Interview with Pankit Desai, co-founder and CEO of Sequretek

We speak to Pankit Desai, co-founder and CEO of ICE71 Scale start-up Sequretek, one of the Financial Times’ most promising APAC companiesand more recently a RAISE2020 awardeeabout what it takes to get to such business apexes.


Q: What do you do at Sequretek?

I am co-founder and CEO at Sequretek, with primary responsibilities around business development, operations and fundraising. Prior to Sequretek, I have had leadership stints with IBM, Intelligroup, NTT Data for over two decades.

Sequretek offers solutions in Endpoint Detection Protection and Response (EDPR), Identity Governance and Administration (IGA), and Managed Detection and Response (MDR). A combination of our products and a 24×7 managed security services, covers majority of the problems that an enterprise might encounter.

Q: Can you share an example or two where Sequretek has helped your client to achieve simplicity in terms of security? 

Let me take two examples on opposing ends of a size spectrum.

One of the largest private sector bank (5,000+ branches) with over 125,000 employees and 700+ applications/services was struggling to get an answer to this question of “who has access to what”? They tried implementing traditional identity management solutions, but after spending a few million dollars and over two years, their coverage was barely 5% of the technology landscape. They evaluated Sequretek’s IGA and they were able to implement the product in six months and have covered more than 50% of the technology landscape, with balance being targeted for completion within the year. Their compliance organization which used to scramble resources every year before the regulatory audit or User Access Review requirements, now is able to get all of it done through a simple dashboard report.

India is home to over 1,500 co-operative banks. Most of these banks are in the rural areas and serve the farmers and poor people. These banks have been the backbone through which most of the government schemes for underprivileged get distributed. Over the past few years, these banks have invested in technologies to stay abreast of the transformation that is impacting the sector, and with it there have been several high profile cyber breaches. There is now significant pressure from the local regulator to invest in security to mitigate the risks. Most of these banks, lack skillset to understand what security measures they need to undertake to improve their security. We worked with their industry body to create a program that build a security framework around offerings that allowed these banks to improve their compliance and security posture without burning a hole in their pocket. The program had several technology awareness sessions, across the hierarchy, that were baked in to improve their appreciation of technology, till date over 1,000 people have undergone this training.

Q. Sequretek was rated as one of APAC’s fastest growing companies by the Financial Times for 2020. Congratulations! Can you share with us what got you here today, perhaps your business mantra for aspiring cybersecurity entrepreneurs?

Early this year Financial Times picked us as one of the fastest growing companies (#206/500) in APAC and just very recently, we were recognized as a winner in the category of tech centric companies sector agnostic applicability, at RAISE2020 a global AI event hosted by the government of India. While the first one was all about the financial success of the company, the second is a vote of confidence on our technology and ability to execute in the marketplace.

As an entrepreneur, it is indeed quite redeeming to see the company get to where it is today. While it may sound cliched, our mantra has always been “do right by your customer” and the rest will follow. We have put that thought process into practice and I am proud to see our customers’ stand by us through thick or thin. It doesn’t matter how good your product is, or how good of a team you have built for yourself, if you are not in a position to get a happy customer, it will not get you anywhere. As a company, we have barely spend any money in marketing, it is customer referrals that have allowed us to scale year on year.

Q: How is the cybersecurity sector like in India and Singapore, are opportunities and challenges the same? What are prospects you see in Singapore and the greater APAC region?

For most part cybersecurity in industry and geography agnostic, this has allowed most companies in this space therefore to scale without much requirements for localization as compared to some of the other technology areas. Having said that, there are nuances from a tech maturity levels perspective and local regulatory norms, that may change how customers in different parts of the world perceive the need for security. In India, you will find companies at the top end of the spectrum who have used technology to differentiate themselves at global scale and are understandably quite ahead in their security journey. On the other hand there are millions of small and medium enterprises for whom security is almost an alien concept, which is where most of the recent attacks are concentrated.

If I was to look at APAC region, one will find companies in Singapore for most part will be well versed in technology usage and a much better appreciation for the need in investing in cybersecurity. However, there are countries in south east Asia that are not at the same level, and the challenges that I mentioned earlier will definitely be present. I see our message of “Simplify Security” resonate across the region, for this very reason.

