SaaS Ventures takes the investment road less traveled

Most venture capital firms are based in hubs like Silicon Valley, New York City and Boston. These firms nurture those ecosystems and they’ve done well, but SaaS Ventures decided to go a different route: it went to cities like Chicago, Green Bay, Wisconsin and Lincoln, Nebraska.

The firm looks for enterprise-focused entrepreneurs who are trying to solve a different set of problems than you might find in these other centers of capital, issues that require digital solutions but might fall outside a typical computer science graduate’s experience.

Saas Ventures looks at four main investment areas: trucking and logistics, manufacturing, e-commerce enablement for industries that have not typically gone online and cybersecurity, the latter being the most mainstream of the areas SaaS Ventures covers.

The company’s first fund, which launched in 2017, was worth $20 million, but SaaS Ventures launched a second fund of equal amount earlier this month. It tends to stick to small-dollar-amount investments, while partnering with larger firms when it contributes funds to a deal.

We talked to Collin Gutman, founder and managing partner at SaaS Ventures, to learn about his investment philosophy, and why he decided to take the road less traveled for his investment thesis.

A different investment approach

Gutman’s journey to find enterprise startups in out of the way places began in 2012 when he worked at an early enterprise startup accelerator called Acceleprise. “We were really the first ones who said enterprise tech companies are wired differently, and need a different set of early-stage resources,” Gutman told TechCrunch.

Through that experience, he decided to launch SaaS Ventures in 2017, with several key ideas underpinning the firm’s investment thesis: after his experience at Acceleprise, he decided to concentrate on the enterprise from a slightly different angle than most early-stage VC establishments.

Collin Gutman from SaaS Ventures

Collin Gutman, founder and managing partner at SaaS Ventures (Image Credits: SaaS Ventures)

The second part of his thesis was to concentrate on secondary markets, which meant looking beyond the popular startup ecosystem centers and investing in areas that didn’t typically get much attention. To date, SaaS Ventures has made investments in 23 states and Toronto, seeking startups that others might have overlooked.

“We have really phenomenal coverage in terms of not just geography, but in terms of what’s happening with the underlying businesses, as well as their customers,” Gutman said. He believes that broad second-tier market data gives his firm an upper hand when selecting startups to invest in. More on that later.

How Ransomware Attacks Are Threatening Our Critical Infrastructure

Threat actors are increasingly targeting critical infrastructure with ransomware, according to independent reports recently. In February, a natural gas compression facility was attacked by ransomware, forcing it to shut operations for two days. Healthcare companies and research labs have been aggressively targeted since the onset of the COVID-19 pandemic. And now, a new academic project from Temple University in Philadelphia tracking ransomware attacks on critical infrastructure over the last seven years shows that 2019 and 2020 saw a sharp increase, accounting for more than half of all reported incidents over the entire period. In this post, we look at the latest data and explore how such attacks can be prevented.

What is Critical Infrastructure?

According to CISA (the Cybersecurity & Infrastructure Security Agency), “critical infrastructure” is the “assets, systems, and networks” that are vital to the functioning of the economy, public health and national security. Attacks that affect critical infrastructure risk having “debilitating effects” on the country’s ability to function.

CISA says critical infrastructure is spread over 16 sectors, namely: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Defense, Education, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare, Information Technology, Nuclear, Transportation, and Water systems.

That’s a considerable attack surface that is made all the more vulnerable by the fact that organizations in many of those sectors are public-funded and often lack both the budget and the expertise of large, well-resourced private enterprises. The spate of ransomware attacks since 2018 on hospitals, schools and cities like Atlanta, Greenville, Baltimore and Riviera Beach City Council being some of the more high-profile cases in point.

How Frequent Are Ransomware Attacks on Critical Infrastructure?

Ransomware attacks on critical infrastructure have risen dramatically in the last two years, and all the indications are that this is a trend that will continue as ransomware tools and RaaS offerings become increasingly available and lower the bar to entry for cyber criminals without technical skills of their own.

Over the last 7 years, the public data collated by Temple University shows that there have been almost 700 ransomware attacks on critical infrastructure; that’s an average of just under 100 per year, but in fact over half of those have occurred since 2019. 440 attacks in less than two years (we’ve still around four months more of data to collect for 2020) presently equates to around 5 critical infrastructure ransomware attacks every week.

The attacks cut across all CI sectors, from food and agriculture to manufacturing, public health and even education. The defense sector has also been targeted, and so too, worryingly in one case, has the nuclear industry.

By far most ransomware attacks on critical infrastructure in recent years have targeted government-run facilities, with 199 reporting ransomware attacks. Education is not far behind that with 106 reports, followed by 61 reported ransomware incidents targeting Emergency Services.

Who Is Responsible for Attacks on Critical Infrastructure?

