Connect with us

Cyber Security

Detectify raises additional 21M for its ethical hacker network

Published

on

Detectify, the Sweden-born cybersecurity startup that offers a website vulnerability scanner powered by the crowd, has raised €21 million in further funding.

Leading the round is London-based VC firm Balderton Capital, with participation from existing investors Paua Ventures, Inventure and Insight Partners.

Detectify says the new funding will be used to continue to hire “world-class” talent to further accelerate the company’s growth and deliver on its mission to reduce internet security vulnerabilities.

Founded in late 2013 by a self-described group of “elite hackers” from Sweden, the company offers a website security tool that uses automation to scan websites for vulnerabilities to help customers (i.e. developers) stay on top of security. The more unique part of the service, however, is that it is in part maintained — or, rather, kept up to date — via the crowd in the form of Detectify’s “ethical hacker network.”

As we explained when the startup raised its €5 million Series A round, this sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.

Detectify co-founder and CEO Rickard Carlsson tells me the company has made a lot of progress in the past 12 months, including building out the crowdsourcing part of its proposition in order to grow the number of known vulnerabilities.

“Modules from crowdsourcing hackers have now generated 110,000 plus vulnerabilities in our customer base,” he says. “And the community is about 2.5 times as large now”.

In the last year, Detectify has also expanded its client base in the U.S, and says it now counts leading software companies such as Trello, Spotify and King as customers.

The young startup seems to be scoring well on the gender diversity front, too. It says that almost half (45%) of its 83 employees are female, including 50% at C-level. In addition, there are close to 30 nationalities across Detectify’s Stockholm and Boston offices.

Adds James Wise, partner at Balderton Capital, in a statement: “Detectify brings together the power of human ingenuity, the immense scalability of software, and a strong culture of transparency and integrity to provide world-class security to everyone. This is a fundamentally new approach to protecting businesses from new cyber security threats, and alongside our other cyber security investments, including Darktrace, Recorded Future & Tessian, we see Detectify as part of a new wave of solutions to make the web safer for everyone.”

Read more: https://techcrunch.com/2019/11/25/detectify-raises-additional-21m/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cyber Security

Boris Johnson suggests Huawei role in 5G might harm UK security

Published

on

By

PM signals he is preparing to shut Chinese firm out after lobbying from Donald Trump

Boris Johnson has cast doubt on whether the UK will allow Huawei to invest in its 5G network, suggesting it might prejudice the Five Eyes intelligence relationship, after Donald Trump applied pressure for other countries to adopt the US ban.

In his strongest signal so far that he is preparing to shut Huawei out of the network, Johnson said that security concerns were paramount in the decision about the Chinese company.

Asked about his decision, Johnson said: I dont want this country to be hostile to investment from overseas. On the other hand, we cannot prejudice our vital national security interests nor can we prejudice our ability to cooperate with other Five Eyes security partners. That will be the key criterion that informs our decision about Huawei.

Johnson made the comments at the Nato leaders meeting in Watford where he deliberately avoided mentioning Trumps name despite eight questions about the US president, amid fears among his advisers about their close relationship going down badly with voters.

However, the substance of his statement appeared to contain an acknowledgment that Trumps lobbying over Huawei was paying off. The US has been pressing the UK to block the Chinese company from accessing UK telecoms equipment, fearing it could then be used to spy on the west.

And Johnson gave his most explicit acknowledgment so far that involving Huawei in the network could compromise cooperation with Five Eyes, the intelligence-sharing alliance between the UK, US, Canada, New Zealand and Australia.

Huawei has always denied the allegations against it, saying it abides by the laws of each country in which its equipment is present.

Trump pressed the prime minister on the issue again on Tuesday night during a meeting in Downing Street, with a White House spokesman saying the leaders discussed the importance of both nations working together to ensure the security of our telecommunication networks and guard against untrusted providers.

At the Nato meeting, Trump then stressed that Huawei was a security risk, a security danger and claimed no other country he had spoken to would be going ahead with it.

I spoke to Italy, they look like they are not going to go forward with that. We spoke to other countries and they are not going to go forward, he said.

Everybody I have spoken to is not going forward, but how many countries can I speak to? Am I going to call up and speak to the whole world? We are building it, we have started, but we are not using Huawei.

Jens Stoltenberg, the Nato secretary general, said leaders at the meeting had committed to ensuring the security of their telecommunications infrastructure, including 5G, and would use only secure and resilient systems.