Q: Describe cybersecurity in less than 30 words.

Cybersecurity is an enabler to your transformation and not an inhibitor.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

COVID-19: Productivity at the cost of security


In the RSA Conference APJ 2020 session “Getting the security and flexibility balance right in a COVID-19 world”, Magda Chelly, co-founder of Responsible Cyber shared her insights around digital transformation and security risk considerations in current times.

It’s ultimately about productivity
Improved and continuous productivity is a key driver of digital transformation for companies. It is less about regulatory or cybersecurity reasons. “In terms of APAC, I noticed that digital transformation adopted by companies are very much related to a sense of speed, to allow productivity to continue for employees.”

Amid COVID-19, health measures around the world have made remote work a necessity rather than an option. This need in turn pushes for digital transformation for many companies.

The perimeter is dead: Security without boundaries
With COVID-19 accelerating digital transformation, enabling employees to work from anywhere, cybersecurity risks are emerging with increasing prevalence of cyber attacks due to this flexibility of working.

There are COVID-19-themed attacks (link) in the form of phishing, malware and others, all of which exploit what makes us human, and contribute to an increased number of enterprise attack vectors. “As usual, the weakest link is the human factor,” Magda shared. Human fallibility remains to be the enemy of control, especially with phishing attacks.

On endpoint management, she cautions that companies might still be exposed to different risk scenarios. She cited an example on passwords. “We have seen new policies that passwords should not rotate, for example, but if your employees are working from home, and eventually working from their own devices, they are using those devices to perform business activities. They might be using
the same password for their social media and corporate accounts.”

And there are other unpredictable risk scenarios. Besides their own home WiFi, employees could be on insecure and uncontrolled networks in quarantining hotels, and VPNs may not work here. They might also have technical difficulties with work email and end up using their personal email, another bane of security.

New approaches to security
Magda urges cybersecurity professionals and leaders to go out of their comfort zone and adopt a data-driven mindset when it comes to assessing emerging cyber risks. “Have your 3, 5, 10 new emerging cyber risk scenarios, and then quantify them.” She recommends cross-collaboration with other business teams like IT and compliance to uncover factors for quantifying data, particularly those that make sense and matter to stakeholders.

When it comes to cyber resilience and awareness building, cybersecurity professionals need to increase their visibility and reachability within the business, not just through traditional means of communication like newsletters which can seem distant.

And as they say, the perimeter is dead. The future of security lies in a non-perimeter-based approach – and zero trust, which places users at the centre of the security strategy.

Magda is a thought leader and frequent speaker at cybersecurity forums and events. She is a valuable member of the ICE71 community, and her start-up Responsible Cyber is both an ICE71 Accelerate alum and an ICE71 Scale company.

ICE71 is a proud community partner of RSA Conference APJ 2020. Watch conference content on demand here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 Accelerate alumni in the news!

Did you know that our ICE71 Accelerate past cohort alums have been making waves in the news? These include:

..and many more!

Meet the cohort 4 startups! Watch Demo Day at https://www.accelerate4-demoday.ranosys.net/client/ice_71/

Investing in cybersecurity startups

As mobility and smart cities are developing, cybersecurity is becoming the hottest ticket to investing. Michael Blakey, Managing Partner and co-founder of Cocoon Capital shared his insights as an experienced angel investor and VC leader at this ICE71 Investor Series webcast.

Why invest in cybersecurity?

The amount of data and things that need to be secured is growing on a regular basis. Security business is fast-paced, with unfilled gaps along with rising technologies.

For large corporations and even governments, Michael said, “The big fear at the moment is not about the technology. It’s not about the IoT nor the smart devices, it’s about whether we will lose control (and be vulnerable to attacks). You’ve got to protect all these little devices, the cars and everything else which are moving around, and it’s much harder to do.”

There will be huge investment opportunities for cybersecurity companies if they can solve a relevant problem waiting to be solved. He opines, “If cybersecurity companies get their solution right, they can grow very quickly.”

Newbie tech investors: Good to know

For tech investments, it would take about 7 to 8 years before you see any returns, said Michael to would-be tech investors.

