Cryptix AG’s Alexandre Horvath wants users to adopt a Zero Trust policy to secure their digital footprint

Media 7 | November 12, 2021

Alexandre Horvath, Chief Information Security & Data Protection Officer at Cryptix AG sheds light on the importance of cybersecurity in the ever-growing landscape of DLT and blockchain. Read on as he elaborates the importance of Zero Trust for data privacy and the struggle of keeping pace with GDPR compliance.

The biggest challenges for companies around data privacy are to fulfill all compliance regulations and to know their own data sovereignty

MEDIA 7: You have over a decade of leadership experience in IT security and risk management, how has the cybersecurity landscape changed in recent years?
ALEXANDRE HORVATH:
The cybersecurity landscape changed definitely a lot in recent years. While in the beginning hackers or intruders tended to operate on their own and with a clear purpose (e.g., to gain high prestige among hackers or get dedicated confidential data from a specific company), nowadays, they are more organized like a proper organization (refer to picture below) and have specialists for all dedicated tasks, while they also use more technical power (e.g., cloud CPU, Bots and AI).



M7: Cryptix AG is currently working on the research and development of DLT and blockchain. What, as a CISO, do you believe are some of the cybersecurity flaws impeding blockchain growth?
AH:
While I would rather talk about the benefits of blockchain and the increase in cybersecurity, I can reveal that the flaws of blockchain are primarily in its use.
I would focus on the following two risks on the application level and user level:

Application-level:
Risks around applications are linked to the automatic execution of smart contracts. Once rolled out on the blockchain, according to the principle of inalterability of the code, they can no longer be modified. It is therefore crucial that before being implemented, these applications are checked and audited several times by independent experts, to guarantee that they will not have unexpected behavior or contain any flaws. Hackers were able to exploit a” reentrancy” flaw in one of the smart contracts and drained several million cryptocurrencies outside an investment fund company to inject them into another smart contract over which they had control (as an outcome the need to secure the code of smart contracts was born).

User level:
Risks around users are linked to cryptocurrency leaks or theft. Some users create portfolios on non-secure exchange platforms from where their private keys can be retrieved. The pirates then take over ownership of the accounts and issue cryptocurrencies in an uncontrolled and unauthorized manner. To avoid these risks, it is thus necessary to store the tokens on secure sites and to generate private keys from computers that are not connected to the internet (e.g., cold wallets), and from standard libraries.


Zero Trust for data privacy will be the first line of defense against unauthorized data access and exfiltration.



M7: Lately, many companies have faced difficulty in keeping pace with GDPR compliance. What are the toughest challenges to international privacy compliance, in your opinion?
AH:
The biggest challenges for companies around data privacy are to fulfill all compliance regulations and to know their own data sovereignty (e.g. to know what data should be protected most, the so-called crown jewels). There are a lot of technical details which must be considered as well, like to have a proper data flow process (to know where the data lies, like at rest, in motion or in transit) or to have a proper encryption solution in place.


M7: Insider threats are also a huge challenge for firms across many industries, especially now that new remote-working arrangements are in place. How can these threats be stopped and avoided?
AH:
It’s no easy task to detect insider threats because they already have legitimate access - inadvertently or maliciously - to your organization’s data and critical resources. Getting visibility into every user account in the organization and distinguishing normal from malicious user behavior continues to be a challenge (even more with home office possibilities). Zero Trust helps organizations detect and prevent potential insider threats in real-time through identity-based segmentation and by automating risk-based conditional access. Even though security awareness training for employees incrementally lowers your risk of a data breach, initiatives like Zero Trust for your identity store can shut down many types of incursions as they happen or attempt lateral movement.

Read More: SAP's Tim Clark advises brand journalists to create stories in their own voice


Don’t just tell everyone about using password managers and a different password for each online platform. Show your users what kind of impact a credential theft can have for your company or for the victim.



M7: Speaking of insider threats, what do you believe will be the key trends likely to emerge in data privacy landscape over the next 5 years?
AH:
As the pressure from the regulators will increase in the future towards data privacy, Zero Trust strategies should be considered to be adapted rather sooner than later. The benefits of Zero Trust regarding data privacy/protection are numerous, including:

  • Continuous risk assessment
  • Data context and sensitivity awareness, for better policy enforcement
  • Enables safe access from anywhere
  • Ensures data is protected everywhere
  • Adheres to current compliance standards

Zero Trust for data privacy will be the first line of defense against unauthorized data access and exfiltration.


M7: Before we wrap up, could you give our readers some pointers on what we can integrate into our daily tech habits to prevent and be aware of eCrime?
AH:
Walk the talk by leading by example, so don’t just tell everyone about using password managers and a different password for each online platform. Show your users what kind of impact a credential theft can have for your company or for the victim her-/himself.
Be careful when using smaller devices like smartphones before clicking on an (untrusted) link due to the fact that the URL can easily be hidden. Also, in our private life, we should go more towards Zero Trust so that our digital footprint stays as secure as possible.

