The pioneer programme will commence with the support from Singapore’s very own Info-communications Media Development Authority (IMDA) and the Cyber Security Agency (CSA) with aims to accelerate start-ups in cybersecurity sectors.

Under the programme, the cybersecurity entrepreneurs have access to a three month stint at a start-up hub, named Innovation Cybersecurity Ecosystem at Block 71 (ICE71). In that hub, the hopefuls will learn pre-accelerator boot camp, accelerator training programme and landing pad for start-ups with Europe-based cybersecurity accelerator Cylon.

“Government support for cyber security is critical to grow Singapore’s regional expertise and cyber security startups like Horangi will benefit from these programs,” said Paul Hadjy, CEO at Horangi Cyber Security (Horangi).

Hadjy told Hackwarenews team that the state top-down approach is essential in supporting the embryonic state of cybersecurity development in Singapore.

In his opinion, the barrier for growth in the cybersecurity security often pointed down to the shortage of talents in the field. Thus, the accelerator programme will allow the startups to gain access to funding as well as the right mentorship to groom talents and expertise.

Besides the lack of talents, Hadjy highlighted that many Southeast-Asia based firms have downplayed the values of cyber security in their overall corporate strategy.

“Many ASEAN companies view cyber security as an IT task and not an overarching business risk,” opined Hadjy.

This oversight causes many decision-makers to set ineffective budget targets for cyber security spending, which in turn leads to myopic, ineffective spending. However, he noted that corporate companies are gradually changing their mindset on the importance of cyber-security.

“Today, organizations in Singapore and other regions are shifting towards a more holistic view of cyber security; where it has become a pressing concern that affects business processes across all enterprises.” concluded Hadjy.

Going forward, he believed that enterprises should engage a third party cyber security company in helping them to analyse their profile and identify system vulnerabilities. Then, the outcome of the analysis can be used to formulate plan to protect key data and assets from breaches.

The post Horangi praises Singapore’s initiative on new cybersecurity accelerator programme appeared first on Hack Ware News.

Some these security risks include the following:

FINANCIAL DATA THEFT/FRAUD: Many attackers target personal information such as names, addresses and credit card numbers. This allows them to make purchases online using someone else’s payment information. One method being used is called pharming or using fraudulent websites to manipulate people into giving out their credentials.

Another more effective and insidious method is deliberately targeting specific users and manipulating them into giving their personal information (also known as spear phishing). Other exploits used to steal financial information include, but are not limited to: SQL Injection, Cross-Site Scripting, Path Traversal, Session Hijacking, and Drive-by Downloading

DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACKS: A Denial of Service attack’s aim is to take down e-commerce sites by flooding them with requests. This kind of attack overloads the e-commerce site to the point where it can’t handle anymore requests, making the service slow down or even go offline.

Slow service for an e-commerce site means loss of potential revenue and massive impact to brand reputation.

MAN IN THE MIDDLE ATTACK: Man in the Middle attacks do exactly what they say — the attacker eavesdropping or intercepting the user’s (in this case, the online shopper’s) connection with the website. Even with Secure Sockets Layer (SSL)/Transport Layer Security (TLS) in place, there are still ways attackers can trick the browser to gain access to the plain text data.

EFFECTS OF A SECURITY BREACH FOR AN E-COMMERCE SITE

If such an attacker manages to compromise an e-commerce site, the following can happen:

LOSS OF REVENUE: The first, most obvious effect of a security breach is loss of income. Small businesses shell out an average of $38,000 to recover from a single data breach in direct expenses alone.

On top of that, a company that experiences a security breach can also be held accountable for not following

data protection policies, leading to hefty fines that can lead to a business’s insolvency.

DAMAGE TO BRAND REPUTATION: Apart from the direct loss of sales due to site unavailability (due to a DDoS attack, for example), losses of sales can also be due to customers walking (or in this case, browsing) away from the shop in favour of other shops without such security breaches. Losing customers’ and stakeholders’ trust is the most harmful impact of a security breach.

People will not do business with a breached company, plain and simple.

Even if the company is eventually able to recover the financial losses, the impact on the company’s reputation would be a scar that would take a significant amount of time to fade. That is, if it even fades at all.

INTELLECTUAL PROPERTY THEFT/DAMAGE: Another impact of a security breach is theft and damage to intellectual property like trade secrets, blueprints, and anything else that gives a company their competitive advantage. This can mean missing out on expanding the business since the company can no longer fully implement new and innovative ideas brewing in the pipeline.

HOW TO PROTECT E-COMMERCE SITES

The good news is there are ways e-commerce shop owners can protect their websites, their customers, and their data:

1. Research on the e-commerce platform and payment gateway the e-commerce business runs on to ensure it complies with information security standards. Make sure the platform is compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an information security standard defined to control how credit and debit card information is handled. To determine if the e-commerce platform is compliant, refer to Visa and Mastercard’s compliant service provider lists.
2. If you plan to implement your own platform using open-source platforms like Magento, then the responsibility is on the shop owner to implement security measures. Ensure that your shop is PCI-compliant and other basic security measures are in place.
3. Make sure the entire site (not just the payment area) uses HTTPS and do keep the SSL certificate updated. The certificate creates a secure connection between the user and the server. Otherwise, the data is easily accessible and readable by anyone. Contact your hosting provider if the shop is not hosted via HTTPS.
4. Only store customer data that is needed and make regular backups of them.
5. Conduct a vulnerability scan on the online shop. Even with security measures in place, it is possible that the site is still vulnerable from threats that are not obvious to the end user. This is where a web scannercomes in. Web scanner scans web applications for known vulnerabilities by spidering through links and ignoring pages linked outside the target domain.