New investors can join other investor networks to gain experience and learn from them. This would also generate better deal flows as like-minded investors come together. “In Singapore, there’s a number angel investor networks like Angel Central and Bansea, you can join them and find people that have similar interest (in terms of the type of investee companies), and these people might be a little bit more experienced, people whom you can learn from. You can start small and learn through your mistakes. How everybody does investing would be different, there aren’t many many wrong ways of doing this but definitely not one right way of doing,” Michael shared.

People, especially founders, are key to an investor’s decision

A lot of emphasis is given to the founding teams when investors like himself needs to make a decision on what to invest in, especially when he can only invest in a few startups per year.

Founders must have the ability to build good teams that will consequently see through their product development and take to market. They should also have extensive market experience within the market of their target customer, particularly in cybersecurity. Any founder should correctly define the problem statement in those few crucial slides of their pitch deck. They must stand out to investors in the way they approach them. To Michael, demonstrating efforts in doing so would translate to how the same founder would attract a potential customer, a proof point for an investor to take the leap of faith.

Michael cites an example of investing in an ICE71 Accelerate cohort 2 startup, GuardRails, even though it is unusual to invest in a one-man team: “We invested in (one of your accelerator cohort companies, which was pretty much a one-person company and (the founder) had a couple of contractors that were were helping him. We spent a lot of time getting to know them figuring out if they have the right skill set, not just to build a technology but to build a team to one of the leadership capabilities.”

The other factors that influences his decisions as an investor include whether the startup is solving a real problem, and timing.

“Are they solving a real problem? I see some amazing technology that’s being built. But quite often, it’s technology that’s looking for a problem, not the other way around,” Michael lamented. “This is why I do more B2B than B2C. It’s harder with the consumers. With B2B, cybersecurity is (a real issue) that the board discusses.” He points out that cybersecurity is quite an interesting space to be in because it is something every board of every major corporation is concerned about. On timing, he’d ask if the cybersecurity startup is coming in too early or too late. He’d also ask, ”Where are they in terms of where the spaces (of opportunities) are?”

Investing in cybersecurity post COVID-19

Investing will still continue, albeit at a much slower pace, so founders need to work a little bit harder and yet lower their expectations of fundraising.

He said, “The reality is, as you might have noticed, I never talked about traction, rather I’m looking at people. Whether it’s today, last year, or next year, good teams are still good teams. And if you talk to most people who’ve been around long enough, they’ll all say the best investments they have ever made are the ones in a downturn. So, for founders, you’ll just have to work that a little bit harder. Change your expectations. If you were looking to raise one and a half million, maybe reduce the target funding amount and expect the fundraising period to take longer.”

He cautions that valuations are going to be around 20 to 30% of what companies would have gotten in 2019. To tide through COVID-19 effects, he advises startups to look into sensible cost-cutting, like making necessary salary cuts to prep for the worst, and also demonstrate adaptability during this time.

Watch the full video to learn more!

Be a part of our ICE71 community for more updates like this. Join our mailing list.

In conversation with Mitali Rakhit of Guardara, an ICE71 Accelerate 4 startup

We caught up with Mitali Rakhit of Guardara, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Mitali Rakhit, CEO and co-founder of Guardara, and we’re based in London, UK.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

My cofounder and CTO, Zsolt Imre, used an early prototype of our product at the world’s largest telecommunications device manufacturer, and was able to find more security and QA issues than a leading competitor. The client wanted to buy the product.

At Guardara, we are passionate about building a world with more secure code. Our dream is to be able to move fuzz testing earlier into the software development lifecycle and to be able to automate it completely.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

FuzzLabs is focused on fuzz testing for quality assurance. FuzzLabs can find more issues faster, is easier to integrate and more flexible. We are making the product as easy to use as possible in order to reach a wider audience.

Q: Who might find use for your solution?

Enterprise product security teams that work on high-availability products, such as ICS, IoT, medical devices, telecom, defense, aerospace, and automotive solutions.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

I have enjoyed getting to work with our fantastic mentors and peers in the cohort. I have learned that good things take time, and persistence is the key to success.

