When choosing cybersecurity tools, decision-makers tend to overlook the fact that the users might be the weakest link in the security system.
More than half of organizations globally have dealt with damage done by cybercriminals over the last year. This forced companies to adopt various types of measures to protect from emerging threats, however, having the latest technology does not mean the organization is impenetrable. Our guest today explains, that underinformed employees can often become the main targets for attackers.
How did Holm Security come to be? What was your journey like since your launch in 2015?
Holm Security began its journey in 2015 in Sweden and by the end of 2017, after having released its first version of the vulnerability management platform, reached a milestone of 75 customers. Today Holm Security has now expanded into several countries in Europe including all of the Nordics and Benelux, as well as countries in Asia such as India and Malaysia. This year Holm Security has further expanded into the UK and Germany, with a total of more than 750 customers globally. The goal is to continue to expand its global-local presence.
Can you tell us a little bit about what you do? What technology do you use to detect vulnerabilities?
Cyber-attacks come in various forms but are usually aimed at accessing, changing, holding for ransom, or destroying sensitive corporate information. To implement a proper cyber security defense it is essential to implement a flexible, systematic vulnerability assessment strategy that constantly assesses your level of exposure to cyberattacks and that provides a path to protection by eliminating such identified vulnerabilities. In short, vulnerability management is critical for understanding where cyber security defenses need upgrading to ensure you always stay one step ahead of cybercriminals.
Most organizations implement what is known as the traditional vulnerability management process, which includes identifying, evaluating, treating, and reporting on security vulnerabilities in technical assets such as internal IT systems and web apps that are exposed to customers. However, Holm Security has taken a more holistic approach with its Next-Gen Vulnerability Management, that not only identifies “technical weaknesses” as part of its process but also the “human weaknesses”. Users are often the weakest link in any security defense and for this reason, cybercriminals very often target users first. Statistics show that more than 50% of all ransomware attacks start with the user.
For this exact reason, our Next-Gen Vulnerability Management Platform helps our customers to identify and remediate vulnerabilities and weaknesses in their cyber security defenses holistically - for every asset they own including both system & users, across their entire organization, all in one integrated platform.
In your opinion, which industries should be especially concerned with implementing vulnerability management solutions?
The reality is that all industries are vulnerable to cyber security attacks. The simple reason for this is that all industries hold critical or sensitive data, and a cybercriminal who obtains access to such business-critical or sensitive data could hold such for ransom. “The State of Ransomware 2022” report by SOPHOS stated that 66% of organizations globally have been hit by a ransomware attack in the last year, increasing by 78% from the previous year.
How did the recent global events challenge cyber security worldwide? What vulnerabilities do you think were exploited the most?
It is clear that cyber security attacks are becoming more common across the globe, and the purpose and outcome of these attacks are becoming more critical. No war today is fought with just traditional armies, but with cyber armies as well. Let me give you an example; if you declare war on another country, what is your first target? Communications. If you can disrupt the communication of the country you are attacking with cyberattacks initially, it is less likely that they will be able to execute a coordinated response against your ground attacks that follow.
Why do you think certain companies are sometimes unaware of the risks they are exposed to?
As organizations move into the digital age but are not experts in IT, they are simply not aware of the dangers that come with exposing your technical or human assets to the cloud, for example. Let us take the educational sector for example, which holds records of their students including personal information. Traditionally, educational institutes simply do not have the IT knowledge or the budget needed and are therefore easy targets. Continuous scanning for vulnerabilities across your technical and human assets is critical, as it will be easier to know where and what gaps to patch in your cyber security defenses.
Share with us, what early signs indicate that there might be something malicious lurking in the company network?
You will not be able to detect any early signs that you are being targeted since there is no real way of detecting it. You will, however, be able to quickly path the gaps by continuously scanning for vulnerabilities and therefore make it less likely that any gaps can be exploited by a cybercriminal before such are patched. Similar to having routine health checks, you are more likely to be able to deal with any illnesses if they are detected at the earliest possible time.
Besides quality vulnerability management, what other cybersecurity solutions do you think are essential for every organization?
It is important of course to have the basic cyber security solutions in a place like firewalls etc. However, the equally important part of any cyber security defense strategy is to ensure the company is protected from every angle. This means not only protecting your technical assets but also your human assets. By this, I mean training of any personnel in the best cyber security practices so that they will also be a strong line of defense against cyber threats to your organization.
Talking about average Internet users, what practices or tools do you think everyone should adopt to protect themselves online?
Like for any organization, ensuring you have a firewall installed on your computer is essential. But, I would also strongly suggest that you educate yourself on how to detect phishing emails so that you yourselves do not fall victim to having your personal information stolen. Another great way is two-factor authentication or constantly updating passwords with strong combinations which are both simple ways to secure your data, however, they are often not a priority for users, making it one of the easiest points of attack as mentioned previously.
And finally, what’s next for Holm Security?
Holm Security will continue its battle against cybercriminals by providing our customers with the best possible tools so that they are properly protected from cyberattacks both now and in the future. We want our customers to always be one step ahead of cybercriminals.