When it comes to cybersecurity, the first watchword is “anticipation”. Hacknowledge specializes in offensive and defensive security. It offers three approaches to support its customers. Barbara Terra, Sales Director of Hacknowledge’s Luxembourg subsidiary, explains how it helps companies deal with cyber risks, which have been accentuated by the urgency of the health crisis.
Cybersecurity is a key issue for companies today. With the health crisis, even the most reluctant have been forced to introduce teleworking, often in a hurry. “Setting up a VPN means opening a gateway to the entire corporate network from the Internet,” says Barbara Terra. “When set up in a hurry, poorly protected remote access solutions are a prime target for attackers.”
Phishing is commonly used to gain access to the internal network for employees. Since the start of the health crisis, the number of such attacks has steadily increased, often using sophisticated strategies, such as fake remote access login pages. During the pandemic, Hacknowledge offered its services free of charge to health structures. A way of showing solidarity with these establishments which were particularly affected by the crisis.
Offensive, defensive and incident response
Hacknowledge anticipates, monitors and responds to attacks. The company does not sell commercial solutions, but supports its clients with pragmatic recommendations.
“When set up in a hurry, poorly protected remote access solutions are a prime target for attackers.”
The first level of intervention is offensive: “We simulate a targeted attack in order to evaluate the real risks to which our clients are exposed. We use the same techniques and tools as real attackers. It’s not about doing a surface audit or listing configuration flaws. The goal is to go as far as possible in exploiting the vulnerabilities found in order to demonstrate their impact. In all our tests, we also try to exploit the human element, particularly via phishing, as an attacker does not hesitate to perform social engineering in order to achieve his or her goals.”
The second approach is defensive. To support its customers in securing their information systems, Hacknowledge has set up a 24/7 managed monitoring service. This involves a team behind an entire infrastructure dedicated to real-time detection of intrusions on the corporate network. “We engage with our customers in an iterative process of improving their security. First, we build a solid foundation, which then allows us to build detection scenarios according to the needs identified in consultation with them. We can, for example, address certain application risks such as those related to the SWIFT network or to the “open banking (PSD2)” standard.
Finally, in the event of a cyber attack, Hacknowledge assists the client in its crisis management. A dedicated team trained in incident response travels to contain the threat, identify its source and assist in the recovery of the activity. “We then make the necessary recommendations to prevent a new attack. “
In Luxembourg, there are more than 300 companies offering cybersecurity services, some of them exclusively specialized in the field. In this context, Hacknowledge is setting up a continuous training program called Hackademy, aimed at IT professionals, in order to make as many people as possible aware of the risks associated with cybersecurity.
The combination of these three approaches is the perfect vaccine against cyber viruses.
This article was first published in Silicon Luxembourg magazine. Read our full Fintech edition.