Learn more about Guardara at guardara.com

In conversation with Stephanie Robinson of Assimil8, an ICE71 Accelerate 4 startup

We caught up with Stephanie Robinson of Assimil8, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Stephanie Robinson, CEO and co-founder of Assimil8. We’re based in Brisbane, Australia.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

Assimil8 was formed in 2018 as I was struggling to bring together data sets from disparate systems in order to make high level
recommendations for relationship management – specifically, I could not see how relationships were connected without completing a time consuming and manual process.

Working together with my CTO and co-founder Simon Robinson to develop the IDRIS tool – a cybersecurity solution by our startup Assimil8 – has been an amazing experience. Having spent most of our lives overlapping careers, it’s been especially rewarding to move forward with IDRIS together by means of Assimil8.

Over the years we have had many ideas, but IDRIS was really the one we felt most strongly had all the ingredients for success, to meet a genuine need in a growing market. Our goal is to find partners who can recognise both the immediate cybersecurity market opportunity and the wider applications of this technology.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

We know that SMEs are asking for better value from their cybersecurity providers, more efficiency at a lower cost. We also know that SMEs are not only more likely to be the target of an attack, but that an attack is far more likely to result in the closure of the business.

Most SMEs receive raw threat data via a tool created for enterprise, so we asked ourselves this – why is there nothing on the cybersecurity market designed for this part of the economy, given that these businesses support close to three quarters of jobs worldwide? We believe it comes down to three critical factors – cost, skills and psychological barriers. It is not easy to get good cybersecurity advice, and to understand or act on it.

Our solution IDRIS utilises sophisticated graph technologies to provide visual network views, which allow the user to identify anomalies or patterns for investigation, without the need for high-level technical skills. IDRIS does not come with an enterprise licence fee, and with IDRIS it is far easier to interpret results than traditional rows of raw data. The tool can provide a view of threats across an entire network, increasing the likelihood of identifying a threat and, crucially, its connections within that network.

Q: Who might find use for your solution?

More than three quarters of small and medium sized businesses expect at least half of their cybersecurity needs to be outsourced within the next five years, and 78% of these businesses plan to invest more in cybersecurity within the next year, according to the results of a 2019 Continuum survey of global SMEs.

Our plan is to provide these outsourced service providers with a competitive edge in an increasingly competitive market. IDRIS will be launched using an open source model, and we would like to set the bar that any good forensic analyst service would be using IDRIS. Think of IDRIS as plain English for network threat identification.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

ICE71 Accelerate has been an excellent springboard for Assimil8 and finding a path to success for the IDRIS tool. Right from the beginning, the programme has provided access to networks and mentors. The focus and clarity this has given us in such a short period of time has helped us make huge leaps in the development journey of our product. We are excited to become a future success story for ICE71 Accelerate.

Watch Assimil8 pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Assimil8 at assimil8.com.au

 

In conversation with Valentin Bercovici of Chainkit, an ICE71 Accelerate 4 startup

We caught up with Valentin Bercovici of Chainkit, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I am Valentin (Val) Bercovici, Founder and CEO of Chainkit, based in San Francisco, California, USA.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

What inspires me every day is about levelling the playing field for victims of cyber crime and attacks – creating the next great cybersecurity company!

Cybersecurity has an existential crisis around the stealth of attacks. Privileged (admin or root) accounts are easily abused by malicious insiders and external bad actors alike. And with those escalated privileges, they execute their attack chains and cover their tracks with impunity. Balancing the canonical C-I-A Security Triad/Triangle with stronger integrity solutions for deep (military-grade) tamper-detection, solves this existential crisis.

At Chainkit we want to leverage absolute integrity to deliver the power of Provable Computing to the IT/OT industries. All layers of the computing stack (from transistors in processors to OSI L1-L7) only execute mathematically provable code, processing only authenticated data. All tampered code or data is immediately detected and isolated. This is the ultimate extension of the zero trust concept – beyond identity, endpoint and custom network segment.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

39% of cyber attacks are reported undetected by broad customer surveys – only during post-mortems by forensic investigators. Chainkit for Splunk and Elastic reduces undetected attacks by adding early visibility to deep tampering via military-grade detection of anti-forensic techniques. Before the attacks, Chainkit detects more insider threats, reduces dwell times, improves attribution and maximizes integrity monitoring for compliance.

Q: Who might find use for your solution?