Attacks against critical infrastructure targets have become increasingly frequent with the prevalence of off-the-shelf ransomware tools like Netwalker sold on the darknet. It’s no surprise to see Maze top of the list of ransomware used in such attacks, as Maze has been on something of a rampage over the last 12 months or so, bringing with it the threat not only of encrypting data but also exfiltrating it to use as leverage against victims unwilling to pay.

It’s a tactic that’s been copied by REvil, Snatch, Netwalker, DoppelPaymer, Nemty and other ransomware operators. The general strategy is: don’t rely on your backups or technical solutions to get you out of trouble, because if you do we’ll just sell or publicise your IP and confidential data anyway.

SentinelOne versus the Maze Ransomware

Aside from Maze, which reportedly was used in at least 57 incidents against critical infrastructure, Wannacry’s “15 minutes of fame” led to it accounting for some 33 attacks on businesses in the 16 essential sectors, the same number as each of the more recent and still ubiquitous Ryuk and Revil/Sodinokibi ransomware strains.

Other ransomware strains reportedly involved in critical infrastructure attacks include DoppelPaymer (12), Netwalker (11), BitPaymer (8), CryptoLocker (7) and CryptoWall (5).

How Much Does A Critical Infrastructure Ransomware Attack Cost?

Unlike APTs and nation-state actors who may look for inroads into critical infrastructure for espionage or sabotage, cyber criminals using ransomware are typically interested in one thing: the financial pay off. To that end, the amount of ransom demanded in 13 recorded cases exceeded 5 million dollars, with another 13 recorded as between $1m and $5m. Some 31 ransomware incidents demanded $1m or less, while 66 sought $50,000 or less.

As noted above, the prevalence of ransomware has increased proportionally to its availability to technically low-level, likely “first-time” cyber criminals. This is evidenced by statistics showing that 54 ransomware attacks against critical infrastructure targets demanded $1,000 or less. Possibly, these actors had taken a “shotgun” or “scattergun” approach to infect random targets and were not fully aware of the nature of the organization they had compromised. Also, some RaaS tools set a fairly low ransom limit on first-time buyers and newbies “trying out” the software to entice these actors to pay for “premium services” after getting a taste of success.

What is the True Cost of a Ransomware Attack? | 6 Factors to Consider
The ransom demand may be the headline figure, but it’s not the only, or the biggest, cost to bear.

How Can We Protect Critical Infrastructure Against Ransomware?

With the nature of modern ransomware attacks now being to exfiltrate data as well as encrypt files, the key to ransomware defense is prevention; in other words, preventing the attackers from getting in where possible, and detecting and blocking them as early as possible in the threat lifecycle where not.

This requires, first and foremost, visibility into your network. What devices are connected and what are they? Discovery and fingerprinting through both active and passive discovery are a prerequisite for defending against intruders. It’s also important to control access, harden configurations and mitigate vulnerabilities through frequent patching. Enforcing VPN connectivity, mandatory disk encryption, and port control will also reduce the attack surface for ransomware.

Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

Email and phishing are still the main entry vector for ransomware, so a good and frequent training program with simulations is important. On top of that, ensure that even if users are compromised, they only have access to services and resources necessary for their work.

These are all good measures that should stop opportunistic attacks, but determined threat actors targeting critical infrastructure will find ways around these. That’s why a proven EDR solution that stops attacks early is essential.

Conclusion

The increase in ransomware attacks on critical infrastructure is a major concern. Once the target solely of nation-state actors that would rarely execute “noisy” attacks which could reveal their presence, businesses and organizations within the 16 sectors of critical infrastructure are now seen as prime targets for ransomware operators. Disrupting and potentially damaging vital equipment, networks, assets and services means cyber criminals have a better chance of getting a payout. With data leakage and regulatory fines also a factor, it’s vital that these attacks are stopped in their tracks. If you would like to see how the autonomous SentinelOne platform can help protect your organization against ransomware attacks, contact us today or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Narrator raises $6.2M for a new approach to data modelling that replaces star schema

Snowflake went public this week, and in a mark of the wider ecosystem that is evolving around data warehousing, a startup that has built a completely new concept for modelling warehoused data is announcing funding. Narrator — which uses an 11-column ordering model rather than standard star schema to organise data for modelling and analysis — has picked up a Series A round of $6.2 million, money that it plans to use to help it launch and build up users for a self-serve version of its product.

The funding is being led by Initialized Capital along with continued investment from Flybridge Capital Partners and Y Combinator — where the startup was in a 2019 cohort — as well as new investors, including Paul Buchheit.

Narrator has been around for three years, but its first phase was based around providing modelling and analytics directly to companies as a consultancy, helping companies bring together disparate, structured data sources from marketing, CRM, support desks and internal databases to work as a unified whole. As consultants, using an earlier build of the tool that it’s now launching, the company’s CEO Ahmed Elsamadisi said he and others each juggled queries “for eight big companies single-handedly,” while deep-dive analyses were done by another single person.

