Bryan Champagne, Eclypses: "77% of financial applications have at least one serious vulnerability, according to Intertrust”
Nowadays, information is one of the most valuable assets, making it an attractive target for cybercriminals. People are already trying to secure their data by employing innovative protection solutions, such as antivirus products, Multi-Factor Authentication (MFA), and others.
However, threat actors not only find sophisticated ways to circumvent these security measures but many complex applications contain vulnerabilities – once they’re found, cybercriminals can successfully steal sensitive user information.
For this reason, we talked with the CEO of Eclypses, Bryan Champagne, who explains how organizations can eliminate potential security gaps to protect their customer data and avoid breaches.
How did Eclypses originate? What was your journey like since your launch in 2017?
Eclypses was founded with a primary focus on developing our MicroToken Exchange (MTE®) technology to be the most innovative and disruptive data security solution for all mobile application technologies, websites, as well as IoT platforms and devices.
Since our founding in 2017, Eclypses has experienced tremendous growth. The deployment of Eclypses’ MTE technology has continued to grow across multiple verticals and sectors, especially in sectors such as banking, finance, blockchain, and payroll systems. In September of 2021, we received our FIPS 140-3 validation that ensures our customers are using a product validated by a National Institute of Standards and Technology (NIST) approved testing laboratory. Seen as the gold standard in data security, the FIPS 140-3 validation proves that Eclypses’ MTE data protection technology effectively and consistently safeguards user data to ensure bad actors cannot access valuable information at any point during the data transmission process.
Our journey in 2022 is even more exciting as we are currently working with global leaders in technology retail and communications. We are very excited about several new announcements coming soon.
You take great pride in your MicroToken Exchange solutions. Can you tell us more about this technology?
Our MicroToken Exchange technology is unique as it solely focuses on protecting any form of data moving between two synchronized endpoints. Many other cybersecurity solutions focus on monitoring and locking up data, but the MTE technology protects your data all the way through the operating system, from the sending application to the receiving application.
Our technology is for anyone that has a login and password and is concerned about that account being accessed by someone else – it is to avoid their sensitive data from being stolen or manipulated.
MTE secures data at the application level with no changes to the user experience and verifies each endpoint connection while protecting against attacks, such as injections, replay attacks, SIM swapping/cloning attacks, and man-in-the-middle attacks. MTE allows you to stop trusting the operating system and communication protocol.
Why is it important for organizations to use MTE to secure their data?
With zero-day and man-in-the-middle attacks rapidly increasing, traditional security methods are unable to protect your organization’s valuable data against these constant vulnerabilities. Unlike most security solutions that use operating system cryptographic libraries, we utilize our own Eclypses Cryptographic Library (ECL) to provide consistent security for all offerings across all platforms. MTE technology provides a patented security solution for your mobile application, website, and IoT devices and/or platforms that help you control the uncontrollable.
In your opinion, what industries should be especially concerned about securing their data?
Our MTE technology is really for any organization that provides account login and passwords to their customers. For these organizations, they must be concerned that if those accounts are accessed by someone else and that information is stolen, it could have harmful effects on both them and their customers. In particular, our data security solution has seen success in the fintech, blockchain, critical infrastructure, government, healthcare, and retail sectors.
In the financial services sector, it has been reported by Intertrust that 77% of financial applications have at least one serious vulnerability that could lead to a data breach. Financial mobile apps are more susceptible than ever to cyberattacks, especially in the wake of the Covid-19 pandemic. Two cryptocurrency exchange companies have recently experienced cyberattacks because of their valuable data and 2FA (two-factor authentication) was likely the source of the breach.
Have you noticed any new threats emerge during the pandemic?
Throughout the pandemic, we have witnessed an increase in certain cyber threats, such as SIM swapping attacks, zero-day attacks, and mobile malware.
There has been a significant increase in SIM swapping attacks in 2021, resulting in over $68M in losses, compared to just $12M from 2018-2020. These types of attacks make MFA (multi-factor authentication) useless and leave users’ valuable data, accounts, and even banking information open for bad actors to steal. (Source: The Washington Times)
Zero-day attacks have more than doubled in 2021 (83 reported attacks) compared to 2020 (36 reported attacks) and will only continue to increase in coming years. While these numbers are concerning on their own, the affected systems, the types of vulnerabilities, and the presumed unreported numbers may be worse. (Source: Zero-Day Tracking Project)
We have also noticed an increase in mobile malware, as many mobile applications use data before it’s protected because the devices people are using are not secured.
As the global climate and the consumption of data change, cybersecurity threats will continue to emerge rapidly, and organizations must seek proactive data security solutions.
Talking about the future, what predictions do you have for the data security landscape for the upcoming years?
I believe zero-day attacks will continue to increase in the future, as we have seen a drastic increase from 2020 to 2021. These zero-day attacks can be highly damaging to organizations as it leaves little opportunity for detection and prevention. We all know cybercriminals are becoming more sophisticated with developing tools disguised as legitimate requests and the reactive data protection strategies we often see will be useless. Many companies have developed an “it’s good enough” mindset on their cybersecurity protocols in place, but this will no longer be enough when it comes to securing data from zero-day attacks.
Multi-factor authentication has become a requirement for many cyber insurances, and with companies relying on this method, hackers have found other ways to steal your data. I believe that in the future, we will see a significant increase in cybercriminals attempting to obtain MFA credentials, leaving many companies who have relied on this method to keep their login information safe feeling defeated. The way we use MFA needs to be improved and cannot be the only method used to protect data.
What would you consider the most serious threats surrounding mobile applications nowadays?
I would say that relying on the operating system to keep your mobile app data secure would be a significant threat for mobile apps right now.
For example, current security practices for validating a login are for users to input the information into their mobile or web application and then send that information over the wire to the server. While that information travels to the server, it is vulnerable to an attacker that sits within that wire. It may seem like current security standards will keep them out. Still, attackers utilize well-known vulnerabilities in the wire and applications to gain access without the user being aware of their presence. Once in, the attacker has access to the username and password info as it goes through and can take over a user’s account.
Could you share some tips on how organizations can protect both their workforce and customer data?
When looking at a security solution to protect your workforce and customer data, it is essential to look at solutions with a proactive approach to security. This security solution should not impact the customer experience. It should be seamless and secure while protecting data from its inception all the way through to the intended recipient.
When data is transmitted, it should be verified at each endpoint in the connection and remain secure while inside the application. In the event of a data breach, it is crucial to know that the data stolen by the attacker will be useless to them.
Talking about casual Internet users, what measures should everyone implement to keep their data secure?
It is crucial to use applications that have proper end-to-end protection. When it comes to their data, users should expect that the applications and websites that promise to keep their information secure will follow through. As cyberattacks become increasingly common, we as users need to hold these companies accountable for the information they collect from us and demand that they find ways to protect it better.
Also, it is important only to download and install apps that you know and trust. Many apps out there steal private data and use it without you knowing. Apple has fought hard to protect people against these vulnerabilities, but cybercriminals find ways to get through.
And finally, be careful using a public wifi network. If you are required to log on to a public wifi, please know that the network you are on is not secure.
And finally, what does the future hold for Eclypses?
We are excited about several upcoming partnerships that we will be announcing soon and our continued involvement in the security industry. We’re thrilled at the acceleration of the adoption of our MTE technology and happy to see companies make security a top priority.
To follow our continued growth, you can follow us on LinkedIn here.