Chainkit is a horizontal solution with a USD $1 billion addressable market today. We prioritize our sales on the most attacked industry verticals (government, financial services and healthcare). We offer specific value propositions for security analysts, threat hunters, compliance officers or auditors, and digital forensics investigators.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

The cybersecurity focus of the program is first-rate. The breadth and depth of industry-specific feedback we are receiving from customers, partners, investors and mentors is materially improving all aspects of our business, from sales and marketing, all the way to product development.

Additionally, the professionalism of the ICE71 and CyLon teams have been outstanding. Particularly their seamless transition from a traditional in-person program to a 100% virtual version of it.

Watch Chainkit pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Chainkit at chainkit.com

 

In conversation with Sudesh Kumar of Kapalya, an ICE71 Accelerate 4 startup

We caught up with Sudesh Kumar of Kapalya, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Sudesh Kumar, founder and CEO of Kapalya. We started Kapalya in Honolulu, Hawaii, but since 2018, we have moved to Berkeley, California which is in the San Francisco Bay Area in the US.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

It all started when I was tasked by the Hawaii State CIO to protect the 2016 presidential elections data from getting hacked. During that process, I discovered that no vendor had a comprehensive encryption management solution, so we decided to build such a solution and that was the inception point of Kapalya.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

The main problem we are solving is encryption key management across any organization, regardless of where that organization’s data resides – be it on laptops, desktops, smartphones, tablets, public clouds, virtual desktop environments and enterprise file-servers. We call it the Encryption Management Platform (EMP).

Q: Who might find use for your solution?

Since our inception was from the government, they are first target customers. However, our solution is good to be used by any industry and vertical, as all of them are susceptible to ransomware attacks – these include healthcare, legal firms, software development companies, accounting firms, financial services, oil and gas, manufacturing, logistics, insurance companies, to name a few.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Our biggest value derived from the ICE71 program is the level of connections made so quickly within SingTel, NUS, Trustwave, CSA and NCL. All of these are extremely valuable partnerships for us, which would have been very difficult to obtain on our own.

Watch Kapalya pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Kapalya at kapalya.com

 

In conversation with Avi Bartov of GamaSec, an ICE71 Accelerate 4 startup

We caught up with Avi Bartov of GamaSec, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Avi Bartov, CEO and co-founder of GamaSec, a company based in Tel Aviv, Israel.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

GamaSec was founded in 2006 with a mission to lower risk for small businesses. Back then, we were a security solutions advisor.

In 2017, we made a strategic decision to create alliances and partnerships with insurance companies. We realised that cyber insurance is going to see more focus with insurers worldwide, but most insurers do not have the background or the expertise in order to provide this kind of service. The missing piece of the puzzle was the growing need for a partnership between a cybersecurity company and an insurance company. Here’s where and how we come in — our technology, when bundled with cyber insurance policies provided by our insurance partners, reduce their exposure and increase their brand awareness.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution.

GamaSec provides a pre-breach virtual hacker technology designed to prevent cyber attacks, minimizing the exposures that cyber insurance policyholders face, instead of just risk mitigation.

Right now, we are working towards the next generation pre-breach cybersecurity for insurance carriers – with GamaEye. GamaEye is a powered GamaSec Patent technology that enables businesses of all sizes to detect combat and recover from web cyber-attacks in real time significantly reducing the risk of data breach.

It is a web attack detection technology that uses changeable deception elements to identify and reveal malicious activity targeted at business websites.

Q: Who might find use for your solution?

Insurance providers and brokers that are providing cyber insurance policies to small to medium-sized business owners. These parties would be our potential channel partners.

By blending in this next-level detection and prevention technology with their cyber insurance policies, our insurance partners would be able to reduce exposure and increase brand awareness.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Meeting people from different backgrounds and learning from their experiences, which helped the cohort members get feedback in improving our respective companies.

