurity. What comes across as everyday language to CISOs – like “TLS”, “DNS”, “malware” and “ransomware” – may be foreign to CEOs and other C-level executives. And when people don’t understand what you are trying to do, you lose your chance to influence decisions.

Business people talk risk, numbers, and charts. In view of this, CISOs need to be able to translate their security efforts into digestible information that their colleagues and bosses can relate to. A Gartner report reveals 100% of CISOs at large enterprises are responsible for board-level reporting of cybersecurity and technology risk at least once a year.

Therefore CISOs need to get a better handle on how to clearly communicate their cybersecurity efforts in the context of potential business impact. Because should any security incident happen, CISOs need to be able to answer the question: “How badly will that impact our business, and how badly will it impact you?”

Related articles:

The CISO Conundrums, Part 1: People and Culture

The CISO Conundrums, Part 2: Digitalisation – Cloud Migration & Data Security

The CISO Conundrums. Part 3: Third-party Ecosystem & Risks

 

For more content like this, follow us on web and our social channels.

COVID-19: More security trade shows cancelled, postponed or going virtual

Tons of trade shows around the world are impacted due to the coronavirus outbreak. Security trade shows aren’t spared – more of them are cancelled, postponed or going virtual.

Here’s a list of upcoming security events and their respective statuses that ZDNet has nicely put together (some information may have changed at time of posting):

FIRST CTI – March 9 to March 11, Zurich – Current status: Canceled.
Wild West Hacking Fest – March 10 to March 13, San Diego – Current status: Virtual.
Red Team Summit – March 11 to March 12, Menlo Park – Current status: Postponed to June 11-12.
Women in Cybersecurity – March 12 to March 14, Aurora (Colorado) – Current status: Canceled.
CiderSecurityCon – March 14 to March 15, Manheim (Germany) – Current status: Canceled.
Troopers – March 16 to March 20, Heidelberg (Germany) – Current status: Canceled.
ICS West (trade show) – March 17 to March 20, Las Vegas – Current status: Postponed to July, new date to be announced.
Cyber Security & Cloud Expo (trade show) – March 17 to March 18, London – Current status: Postponed, new date to be announced.
SecureWorld Philadelphia – March 18 to March 19, Philadelphia – Current status: Postponed, new date to be announced.
Pwn2Own CanSecWest (hacking contest) – March 18 to March 20, Vancouver – Current status: Optional remote-participation. Hackers participating in the Pwn2Own hacker contest can attend, but they can also ask content organizers to execute exploits on their behalf.
InfoSecurity Belgium – March 18 to March 19, Brussels – Current status: Postponed to May 27 – 28.
InsomniHack – March 19 to March 20, Geneva – Current status: Postponed to June 4 – June 5.
BSides Vancouver – March 22 to March 24, Vancouver – Current status: Postponed. New date to be announced later.
Fast Software Encryption – March 22 to March 26, Athens- Current status: Postponed. New date to be announced later.
Kernelcon – March 25 to March 28, Omaha – Current status: Virtual.
SecureWorld Boston – March 25 to March 26, Boston – Current status: Postponed, new date to be announced.
BSides Budapest – March 26, Budapest – Current status: Postponed to May 28.
WORP Summit – March 27 to March 29, Fort Washington, PA – Current status: Postponed to September 18-20.
Black Hat Asia – March 31 to April 3, Singapore – Current status: Postponed for September 29 – October 2.
BSidesCharm – April 4 to April 5, Baltimore – Current status: Proceeding as normal, but on adjusted rules. Remote speakers will be given the option to use video conferencing and avoid traveling to the conference.
BountyCon – April 4 to April 5, Singapore – Current status: Postponed to August 31.
FIRST TC – April 6 to April 8, Amsterdam – Current status: Postponed to next year.
GISEC – April 6 to April 8, Dubai – Current status: Postponed to September 1 – 3.
Kaspersky’s Security Analyst Summit – April 6 to April 9, Barcelona – Current status: Postponed for September. Exact date to be announced later.
BSides Austin – April 9 to April 10, Austin – Current status: Postponed to December 8 – 11.
DEF CON China – April 17 to April 19, Beijing – Current status: Postponed, new date to be announced.
Mediterranehack – April 18, Salerno – Current status: Postponed, to September 5.
Malware Analyst Conference – April 18, Padua – Current status: Postponed, to a later date.
Hack in the Box – April 20 to April 24, Amsterdam – Current status: Canceled.
InfiltrateCon – April 23 to April 24, Miami – Current status: Postponed to October.
Internet Freedom Festival – April 20 to April 24, Valencia – Current status: Canceled.
HardWear USA – April 27 to April 29, Santa Clara- Current status: Canceled.
Wallmart’s Sp4rkCon – May 2, Bentonville, Arizona – Current status: Postponed to October 3.
ISSA Summit – May 5 to May 8, Los Angeles – Current status: Postponed. New date to be announced at a later time.
THOTCON – May 8 to May 9, Chicago – Current status: Postponed to September 11-12.
Fortinet Accelerate – May 16 to May 21, New York – Current status: Canceled.
IEEE S&P – May 18 to May 20,San Francisco – Current status: Virtual.
NoName Con – May 21 to May 22, Kiev – Current status: Postponed to a date in the fall, to be announced.
CyCon – May 26 to May 29, Tallinn – Current status: Canceled.
Kids SecuriDay – May 30, Sydney – Current status: Postponed for later this year. New date to be announced.
Area41 – June 11 to June 12, Zurich – Current status: Postponed to June 2021, next year.
OWASP Global AppSec – June 15 to June 19, Dublin – Current status: Postponed to February 15-19, 2021.
BSides Liverpool – June 29, Liverpool – Current status: Postponed to later this year.

