Hartej Sawhney, Co-Founder and CEO at Zokyo discusses Zokyo’s approach to the digital asset ecosystem.
Approximately $2.5 million dollars is stolen daily from cryptocurrency exchanges, with most hacks unreported to the public. There has been a shift in the motivation of cybercriminals from hacking traditional finance to digital assets. Binance, one of the world’s most popular cryptocurrency exchanges, was hacked for $40M after hackers used phishing, malware, and other attacks to gain access to API secrets. Untrained employees will continue to be sleeping sentries that turn corporate security into Swiss cheese.
Many organizations do not have access to the necessary pool of cybersecurity talent or blockchain engineering talent to engage in this process. In addition, companies are not investing appropriate resources in cyber-safety training of their employees to avoid attacks. Often Providing solutions and support for digital assets in an enterprise environment will lead to mass adoption of cryptocurrencies.
In addition, the digital asset ecosystem lacks regulatory frameworks such as PCI-compliance and HIPAA-compliance, which have led to standardized security standards in Finance and Healthcare.
Our infosec team based in Bangalore, consists of security veterans on the top hackers lists at Facebook, Uber, Twitter, Salesforce etc. Zokyo has helped secure some of the world’s most targeted organizations and products. The team has rich history of protecting companies from cybercriminals in the digital asset ecosystem via penetration testing, smart contract auditing, code review, VAPT, social engineering, and data leak discovery.
Our software development team is based in Ukraine. We augment engineering teams by having unique access to mathematical minded, world class engineers that we rigorously vet in order to build high-quality software at affordable rates. Our engineers research into the depths of code and keep security in mind during each step of a product cycle.
Conduct Penetration Testing “Pen Testing” Regularly
Companies should regularly engage with third-party security companies in order to conduct simulated cyberattacks against software or network infrastructure. One of the main ways Zokyo improves the security architecture of companies is through a process called penetration testing, or “pen testing.” Pen testing is often confused with a “’compliance audit” or a “vulnerability scan”, however pen testing stands apart from these efforts in a few critical ways:
- We identify weaknesses using techniques similar to those used by cybercriminals. We don’t just uncover vulnerabilities, we exploit them.
- Automated tooling is leveraged in order to conduct penetration testing. However, a significant portion of the test consists of manual testing
- Different types of penetration tests focus on specific aspects of an organization’s logical perimeter. These include:
- External network tests
- Internal network tests
- Web application tests
- Wireless network tests
It is crucial that companies invest in password management training for all employees. Far too many people are still utilizing generic passwords that are easy for cybercriminals to unravel. Our advice:
· Use 20 character length passwords (minimum). Long sentences (the-cat-jumps-over-the-bush-and-over-the-car) or randomly generated passwords such as jdFJ4_”akEfjXp4%1(skFmjdopWQ98?>dj.
· Two-factor authentication (2FA) is a second layer of protection after a password.
· Hardware based security keys provide a fast, no-fuss way to use two-factor authentication without having to mess around with your phone. They are based on the FIDO U2F standard, a security protocol extremely difficult to intercept developed by Google and Yubico, now administered by the FIDO alliance.
· Hardware keys are available for devices with USB-A, USB-C, NFC, or Bluetooth.
Social engineering remains an increasingly successful attack vector data thieves globally. Social engineering is when an intruder poses as a legitimate party such as a customer, partner, investor, or network administrator and attempts to obtain sensitive information from an employee. Zokyo’s team often conducts social engineering operations for companies to see how employees respond.
It is crucial that companies strive to build a culture of security within their organizations. Once a year security training is not going to suffice. Ongoing cybersecurity training tends to be a more effective means of developing risk awareness.
At Zokyo, we encourage companies to make social engineering a part of everyday conversations and to put staff to the test. We tell companies to talk about social engineering as much as possible in security training and messages for employees. Employees need to be reminded that safeguarding company data is a part of their job, even when they’re not in the office. Successful training incorporates a variety of activities that teach how to identify social engineering attempts. Companies are encouraged to conduct drills, share video clips and training materials, and run table-top exercises with employees monthly or quarterly.
For further information visit: https://zokyo.io