No backup can land companies in serious trouble, warns Tinesh Chhaya, Founder at Decipher Cyber

Media 7 | November 15, 2021

With only a few weeks till the launch of Jenny 2.0, Tinesh Chhaya, Founder at Decipher Cyber, explores the different ways Jenny makes searching and analyzing cybersecurity vendors and service providers easier for businesses who are looking to upgrade their security systems, in this interview with Media 7. Read on to find out how businesses can make digital transformations and hybrid work environments safer from cyber-attacks.

People still write passwords down in notebooks and post-it notes.

MEDIA 7: With 17 years of experience in cybersecurity and research, what was the inspiration behind founding Jenny?
TINESH CHHAYA:
The real inspiration came from wanting to support users from within the cyber market, and outside of it, to help them make trusted and informed decisions on cyber security providers before they are bought, invested, or partnered with these companies. I wanted to build trust between users and suppliers, provide assurance and also have clarity on the information provided by the suppliers. Jenny is able to provide this, and with speed.


M7: You are four weeks away from launching Jenny V.2! Could you please shed some light on some of the latest developments on this SaaS Cyber Business Intelligence Platform?
TC:
Jenny V.1 focused on the marketing information provided by the vendor and only that. Jenny 2.0 re-enters into the market as a Cyber Business Intelligence Platform that offers a complete 360° view of security suppliers such as information on financials, the security posture of the supplier including Threat Intelligence, Third-party Risk assurance, employee information, third party review taken from global review companies, all supplier social media content and dive deep into the company collecting over 30 data points on the company, therefore providing a complete view on that supplier and allowing trust to be built easier with users.


Read More: Shaun Clark of HighLevel believes in pairing Artificial Intelligence with People Engagement


From a cyber perspective, the industry needs to ensure that the movement of digital information is regulated and monitored, protection is put in place for unauthorized access, which in turn would allow for confidentiality.



M7: How does Jenny help businesses find cybersecurity products and services that are right for them?
TC:
Jenny is like a search engine for information on security vendors. As we gather, organize, and categorize with supervised machine learning capabilities, Jenny enriches vendor information with critical profile data in near real-time. Our library science approach makes searching and analyzing vendors and service providers easier, and more natural. There is also human involvement whereby we contact the suppliers and further validate the information that Jenny has found along with asking them to furnish us with relevant information via an onboarding process.


M7: With a growing need for digital transformations, what are some of the biggest cybersecurity risks plaguing the industry?
TC:
From a cyber perspective, the industry needs to ensure that the movement of digital information is regulated and monitored, protection is put in place for unauthorized access, which in turn would allow for confidentiality. Internal security systems, security control, and technology integrity hardening would be key. Ensuring that security controls such as application vulnerability management, network security, and security monitoring would need to be considered as an organization moves along any sort of digital journey.

Read More: 'Blockchain technology's mass adoption problem can be solved by a multi-framework platform and interconnected environments' believes Yifan He


If a ransomware attack happened, you would be in serious trouble if all your data was gone in an instant.



M7: According to you, what are some of the best approaches that enterprises can adopt to improve the protection of their data in hybrid and remote working environments?
TC:
This is something that every enterprise has had to adapt and put into place since COVID-19 hit us all. For us, we started with some basics, such as enabling 2FA right across the teams to ensure we tighten up over the usual username and password efforts. Soon after, we spent time educating the teams to look out for suspicious emails, messages, and anything out of the ordinary. The main thing was for the employees to stop, think and alert our IT team if they have any concern at all before opening or pressing forward on an email, paying an invoice request from me, or even knowing who they are connecting to and through over an open WiFi network. We also asked staff to change passwords regularly which is easier said than done. People still write passwords down in notebooks and post-it notes. As a company, we back up every 15 mins, however, many companies don’t back up at all. If a ransomware attack happened, you would be in serious trouble if all your data was gone in an instant. Finally, we employ a lot of young people, and they like the freedom to be able to work flexibly and without any restrictions, so we have a rule - that they use their work devices responsibly and over lunch and breaks for personal things. 


M7: What are some of the different ways enterprises can utilize AI to drive large-scale shifts towards sustainability in their business models?
TC:
For us, Jenny helps reduce the carbon footprint. With over 9000 security global vendors, you can imagine that even with on a functional level, such as sales for example, the amount of travel each year from a client on each site leads to a lot of fuel being used. We are one of many AI-driven companies that are powered and provide our services through online, so as a collective, you can only imagine how much fuel we could save.

ABOUT DECIPHER CYBER

Decipher Cyber is the portal that provides an on-demand access to 360-degree trusted research and reviews on cyber technology vendors and service providers. Jenny 2.0, the revolutionary AI-driven platform that’s already helping thousands of users across the globe make more informed decisions on cyber. Jenny removes the risk from vendor analysis.

