SHIELDS UP

Lo­cal tech suc­cess story RedShield, an in­no­va­tive web ap­pli­ca­tion shield­ing ser­vice which Kor­dia of­fers as part of its cy­ber­se­cu­rity port­fo­lio, is help­ing busi­nesses fight back against cy­ber­crim­i­nals and on­line threats. CEO and co-founder Andy Prow talks

Idealog - - IDEALOG / KORDIA - Kor­dia is the ex­clu­sive agent for RedShield in Aus­tralia and New Zealand and it forms a key part of the Cy­ber Se­cu­rity by Kor­dia of­fer­ing, New Zealand’s most com­pre­hen­sive suite of cy­ber­se­cu­rity so­lu­tions. To see how Kor­dia can help pro­tect your busi­ness

Call it the se­cond global cy­ber-pan­demic. A mal­ware pro­gramme known as ‘NotPetya’, which orig­i­nated in Ukraine and spread through­out the world in a mat­ter of min­utes, crip­pled air­ports, ship­ping com­pa­nies, hos­pi­tals and more. Chaos en­sued.

This came just weeks af­ter what was pre­vi­ously the world’s largest cy­ber-at­tack, the ran­somware known as ‘Wan­naCry’ that seized files and would not re­lease them un­less a ran­som was paid in Bit­coin to a shad­owy group whose goals re­main un­known by law en­force­ment agen­cies.

Such large-scale at­tacks are prob­a­bly the new nor­mal, says Andy Prow, the en­tre­pre­neur be­hind RedShield, an award-win­ning, fully-man­aged ser­vice that pro­tects web fac­ing sys­tems such as on­line ap­pli­ca­tions, eCom­merce plat­forms and cus­tomer por­tals.

“Cryp­tocur­rency has made it easy to mon­e­tise your mis­de­meanours,” he says. “Ran­somware is the new norm.”

Al­though the at­tacks have mostly tar­geted Eu­rope and the United States, New Zealand­based busi­nesses aren’t im­mune, he says.

“The prob­lems Kiwi en­ter­prises face are the same ones global en­ter­prises face.”

Prow says that the lat­est large-scale hacks typ­i­cally tar­get older, vul­ner­a­ble sys­tems, worm­ing their way in and be­com­ing in­cred­i­bly ex­pen­sive to re­move once they’re there. That makes them par­tic­u­larly dan­ger­ous to New Zealand busi­nesses, which of­ten use older sys­tems be­cause of an “it can’t hap­pen here” at­ti­tude and be­lief that we’re too small to be lu­cra­tive tar­gets.

“New Zealand busi­nesses are def­i­nitely a tar­get,” he says. “Most of these ex­ploits don’t care about your lo­ca­tion. Wan­naCry didn’t spread more in New Zealand prob­a­bly be­cause of luck more than any­thing else. These things that spread don’t care if you’re in New Zealand, Lon­don, New York or Gu­atemala.”

And he says these events show how im­por­tant it is to up­date and con­stantly test your sys­tems.

“We’re ab­so­lutely at risk. You need to get ev­ery ‘crown jewel’ ap­pli­ca­tion that you have tested. The ma­jor­ity of New Zealand busi­nesses have not yet been fully tested. If you have not had your sys­tems thor­oughly tested from top to bot­tom, you’re run­ning a huge risk.”

And this could also be a prob­lem for another rea­son: the pos­si­ble in­tro­duc­tion of new leg­is­la­tion that would re­quire New Zealand busi­nesses to dis­close breaches and make it il­le­gal to sell prod­ucts with known flaws. This leg­is­la­tion cur­rently ex­ists in the coun­tries around the world in­clud­ing the United States, many Eu­ro­pean coun­tries and, more re­cently, in Aus­tralia. There is a very real pos­si­bil­ity it could make its way to Aotearoa in the com­ing years.

“In the fu­ture it could be legally un­ac­cept­able to have known se­cu­rity flaws. You could be neg­li­gent for not know­ing ma­jor se­cu­rity flaws ex­ist, but it’s worse if you know and do noth­ing.”

And that’s where RedShield, which won the Most In­no­va­tive Hi-Tech Ser­vices Award and the Most In­no­va­tive Hi-Tech Soft­ware Prod­uct Award at the 2017 NZ Hi-Tech Awards, comes in.

Con­stantly up­dat­ing your sys­tems to pro­tect against the lat­est cy­ber threats is not only very ex­pen­sive, it’s also in­ef­fec­tive, Prow says. Like a game of whack-a-mole, the up­dates just “aren’t keep­ing up”. It’s also highly im­prac­ti­cal for ev­ery en­ter­prise to patch, up­date and up­grade ev­ery en­ter­prise ap­pli­ca­tion con­stantly. It’s ex­pen­sive in both time and money, and cre­ates too much change and in­sta­bil­ity, which is a busi­ness risk of its own.

The dif­fer­ence with RedShield is that it forms a rapid, de­fen­sive “shield” around ap­pli­ca­tions, pre­vent­ing hack­ers, ma­li­cious pro­grammes, worms, viruses, etc. from get­ting in. And while the shield is “up” you can then up­grade your sys­tems safely, a con­cept that is no doubt mu­sic to the ears of project man­agers and de­vel­op­ers – par­tic­u­larly those with tight dead­lines and lim­ited bud­gets.

In de­vel­op­ment for three years, Prow calls RedShield an ex­am­ple of “augmented se­cu­rity” that’s meant for non-se­cu­rity ex­perts to be able to use eas­ily.

“The com­mon­al­ity is busi­nesses and en­trepreneurs need rapid-re­sponse sys­tems,” he says.

With clients of all sizes all over the world, Prow says RedShield is work­ing on projects for no fewer than six US For­tune 500 com­pa­nies. But, he adds, the busi­ness is also help­ing small en­ter­prises, too, while re­main­ing true to its New Zealand roots. This works, Prow says, be­cause of RedShield’s sub­scrip­tion model, which of­fers au­dit­ing and then ‘shields’ vul­ner­a­ble ap­pli­ca­tions.

“We’re able to track how many breaches we’ve saved,” says Prow. “And our goal is to pro­tect the pri­vacy of one bil­lion peo­ple world­wide.” And Prow says they’re al­ready well on their way. “We know we have saved the pri­vacy of more than two mil­lion peo­ple through our New Zealand en­ter­prises.”

Prow says the rapid global growth of RedShield has been “pleas­antly sur­pris­ing”. But there’s a deeper mis­sion for the busi­ness.

“We try to do all this with a so­cial con­science,” Prow says. “Ev­ery hu­man be­ing has the right to feel safe on­line.”

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.