Having validated that it works, the new self-serve version aims to give data scientists and analysts a simplified way of ordering data so that queries, described as actionable analyses in a story-like format — or “Narratives,” as the company calls them — can be made across that data quickly — hours rather than weeks — and consistently. (You can see a demo of how it works below provided by the company’s head of data, Brittany Davis.)

The new data-as-a-service is also priced in SaaS tiers, with a free tier for the first 5 million rows of data, and a sliding scale of pricing after that based on data rows, user numbers and Narratives in use.

Image Credits: Narrator

Elsamadisi, who co-founded the startup with Matt Star, Cedric Dussud and Michael Nason, said that data analysts have long lived with the problems with star schema modelling (and by extension the related format of snowflake schema), which can be summed up as “layers of dependencies, lack of source of truth, numbers not matching and endless maintenance,” he said.

“At its core, when you have lots of tables built from lots of complex SQL, you end up with a growing house of cards requiring the need to constantly hire more people to help make sure it doesn’t collapse.”

(We)Work Experience

It was while he was working as lead data scientist at WeWork — yes, he told me, maybe it wasn’t actually a tech company, but it had “tech at its core” — that he had a breakthrough moment of realising how to restructure data to get around these issues.

Before that, things were tough on the data front. WeWork had 700 tables that his team was managing using a star schema approach, covering 85 systems and 13,000 objects. Data would include information on acquiring buildings, to the flows of customers through those buildings, how things would change and customers might churn, with marketing and activity on social networks, and so on, growing in line with the company’s own rapidly scaling empire.  All of that meant a mess at the data end.

“Data analysts wouldn’t be able to do their jobs,” he said. “It turns out we could barely even answer basic questions about sales numbers. Nothing matched up, and everything took too long.”

The team had 45 people on it, but even so it ended up having to implement a hierarchy for answering questions, as there were so many and not enough time to dig through and answer them all. “And we had every data tool there was,” he added. “My team hated everything they did.”

The single-table column model that Narrator uses, he said, “had been theorised” in the past but hadn’t been figured out.

The spark, he said, was to think of data structured in the same way that we ask questions, where — as he described it — each piece of data can be bridged together and then also used to answer multiple questions.

“The main difference is we’re using a time-series table to replace all your data modelling,” Elsamadisi explained. “This is not a new idea, but it was always considered impossible. In short, we tackle the same problem as most data companies to make it easier to get the data you want but we are the only company that solves it by innovating on the lowest-level data modelling approach. Honestly, that is why our solution works so well. We rebuilt the foundation of data instead of trying to make a faulty foundation better.”

Narrator calls the composite table, which includes all of your data reformatted to fit in its 11-column structure, the Activity Stream.

Elsamadisi said using Narrator for the first time takes about 30 minutes, and about a month to learn to use it thoroughly. “But you’re not going back to SQL after that, it’s so much faster,” he added.

Narrator’s initial market has been providing services to other tech companies, and specifically startups, but the plan is to open it up to a much wider set of verticals. And in a move that might help with that, longer term, it also plans to open source some of its core components so that third parties can build data products on top of the framework more quickly.

As for competitors, he says that it’s essentially the tools that he and other data scientists have always used, although “we’re going against a ‘best practice’ approach (star schema), not a company.” Airflow, DBT, Looker’s LookML, Chartio’s Visual SQL, Tableau Prep are all ways to create and enable the use of a traditional star schema, he added. “We’re similar to these companies — trying to make it as easy and efficient as possible to generate the tables you need for BI, reporting and analysis — but those companies are limited by the traditional star schema approach.”

So far the proof has been in the data. Narrator says that companies average around 20 transformations (the unit used to answer questions) compared to hundreds in a star schema, and that those transformations average 22 lines compared to 1,000+ lines in traditional modelling. For those that learn how to use it, the average time for generating a report or running some analysis is four minutes, compared to weeks in traditional data modelling. 

“Narrator has the potential to set a new standard in data,” said Jen Wolf, ​Initialized Capital COO and partner and new Narrator board member​, in a statement. “We were amazed to see the quality and speed with which Narrator delivered analyses using their product. We’re confident once the world experiences Narrator this will be how data analysis is taught moving forward.”

APAC cloud infrastructure revenue reaches $9B in Q2 with Amazon leading the way

When you look at the Asia-Pacific (APAC) regional cloud infrastructure numbers, it would be easy to think that one of the Chinese cloud giants, particularly Alibaba, would be the leader in that geography, but new numbers from Synergy Research show Amazon leading across the region overall, which generated $9 billion in revenue in Q2.

The only exception to Amazon’s dominance was in China, where Alibaba leads the way with Tencent and Baidu coming in second and third, respectively. As Synergy’s John Dinsdale points out, China has its own unique market dynamics, and while Amazon leads in other APAC sub-regions, it remains competitive.

“China is a unique market and remains dominated by local companies, but beyond China there is strong competition between a range of global and local companies. Amazon is the leader in four of the five sub-regions, but it is not the market leader in every country,” he explained in a statement.

