30 Dec Member Spotlight: Cybersprint
Every week, tens of thousands of websites are hacked, including those of large companies. Indeed, website security looks easy but requires the right expertise and most importantly: speed. Cybersecurity experts Pieter Jansen & Jurriaan Bremer developed an effective automated assessment tool and subsequently founded Cybersprint in August of 2015. Cybersprint helps mid-sized and large organisations to identify the so called “attack surface” of the organisation. By providing a complete overview of the online landscape linked to a specific organisation, they often show the organisation unexpected results: websites which should not (yet) be online and sometimes internal systems reveal (a range of) risky domains with outdated plugins or even unauthorised website clones. Most importantly, Cybersprint monitors the attack surface for changes: which new websites does the organization have, which websites are serving malware, which website is suddenly serving entirely different contents, and so on. Furthermore, Cybersprint detects malware, phishing websites and many other threats that can compromise the company.
Pieter Jansen, an experienced consultant and ‘boardroom’ hacker started Cybersprint with Jurriaan Bremer, a renowned security specialist, feared by Russian malware developers and hired by government agencies and banks. At the global Security Summit in 2015, they implemented their solution for the municipality of The Hague, thereby gaining the confidence of The Deputy-Mayor of The Hague. As the video shows, she is still thankful for regaining control of their legacy websites. Since then, from their office in the well-known The Hague Security Delta (HSD), Cybersprint scaled up and reached high-profile companies, such as banks, airlines, and government agencies.
Pieter Jansen, CEO & Co-founder of Cybersprint, explains the underestimated dangers of the web and how his company can help: “Did you know that last week 13400 websites were hacked? Facts like these and other ominous figures we encounter in our work are just a glimpse of the real risks that come along with online operations of organisations. Meanwhile, many organisations do not consider the consequences of cybercrime. Letting criminals use your online brand unnoticed or having weak legacy websites, can be regarded as sloppy. Their reputation is even more at stake when customers are affected by data loss, misuse, privacy issues or loss of IP. Nobody wants to go viral on social media based on a hack that could be prevented easily.”
Cybersprint helps to make the internet a safer place, initially for their customers but in the end for all consumers involved. As outdated servers and websites are a favourite weak spot for criminals, the tools of Cybersprint monitor all publicly accessible websites that belong to the organisation. Using real-time intelligence feeds, any anomaly based on visual and behavioural changes is reported. As a result, Cybersprint is able to immediately notify their clients of hacks or suspicious activity. Customers can therefore take direct action, before other users or search engines will notice anything.
Pieter Jansen: “We detect and report the slightest changes for our clients, with the help of our so called bank-grade malware analysis and defacement detection engine. Hacks can be well-hidden, so continuous monitoring is the most effective. On average, it takes eight hours for hacks to be detected, which is more than enough time to be noticed by internet users and the algorithms of Google, resulting in negative news and a lower search ranking. Another common phenomenon we come across is the presence of unofficial websites using brands and logos and even cloning login portals. ”
Besides common security issues, Cybersprint extracts useful information from its monitoring that can be used to improve protection. After a threat is detected Cybersprint knows who has registered suspicious domains and in what country, a detailed time log portraying all past changes and the possible functions or intentions of the found issue such as malware, spam and phishing.
Pieter Jansen: “Besides the incomplete knowledge of all active websites under the administration of an organisation, many companies have a narrow conception of the cyber risks and are not aware of their own websites being compromised in different layers. Simple breaches can be triggered by lack of updates or accessible test environments. Most breaches can be related to not adhering to the basic security principle of “Defense in-depth”: every layer of the infrastructure should protect itself against security failures in the layers above or below. We see it as our mission to help companies and government agencies to map out their online infrastructure and provide them with crucial data on any live and potential threats. The financial industry provides great opportunities for our product because of the pioneering position in cybersecurity. It seems that banks have an established awareness on cybercrime because they carry a great deal of stakeholder trust and integrity on their shoulders. Banks are working together through a so-called “Information Sharing and Analysis Center” (ISAC). Other sectors should follow this example. We already have very interesting clients and partnerships in the financial services sector. However, these are difficult to disclose due to the nature of our work. Nonetheless, we look forward to learn and share our knowledge with Holland Fintech and its members on many fronts because it will help many technology-driven firms to stay a Cybersprint ahead.”