Watch GamaSec pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about GamaSec at gamasec.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

  • Cyble, an ICE71 Scale startup, is listed in Forbes’ 20 best cybersecurity startups to watch in 2020, based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets.
  • In a separate news on Silicon.co.uk regarding a potential data compromise affecting popular maths site Mathway, Cyble was quoted saying that hacking group called Shiny Hunters began selling the database of more than 25 million Mathway user credentials on illicit websites in early May, offering it for $4,000 (£3,285) in cryptocurrency.
  • ICE71 Scale startup Cyfirma is quoted in this Straits Times article about the recent cyber attack on ST Engineering’s US subsidiary. According to the cybersecurity firm, a group of hackers known as the Maze group had attacked VT San Antonio Aerospace and put about 50 megabytes of leaked data on the Dark Web and public forums.

More news on ICE71 and our startups here.

 

In conversation with Rohan Sood of Scantist, an ICE71 Accelerate 4 startup

We caught up with Rohan Sood of Scantist, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.
I’m Rohan Sood, Head of Operations at Scantist. We’re an NTU spin-off based in Singapore.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

The cyber-security lab (CSL) at NTU found multiple vulnerabilities in popular commercial software from Adobe, Apple and the likes as a part of it’s binary-level security analysis. These vulnerabilities were recognized by the vendor companies – leading to significant bug-bounty awards to the research team.

The ability to find commercially relevant vulnerabilities in some of the most sophisticated software platforms and products led us to believe that we had a unique value proposition to share with the world. We started Scantist with an objective to translate our research activities into a viable product that could be used to identify such vulnerabilities before the software is released.

Our vision is a world where applications function flawlessly – the way they were intended, without concerns for security. We aspire to be the one-stop shop for application security.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution and who might find use for it.

While cybersecurity has traditionally focussed on network and infrastructure layers, the application layer is emerging to be the preferred battleground for hackers and adversaries worldwide. Breaches like Equifax, Panama Papers and a host of Heartbleed-related attacks were all made possible owing to vulnerabilities in business-critical applications.

Scantist Software Composition Analysis (SCA) provides a developer-centric solution that integrates with existing workflows to proactively manage known vulnerabilities in software applications. Scantist SCA is the only tool that effortlessly scans all binary and open source code in a single integrated platform to provide targeted remediation advice with an extremely high-degree of accuracy.

Any organization – small or large – which develops or maintains software applications as a part of its core business operations is a potential customer for Scantist.

We are currently focussed on markets in Singapore, ASEAN and China.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

With cohort members as well as mentors from across the globe, we have really enjoyed looking at cybersecurity from a much-broader perspective than we previously had owing to our existing engagements being limited to the Singapore/ASEAN region. It has allowed Scantist to evolve and broaden its horizons by working towards being a global brand.

Watch Scantist pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about Scantist at scantist.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

 

Singapore Fintech Festival and SWITCH 2019

Our ICE71 team had a blast during the recent SFFxSWITCH 2019 exhibition and Innovation Lab Crawl! SFFxSWITCH was a first-time collaboration between Singapore Fintech Festival (SFF) and Singapore Week of Innovation and Technology (SWITCH). The Innovation Lab Crawl featured participating innovation labs across Singapore, which opened for visits from the public. ICE71 had an Open House and Social as part of this lab crawl.

SFFxSWITCH 2019

Being at SFFxSWITCH 2019 was a memorable experience in itself. The exhibition stretched across 5 Singapore Expo Halls, it was a HUGE affair and no doubt one of the events to be remembered for 2019.

We were at the NUS Enterprise booth on Day 1 (11 Nov) of the event. Together with our NUS colleagues, we had the opportunity to network with and reach out to event attendees, particularly those who were interested in getting to know the incubator and accelerator programs under NUS Enterprise. It was a good avenue to share more about our ICE71 Accelerate and ICE71 Inspire programmes.

We also managed to catch up with our ICE71 Scale startups that were at SWITCH – neoEYED, Build38 and Apvera!

Clockwise from top left: Catch-ups with our ICE71 Scale startups Apvera, neoEYED and Build38

There were live startup pitching sessions, including one where neoEYED was a part of! neoEYED is a top 20 finalist out of 600 global participants for the Global Fintech Hackcelerator. Watch Tamaghna Basu, CTO of neoEYED, as he pitches on stage:

Innovation Lab Crawl

Our Open House and Social on 15 Nov was well received — we had many people streaming in during the lab crawl. It was a great way to introduce ICE71 and our programmes. People got to network and form new connections too!