APAC Cloud Infrastructure leaders chart from Synergy Research

Image Credits: Synergy Research

The $9 billion in revenue across the region in Q2 represents less than a third of the more than $30 billion generated in the worldwide market in the quarter, but the APAC cloud market is still growing at more than 40% per year. It’s also worth pointing out as a means of comparison that Amazon alone generated more than the entire APAC region, with $10.81 billion in cloud infrastructure revenue in Q2.

While Dinsdale sees room for local vendors to grow, he says that the global nature of the cloud market in general makes it difficult for these players to compete with the largest companies, especially as they try to expand outside their markets.

“The challenge for local players is that in most ways cloud is a truly global market, requiring global presence, leading edge technology, strong brand name and credibility, extremely deep pockets and a long-term focus. For any local cloud companies looking to expand significantly beyond their home market, that is an extremely challenging proposition,” Dinsdale said in a statement.

Perigee infrastructure security solution from former NSA employee moves into public beta

Perigee founder Mollie Breen used to work for NSA where she built a security solution to help protect the agency’s critical infrastructure. She spent the last two years at Harvard Business School talking to Chief Information Security Officers (CISOs) and fine-tuning that idea she started at NSA into a commercial product.

Today, the solution that she built moves into public beta and will compete at TechCrunch Disrupt Battlefield with other startups for $100,000 and the Disrupt Cup.

Perigree helps protect things like heating and cooling systems or elevators that may lack patches or true security, yet are connected to the network in a very real way. It learns what normal behavior looks like from an operations system when it interacts with the network, such as what systems it interacts with and which individual employees tend to access it. It can then determine when something seems awry and stop an anomalous activity before it reaches the network. Without a solution like the one Breen has built, these systems would be vulnerable to attack.

Perigee is a cloud-based platform that creates a custom firewall for every device on your network,” Breen told TechCrunch. “It learns each device’s unique behavior, the quirks of its operational environment and how it interacts with other devices to prevent malicious and abnormal usage while providing analytics to boost performance.”

Perigee HVAC fan dashboard view

Image Credits: Perigee

One of the key aspects of her solution is that it doesn’t require an agent, a small piece of software on the device, to make it work. Breen says this is especially important since that approach doesn’t scale across thousands of devices and can also introduce bugs from the agent itself. What’s more, it can use up precious resources on these devices if they can even support a software agent.

“Our sweet spot is that we can protect those thousands of devices by learning those nuances and we can do that really quickly, scaling up to thousands of devices with our generalized model because we take this agentless-based approach,” she said.

By creating these custom firewalls, her company is able to place security in front of the device preventing a hacker from using it as a vehicle to get on the network.

“One thing that makes us fundamentally different from other companies out there is that we sit in front of all of these devices as a shield,” she said. That essentially stops an attack before it reaches the device.

While Breen acknowledges that her approach can add a small bit of latency, it’s a tradeoff that CISOs have told her they are willing to make to protect these kinds of operational systems from possible attacks. Her system is also providing real-time status updates on how these devices are operating, giving them centralized device visibility. If there are issues found, the software recommends corrective action.

It’s still very early for her company, which Breen founded last year. She has raised an undisclosed amount of pre-seed capital. While Perigee is pre-revenue with just one employee, she is looking to add paying customers and begin growing the company as she moves into a wider public beta.

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Image: FBI

Charging documents say the seven men are part of a hacking group known variously as “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider.” Once inside of a target organization, the hackers stole source code, software code signing certificates, customer account data and other information they could use or resell.

APT41’s activities span from the mid-2000s to the present day. Earlier this year, for example, the group was tied to a particularly aggressive malware campaign that exploited recent vulnerabilities in widely-used networking products, including flaws in Cisco and D-Link routers, as well as Citrix and Pulse VPN appliances. Security firm FireEye dubbed that hacking blitz “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

The government alleges the group monetized its illicit access by deploying ransomware and “cryptojacking” tools (using compromised systems to mine cryptocurrencies like Bitcoin). In addition, the gang targeted video game companies and their customers in a bid to steal digital items of value that could be resold, such as points, powers and other items that could be used to enhance the game-playing experience.

APT41 was known to hide its malware inside fake resumes that were sent to targets. It also deployed more complex supply chain attacks, in which they would hack a software company and modify the code with malware.

“The victim software firm — unaware of the changes to its product, would subsequently distribute the modified software to its third-party customers, who were thereby defrauded into installing malicious software code on their own computers,” the indictments explain.

While the various charging documents released in this case do not mention it per se, it is clear that members of this group also favored another form of supply chain attacks — hiding their malware inside commercial tools they created and advertised as legitimate security software and PC utilities.