Source: ZDNet

How cybercriminals are taking advantage of COVID-19

The World Health Organization (WHO) has released an advisory warning of ongoing scams involving the COVID-19 outbreak. Cybercriminals are exploiting fear and uncertainty around the disease to carry out these scams.

According to Digital Shadows, an ICE71 Scale startup, the scams can be broadly split into the following three categories:

  1. Phishing and social engineering scams
  2. Sale of fraudulent or counterfeit goods
  3. Misinformation


Read the full article by Digital Shadows about this here.

Attivo Networks racks up over 5 cybersecurity industry recognitions

ICE71 Scale startup Attivo Networks has racked up a slew of new accolades.

They include:

  • Being listed as one of the “12 Best Network Detection and Response Solutions for 2020” by Network Monitoring Solutions Review
  • Winning six 2020 Cybersecurity Excellence Awards
  • Receiving five 2020 Infosec Awards from Cyber Defense magazine
  • Being named a recipient of the 2020 Cybersecurity Marketers of the Year award from The Cybersecurity Go To Market Dojo
  • Being included in CRN’s 2020 Security 100 List
  • Receiving the Trust Award for Best Deception Technology at the 2020 SC Awards (also, fellow ICE71 Scale Bitglass received the Trust Award for Best Cloud Computing Solution at the same awards)

The cybersecurity startup provides the ThreatDefend Platform, a network detection and response solution that provides deception technology for post-compromise threat detection and accelerated incident response.

3 things cybersecurity startups can do to reinvent business amid COVID-19

COVID-19: It’s here. It’s real. And it’s threatening the survival of startups. In this ICE71 Mentor Series webcast, Thibaut Briere, founder of Growth Marketing Studio, shares 3 actionable tips for cybersecurity startups to survive the coronavirus pandemic.

 

1. Work on your brand

Tell the world what you stand for by sharing the “why” of the work you are doing. This is especially important for startups. “It links back to the values of the founders,” said Thibaut.
 
Be very human as a brand. Reach out to people even if it wasn’t for business. Engage your customers, partners, suppliers, and employees. Thibaut said, “You could ask how the coronavirus situation has affected your contacts.”
Communication builds trust and top of mind recall that will pay dividends later. So get on the phone or connect with people through different channels like Slack and WhatsApp.
 

2. Uncover opportunities

Dedicate time to look for more opportunities. There are a few ways you can do this.
 
Diversify. “Cybersecurity startups tend to focus on one narrow part of the market. You need to diversify,” said Thibaut.
 
Are you a unicorn or cockroach startup? Unicorns are fast-growing startups. Cockroaches survive even in the most unfavourable conditions. If you are reading this, you are likely a cockroach startup. You need to be doing something different, and doing many things to sustain your business.
 
Reach out to your existing customers and try to see how else you can be of service. Find out other problems besides the one you already helped them solve.
 
Think ecosystem and partnerships. Search for good partners and join forces with them to meet a broader customer demand. You may not always have the solutions your customers need. More established or bigger security companies might.
 
Continue hanging out with other members in the ecosystem even if there were no business. Be interesting to your partners and customers. Good opportunities will come along the way.
 
Test new business ideas.The essence of growth marketing is about bridging sales, marketing and product. You run as many experiments as fast as you can, doubling efforts for ideas that work and shutting down those that don’t,” said Thibaut.
 
There are many online tools you can use to test your ideas but it’s tough. The complexity isn’t so much a technical one but in whether anybody needs more variety or new solutions.
 
You could reverse engineer problems you want to solve. For example, you can build a website landing page where you explain the problem you want to solve. You can run ad campaigns for testing, and generate website traffic or collect emails from your landing page. Then ask things like: “How many emails did the site capture?” or “How many people clicked on my ad?”. With sensible data, you could build a new business line that provides another revenue source.
 

3. Think ahead

It’s important to continue lead generation even during this COVID-19 period. Startups tend to lack a structured way to reach out to prospects. A purely digital approach is possible for generating leads when you can’t meet customers as often as before.
 
Thibaut suggests automation to increase cold outreach, especially for B2B cybersecurity businesses involving long sales cycles that can take up to two years. It’s important to generate demand now for the months ahead. He points out usage of LinkedIn: “You can enrich LinkedIn profiles with automated outreach and scale up your lead generation.”
 

He also recommends beefing up content marketing: “Educating people about cybersecurity is important as it’s a very technical area.”

Watch the full webcast:

Don’t miss the next ICE71 webcast! Stay tuned by joining the ICE71 community mailing list.

What COVID-19 is doing to cybersecurity conferences

The novel coronavirus outbreak started since December 2019 and is causing chaos in the events world. According to Reuters, over two dozen trade fairs and conferences in Asia have been postponed due to coronavirus fears.

How about cybersecurity conferences in particular?

We look into some high-profile cybersecurity conferences from now until July 2020, including those in Singapore:

Black Hat Asia 2020 (BHA 2020)

The Asia edition of the Black Hat event series, originally slated to happen from 31 Mar-3 Apr in Singapore this year, has been postponed to the fall of the year due to concerns around the coronavirus outbreak.

Black Hat prides itself to be the most technical and relevant information security event series in the world.