More THOUGHT LEADERS

Q&A with Shelton Newsham, Director and Founder at Newsham Business Solutions

Media 7 | May 12, 2021

Shelton Newsham, Director and Founder at Newsham Business Solutions, is a highly experienced board advisor, educator and public speaker and specialist in a number of areas enabling me to support management to identify risk, reduce exposure and achieve organisational objectives.He is a subject matter expert in many disciplines including process improvement, organsational assessment and information security. He has also worked closely with both UK Government agencies and international law enforcement....

Read More

Q&A with Aaron Pang, Associate Director, Business Transformation at Ernst & Young

Media 7 | July 29, 2021

Aaron Pang, Associate Director, Business Transformation at EY, created his first e-commerce business and online marketing business at age 21 and achieved over one million US revenue in the first year. In 2015, he led the home market of a global successful logistic-tech venture, Lalamove. After that, he went on to lead a three-year transformational program for a global accounting body Hong Kong Institute of Certified Public Accountants (HKICPA). He is the creator and host of the Transformative Purpose podcast, author of two books Reborn Digital and The Asian Dad....

Read More

Futurex’s Adam Cason advises, ‘To look at your data security posture with a critical eye’

Media 7 | December 1, 2021

Adam Cason, Vice President of Global and Strategic Alliances at Futurex speaks about some major cybersecurity developments retailers need to look out for in the next 5 years. Read on for his thoughts on the top security needs of brands and retailers....

Read More

Q&A with Shelton Newsham, Director and Founder at Newsham Business Solutions

Media 7 | May 12, 2021

Shelton Newsham, Director and Founder at Newsham Business Solutions, is a highly experienced board advisor, educator and public speaker and specialist in a number of areas enabling me to support management to identify risk, reduce exposure and achieve organisational objectives.He is a subject matter expert in many disciplines including process improvement, organsational assessment and information security. He has also worked closely with both UK Government agencies and international law enforcement....

Read More

Q&A with Aaron Pang, Associate Director, Business Transformation at Ernst & Young

Media 7 | July 29, 2021

Aaron Pang, Associate Director, Business Transformation at EY, created his first e-commerce business and online marketing business at age 21 and achieved over one million US revenue in the first year. In 2015, he led the home market of a global successful logistic-tech venture, Lalamove. After that, he went on to lead a three-year transformational program for a global accounting body Hong Kong Institute of Certified Public Accountants (HKICPA). He is the creator and host of the Transformative Purpose podcast, author of two books Reborn Digital and The Asian Dad....

Read More

Futurex’s Adam Cason advises, ‘To look at your data security posture with a critical eye’

Media 7 | December 1, 2021

Adam Cason, Vice President of Global and Strategic Alliances at Futurex speaks about some major cybersecurity developments retailers need to look out for in the next 5 years. Read on for his thoughts on the top security needs of brands and retailers....

Read More

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Varonis Introduces Automated Posture Management to Fix Cloud Security Risks

Varonis | January 27, 2023

On January 26, 2023, Varonis Systems, Inc., a leader in data security and analytics, announced the availability of automated posture management to assist clients in resolving security and compliance gaps spanning their SaaS and IaaS systems. Varonis continuously scans, identifies, and ranks cloud security threats, providing CISOs and compliance officers with real-time insight into their data security posture. With this new automation option, users can fix misconfigurations in applications such as Salesforce and AWS with a single click from a unified interface. According to Gartner, through 2025, 99% of cloud security breaches will be the customer's fault. CIOs can counter this by adopting and enforcing rules for cloud ownership, accountability, and risk acceptance. Varonis Field CTO, Brian Vecci, said, “Automated posture management takes the burden of understanding and remediating cloud misconfigurations off the customer.” He also said, “We stay on top of the latest configuration risks and best practices, so you don’t have to. Now, we can not only show you exactly how to improve your security posture, but we can also automatically mitigate risk on your behalf.” (Source – GlobeNewswire) This release marks a significant advancement in cloud data security. Passive data security posture management (DSPM) solutions need manual operations to generate help desk tickets for a person to review and fix in every cloud application manually. Varonis offers a uniform and automated method for minimizing the attack surface of multi-cloud environments. Automated posture management is the most recent tool introduced by Varonis to simplify data security outcomes. Varonis introduced least privilege automation for Google Drive, Microsoft 365, and Box, as well as a new data security posture management (DSPM) dashboard early this month. About Varonis Varonis is a leader in data security and analytics, waging war differently from typical cybersecurity corporations. Instead, Varonis focuses on protecting business data like: Sensitive files and emails Strategic and product plans Financial records Confidential customer, patient, and employee data In addition to data protection, Zero Trust, data governance, compliance, categorization, data privacy, and threat detection and response, Varonis solutions handle various other critical use cases. The company began operations in 2005 and has clients in the financial services, healthcare, industrial, energy and utilities, insurance, technology, media and entertainment, consumer and retail, and education industries, among others.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Filecloud Introduces the Industry First Zero Trust File Sharing℠