Following Johnsons intervention, a Huawei spokesperson said: Were confident the UK government will continue to take an objective, evidence-based approach to cyber security. Our customers trust us because we supply the kind of secure, resilient systems called for by the Nato Declaration and will continue working with them to build innovative new networks.

Johnson was due to have made an announcement on the issue in the autumn, after Theresa May deferred the decision to her successor. It had been reported that the UK government was on the brink of giving Huawei access to non-contentious areas of the 5G network, a decision that would have infuriated the White House. Several Sunday newspapers said in October that the national security council was about to sign-off on a decision to allow Huawei to supply non-core technology.

But no verdict on Huawei emerged before the election was announced, continuing the UKs long procrastination since the national security council said in April it would be acceptable to let Huawei build limited parts of the network.

Johnson was pressed again on the timing of the Huawei decision later in the press conference, insisting the delay had nothing to do with the election.

Were going to make a decision and were going to make it based on, as I say, on the paramount importance of protecting our critical national infrastructure and also protecting our Five Eyes relationships – and I dont think its anything to do with the timing of the election, he said.

During the 20-minute question-and-answer session with journalists, Johnson also suggested he was against bringing back British extremists who have been fighting with Islamic State to stand trial in the UK.

As you know, one of the difficulties we have in taking these people back is that our legal systems make it very difficult for us to secure convictions, he said.

And I go back to what I said earlier, people go out to break the law, to sort of fight in terrorist organisations, then they really have to take the consequences.

Read more: https://www.theguardian.com/technology/2019/dec/04/boris-johnson-suggests-huawei-role-in-5g-might-harm-uk-security

Continue Reading

Cyber Security

Californias new data privacy law brings U.S. closer to GDPR

Published

on

By

Data privacy has

Companies around the world are scrambling to properly protect their customers’ personal information (PI). However, new regulations have actually shifted the definition of the term, making everything more complicated. With the California Consumer Privacy Act (CCPA) taking effect in January 2020, companies have limited time to get a handle on the customer information they have and how they need to care for it. If they don’t, they not only risk being fined, but also loss of brand reputation and consumer trust — which are immeasurable.

California was one of the first states to provide an express right of privacy in its constitution and the first to pass a data breach notification law, so it was not surprising when state lawmakers in June 2018 passed the CCPA, the nation’s first statewide data privacy law. The CCPA isn’t just a state law — it will become the defacto national standard for the foreseeable future, because the sheer numbers of Californians means most businesses in the country will have to comply. The requirements aren’t insignificant. Companies will have to disclose to California customers what data of theirs has been collected, delete it and stop selling it if the customer requests. The fines could easily add up — $7,500 per violation if intentional, $2,500 for those lacking intent and $750 per affected user in civil damages.

Evolution of personal information

It used to be that the meaning of personally identifiable information (PII) from a legal standpoint was clear — data that can distinguish the identity of an individual. By contrast, the standard for mere PI was lower because there was so much more of it; if PI is a galaxy, PII was the solar system. However, CCPA, and the EU’s General Data Protection Regulation GDPR, which went into effect in 2018, have shifted the definition to include additional types of data that were once fairly benign. The CCPA enshrines personal data rights for consumers, a concept that GDPR first brought into play.

The GDPR states: “Personal data should be as broadly interpreted as possible,” which includes all data associated with an individual, which we call “contextual” information. This includes any information that can “directly or indirectly” identify a person, including real names and screen names, identification numbers, birth date, location data, network addresses, device IDs, and even characteristics that describe the “physical, physiological, genetic, mental, commercial, cultural, or social identity of a person.” This conceivably could include any piece of information about a person that isn’t anonymized.

With the CCPA, the United States is playing catch up to the GDPR and similarly expanding the scope of the definition of personal data. Under the CCPA, personal information is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes a host of information that typically don’t raise red flags but which when combined with other data can triangulate to a specific individual like biometric data, browsing history, employment and education data, as well as inferences drawn from any of the relevant information to create a profile “reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.”

Know the rules, know the data

These regulations aren’t checklist rules; they require big changes to technology and processes, and a rethinking of what data is and how it should be treated. Businesses need to understand what rules apply to them and how to manage their data. Information management has become a business imperative, but most companies lack a clear road map to do it properly. Here are some tips companies can follow to ensure they are meeting the letter and the spirit of the new regulations.