Screenshot of BHA2020 website on 19 Feb:  Organisers announced that the event is postponed to sometime in the second half of 2020.

Website: https://www.blackhat.com/asia-20/

Update as of 21 Feb 2020: Black Hat announces that BHA2020 will take place from 29 Sep – 2 Oct 2020.

Screenshot of BHA2020 website on 21 Feb:  Organisers announced that the event has been postponed to end of September.


RSA Conference 2020 (RSAC 2020)

RSAC is one of the biggest and most reputable security-focused series of conferences in the world. The US edition of RSAC (RSAC 2020 US)  is still going ahead from 24-28 Feb despite the coronavirus situation. Big-name exhibitors including IBM, AT&T and Verizon have pulled out from the event at the last minute. According to RSAC’s website, as of 14 Feb 2020, 0.79% of total number of expected attendees have cancelled their registration.

The Asia-Pacific & Japan edition (RSAC 2020 APJ) will happen in Singapore from 14-16 July 2020. Let’s cross fingers the health crisis gets resolved by then. The outbreak of COVID-19’s sibling SARS took around 8 months to die out.

Website (RSAC 2020 US): https://www.rsaconference.com/usa/
Website (RSAC 2020 APJ): https://www.rsaconference.com/apj


Gartner Security Risk & Conference Summit 2020

Gartner Security Risk & Conference Summit another highly-regarded series of events which brings together a community of thought leaders and industry experts in security and risk management.

The US edition will be happening from 1-4 June 2020 in National Harbor MD.

The Australia edition is slated to happen from 16-17 June 2020 in Sydney. It’ll be interesting to see how things develop with the Australia edition. There are more than 10 cases of COVID-19 infections in Australia as of Feb 2020.

Website (US edition): https://www.gartner.com/en/conferences/na/security-risk-management-us
Website (Australia edition): https://www.gartner.com/en/conferences/na/security-risk-management-us


SINCON 2020

SINCON 2020, Singapore’s premier techno-centric cybersecurity conference, is the conference feature of Infosec In the City, a well-curated cybersecurity event series that brings top cybersecurity thought leadership from around the world.

It is slated to happen from 14-15 May 2020. There are no announcements around the coronavirus outbreak so far, but given that the conference is going to happen in Singapore, it’ll be interesting to watch this space.

Website: https://www.infosec-city.com/sin20-1

Update as of 22 Feb 2020: SINCON announces that new dates are “to be announced”.

Screenshot of SINCON2020 website on 22 Feb:  Organisers announced that the event date is to be announced

 

Related:

What COVID-19 is doing to cybersecurity conferences

For more content like this, follow us on web and our social channels.

 

An Interview with Emilie Philippe, APAC Managing Director, Webdrone

Emilie Philippe (second from right), APAC Managing Director of Webdrone

We recently caught up with Emilie Philippe, APAC Managing Director of Webdrone, an ICE71 Scale startup that provides anti-cybercrime solution, monitoring platform and investigation services. Emilie shared insights including how she got into cybersecurity, and how Webdrone uncovered hidden information for a digital piracy case.

We heard you have a background in law. What was the turning point that got you started with cybersecurity?

Yes, I studied law in France as my first aim was to become a Police Commissioner. I wanted to do investigations and contribute in fighting organised crime. That was my driver. At the end of my Masters, I had great opportunities for three internships at the Police of Monaco, the Court of Nice and BNP Paribas. After these meaningful experiences, I eventually chose to join the Security IT team of BNP Paribas in 2003. My experience there was really vibrant, it became the pull factor for me to be part of this whole cybersecurity adventure.

At BNP Paribas, my colleagues and I worked around cyber-attack intrusions, as well as internal confidential inspections and missions. I also worked in different places, namely Paris, Guadeloupe in the Caribbean, Marseille, and Singapore, as well as in different branches and scopes like Legal, Litigation, Risk Credit and Compliance. All these experiences have the same key focuses, that is to investigate on matters to solve issues, mitigate risks, and help organisations protect their reputation and integrity. 

What brought you to Webdrone?

After 15 years within the banking industry, I wanted to tap on my experiences together with my positive and pragmatic mindset to start a bold and new challenge. I wanted to join the vibrant startup ecosystem in Singapore and to work in a lean mode as an entrepreneur. Just at this tipping point, I met Webdrone founders, conversations happened, and I was drawn into joining their adventure to build an Asian hub in Singapore. I jumped right in!

Can you share with us 1-2 interesting client use cases of Webdrone’s solutions?

One of the online investigations we did was around digital piracy, and it focused on a heavily visited torrent site that offered a large and downloadable selection of pirated content such as films, music and games. Perpetrators hacked content to illegally spread them online. Webdrone’s algorithms enabled us to identify some of the torrent site’s administrators – by collecting and cross-referencing identification elements such as pseudonyms, full names, addresses, and email addresses – from publications dating back more than 8 years, which are now archived and no longer indexed by the search engines.
 
In another case, we were tasked with analyzing three Android set top boxes, also known as illicit streaming devices (ISDs) to ascertain how each connects to their authentication servers. This work was requested in the context of a project in Singapore requested by telco companies, for possible legal action against black-market vendors.

Why did you choose Singapore as a landing pad to scale Webdrone’s business?

My family and me have been living here for 7 years, and we know the local culture well. We are French, as you can hear with my pure French accent, but we mix a lot with the community here. We do our best to participate in activities with Singaporean friends and set up events with attendees from everywhere. For example, I am co-founder of the French Tech Cyber & Security community and we organise events to share good practices and build a strong culture. 

