In the field of cyber security, the size of a company doesn’t determine whether you’re going to be attacked or not. Therefore, even the smallest organization should be concerned about its cyber security and responsibly act around it.
It’s a popular belief that only large companies should be concerned with having the latest security software in place. Yet, no matter how small the company is, implementing a cyber security system should always be one of the top priorities.
We’ve interviewed Justine Siebke, the Product Marketing Manager from Skurio – digital risk protection, and cyber threat intelligence company, to discuss what measures are available and crucial for every organization to fight against online threats.
How did the idea of Skurio originate? What has your journey been like since your launch in 2011?
Skurio was founded as a result of a UK Government Small Business Research and Innovation Programme, to meet the technology needs of the UK Government and Intelligence Services following the London riots in 2011 and a series of global security incidents. The senior management worked closely with UK national intelligence security analysts to develop a sophisticated social media monitoring solution that was chosen by the UK Government to help keep the 2012 Olympic Games safe.
Since its inception, Skurio has remained at the forefront of cyber intelligence and, today, we focus on identifying threats to the corporate world and supporting SMEs. In light of recent Government legislation across 128 countries around the safety of data and the ever-growing threat of cyber-attacks and the sophisticated techniques of cybercriminals, the company is supporting more and more businesses to get ahead and mitigate risk. Data breaches are ‘big business’ for cybercriminals who use advanced technology and automation to expand their target base to include SMEs. With the expanding attack surface resulting from digital transformation, move to the cloud and remote/home working, SMEs around the world must now have a multi-layered, proactive approach to security.
Skurio is used by enterprises and SMEs in 37 countries – we anticipate our geographic reach to double over the next 18 months.
Can you introduce us to the Skurio platform? What are its key features?
Skurio is a Digital Risk Protection specialist.
The Skurio Digital Risk Protection platform combines automated, round-the-clock monitoring of the surface, deep and Dark Web with powerful analytics for Cyber Threat Intelligence to combat cyber-attacks and data breaches including phishing, account takeovers, and ransomware.
Skurio is different from many security solutions in the marketplace because it focuses on the threats outside the organization and, critically, what is specific to our customers. It’s ideal for organizations that don’t have the resources to maintain an intelligence team to deal with these kinds of threats. Our team of threat intelligence analysts (all with law enforcement/military backgrounds) underpins our service to ensure a business can protect its staff, its customers, its brand, and its products and services.
With our growing partner network, even organizations that don't have an internal IT or security function can quickly and easily adapt it through a managed service.
Dark Web monitoring is still a lesser-known topic. Can you tell us more about this practice?
Accessing the Dark Web is risky and not something that you would want or encourage internal staff to do. Corporate data has become a major commodity on the Dark Web and businesses should be aware of whether their data is being sold or shared, or if their business is being targeted by cybercriminals.
Skurio scrapes Dark Web sites and captures the information safely. The data recovered is automatically matched with search terms that our customers are interested in. This is done safely without leaving a footprint on the Dark Web or exposing analysts to malware or disturbing content.
Do you think the current global events are going to affect the threat landscape?
Yes, DDoS (Distributed Denial of Service) attacks on organizations that are covering the situation in Ukraine are one example. Also, during the pandemic, we saw phishing sites set up (masquerading as organizations trying to help) to harvest information and spread malware. We are also now seeing fake websites that are pretending to be charities for Ukraine to do the same.
The belief that only large and well-known enterprises are prone to cyberattacks is only one of many misconceptions still prevalent today. What cybersecurity myths do you come across most often?
One of the biggest misconceptions is the tools they have such as password managers, spam filters, and anti-virus firewalls will be enough to manage cyber security attacks. The reality is, even if your defenses can be watertight, your business could be at risk from supply chain attacks or compromised data in 3rd party apps you use.
Also, there is still a perception that cybercriminals go after the big businesses and that somehow smaller businesses are immune to the attacks. There has been a huge rise in attacks on SMBs so it’s vital they take a far more proactive approach to managing their risk.
In your opinion, why does it take so long for certain organizations to recognize the risks they are exposed to?
Protecting data inside the firewall is a full-time business and most resources are focused on this. If hackers gain access to data via an undetected vulnerability or through the digital supply chain, they may leave no immediate indicators of compromise. It is only when data is subsequently used for phishing campaigns or account takeovers that the hacked business may become aware. And, if customers find out first, the reputational impact can be significant.
On average it takes 297 days for a business to identify a breach when it occurs. The earlier the detection, the faster a business can take action to prevent ongoing loss of data or the follow-on attacks which inevitably occur. And the cost of a breach rises daily while it remains undiscovered.
Early breach detection is critical with third-party suppliers. When a business shares its data with a supplier, and they share it with theirs, in turn, its protection remains the business’s responsibility. It’s imperative that businesses routinely check for data appearing outside their company network.
Besides threat intelligence solutions, what other security best practices do you think are a must for companies nowadays?
At the onset, all staff must be educated about the possible risks – at the very least, you should provide training around cyber risks and security. They should all be using a password manager too, so they never re-use the same password or use simple ones that can very easily be cracked.
One simple yet effective technique companies can look at is adding synthetic identities, so each dataset is seeded with a unique fictional record. Any unexpected communication gives your organization an instant, definitive sign that your data has been leaked
Evaluating the security posture of all the companies you work with within your digital supply chain is a must.
Talking about average Internet users, what security tools do you think everyone should use to keep their online activity safe?
Use multi-factor authentication (MFA). If you don’t, it is easier for cybercriminals to gain access to your data and apps you use – once they have a username and password, every transaction will be treated as valid, and basic security measures cannot prevent it.
And finally, what does the future hold for Skurio?
We are in the business of helping SMEs achieve the level of protection that is currently only available to large enterprises with deep pockets and skilled resources.
We won’t stop fighting the cybercriminals’ activities and our team will continue to detect new types of fraud and scams so we can help our customers defend against them.