FileCloud | January 11, 2023

On January 10, 2023, FileCloud announced the addition of Zero Trust File Sharing, bringing another layer of hyper-security to the market's most robust content collaboration platform. The latest, Zero Trust File Sharing, enables users to collaborate securely with employees along with other personnel, including external partners, vendors and clients. This functionality extends beyond modulating share permissions or setting Data Loss Prevention (DLP) policies. Zero Trust File Sharing will become increasingly crucial for enterprises and organizations that handle sensitive or protected data, such as Personally Identifiable Information (PII) and Confidential Unclassified Information (CUI). The emergence of cloud service technologies, remote access applications, and disappearing network edges have revealed multiple vulnerabilities in perimeter-based IT security models. The Zero Trust framework, built on a system of least privilege, provides a more resilient and adaptable approach that imposes identity authentication, regardless of where or how the request for access gets derived. The U.S. Department of Defense has recently come up with a Zero Trust Strategy and Roadmap to eventually cover all U.S. government departments, which is likely to be adopted by the private sector. As a result, critical infrastructure sectors are ideal candidates for integrating Zero Trust File Sharing to protect their information systems from increasingly sophisticated cyberattacks launched by nation-states. FileCloud's Zero Trust support enables enterprises to have an added layer of security on top of FileCloud's built-in access controls. The data within the environment is secured using a Zip file structure and password protection. The user can also set a Zero Trust password and create a sharing link to a file or folder. The data remains inaccessible without this password, even with a shared direct link or in case of a data breach. Furthermore, the data remains protected by password-based encryption even if the Zero Trust protected folder is accessed via unauthorized means, including social engineering techniques. Users who access the data with the Zero Trust password will also be restricted in their ability to edit or manipulate the data contained within the Zero Trust folder based on the share permissions. About FileCloud Headquartered in Austin, Texas, FileCloud is a leading hyper-secure content collaboration platform (CCP) providing data governance, industry-leading compliance, data leak protection, data retention and digital rights management capabilities to millions of users worldwide. Its complete CCP stack includes workflow automation and granular control of content sharing across most enterprise platforms. The platform offers powerful file sharing, mobile access and synchronization capabilities on public, private, and hybrid clouds to customers, including top Global 1000 enterprises, government organizations, educational institutions and managed service providers.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Varonis Introduces Automated Posture Management to Fix Cloud Security Risks

Varonis | January 27, 2023

On January 26, 2023, Varonis Systems, Inc., a leader in data security and analytics, announced the availability of automated posture management to assist clients in resolving security and compliance gaps spanning their SaaS and IaaS systems. Varonis continuously scans, identifies, and ranks cloud security threats, providing CISOs and compliance officers with real-time insight into their data security posture. With this new automation option, users can fix misconfigurations in applications such as Salesforce and AWS with a single click from a unified interface. According to Gartner, through 2025, 99% of cloud security breaches will be the customer's fault. CIOs can counter this by adopting and enforcing rules for cloud ownership, accountability, and risk acceptance. Varonis Field CTO, Brian Vecci, said, “Automated posture management takes the burden of understanding and remediating cloud misconfigurations off the customer.” He also said, “We stay on top of the latest configuration risks and best practices, so you don’t have to. Now, we can not only show you exactly how to improve your security posture, but we can also automatically mitigate risk on your behalf.” (Source – GlobeNewswire) This release marks a significant advancement in cloud data security. Passive data security posture management (DSPM) solutions need manual operations to generate help desk tickets for a person to review and fix in every cloud application manually. Varonis offers a uniform and automated method for minimizing the attack surface of multi-cloud environments. Automated posture management is the most recent tool introduced by Varonis to simplify data security outcomes. Varonis introduced least privilege automation for Google Drive, Microsoft 365, and Box, as well as a new data security posture management (DSPM) dashboard early this month. About Varonis Varonis is a leader in data security and analytics, waging war differently from typical cybersecurity corporations. Instead, Varonis focuses on protecting business data like: Sensitive files and emails Strategic and product plans Financial records Confidential customer, patient, and employee data In addition to data protection, Zero Trust, data governance, compliance, categorization, data privacy, and threat detection and response, Varonis solutions handle various other critical use cases. The company began operations in 2005 and has clients in the financial services, healthcare, industrial, energy and utilities, insurance, technology, media and entertainment, consumer and retail, and education industries, among others.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY,END POINT PROTECTION