Our experience with the community tells us this: What is amazing here is all the positive stamina you can find when there is an innovative project to advocate for and roll out. There is a true desire for top-notched technologies like cyber solutions. Singapore is not only the place to be, but the place to do. This is one of the biggest reasons why we are here.

Cybersecurity protects our data from what we know and also from the unknown. It also protects business value and reputation.

– Emilie Philippe

Learn more about ICE71 Scale and how to join the programme here.

For more content like this, follow us on web and our social channels.

The CISO Conundrums, Part 3: Third-party Ecosystem & Risks

The spate of data breach incidents around the world involving third-party vendors has been threatening businesses beyond cost damages.

In Part 3 of our 4-part “The CISO Conundrums” series, we explore third-party ecosystem and risks, one of the greatest challenges a CISO can have as part of their business role within an organisation.

Access management

There’s a paradox to access management when it comes to third-party vendors. On one hand, companies give vendors privileged access to corporate resources so that vendors can do what they do best with lesser restrictions, increasing efficiency. On the other hand, if the right balance isn’t struck, relinquishing too much access impacts security and increases likelihood for a breach.

Inappropriate or lax third-party privileges have been a cause for hackers to wreak havoc. A case study example is the massive Target breach in 2013. Hackers had managed to access the retailer’s point-of-sale terminals through its HVAC contractor, despite the contractor’s limited access to Target’s IT infrastructure to begin with.

Target had paid settlements that cost hundreds of millions, but damages were more than that. A study by YouGov, which measures brand perception, showed that customer perception of Target sank below its competitors like Walmart and Kmart during the holiday shopping season. The Wall Street Journal also reported Target’s shopper traffic dropped during that period while its competitors still had a healthy level of business.

Security of data handled by third parties

When it comes to ensuring shared data security with third party vendors, it pays to be always cautious. Businesses should constantly monitor and evaluate vendors that are onboard and that are onboarding.

Dealing with sensitive customer data requires a whole new level of service quality by third parties. Measuring criteria for a good third party vendor dealing with customer data would include, for instance, robust security controls and proactive approaches to dealing with outdated endpoints on their networks. Their systems, including web browsers and operating systems, should always be up-to-date.

Bitsight found, through a study of 35,000 companies from over 20 industries across the world, that thousands of companies are running outdated systems which increases their likelihood of experiencing a data breach up to 3 times. 

In 2017, the WannaCry ransomware infected thousands of computers across the globe and took data hostage. If companies had installed a critical update by Microsoft months before the attack, one of the vulnerabilities believed to exploited by hackers of WannaCry could have been avoided.  

Auditing and governance

While European countries affected by GDPR is leading the world’s adoption of strict data protection laws and regulations, other countries are following suit. Protecting personal data collected from customers is important even when organisations outsource their work to vendors. Companies must be accountable for their customers’ personal data and ensure cybersecurity governance of their third-party vendors. Otherwise, they risk potentially huge cost and reputational damages.

Closer to home, the SingHealth data breach in 2018 took on the mantle of being the nation’s worst data breach yet. 1.5 million patients’ non-medical personal data, including Prime Minister Lee Hsien Loong’s, were stolen in the data breach saga. The Personal Data Protection Commission (PDPC) had slapped the largest fine of $750,000 to SingHealth’s vendor, Integrated Health Information Systems (IHiS) for the lax in securing patient data.

If SingHealth has better cybersecurity governance over IHiS, this might not have happened. The huge fine is one thing, and while SingHealth may have avoided reputation damage arising from speculation by responding quickly to the media, Singapore’s reputation as a tech innovator received a dent.

Related articles:

The CISO Conundrums, Part 1: People and Culture

The CISO Conundrums, Part 2: Digitalisation – Cloud Migration & Data Security

The CISO Conundrums, Part 4: Metrics

For more content like this, follow us on web and our social channels.

Phishing scams around COVID-19

Scammers love a crisis.  They have been exploiting fear and curiosity around the COVID-19 outbreak to scam unsuspecting online users and obtain sensitive information.

And they made it seem like the emails came from reputable authorities. From what we know, at least two phishing emails appeared to come from the Centre for Disease Control & Prevention (CDC) since the world saw the coronavirus outbreak in December 2019. Here are some notable ones:

Scam email that appeared to come from CDC
In a bid to trick unwitting users into clicking a link and entering their credentials, attackers promised to provide a list of active infections in the surrounding area if they do so. See a sample of this phishing email obtained by Kaspersky.

CDC bitcoin donation campaign
Another email obtained by Kaspersky also showed its sender as Center for Disease Control and Prevention and tries to solicit bitcoin donations from unsuspecting users.

“Singapore Specialist: Corona Virus Safety Measures.”
Mimecast detected spam emails titled “Singapore Specialist: Corona Virus Safety Measures.”, which had a malicious link to them. When clicked, the link installs malware. See a sample of this phishing email.

Email from “World Health Organisation”
Security software firm Sophos reported a phishing email that seemed to be sent by the WHO. Users are enticed to click a link in the email that alleges to be “safety measures” that can be taken against COVID-19 infections.

Stay safe and vigilant online, folks.

For more content like this, follow us on web and our social channels.

 

 

ICE71 startups news roundup

ICE71 Scale and ICE71 Accelerate startups and alums are creating waves in the news. Here’s a roundup of recent news from more than 7 of them!