SECURITY IS NUMBER ONE FROM DAY ONE

Hackers and cybercriminals only get smarter and more sophisticated with each passing year. Therefore, the onus is on business owners to make security a priority.

While a cybersecurity endeavour takes a lot of time and resources, the upfront cost is still lower than the potential losses and is a worthwhile investment for all e-commerce setups.

Background on writer: Samantha Cruz is a Cyber Operations Researcher at Horangi. She specializes in cyber research and security tool development. Before joining Horangi, she has worked for Trend Micro as a security analyst and engineer.

The post E-commerce requires beefed up cyber security to function well appeared first on Hack Ware News.

Before the end of 2017, Horangi has proven its worth and closed a USD3.1 million Series A Round, headed by Monk’s Hill Ventures, a venture capital firm known for investing into high growth early stage tech startups in Southeast Asia.

Besides Monk’s Hill Ventures, Horangi has gotten the backing of another four venture firms namely, Right Click Capital, 500 Startups, Hub Ventures Fund and 6Degrees Ventures. These angel investors are no means funding out of philanthropy but rather on the competitiveness posed by Horangi’s presence in the cyber security sector.

“Horangi brings a level of expertise and much needed capability in its products to the market, particularly in Asia where this is lacking,” said Lim Kuo-Yi, managing partner of Monk’s Hill Ventures.

Lim’s judgment was well-founded as since its inception in early 2016, the fledgling cybersecurity company had built up a beefy portfolio of 50 clients across various sectors.  Horangi even attracted interests of U.S. based multi-national corporation (MNCs) which prefer the Singapore-based cybersecurity firm as their security providers over others.

Despite fielding a small team, Horangi packed a punch with over 25 years of expertise in cybersecurity through its team members, which detected over 100,000 system vulnerability issues and spanned over 6 global offices across North America and Asia-Pacific.

Apparently, Horangi’s company vision has also struck a chord among the investors, seeking to provide a safer cyberspace for all.

“Our vision is to provide an affordable full-stack cybersecurity solution for our users globally, allowing them to quickly understand and deploy the right course of action.” stated Hadj.

So far, the company offers three core products namely, Scanner, Hunter, and Storyfier, which integrate seamlessly to provide customers with a full-stack cybersecurity solution previously available only to Fortune 500 companies.

In addition, Horangi provides in-house cyber security consulting to clients to identify system vulnerabilities.

Hackwarenews team sent its congratulation note to Horangi on its latest investment funding. Going forward, the team expects more cyber-security in the Asia Pacific region to receive windfall investments, following the trend seen in start-up nation, Israel where cyber-security firms became the top recipient of funding in 2017.

The post Horangi ends 2017 with a huge War Chest appeared first on Hack Ware News.

“It was cool to see some of the other companies doing cyber-security in the region as there are not that many.” said Hadjy, referring to the recent turnout for the CyberConnect 360 event held in Singapore.

To Hadjy, he believed that more can be done to chase the success from the event and address the very real cyber threats posted to the corporate world. For instances, financial firms have increasingly became the top target for hacking as they control large amount of money and credit information of clients.

Despite the risks, not many financial related institutions were able to ward off hostile cyber-attack from outside the company. As such, a number of high profile data breaches have surfaced out in the news lately.

Horangi: The Tiger that does not sleep

The aftermath of such breaches then often opened up the victim, in most of the cases, a company to the possibility of very expensive litigation which in the first place can be prevented.

“It is extremely important that a company be able to identify any possible holes within their enterprise network and to be able to fix them before they would be the target of a coordinated attack.” opined Hadjy.

It was often said that human remained the weakest link in the corporate data protection, however proper training can be used to enhance their mindsets and raises their cyber-security awareness.

The next weakest link in line then lies in the email systems which are vulnerable to phishing, ransomware and malware. And most often a weak password is all it needed for hackers to find a breakthrough to a highly secured system.

Reflecting this sentiment, Hadjy told Hackwarenews that every company should know whether or not its computer network that are connected to the Internet are as secured as possible.

Then, this big picture will list the various weak spots in the system which might be vulnerable to cyber attacker for exploitation to gain greater access to company data.

In filling this gap, Horangi has offered a three-part system that scans, detects security issues and prepares reports based on the data collected. Moreover, the three-part system is capable of doing a complete and thorough analysis of a client’s computer network and all of its workstations looking for possible security risks.

“With Horangi, they (the clients) would be able to know whether or not they would be ready and help them identify any deficiencies before they become a problem.” commented Hadjy.

After the review, the client will be able to come up with a plan to mitigate the risks and to hopefully prevent any type of security breach from occurring in the future.

As Horangi’s motto goes, “there is no off switch on a tiger”, and the word “Horangi” is actually derived from Korean language meaning, tiger. Similarly in the cyber world, there is no off day as well, as threats are constantly round the clock. So probably, we do need a sleepless tiger to ward off endless cyber-attacks for data integrity.

The post Horangi: The Tiger that does not sleep appeared first on Hack Ware News.