We had fun interacting with attendees of our ICE71 Open House and Social
as part of SWITCH Lab Crawl

For more updates like this, follow ICE71 on our web and social channels.

The Accidental CISO

Cheri McGuire, Group CISO of Standard Chartered (front, left) with moderator
Linda Schindler, Programme Head of ICE71

On 1st October, we had the honour of having Cheri McGuire, Group CISO of Standard Chartered, as an ICE71 guest speaker at Cloudflare’s shiny new Asia HQ. Cheri shared insights across topics like how she got into cybersecurity and what traits a CISO should have.

The Accidental CISO

“It’s a very long story, but you could call me an accidental CISO,” Cheri said. Coming from a political science background, she worked for the US Congress for over 6 years before she went back to school for an MBA, and then worked for a telecommunications infrastructure company. “I had to learn about that business in a short period of time,” she said.

Her mix of telco and government experience turned out to be a draw for Booz Allen, which got her into consulting. About a year after she started, 911 occured. She then got into US Homeland Security’s national cybersecurity division in its nascent days, where “You couldn’t even get a chair if you weren’t early,” she said. Stints at big names like Microsoft and Symantec followed later. Today, she is CISO of Standard Chartered.

3 most important traits of a CISO

“CISOs need to communicate and translate. They need to have courage. And they also need to have a good blend of technical and business skills.”

– Cheri McGuire

Terms like ‘256-bit encryption’ and ‘TCP/IP protocols’ may seem basic for cybersecurity professionals, but not for finance professionals or non-tech people. Cheri said, “I had to put myself in the shoes of my audience and be able to speak their language, in real business terms, when it comes to describing the impact of security.”

CISOs need to have courage to call out on challenges and issues to an audience. For this reason, CISOs are often not the most popular—some people who are listening would rather not know about or have such challenges. When bringing up an issue, CISOs need to understand the motivations of the audience and speak to them in simpler terms, making it real and relatable. For example, a CISO can say, “Look, if we don’t patch that system, these are the things that could happen to the business.”

Cheri also believes CISOs should have a good blend of both technical and business skills. “You don’t have to be the smartest,” she said, but having a good understanding of business risks, coupled with a solid foundation of technical knowledge, will help CISOs get ahead of their game.

Commoditisation of the threat landscape

It has become cheap and easy for anyone to launch cybersecurity attacks. For the “bad guys”, they only need to “get it right” once, and yet the victim organisation has to protect against everything that follows. This is one of the biggest threats that banks and financial firms face today.

“A small breach can have a significant impact.”

– Cheri Mcguire

Cheri cited an example of the Tesco Bank cyber attack in 2016, where in actuality the breach cost over $2 million, small by financial institution standards—but the reputational repercussion huge, and the regulatory fine was about 10 times the actual cost of the breach.

Managing risks in the cyber world

Cheri believes it takes a multi-layered approach to cybersecurity risk management—people, process and technology.

90% of attacks usually happen through phishing. “Employees are the first-line of defence,” Cheri said. This is why it is important that banks train their employees to be consistently cyber risk-aware.

Despite cyber awareness training for employees, there remains a possibility for human errors, and people might still click on a phishing link. So, processes and technical controls, like those put in place to prevent phishing attacks, are still necessary.

There’s room for startups, but it’s challenging

Regulatory requirements are preventing the quick adoption of technology from startups, as much as CISOs want to work with them.

The complexity and size of an organisation like Standard Chartered also pose a challenge to onboard new vendors. “With footprints in 60 countries, close to 100,000 employees and complex environments, it’s challenging for us to onboard new vendors,” Cheri said.

There are other considerations before onboarding can happen, too. Like whether a startup product is well-thought out, whether the startup has enough backing, what scale the startup is at, and whether it’s been around for awhile— factors linked to its longevity.

Early this year, SC Ventures, the innovation, ventures and fintech investments unit of Standard Chartered Bank, has created SC Ventures Fintech Bridge, a platform that connects and matches partners (startups, investors and accelerators) from the fintech ecosystem to the Bank. Through this platform, ecosystem partners can propose solutions to challenges posted by the Bank’s business units or request for investments.

Silent Eight is one of the startups in the SC Ventures Fintech Bridge. Its AI technology simplifies anti-money laundering checks and processes done in banks, such as name screening, payment screening and transaction monitoring.

