Cybercrime now ongoing and continuous, says SecOps founder
Ongoing protection against cybercrime is now a ‘must-have’ rather than a ‘nice-to-have’ option, says Sumit ‘Sid’ Siddharth at the launch of the SecOps Group.
Cambridge-based SecOps Group provides cybersecurity consultancy services including penetration testing, DevSecOps, and cloud security reviews, as well as “act as a value added reseller for some niche security products”.
Sid previously founded cyber consultancy and training business NotSoSecure, which was acquired in 2018 by the Claranet Group.
Sean Atkinson, a seasoned cybersecurity professional with 15 years of experience in handling the commercial side of business, is the co-founder of the business.
SecOps is the reseller for two main products: Attack Surface Management, by RedHunt Labs, which provides enterprises continuous visibility of digital assets, and PureAuth, by PureID. PureID is a passwordless authentication service that eliminates the single biggest risk to every enterprise – the password.
Among the services the company offers is penetration testing (pentesting), which is increasingly in demand due to the number of both private/corporate and state hackers currently proliferating the internet, and defence against ransomware. (The two are often linked of course).
Ransomware involves a system being compromised by a bot or an individual. Protection involves continuous monitoring of potential vulnerabilities.
“Once a malicious actor gains administrative access on a system, they can then alter the boot sequence and typical encrypt sections of the disk which can only be decrypted with a valid decryption key,” Sid explains. “Ransomware will then entice them to buy the decryption key from them by paying crypto currencies. Our products and services helps enterprises continuously discover vulnerable systems that could be targeted by ransomware attacks and thus allow them to stay a step ahead.
“Further, with PureID we are advocating ditching passwords for good. Passwords remain the number 1 reason for a security breach. Our patented passwordless authentication service uses cryptography allowing multi-factor secure authentication without having to remember any passwords.”
The scale of online disruption is such that businesses need to consider 24/7 protection.
“Traditionally,” explains Sid, “security has been considered a ‘point-in-time’ activity. That is, most enterprises would commission an annual pentesting service from a vendor. The pentest will find some security vulnerabilities which may get remediated and the cycle will be repeated annually.
“There has been a huge shift in the industry and we are one of those advocating for a shift from security being a ‘point-in-time’ activity to being a ‘continuous’ process. If a new security bug is identified tomorrow, you cannot rely on a pentest due in seven months time to identify that.
“This is where a product combined with professional services comes in. Our clients will benefit from both of our offerings combined and tailored to their needs to give them continuous visibilitbilty and assurance.
“Our products and services help enterprises continuously discover vulnerable systems that could be targeted by ransomware attacks and thus allow them to stay a step ahead.
Sean adds: “We have ensured that continuous assessment is not only useful, it is affordable and also valuable across the traditional methodologies for cybersecurity consultants performing manual assessments.”