One of the men indicted as part of APT41 — now 35-year-old Tan DaiLin — was the subject of a 2012 KrebsOnSecurity story that sought to shed light on a Chinese antivirus product marketed as Anvisoft. At the time, the product had been “whitelisted” or marked as safe by competing, more established antivirus vendors, although the company seemed unresponsive to user complaints and to questions about its leadership and origins.

Tan DaiLin, a.k.a. “Wicked Rose,” in his younger years. Image: iDefense

Anvisoft claimed to be based in California and Canada, but a search on the company’s brand name turned up trademark registration records that put Anvisoft in the high-tech zone of Chengdu in the Sichuan Province of China.

A review of Anvisoft’s website registration records showed the company’s domain originally was created by Tan DaiLin, an infamous Chinese hacker who went by the aliases “Wicked Rose” and “Withered Rose.” At the time of story, DaiLin was 28 years old.

That story cited a 2007 report (PDF) from iDefense, which detailed DaiLin’s role as the leader of a state-sponsored, four-man hacking team called NCPH (short for Network Crack Program Hacker). According to iDefense, in 2006 the group was responsible for crafting a rootkit that took advantage of a zero-day vulnerability in Microsoft Word, and was used in attacks on “a large DoD entity” within the USA.

“Wicked Rose and the NCPH hacking group are implicated in multiple Office based attacks over a two year period,” the iDefense report stated.

When I first scanned Anvisoft at Virustotal.com back in 2012, none of the antivirus products detected it as suspicious or malicious. But in the days that followed, several antivirus products began flagging it for bundling at least two trojan horse programs designed to steal passwords from various online gaming platforms.

Security analysts and U.S. prosecutors say APT41 operated out of a Chinese enterprise called Chengdu 404 that purported to be a network technology company but which served a legal front for the hacking group’s illegal activities, and that Chengdu 404 used its global network of compromised systems as a kind of dragnet for information that might be useful to the Chinese Communist Party.

Chengdu404’s offices in China. Image: DOJ.

“CHENGDU 404 developed a ‘big data’ product named ‘SonarX,’ which was described…as an ‘Information Risk Assessment System,’” the government’s indictment reads. “SonarX served as an easily searchable repository for social media data that previously had been obtained by CHENGDU 404.”

The group allegedly used SonarX to search for individuals linked to various Hong Kong democracy and independence movements, and snoop on a U.S.-backed media outlet that ran stories examining the Chinese government’s treatment of Uyghur people living in its Xinjian region.

As noted by TechCrunch, after the indictments were filed prosecutors said they obtained warrants to seize websites, domains and servers associated with the group’s operations, effectively shutting them down and hindering their operations.

“The alleged hackers are still believed to be in China, but the allegations serve as a ‘name and shame’ effort employed by the Justice Department in recent years against state-backed cyber attackers,” wrote TechCrunch’s Zack Whittaker.

The C-suite Guide to Cyber Safety | 7 Steps to Securing Your Organization

Some cyber attacks, particularly those like the spate of ransomware incidents that seem to be never-ending at present, have some very visible consequences for organizations: outage of customer-facing services, loses in productivity, revenue, and reputation, not to mention the costs of remediation (like, say, paying the ransom), possible data leakages and even regulatory fines. However, it’s not just damage to the organization that such cyber incidents can cause, it can also get personal. Beginning with the famous “Target Breach”, moving on to Home Depot, Sony, the Equifax breach and the Imperva breach, several CEOs have been held responsible and forced to resign after highly damaging cyber incidents.

It might be assumed that the CISO would be the one primarily in the hot seat for such failures, but industry analysts Gartner say that future cyber attacks could result in “personal liability” for 75% of CEOs by 2024. In short, the entire C-suite needs to prepare for the consequences of a successful cyber attack, which can damage both the business and the careers of those tasked with ensuring the organization’s security.

Risk, Regulation and Evolving Threat Actors

Until very recently, companies could have kept cyber incidents and data breaches under the radar and away from the public eye. However, advancements in regulation, public sentiment and the nature of cyber attacks have changed all that.

HIPAA, GDPR, CCPA, NYC DFS and a host of other data breach notification and privacy regulations have made it impossible for companies to legally hide the fact that they have suffered a major cyber incident. Companies and individuals that try to downplay this could be caught and penalized, as was the case with former CISO of Uber who is now charged with obstruction of justice. He allegedly tried to cover up a 2016 hack that compromised the data of millions of users and drivers and present it as a security penetration testing exercise (while allegedly paying the actual hackers to go away).

The nature of attacks has also changed. Modern ransomware attacks are now exfiltrating huge data sets before encrypting and announcing to the world that their victim has been hit. The cyber criminals threaten to publish or sell the stolen data if their ransom demands are not met. In many cases, this means that the public will almost certainly become aware of the incident, at which point it only harms the victim’s reputation further if they continue to deny it or refuse to even make a public comment on it. Moreover, as the public have become increasingly aware of just how much data – and how sensitive it can be – is held about them, there is increasing anger at companies and organizations accused of having lax security practices. Many consumers now indicate that organizations should be held accountable for security negligence: A recent survey found that 35% of UK consumers see the CEO as personally responsible in case of a cyber incident.