Cyfirma, ICE71 Scale member

Cyfirma, which is Goldman Sachs-backed, has raised Series A funding from Z3 partners. Cyfirma is headquartered in Singapore and Tokyo. It has raised a total funding of US$8 million in the span of five months.

Attivo Networks, ICE71 Scale member

Attivo has announced new capabilities within its platform to anticipate and address methods an attacker will use to break out from an infected endpoint. Earlier in Q4 2019, the company announced plans to expand into Australia and New Zealand, appointing Malwarebytes’ Jim Cook as regional director.

Reblaze, ICE71 Scale member

Reblaze, which helps companies identify and eliminate malicious bots, announced that it now exceeds five billion HTTPS and web transaction requests a day.

Digital Shadows, ICE71 Scale member

Rick Holland, CISO of Digital Shadows, discussed the basic ways corporations can protect their global supply chains.

A recent study by the startup, From Minnows to Marlins, the Ecosystem of Phishing, was featured in news outlets including Security Magazine. The study analyzed many of the popular marketplaces and forums frequented by cybercriminals.

Mimirium, ICE71 Accelerate 3 alum

Mimirium was featured in a FASTCOMPANY discussion on DNA ownership for its experiment with data ownership models where consumers own and securely store their data while organizations get access on a case-by-case basis.

Gtriip, ICE71 Scale alum

Gtriip has raised an undisclosed 7-figure Series B funding to expand in Asia-Pacific. The company had said it was looking to raise about US$4 million for its Series B round.

Shape Security, ICE71 Scale member

Shape Security has been acquired by F5 for US$1 billion. With the acquisition of Shape Security, F5 will be delivering end-to-end application protection.

Bitglass,  ICE71 Scale member

Next-gen cloud security company Bitglass has released its 2020 Healthcare Breach Report. Report findings show that ‘Hacking and IT Incidents’ was the top cause of healthcare breaches last year. Read key findings in this report.

More ICE71 startup news here.

For more content like this, follow us on web and our social channels.

ICE71 Inspire welcomes cohort 4

We just completed the 4th instalment of our ICE71 Inspire programme! ICE71 Cohort 4 comprises participants from different backgrounds and nationalities, ranging from students to working professionals—but they all had one thing in common—an enthusiasm for cybersecurity.

It’s interesting when we speak to some of the participants on how they got started with their interest in cybersecurity, a deep tech area often less understood than desired, even as it impacts all industry verticals.

For Terrence, a Singaporean youth and NUS computing student, it all started with an incident while he was in primary school. His personal blog got hacked and he got curious about cybersecurity ever since. Terrence also participated in NUS Overseas College (NOC) in Israel. There, he experienced an environment where cybersecurity is highly ingrained in its people. Terrence thinks it’s inherently wrong to look at cybersecurity as a hassle. And it looks like he’s all set to correct this with a gamification idea of his.

Jennie, another participant, is Vietnamese-American. She became intrigued with cybersecurity while she was studying geopolitical risk as part of her political science studies. Cybersecurity risk, besides financial and legal risks, are often risk functions under geopolitical risk. And what further stoked her passion for cybersecurity was her market research stint covering the cybersecurity industry.

ICE71 Inspire is a one-week intensive bootcamp programme designed for individuals to test their cybersecurity theories and ideas, qualify feasibility and commercial viability, and develop their business skills alongside other aspiring entrepreneurs. Programme modules are curated and run by our programme partner CyLon, a leading global cybersecurity accelerator and active investor in early-stage cybersecurity startups.

As with previous cohorts, the programme brought workshops across different areas of entrepreneurship, including technical development, business fundamentals and team building. There were also networking and mentorship opportunities for our participants.

Kris Childress mentoring about Lean Methodology for startups

Participants gained a lot of insights from these workshops, including lean methodology for startups, product positioning and hiring talent. In one of the sessions, they even got up close and personal with Land Transport Authority (LTA)’s Chief Information Security Officer, Huang Shaofei.

“There was one session that I really liked. I think it was Joanna’s session on hiring. I’m a startup founder so that was really relevant for me. I felt the greatest benefit I’ve gotten from ICE71 Inspire is actually connecting with my peers, my classmates. It’s such a diverse class. There’re students, industry professionals, researchers, and marketers from whom I’ve learnt a lot from, which is like the biggest value for me.”
– Mitali, ICE71 Inspire 4 participant and founder of Guardara

“One of the greatest learnings from ICE71 Inspire that I’ve got is about how to do business and marketing. I also learned about cybersecurity industry demands and challenges, and more about what people in the industry are doing.”
– Hong Ying, ICE71 Inspire 4 participant

Marketing basics for startups by Thibaut Briere

 

Exclusive for ICE71 Inspire 4 participants: An engaging, light-hearted fireside chat with LTA’s CISO, Huang Shaofei

 

“I think Thibaut’s session was good. If you tell Thibaut what you’re not sure about, he will go very in-depth about what to do. When I asked about how do I even get started with selling, he came up with this concrete go-to-market plan for me.”
– Jeffry, ICE71 Inspire 4 participant

It’s a great crash course on entrepreneurship.
– Jamie, ICE71 Inspire 4 participant

 

ICE71 Inspire 4 concluded with a Lo Hei to usher in the Year of the Rat, plus happy smiles!

 

Bootcamp participants will continue to receive guidance and mentoring over a three-month period to keep the momentum of their business ideas going.

You may also be interested in:

ICE71 Accelerate

ICE71 Scale

For more updates like this, follow ICE71 on our web and social channels.