Built-in security is a business proposition

As banks continue moving towards digitalisation of services, trust and security become important.

She urged companies to put security in mind when building their products. “Please build security into your products, so you’re ready when you come knocking at our door,” Cheri said, and adds, “if your products are not secure in the front end, it’s hard for us to adopt it.”

For more articles and updates like this, follow us on our ICE71 social media pages!

SocView – Optimising cybersecurity operations team efficiencies

From viruses and Trojan horses to ransomware – cybersecurity threats are increasing in numbers, sophistication and variety. A report by the Center for Strategic and International Studies in partnership with McAfee estimated the cost of cybercrime to businesses at about US$600 billion each year.

And it’s not just the financial cost. Businesses are also at risk of reputation loss, should news spread about any hacking attempts or loss of customers’ private information.

To counter this threat, organizations are deploying more cybersecurity tools and solutions. This means that an organisation’s cybersecurity team could be bombarded by thousands of alerts from a myriad sources every day. With insufficient time to handle every alert, cybersecurity team could miss a critical alert.

SocView Solutions Pvt Ltd is an emerging cyber security start-up that aims to address this problem through “SocView” its integrated security operations platform. This centralises all alerts from different functions of security operations onto one platform, ensuring security analysts will never miss a single alert. Not only does SocView’s solution increase the efficiency of security analysts, by rationalizing diverse security operations onto one platform, SocView enhances intelligence sharing amongst the IT team.

SocView is built for cybersecurity analysts, by cybersecurity analysts. “With my experience in cyber security domain over 18 years, I am aware of the pain of managing security alerts on a day-to-day basis. It propelled me to develop a revolutionary and disruptive solution to address the complex problems present in the scope of day-to-day cyber security operations”, said Jayanth Varma, CEO and Founder, SocView.

“Our product is already in market. We released it in 2017 and onboarded our first enterprise customer in the United States. Currently, we are carrying out proof-of-value implementations with three other service providers in the region. From the implementations already done, SocView’s product has resulted in a minimum 30% increase in efficiency of the cybersecurity operations team,” Jayanth added.

SocView is amongst the growing number of cybersecurity start-up companies in Singapore. The company is also one of the pioneering start-ups in ICE71 Accelerate, a 3-month accelerator programme for early stage cybersecurity start-ups to sharpen their value proposition, business strategies and commercial models. 

“Singapore has a good start-up ecosystem. If you look at cybersecurity today from Singapore’s point of view, the commitment and vision being provided to help cybersecurity companies is mind-boggling”, said Jayanth.

“The resources here at ICE71 are fantastic, providing us with knowledge, support and networks to other start-ups,” said COO and Co-founder, Prasanna Kumar. Prior to starting SocView, they both worked together in large multinational companies.

The local cybersecurity sector is still at a nascent stage. 

Resolve

On Feb 23, 2018, Dr. Yaacob Ibrahim, noted that “Singapore is digitalising in many areas to improve lives, but this also means that we are becoming ever more interconnected and vulnerable to cyber-attacks on a wide range of targets. Cybersecurity has never been more crucial to ensuring Singapore functions smoothly and safely.”

By March 5, 2018, Singtel’s Innov8 and NUS Enterprise launched the Innovation Cyber Security Ecosystem at Block71 (ICE71). ICE71 dedicates itself to helping startups prosper in the cyber security space.

Aside from funding (for equity) of around 20 to 40K SGD, startups benefit from three ICE71 programs: Inspire, Accelerate and Scale.

Inspire is a 5-day boot-camp for participants.  The boot camp will help participants test and qualify cyber security business concepts. According to Edgar Hardless, Innov8 CEO, It is open also to non-Singaporeanstartups. (I “Double confirmed” this.) This program should start around May 2018. Each batch (cohort) will take in around 8 to 10 startups.

Accelerate, is a 3-month accelerator program. It will equip early stage start-ups with financial, business structure and go-to-market strategies. This program helps progress their business. This should start around June 2018.

Scale is for later stage startups. It provides market access to  grow the start-ups and scale their businesses in the region.

If you are interested to apply go visit their website at https://ice71.sg/