It’s no surprise, then, that cases of executives being held personally accountable for such incidents are not hard to find. The CEO of Austrian aerospace parts maker FACC was fired after the company was hit by cyber fraud that cost it some $47 million. The details are murky, but it has the hallmarks of a classic Business Email compromise: someone very senior within FACC, perhaps the CEO, was approached by email from a business partner or vendor and approved a wire transfer directly to the fraudsters. After the transfer was made, it was discovered that the actual partner never approached the company and the money was gone, costing both the CEO and the CFO their jobs.

In other cases, executives have been held accountable because cyber is now considered a fundamental business operation. For example, after the SingHealth data breach, the CEO and 4 other senior managers were fined due to their “collective leadership responsibility”.

Seven Steps to Secure Your Organization

It’s famously been said that “Cyber is hard”, but there is a well-defined path to enterprise security that responsible organizations can follow, limiting both the risk of and the fallout from a security breach.

  1. Assess Your Security Posture – The first step to consider is the status of the organization’s security posture. The C-suite (CIO, CSO, CISO) needs to have a clear and updated understanding of the organization’s security apparatus, including staffing levels, training, systems and procedures, incident response and business continuity. Are you still relying on legacy AV solutions that are easily bypassed by today’s threat actors? Who is tasked with threat hunting, and how often? What does your Incident Response procedure look like today? In the heightened security environment we now face, when threat actors from script kiddies to APTs are able to access and wield sophisticated malware, it is imperative to have a clear understanding of your current security posture.
  1. Conduct a Cyber Risk Assessment – The CEO and C-level executives need to understand the nature of the cyber threats the organization faces. There are plenty of tools available for risk assessment, including using industry benchmarks, government and law enforcement agencies recommendations and threat intelligence feeds. The risk assessment should also include regulatory and commercial risks such as reputation loss due to cyber attack.
Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

  1. Develop a Business-wide Security Plan –  With a clear understanding of the threats facing your organization and your current security stance, it is possible to assess where the organization fares well and where there is room for improvement. It is vital to have a plan to address these gaps according to the organizations’ risk appetite. The plan should include a modern EDR platform, Incident Response and mitigation capabilities, backup systems and business continuity procedures.
  1. Allocate Sufficient Resources – After formulating and approving a security plan, the appropriate staffing, organizational and financial resources must be allocated. This is critical. A plan that calls for human resources you don’t have and don’t make provision to supply is not so much a plan but wishful thinking. A plan that cannot be implemented because it requires structural changes that the organization is not willing to make is merely a wasted thought experiment. A plan that lacks a fully-worked out and approved budget suggests there was no real will or intent to facilitate change. None of this is going to look good when stakeholders start apportioning blame in post-incident analysis.
  1. Practice Continued Oversight – The implementation of a well-thought out, sufficiently-resourced plan must be accompanied with monitoring and reporting to senior management. A contingency plan that was only partially implemented, not implemented as intended, or that (in practice) was not as “fit for purpose” as it seemed on paper, may be worse than no plan at all. Security executives should also monitor business operations development and how operational changes might impact the security plan. For instance, the sudden shift to working from home has markedly changed the risks organizations face, but how many business have updated their security planning and solutions to take that into consideration?
Cybersecurity for the remote workforce
Every threat. Every device. Every second.

  1. Engage an External Audit – It is advisable to introduce an external audit in order to validate the CISO’s plan and its execution. The benefits here include a non-partisan, objective look at your preparedness and compliance that can not only provide internal confidence that you are doing the right thing, but it can also be a vital part of rapidly rebuilding external confidence after a security breach.
  1. Rinse and Repeat – By the end of the period (fiscal year, calendar year, quarter) it is imperative to assess the success of the plan and decide if to continue with its implementation or make changes. Plenty of organizations thought they had a great plan in place, only to find a threat actor had repeatedly breached their defenses for months on end.

How To Respond When a Cyber Attack Happens

But executives are not only measured by how well they plan and let their people execute. They are also measured by how well they respond to crisis. When a crisis hits, it is best to act according to the predefined plan. If there isn’t one, bring in experts in Incident Response and crisis management as soon as possible.

It is imperative to communicate the situation promptly and openly with the board, employees, customers and the media. Organizations that react quickly, honestly and transparently usually receive the support of all these factions, and the mistakes (if there were any) are often quickly forgiven.

For example, Q&A site Quora suffered a data breach in late 2018, effecting approximately 100 million Quora users. The CEO responded quickly, publishing a very transparent blog post and notifying all users via email of how the breach affected stakeholders. The company then set up a dedicated Q&A site with timely updates to users as the situation unfolded.