  • Figure out which regulations apply to you

The regulatory landscape is constantly changing with new rules being adopted at a rapid rate.  Every organization needs to know which regulations they need to comply with and understand the distinctions between them. Some core aspects CCPA and GDPR share include data subject rights fulfillment and automated deletion. But there will be differences so having a platform that allows you to handle a heterogenous environment at scale is important.

  • Create a privacy compliance team that works well with others

Read more: https://techcrunch.com/2019/11/14/californias-new-data-privacy-law-brings-u-s-closer-to-gdpr/

Continue Reading

Cyber Security

No Libra-style digital currencies without rules, say EU finance ministers

Published

on

By

European Union finance ministers have agreed to a de facto ban on the launch in the region of so-called global “stablecoins” such as Facebook’s planned Libra digital currency until the bloc has a common approach to regulation that can mitigate the risks posed by the technology.

In a joint statement, the European Council and Commission write that “no global ‘stablecoin’ arrangement should begin operation in the European Union until the legal, regulatory and oversight challenges and risks have been adequately identified and addressed.”

The statement includes recognition of potential benefits of the crypto technology, such as cheaper and faster payments across borders, but says they pose “multifaceted challenges and risks related for example to consumer protection, privacy, taxation, cyber security and operational resilience, money laundering, terrorism financing, market integrity, governance and legal certainty.”

“When a ‘stablecoin’ initiative has the potential to reach a global scale, these concerns are likely to be amplified and new potential risks to monetary sovereignty, monetary policy, the safety and efficiency of payment systems, financial stability, and fair competition can arise,” they add.

All options are being left open to ensure effective regulation, per the statement, with ministers and commissioners stating this should include “any measures to prevent the creation of unmanageable risks by certain global “stablecoins.”

The new European Commission is already working on a regulation for global stablecoins, per Reuters.

In a speech at a press conference, Commission VP Valdis Dombrovskis, said: “Today the Ecofin endorsed a joint statement with the Commission on stablecoins. These are part of a much broader universe of crypto assets. If we properly address the risks, innovation around crypto assets has the potential to play a positive role for investors, consumers and the efficiency of our financial system.

“A number of Member States like France, Germany or Malta introduced national crypto asset laws, but most people agree with the advice of the European Supervisory Authorities that these markets go beyond borders and so we need a common European framework.

“We will now move to implement this advice. We will launch a public consultation very shortly, before the end of the year.”

The joint statement also hits out at the lack of legal clarity around some major global projects in this area — which looks like a tacit reference to Facebook’s Libra project (though the text does not include any named entities).

“Some recent projects of global dimension have provided insufficient information on how precisely they intend to manage risks and operate their business. This lack of adequate information makes it very difficult to reach definitive conclusions on whether and how the existing EU regulatory framework applies. Entities that intend to issue ‘stablecoins,’ or carry out other activities involving ‘stablecoins’ in the EU should provide full and adequate information urgently to allow for a proper assessment against the applicable existing rules,” they warn.

Facebook’s Libra project was only announced this summer — with a slated launch of the first half of 2020 — but was quickly dealt major blows by the speedy departure of key founder members from the vehicle set up to steer the initiative, as giants including Visa, Stripe and eBay apparently took fright at the regulatory backlash. Though you’d never know it from reading the Libra Association PR.

One perhaps unintended effect of Facebook’s grand design on disrupting global financial systems is to amp up pressure on traditional payment providers to innovate and improve their offerings for consumers.

EU ministers write that the emergence of stablecoin initiatives “highlight the importance of continuous improvements to payment arrangements in order to meet market and consumer expectations for convenient, fast, efficient and inexpensive payments – especially cross-border.”

“While European payment systems have already made significant progress, European payment actors, including payment services providers, also have a key role to play in this respect,” they continue. “We note that the ECB and other central banks and national competent authorities will explore further the ongoing digital transformation of the payment system and, in particular, the consequences of initiatives such as ‘stablecoins.’ We welcome that central banks in cooperation with other relevant authorities continue to assess the costs and benefits of central bank digital currencies as well as engage with European payment actors regarding the role of the private sector in meeting expectations for efficient, fast and inexpensive cross-border payments.”

Read more: https://techcrunch.com/2019/12/06/no-libra-style-digital-currencies-without-rules-say-eu-finance-ministers/

Continue Reading

Trending