Say hello to recent joiners of ICE71 Scale!

ICE71 Scale is growing! Introducing recent additions to our Scale family:

Aiculus helps organisations embrace new technologies without increasing their risk profile. Their specialty is applying advances in Artificial Intelligence to secure APIs.

Learn more: https://www.aiculus.co/


Polaris have built an advanced web application firewall that can be deployed on-premise or as a cloud solution to secure web applications against emerging threats by using machine learning to collect threat intelligence from all deployed firewalls.

Learn more: https://www.polarisec.com/


Flexible IR is an Incident Response system providing vendor agnostic process based Playbooks.

Learn more: http://www.flexibleir.com/


Amaris AI creates, develops and implements deep learning AI solutions.

Learn more: https://www.amaris.ai/


Responsible Cyber brings a fully integrated platform that provides live updates and security on any level of your business, all-in-one.

Learn more: https://responsible-cyber.com/


Entersoft provides application security assessments, security monitoring and consulting services.

Learn more: https://entersoftsecurity.com/


Digify provides a document security solution that gives users control over the files that they share online. It essentially makes it easy to protect and track access of information once it gets shared with someone else.

Learn more: https://digify.com/


Webdrone provides anti-cybercrime solution, monitoring platform and investigation service.

Learn more: https://www.webdrone.fr/en/


WeSecureApp provides Strobes, the perfect Security Orchestration and Vulnerability Correlation platform.

Learn more: https://wesecureapp.com/


Sixscape Communications is a Singapore based cryptographic authentication and communications vendor focused on digital certificate based security.

Learn more: https://sixscape.com/


Ziroh Labs provides a privacy preserving solutions that convert user’s data into encrypted garble. This safeguards privacy for structured and unstructured data in untrusted environments.

Learn more: https://ziroh.com/


Build38 provides mobile app and fraud protection for businesses.

Learn more: https://build38.com/


Reblaze provides next-generation protection via the clouds you already trust.

Learn more: https://www.reblaze.com/


ICE71 Year-End Social

ICE71 had our year-end social for 2019 and it was a blast!

Thanks to all of our community members who supported us throughout our exciting journey last year. 2019 was an eventful year with notable highlights for us (many firsts!) and our startups.

A recap of 2019 highlights for ICE71 includes:

  • ICE71 Inspire 2 and Inspire 3 cohorts
  • ICE71 Accelerate 2 and Accelerate 3 cohorts
  • First closed-door CISO Roundtable
  • First Cyber Solutions Showcase for SMEs
  • First closed-door Investor Roundtable
  • Cyber N’US, a collaboration with NUS IT featuring Paula Januszkiewicz, Founder and CEO of CQURE Inc. and CQURE Academy
  • Featured in industry conferences such as Black Hat Asia, InnovFest Unbound, Singapore International Cyber Week, Cloud & Cyber Expo, Infosec in the City, and RSA APJ
  • Distinguished Speaker event with Cheri McGuire, Global CISO of Standard Chartered Bank, at Cloudflare Asia HQ in Singapore
  • and many more!

Our mission to grow the cybersecurity ecosystem in Singapore and the region continues on in 2020. We look forward to many more events and engagements with our cybersecurity community this year!

For more updates like this, follow ICE71 on our web and social channels.

The CISO Conundrums, Part 2: Digitalisation – Cloud Migration & Data Security

Digital transformation is no longer a mere catch-phrase for businesses. It’s becoming an organisational undertaking among businesses that strive to be agile and competitive. In a 2018 Tech Pro research survey, 70% of survey respondents said that their companies either have a digital transformation strategy in place or are working on one.  

Digitalisation initiatives are part of digital transformation, and they can impact areas of a business such as its data, applications, as well as marketing.

In Part 2 of our 4-part “The CISO Conundrums” series, we explore data security challenges with cloud migration, a digitalisation initiative—which puts CISOs on the hot seat.

 

The case for cloud migration

Cloud migration is the process of moving data, applications or other business elements to a cloud computing environment, usually from on-premises or legacy infrastructure.

The benefits of the cloud include scalability, flexibility, lower costs, and  increased performance. Increased performance, for example, could include improvements in customer experience—housing data in cloud data centres helps to optimise processing of very high volume of data with minimal delay, resulting in reduced latency—compared to housing data in various on-premise servers.

As digital transformation unfolds, however, data security is playing catch-up instead of transforming in parallel. The more a digitalisation initiative like cloud migration happens, the more digital footprint there is, and the more potential attack surfaces—apps, users, cloud deployment, and of course, data—that come with it.

MuleSoft’s Connectivity Benchmark Survey found that 97% of IT decision makers are involved in digital transformation initiatives at their respective organizations. CISOs are very much involved and responsible to ensure data security with cloud migration. And it becomes more challenging for them in heavily regulated industries like financial services and healthcare, where a lot of personal data is involved.

Data protection

In Europe, the General Data Protection Regulation (GDPR) has set a new standard for European consumer rights about protecting their personal data. Other regions in the world are catching up in terms of personal data protection regulations.

IT teams in companies are facing compliance pressures in terms of data security, or infosecurity, which is about safeguarding personal data from being leaked or stolen. 

Data governance

Data governance and infosecurity come together like two peas in a pod to achieve data protection.

While infosecurity works to prevent hackers from stealing data, or detect vulnerabilities to “plug” data leakages—in turn making data safe, data governance in an organisation is put in place such that the right people have the right access, to ensure these safe data are accessible across the organization in a controlled manner.