Conclusion

Securing your organization against today’s cyber threats is a business imperative. Long gone are the days when management only needed to hire an IT admin to install an off-the-shelf antivirus, erect a firewall around the network perimeter and sit back and think about “more important” things. In today’s world of cloud computing with containerized workloads, a remote workforce, and a dizzying array of unsecured IoT devices jumping on and off your network, combined with the exponential growth and sophistication of cyber attacks and cyber attackers, security is not only the C-suite’s responsibility, it may be their number one priority.

If you’d like to see how the SentinelOne platform can meet your organization’s security needs without stretching your resources, contact us or request a free demo.

The Key Measures of MITRE ATT&CK 2020
SentinelOne’s performance in MITRE ATT&CK 2020 is EDR at its finest


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

User-generated e-learning site Kahoot acquires Actimo for up to $33M to double down on corporate sector

Norwegian company Kahoot originally made its name with a platform that lets educators and students create and share game-based online learning lessons, in the process building up a huge public catalogue of gamified lessons created by its community. Today the startup — now valued at more than $2 billion — is announcing an acquisition to give a boost to another segment of its business: corporate customers.

Kahoot has acquired Danish startup Actimo, which provides a platform for businesses to train and engage with employees. Kahoot said that the purchase is being made with a combination of cash and shares, and works out to a total enterprise value of between $26 million and $33 million for the smaller company, with the sale expected to be completed in October 2020.

It may sound like a modest sum in a tech market where companies are currently and regularly seeing paper valuations in the hundreds of millions at Series A stage, but it also presents a different kind of trajectory both for founders and their investors.

This is actually a strong exit for Actimo, which had raised less than $500,000, according to data from PitchBook. And it puts Actimo under the wing of a company that has been scaling globally fast, finding — like others in the areas of online education and remote working — that the current state of social distancing due to COVID-19 is resulting in a boost to its business.

To give you an idea of the scale and growth of Kahoot, the company says that currently it has over 1 billion “participating players,” on top of some 4.4 billion users in aggregate since first launching the platform in 2013. In the last 12 months, some 200 million games have been played on its platform. In June, when Kahoot announced that it had raised $28 million in funding, it told us that 100 million games had been played.

In light of its growth and the future opportunity — even putting aside the progression of the coronavirus, it looks like remote work and remote learning will at least become a lot more common as a longer-term option — the company has also seen a rise in its valuation. With some of its shares traded on the Merkur Market in Norway, the company currently has a market cap of 18.716 billion Norwegian Krone, which at today’s rates is about $2.08 billion. That figure was $1.4 billion in June.

Kahoot’s targeting of the corporate sector is not new. The company has been building a business in this space for years. It says that in the last 12 months, it logged 2 million sessions across 20 million participating “players” of its corporate training “games,” with some 97% of the Fortune 500 among those users. Customers include the likes of Facebook (for sales training), Oyo (hospitality training and onboarding) and Qualys (for taking polls during a conference), among others.

Critically, while a lot of Kahoot’s audience is in education, it’s corporate that most of the revenues come in —  one reason why it’s keen to grow that segment with more services and users.

The aim with Actimo, Kahoot says, is to build out a product set aimed at helping organisations with company culture — which, with many organisations now going on eight months and counting of entire teams working regularly outside of their physical offices, has grown as a priority.

Keeping a team feeling like a team, and an individual feeling more than a transactional regard for an employer, is not a simple thing in the best of times. Now, as we continue to work physically away from each other, it will take even more tools and efforts to get the balance right.

In that context, Actimo’s solution is just one aspect, but potentially an interesting one: it has built a platform where employees can track the training that they have done or need to do, engage with other co-workers, and provide feedback, and employers can use it to generally track and encourage how employees are engaging across the company and its various efforts. It counts some 200 enterprises, including Circle K, Hi3G and Compass Group, among its customers, and has current ARR of $5 million.

For comparison, Kahoot, in its Q2 financials published in August, reported ARR of $25 million, with invoiced revenue for the quarter at $9.6 million, growing some 317% on the same quarter a year before. The company has also raised some $110 million in private funding from the likes of Microsoft and Disney.

As Kahoot looks to find more than just a transient place in a company’s IT and software fabric — transience of attention always being a risk with anything gaming-based — it makes a lot of sense to pick up Actimo and work on ways of coupling the platform with its other corporate work. You can also imagine a time when it might create a similar kind of dashboard for the educational sector.

“We are excited to welcome the Actimo team to be part of the fast-growing Kahoot! family,” said Kahoot CEO, Eilert Hanoa, in a statement. “This acquisition will further extend Kahoot!’s corporate learning offerings, by providing solutions tailored for the frontline segment, as well as to solidify company culture and engagement among remote and distributed teams in companies of all types and sizes. This continues our expressed ambition to also grow through M&A by adding strategic capabilities that we can leverage across our global platform.”

