Nowadays, it’s almost impossible to count how many websites are visited each day. Users browse the internet for news, use web applications for banking, order services and purchase goods. But are all web applications secure enough to protect highly sensitive data, such as credit card information?
Even though users can learn how to use additional security tools, it’s essential that web application developers would also ensure security internally. Otherwise, hackers can find various vulnerabilities and exploit them to steal credentials and cause financial losses.
We’ve reached out to the President and CEO of Cyber Security Cloud, Toshihiro Koike, who explained how modern technology can improve the cybersecurity posture of cloud-based web applications.
How did Cyber Security Cloud originate? What has your journey been like since your launch in 2010?
The journey started in 2010, and it feels long but rewarding. Cyber Security Cloud has worked hard ever since the start, and after three years, we’ve finally launched the cloud-based WAF Shadan-kun, a product that blocks cyberattacks on websites and web servers. Afterward, four more years of hard work paid off, and another service for the automatic optimization of AWS WAF operations, WafCharm, was released on the market.
Following the successful growth, we've later obtained a patent called Firewall Device (Patent No. 6375047) which is related to defense rules against external attacks in the cloud-based WAF. In 2018, we've also opened up an office of Cyber Security Cloud Inc. (CSC) in the U.S.
I'm proud to say that our success has been noticed as CSC was listed on the Mothers market of the Tokyo Stock Exchange (Security code: 4493) in 2020. So, we were encouraged to keep the growth of our company.
As a result, we've expanded our offerings by launching new services for the automatic optimization of Azure WAF (WafCharm Azure version) and Google Cloud Armor (WafCharm for Google Cloud).
Can you introduce us to what you do? What are the main challenges you help navigate?
As a leading cybersecurity company, we aim to develop secure cyberspace for people around the world. Our products use a combination of key threat intelligence and artificial intelligence (AI) to secure web applications. Currently, our service offerings include the following:
How can cybercriminals take advantage of unprotected web applications?
Unprotected web applications allow cybercriminals to steal personal information and make financial transactions on the dark web. The content of the attacked web application can be falsified to guide the viewer with fake information, and trick users into revealing sensitive information, such as credit card details. Usually, such attacks are executed with the help of malware or phishing. Additionally, insecure web applications can help the threat actors to gain control of the server, client terminal, and perform DDoS attacks or business email fraud.
Have you noticed any new threats emerge as a result of the current global events?
Yes, I've noticed an increase in the supply chain attacks that are targeting large companies. While enterprises have always been the primary targets of cybercrime, hackers are now trying to hijack the company systems via external factors, such as business partners and relatively small subsidiaries.
Additionally, work-from-home policies fostered an increase in attacks based on access from the external network. Once hackers gain access to a system within the organization, they can start attacking by targeting the vulnerability of the entrance.
What measures do you think everyone should implement to protect from these emerging threats?
I believe it's essential for every organization to put the following safety management measures into place:
Many companies have recently chosen cloud solutions as a way to enhance security. Are there any details that might be overlooked when making the switch?
There are many cases where there is a problem with the authentication information or policy, such as data disclosure settings due to mistakes in settings, installation of malicious programs due to improper account settings, and others.
What are some of the best practices that organizations should adopt to protect their workforce and customer data?
It is difficult to pinpoint the best policy, but I think that some organizations think that there is a big difference between customer data and the personal information of employees. Yet, all sensitive data is equally valuable. So, even if it takes time, I think it is important to review the regulations for employees and operate them appropriately.
Talking about the future, what predictions do you have for the cloud security landscape for the upcoming years?
As stated in the report issued by the Ministry of Economy in Japan, Japanese IT systems, many of which are black-boxed, will soon be required. It seems that it is time to think about zero trust and the security of how to reduce the threat of cyber intrusion.
And finally, what does the future hold for Cyber Security Cloud?
We aim to become the top security company in Japan in the security field and increase our sales to ¥5B and our operating income to ¥1B by accelerating global expansion.
Another goal is to strengthen the sales network through partnerships in order to increase the number of users. We will focus on partner success by utilizing the know-how accumulated in the direct sales organization. Apart from that, it's essential for us to upgrade the partner rank in AWS, Microsoft Azure, and Google Cloud and implement stronger measures.
In addition to increasing awareness among IaaS users, we will collaborate with leading global sales partners. As the importance of vulnerability countermeasures increases, we will maximize the acquisition of opportunities.
Finally, by leveraging the business development capabilities of the Cyber Security Cloud, we will develop new services to solve user issues and enhance our service lineup with the aim to be known as the one-stop-shop company for security solutions.