Clearly, there is a price to pay as businesses undergo digital transformation to deliver better value to their customers—there’s a lot of work to be done by CISOs and infosecurity teams here. With the huge power of cloud computing, comes the huge responsibility of protecting data the in cloud.

You may also be interested in: 

The CISO Conundrums, Part 1: People and Culture

The CISO Conundrums, Part 3: Third-party Ecosystem & Risks

The CISO Conundrums, Part 4: Metrics

 

For more updates like this, follow ICE71 on our web and social channels.

Startup Reflections 2019

We asked some of our ICE71 startup leaders to share with us their thoughts and reflections for 2019. Here they are!

“The greatest lesson that I have learned as a founder in 2019 is that it is all about the team. Bad hiring decisions can have a tremendous negative impact and that’s why it’s important to take the time and continuously improve the hiring process. I couldn’t be happier with the team we now have at GuardRails and we are continuing to grow fast. One of the clear highlights in 2019 was joining the ICE71 Accelerate programme, which opened a lot of doors for GuardRails. ICE71 helped me understand why an accelerator like it exists. It was through this programme where I met the great Cocoon team, which ultimately led to the close of our seed round! I can’t wait to see what 2020 has in store for us, but before that I wish everyone happy holidays and a good break.

Stefan Streichsbier, GuardRails, ICE71 Accelerate Cohort 2

“2019 was the second year of Aiculus’ existence and reflecting back on the past 24 months put into perspective how far we had come as a company and a business and how much there was still left to do. I learnt to be better with my relationships, to nurture them and look after them better than I did before.”

Omaru Maruatona, Aiculus, ICE71 Accelerate Cohort 3

“Joining the ICE71 Accelerate program was one of the highlights of a busy and exciting 2019. A lot was learnt from meeting and collaborating with other entrepreneurs in the same field, not to mention that it was ton of fun! A key revelation this year was realizing that cybersecurity can enable new value. Traditionally, cybersecurity was a sunk cost; you bought it because you had to, and it did not bring any value-add other than making you safer. However, by changing how you look at things, cybersecurity can create new opportunities and value for customers. For example, we found that customers can provide more convenient data access to their clients, now that they use our technology to protect their content. In other words, cybersecurity enabled this customer to provide more value to their customers. Looking ahead, I hope we can expand on this theme of creating new value through cybersecurity; making new friends, collaborators, and partners along the way. Have a happy and secure holiday season, and cheers to a rocking 2020!”

Hiro Kataoka, 689Cloud, ICE71 Accelerate Cohort 2

“The greatest lesson for Threatspan in 2019 is that, as a resource-strapped startup, it pays to learn how to be patient in providing value upfront to potential clients—if it’s the right partnership, these efforts end up paying off in the long run. We are also very thankful to have been selected as one of the finalists for the prestigious Seatrade awards, among others. For the next year, we’d like to continue driving safe innovation and cybersecurity awareness in the maritime and offshore industry.”

– Leon Yen, Threatspan, ICE71 Scale

“My greatest highlight of 2019 – the birth of Cylynx. The second greatest highlight – getting to know the great community in ICE71. From the friendly faces in CyLon to the awesome cohort in ICE71 Accelerate 3, thank you for being such a great community! I guess our goal for the next year is to scale up! Wishing everyone a great 2020! 

Timothy Lin, Cylynx, ICE71 Accelerate Cohort 3

An Interview with Pedro Hernandez, APAC Managing Director and co-founder of Build38

Pedro Hernandez (front row, second from right) and the Build38 team

We recently caught up with Pedro Hernandez, APAC Managing Director and co-founder of Build38, an ICE71 Scale startup. Pedro shared about the story behind Build38 as well as his thoughts on mobile app security and the digital wallet space.

What inspired you to start Build38, and what’s your role in it?

The mobile experience has become part and parcel in everything we do. Just think about actions and habits such as accessing your bank account, opening your car door, and saving your personal photos in your phone. These conveniences require access to personal and private data.

Inadvertently, these data may include those of our family. My co-founders at Build38 and I realised this earlier on, especially when we are all dads with kids (daughters, to be exact). My daughter was born in Singapore two years before the founding of the company in 2018. When you enter parenthood, protection and safety of your private and family lives become a concern. That naturally led us to focus in the protection of mobile applications to safeguard our online data—and our daughters’!

I have been working in the Mobile Security space for many years, from SIM Cards to Mobile Payment solutions in Europe and Asia Pacific, so it was a smooth transition for me. Currently, I’m taking care of the business in the Asia Pacific region for Build38.

How did the name “Build38” come about?

“Build” is there because our solution is used to build secure and relevant mobile apps and services. “3” is the number of locations where we have footprints—Munich, our HQ; Barcelona, the main development and operations centre; and Singapore, our Asia Pacific hub. “8” is the number of employees when we first started the company. Interestingly, in Chinese numerology, 3 sounds like “life” and 8 typically means “to prosper”. So you could say that our name means “build a life of prosperity”—a pretty good sign!

There are many mobile security solutions in the market. How does Build38 differentiate its product called “TAK”?

The Trusted Application Kit (TAK), is a combination of client and server protection which is unparalleled in the market. On the client side, TAK provides “hardening” of a mobile app, and for this purpose it has met very stringent security requirements. It’s been used in the financial, automotive and digital identity industries. With TAK, we combine the increase in app security (app hardening) with a monitoring service of the app. This service provides real-time data and AI-powered insights for our customers, keeping their apps secure and preventing breaches and fraud. These secured apps become “self-defending”.