Read More: Arkose Labs’ CEO Kevin Gosschalk, aims to, ‘Bankrupt the business of online fraud’

ABOUT CRYPTIX AG

Cryptix AG is the central venture-building platform and umbrella for a European cluster of businesses. The company founds, promotes, and maintains subsidiaries and participations that work under one vision to create the “People’s Financial Marketplace”. The Group consists of companies in Switzerland, Austria, Slovenia and many more locations to come. Cryptix Labs GmbH, the in-house R&D centre provides technology insights focusing Blockchain and DLT.

More C-Suite on deck

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs’ CEO Kevin Gosschalk, aims to, ‘Bankrupt the business of online fraud’

Media 7 | November 11, 2021

Kevin Gosschalk, CEO, Arkose Labs introduces their innovative solutions and takes us inside their recent event ‘2021 Bankrupting Fraud Virtual Summit’. Read on to know what their marketing efforts are focused on.

Read More

'TeleSign embeds trust at every touchpoint,' assures Joseph Burton

Media 7 | December 8, 2021

Joseph Burton, Chief Executive Officer at TeleSign elaborates on Promotion Abuse, Communication Fraud, and Buy Now Pay Later Fraud. Read on to know about the biggest online financial threat for consumers and much more.

Read More

Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud

Media 7 | March 11, 2022

Glen Shok, CTO and VP Cloud Architects at Panzura, looks into his crystal ball and shares with us his predictions of the developments in the cybersecurity space. In this interview, we had the opportunity to explore novel malware tactics like ransomware and data wiper exploits, and the different solutions Panzura offers enterprises to improve their security measures. Read on to learn more about upticks in this cybersecurity landscape, and how Panzura can get businesses battle-ready against these attacks.

Read More

Arkose Labs’ CEO Kevin Gosschalk, aims to, ‘Bankrupt the business of online fraud’

Media 7 | November 11, 2021

Kevin Gosschalk, CEO, Arkose Labs introduces their innovative solutions and takes us inside their recent event ‘2021 Bankrupting Fraud Virtual Summit’. Read on to know what their marketing efforts are focused on.

Read More

Related News

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

DoControl Releases Its SaaS Security Platform on AWS Marketplace

DoControl | February 03, 2023

On February 2, 2023, DoControl, a leading automated software-as-a-service (SaaS) security provider, announced the release of its no-code SaaS security platform on AWS Marketplace, an online catalog that simplifies the provisioning, procurement, and governance of third-party data, software and services. The platform enables joint customers to better protect their business-critical assets by setting up a foundational layer of preventative data access security controls directly through the AWS Marketplace. Individual SaaS applications' native security features are usually poor and do not provide a consistent way to apply data access controls across all SaaS application types. DoControl provides a single security strategy that centralizes the enforcement of least privilege - beyond the network, identity, and device levels - across the entire estate of an enterprise's SaaS applications. Customers with AWS deployments may now use DoControl solutions to safeguard all shared data and files accessed by every identity or entity, including internal employees, third-party collaborators, and third-party OAuth applications. On average, an enterprise has approximately 200 applications in use, with hundreds or thousands of internal and external collaborators. Therefore, data security is of utmost importance across these applications (file-sharing, file storage, messaging, and so on), as breaches can result in lost revenue, severe brand damage, regulatory fines and other financial consequences. DoControl offers SaaS asset management, continuous monitoring, and automated security workflows to security and IT teams to prevent data breaches. In addition, DoControl lowers the physical toil and complexity that security and IT professionals face on a daily basis by replacing manual effort with automation. About DoControl Founded in 2020, DoControl is a No-Code SaaS Security Platform that provides organizations with automated, self-service tools needed for SaaS applications data access monitoring, orchestration, and remediation. It takes a distinctive, customer-focused approach to the labor-intensive challenge of security risk management and data exfiltration prevention in popular SaaS applications. DoControl helps lower the work overload and complexity that Security and IT teams face on a daily basis by replacing manual work with automation. The company is backed by investors, including StageOne Ventures, Insight Partners, RTP Global, Cardumen Capital, and CrowdStrike's CrowdStrike Falcon Fund.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

Spotlight

Cryptix AG

Cryptix AG

Cryptix AG is the central venture-building platform and umbrella for a European cluster of businesses. The company founds, promotes, and maintains subsidiaries and participations that work under one vision to create the “People’s Financial Marketplace”. The Group consists of companies in Switzerland...

Events

Resources

resource image

ENTERPRISE IDENTITY, ENTERPRISE SECURITY

Adobe Operational Security Overview

Whitepaper

resource image

DATA SECURITY, ENTERPRISE IDENTITY, ENTERPRISE SECURITY

Cloud Security Survey 2023: Infrastructure Protection Best Practices

Whitepaper

resource image

ENTERPRISE IDENTITY, ENTERPRISE SECURITY

Adobe Operational Security Overview

Whitepaper

resource image

DATA SECURITY, ENTERPRISE IDENTITY, ENTERPRISE SECURITY

Cloud Security Survey 2023: Infrastructure Protection Best Practices

Whitepaper

Events