Wallarm Announces the Early Release of Its Enhanced API Security Technology

Wallarm | January 23, 2023

Wallarm, a leading end-to-end API security provider, has recently announced the early release of the Wallarm API leak management solution, an improved API security technology designed to assist organizations in identifying and remediating attacks exploiting leaked API keys and secrets while also providing ongoing protection against hacks in the event of a leak. Given the recent increase in hacks involving leaked API keys and other API secrets, Wallarm developed the API leak management solution in order to give a comprehensive solution for this issue by automatically detecting leaked API keys and secrets, implementing controls to prevent their use, and protecting against any follow-on attacks. As a result, it prohibits unwanted access to sensitive data within enterprises while also protecting their internal operations and customers from unauthorized use of that data. With the average cost of an API leak incident being $1.2 million per year, protecting API keys is a security and financial need. However, as locating and revoking API keys is both time-consuming and resource-intensive, Wallarm's proactive API leak management solution focuses on automated detection, remediation, and control using a three-pronged approach: Detect - Wallarm automatically searches public sources for leaked API secrets, which hackers can discover and exploit in under a minute. Remediate - Regardless of protocol, Wallarm immediately blocks requests that use compromised API secrets across the entire API portfolio. Control - Wallarm also continuously monitors and prevents the use of leaked API secrets. The Wallarm API leak management solution is the first of its kind in the API security space and is coupled with other Wallarm capabilities such as API threat prevention, API discovery and cloud-native WAAP. Wallarm’s API security platform provides customers with full-spectrum visibility, detection, and security for their entire web application and API portfolio, regardless of protocol or environment. This minimizes tool sprawl and costs while also increasing risk management and fostering innovation. About Wallarm Wallarm, founded in 2016, provides End-to-End API Security solutions to safeguard web applications, APIs, microservices, and serverless workloads in cloud-native environments. With its commitment to developing the cybersecurity industry, it has designed a new security platform to defend tech firms and Global 2000 enterprises throughout their journey from their legacy apps to APIs in cloud-native infrastructures. Hundreds of Security and DevOps teams use Wallarm to discover all of their web apps and API endpoints, traffic flows, and sensitive data consumption for total visibility, secure their whole API portfolio against emerging risks, and respond to incidents automatically for better risk management.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Filecloud Introduces the Industry First Zero Trust File Sharing℠

FileCloud | January 11, 2023

On January 10, 2023, FileCloud announced the addition of Zero Trust File Sharing, bringing another layer of hyper-security to the market's most robust content collaboration platform. The latest, Zero Trust File Sharing, enables users to collaborate securely with employees along with other personnel, including external partners, vendors and clients. This functionality extends beyond modulating share permissions or setting Data Loss Prevention (DLP) policies. Zero Trust File Sharing will become increasingly crucial for enterprises and organizations that handle sensitive or protected data, such as Personally Identifiable Information (PII) and Confidential Unclassified Information (CUI). The emergence of cloud service technologies, remote access applications, and disappearing network edges have revealed multiple vulnerabilities in perimeter-based IT security models. The Zero Trust framework, built on a system of least privilege, provides a more resilient and adaptable approach that imposes identity authentication, regardless of where or how the request for access gets derived. The U.S. Department of Defense has recently come up with a Zero Trust Strategy and Roadmap to eventually cover all U.S. government departments, which is likely to be adopted by the private sector. As a result, critical infrastructure sectors are ideal candidates for integrating Zero Trust File Sharing to protect their information systems from increasingly sophisticated cyberattacks launched by nation-states. FileCloud's Zero Trust support enables enterprises to have an added layer of security on top of FileCloud's built-in access controls. The data within the environment is secured using a Zip file structure and password protection. The user can also set a Zero Trust password and create a sharing link to a file or folder. The data remains inaccessible without this password, even with a shared direct link or in case of a data breach. Furthermore, the data remains protected by password-based encryption even if the Zero Trust protected folder is accessed via unauthorized means, including social engineering techniques. Users who access the data with the Zero Trust password will also be restricted in their ability to edit or manipulate the data contained within the Zero Trust folder based on the share permissions. About FileCloud Headquartered in Austin, Texas, FileCloud is a leading hyper-secure content collaboration platform (CCP) providing data governance, industry-leading compliance, data leak protection, data retention and digital rights management capabilities to millions of users worldwide. Its complete CCP stack includes workflow automation and granular control of content sharing across most enterprise platforms. The platform offers powerful file sharing, mobile access and synchronization capabilities on public, private, and hybrid clouds to customers, including top Global 1000 enterprises, government organizations, educational institutions and managed service providers.

Read More

Spotlight

Decipher Cyber

The portal that provides an on-demand access to 360-degree trusted research and reviews on cyber technology vendors and service providers. Jenny 2.0, the revolutionary AI-driven platform that’s already helping thousands of users across the globe make more informed decisions on cyber. Jenny removes t...

Events

Resources