Share with us an interesting client use case or two.

Our solution was originally conceived to protect mobile payments, but ended up in a very diverse number of use-cases. For instance, in China, one of the largest carmakers is using our solution to protect the mobile app they provide their customers to open a car and remotely start its engine. It was critical for the app to work even in an underground parking space without network coverage. That was a challenge from security perspective, and that was what we achieved.

In Germany, you can purchase subway tickets from your mobile phone. This convenience created a side problem—users started creating “clones” of the tickets and shared them with their friends and family, so a season ticket can be used by several people. The transit operator had to suspend this way of buying tickets! Our solution prevented ticket cloning, reducing such a fraud. We pride ourselves in protecting the bottom line of our customers in reducing fraud. Because app protection enables business where none was conducted before, we ultimately help our customers increase their revenues.

We’ve been hearing a lot of news around the digital wallet space in Singapore recently. For example, Grab recently launched Asia’s first numberless card with Mastercard. Local banks such as DBS and OCBC are also rolling out efforts for customers to use Google Pay without a credit card from 2020. What are your thoughts about this?

These developments make our lives exciting and are the reason behind our presence in this region from day one. Europe is a homogeneous and legacy-type market in payment infrastructure. On this side of the world, though, we see innovative markets exerting a big influence in introducing new ways of payment and money remittance.

Singapore is at the forefront and has become a test bed for many of these new payment methods, so we see associated security challenges emerging. You probably read in the news how some ride hailing apps were hacked in order to give some drivers an advantage in the acceptance of rides. User verification and tracking has become a challenge too, and we do see some interesting approaches here. With our solution, these challenges can be addressed, and we are pretty thrilled that we are already in discussions with many of the market players. We find lessons learned here useful as we can bring them back to other markets and be at the leading edge.

Cybersecurity is the protection of any computerised system from any compromise that would have a negative effect (trust, financial, personal) in the physical world.

– Pedro Hernandez

For more updates like this, follow ICE71 on our web and social channels.

APIs and why they matter

By: Omaru Maruatona

Application Programming Interfaces (APIs) are protocols for accessing data or services from an organisation. For companies that use them, APIs are tunnels that allow systems to communicate with each other.

One of the earliest examples of an API is the Google Map API. Many companies incorporate this API into their websites and systems to provide their customers the location of a place and how to get there. Nowadays, APIs drive almost every function that users invoke for an online service — from transferring money online to booking a flight, to a simple task such as ordering a take-away meal online. Even tweeting involves an API. Twitter revealed in 2010 that over 75% of their traffic comes from their API.  

For many organisations, the strategic value of APIs lies in three key advantages — automation, innovation and optimisation. First, APIs allow organisations to have a seamless connection of previously unconnected systems. This enables end to end automation of digital service delivery. 

APIs also help organisations to expand their service scope and to introduce continuous, major transformations to their products or service offerings. This drives innovation as organisations are no longer limited by technology to translate new ideas into services that customers find valuable. 

Third, by having automation and innovation advantages, organisations get to a point where they can do more with fewer resources, and are consistently relevant to their target market. This paves the way for factors that drive efficiency and optimisation, such as reduced business costs and increased revenue. A 2015 Harvard Business Review article demonstrates the revenue factor. It reported that Salesforce, Expedia and eBay respectively generated 50%, 90% and 60% of their revenue through APIs.

Newer use cases for APIs are being introduced and more organisations are incorporating APIs into their digital service delivery. ZDNet cited a Forrester Research that predicted a fourfold increase in spending for API management, which underlines this trend in API adoption and usage. As the value of APIs are increasingly uncovered, businesses, governments and other organisations are also increasingly reliant on their APIs—to the extent a disruption to an API might halt an entire business.

The security of APIs in organisations is as important as the data they carry. Any compromise to their security or unauthorised access to these data can be costly for an organisation. A 2019 report by IBM and Ponemon Institute showed that globally an organisation stands to lose an average of over $3 million from a data breach. 

In 2018, Threatpost reported that T-Mobile had alerted over 2 million of its customers of a data breach caused by a “leaky” API. In the same year, The Guardian reported that a Berlin-based researcher, Hang Do Thi Duc—in a quest to reveal how a payment app can expose our private lives—had accessed and analysed over 200 million customer transactions through an external API of Venmo, a Paypal payment service. These are just a few examples of prominent breaches. And unfortunately the API attack surface, all the ways an API can be breached, is only going to get bigger.

APIs have transformed digital service delivery and have become the engines of modern technology consumption. However, their security has not matched their rapid advancement. The state of API security is best reflected by the growing number of API breaches even in large, resourceful organisations. For most of these companies, a $3 million loss from an API breach may not be significant, but the reputational damage arising from a breach can well be. 

About the author

Dr Omaru Maruatona is the CEO of Aiculus, a Cyber-AI company that helps organisations embrace API technology without increasing their risk profile. Aiculus is one of the 10 companies in ICE71 Accelerate cohort 3. Omaru is an experienced Cyber Security and Machine Learning practitioner and has been working in the API security space for over 2 years. Omaru has previously worked with a big Australian bank in Machine Learning based fraud detection. He has also worked for a global Share registry organisation as a Technical Security Analyst and for a Big Four consulting firm in Cyber Security Architecture and Strategy. Omaru is a thought leader in Cyber-AI and regularly publishes and speaks at various academic and industry conferences.