“We are thrilled to join forces with Kahoot! in our mission to develop next-level solutions that connect remote employees and boost employee engagement and productivity,” said Eske Gunge, CEO at Actimo, in a statement. “Being part of Kahoot! and with our experience from working with innovative and ambitious enterprises across industries, we can together set a new standard for corporate learning and engagement.”

Pure Storage acquires data service platform Portworx for $370M

Pure Storage, the public enterprise data storage company, today announced that it has acquired Portworx, a well-funded startup that provides a cloud-native storage and data-management platform based on Kubernetes, for $370 million in cash. This marks Pure Storage’s largest acquisition to date and shows how important this market for multicloud data services has become.

Current Portworx enterprise customers include the likes of Carrefour, Comcast, GE Digital, Kroger, Lufthansa, and T-Mobile. At the core of the service is its ability to help users migrate their data and create backups. It creates a storage layer that allows developers to then access that data, no matter where it resides.

Pure Storage will use Portworx’s technology to expand its hybrid and multicloud services and provide Kubernetes -based data services across clouds.

Image Credits: Portworx

“I’m tremendously proud of what we’ve built at Portworx: An unparalleled data services platform for customers running mission-critical applications in hybrid and multicloud environments,” said Portworx CEO Murli Thirumale. “The traction and growth we see in our business daily shows that containers and Kubernetes are fundamental to the next-generation application architecture and thus competitiveness. We are excited for the accelerated growth and customer impact we will be able to achieve as a part of Pure.”

When the company raised its Series C round last year, Thirumale told me that Portworx had expanded its customer base by over 100% and its bookings increased by 376 from 2018 to 2019.

“As forward-thinking enterprises adopt cloud-native strategies to advance their business, we are thrilled to have the Portworx team and their groundbreaking technology joining us at Pure to expand our success in delivering multicloud data services for Kubernetes,” said Charles Giancarlo, chairman and CEO of Pure Storage. “This acquisition marks a significant milestone in expanding our Modern Data Experience to cover traditional and cloud native applications alike.”

ServiceNow updates its workflow automation platform

ServiceNow today announced the latest release of its workflow automation platform. With this, the company is emphasizing a number of new solutions for specific verticals, including for telcos and financial services organizations. This focus on verticals extends the company’s previous efforts to branch out beyond the core IT management capabilities that defined its business during its early years. The company is also adding new features for making companies more resilient in the face of crises, as well as new machine learning-based tools.

Dubbed the “Paris” release, this update also marks one of the first major releases for the company since former SAP CEO Bill McDermott became its president and CEO last November.

“We are in the business of operating on purpose,” McDermott said. “And that purpose is to make the world of work work better for people. And frankly, it’s all about people. That’s all CEOs talk about all around the world. This COVID environment has put the focus on people. In today’s world, how do you get people to achieve missions across the enterprise? […] Businesses are changing how they run to drive customer loyalty and employee engagement.”

He argues that at this point, “technology is no longer supporting the business, technology is the business,” but at the same time, the majority of companies aren’t prepared to meet whatever digital disruption comes their way. ServiceNow, of course, wants to position itself as the platform that can help these businesses.

“We are very fortunate at ServiceNow,” CJ Desai, ServiceNow’s chief product officer, said. “We are the critical platform for digital transformation, as our customers are thinking about transforming their companies.”

As far as the actual product updates, ServiceNow is launching a total of six new products. These include new business continuity management features with automated business impact analysis and tools for continuity plan development, as well as new hardware asset management for IT teams and legal service delivery for legal operations teams.

Image Credits: ServiceNow

With specialized solutions for financial services and telco users, the company is also now bringing together some of its existing solutions with more specialized services for these customers. As ServiceNow’s Dave Wright noted, this goes well beyond just putting together existing blocks.

“The first element is actually getting familiar with the business,” he explained. “So the technology, actually building the product, isn’t that hard. That’s relatively quick. But the uniqueness when you look at all of these workflows, it’s the connection of the operations to the customer service side. Telco is a great example. You’ve got the telco network operations side, making sure that all the operational equipment is active. And then you’ve got the business service side with customer service management, looking at how the customers are getting service. Now, the interesting thing is, because we’ve got both things sitting on one platform, we can link those together really easily.”

Image Credits: ServiceNow

On the machine learning side, ServiceNow made six acquisitions in the area in the last four years, Wright noted — and that is now starting to pay off. Specifically, the company is launching its new predictive intelligence workbench with this release. This new service makes it easier for process owners to detect issues, while also suggesting relevant tasks and content to agents, for example, and prioritizing incoming requests automatically. Using unsupervised learning, the system can also identify other kinds of patterns and with a number of pre-built templates, users can build their own solutions, too.

“The ServiceNow advantage has always been one architecture, one data model and one born-in-the-cloud platform that delivers workflows companies need and great experiences employees and customers expect,” said Desai. “The Now Platform Paris release provides smart experiences powered by AI, resilient operations, and the ability to optimize spend. Together, they will provide businesses with the agility they need to help them thrive in the COVID economy.”