Call it the second global cyber-pandemic. A malware programme known as ‘NotPetya’, which originated in Ukraine and spread throughout the world in a matter of minutes, crippled airports, shipping companies, hospitals and more. Chaos ensued.
This came just weeks after what was previously the world’s largest cyber-attack, the ransomware known as ‘WannaCry’ that seized files and would not release them unless a ransom was paid in Bitcoin to a shadowy group whose goals remain unknown by law enforcement agencies.
Such large-scale attacks are probably the new normal, says Andy Prow, the entrepreneur behind RedShield, an award-winning, fully-managed service that protects web facing systems such as online applications, eCommerce platforms and customer portals.
“Cryptocurrency has made it easy to monetise your misdemeanours,” he says. “Ransomware is the new norm.”
Although the attacks have mostly targeted Europe and the United States, New Zealand-based businesses aren’t immune, he says. “The problems Kiwi enterprises face are the same ones global enterprises face.”
Prow says that the latest large-scale hacks typically target older, vulnerable systems, worming their way in and becoming incredibly expensive to remove once they’re there. That makes them particularly dangerous to New Zealand businesses, which often use older systems because of an “it can’t happen here” attitude and belief that we’re too small to be lucrative targets.
“New Zealand businesses are definitely a target,” he says. “Most of these exploits don’t care about your location. WannaCry didn’t spread more in New Zealand probably because of luck more than anything else. These things that spread don’t care if you’re in New Zealand, London, New York or Guatemala.”
And he says these events show how important it is to update and constantly test your systems. “We’re absolutely at risk. You need to get every ‘crown jewel’ application that you have tested. The majority of New Zealand businesses have not yet been fully tested. If you have not had your systems thoroughly tested from top to bottom, you’re running a huge risk.”
And this could also be a problem for another reason: the possible introduction of new legislation that would require New Zealand businesses to disclose breaches and make it illegal to sell products with known flaws. This legislation currently exists in the countries around the world including the United States, many European countries and, more recently, in Australia. There is a very real possibility it could make its way to Aotearoa in the coming years.
“In the future it could be legally unacceptable to have known security flaws. You could be negligent for not knowing major security flaws exist, but it’s worse if you know and do nothing.”
And that’s where RedShield, which won the Most Innovative Hi-Tech Services Award and the Most Innovative Hi-Tech Software Product Award at the 2017 NZ Hi-Tech Awards, comes in.
Constantly updating your systems to protect against the latest cyber threats is not only very expensive, it’s also ineffective, Prow says. Like a game of whack-a-mole, the updates just “aren’t keeping up”. It’s also highly impractical for every enterprise to patch, update and upgrade every enterprise application constantly. It’s expensive in both time and money, and creates too much change and instability, which is a business risk of its own.
The difference with RedShield is that it forms a rapid, defensive “shield” around applications, preventing hackers, malicious programmes, worms, viruses, etc. from getting in. And while the shield is “up” you can then upgrade your systems safely, a concept that is no doubt music to the ears of project managers and developers – particularly those with tight deadlines and limited budgets.
In development for three years, Prow calls RedShield an example of “augmented security” that’s meant for non-security experts to be able to use easily. “The commonality is businesses and entrepreneurs need rapid-response systems,” he says.
With clients of all sizes all over the world, Prow says RedShield is working on projects for no fewer than six US Fortune 500 companies. But, he adds, the business is also helping small enterprises, too, while remaining true to its New Zealand roots. This works, Prow says, because of RedShield’s subscription model, which offers auditing and then ‘shields’ vulnerable applications.
“We’re able to track how many breaches we’ve saved,” says Prow. “And our goal is to protect the privacy of one billion people worldwide.”
And Prow says they’re already well on their way. “We know we have saved the privacy of more than two million people through our New Zealand enterprises.”
Prow says the rapid global growth of RedShield has been “pleasantly surprising”. But there’s a deeper mission for the business. “We try to do all this with a social conscience,” Prow says. “Every human being has the right to feel safe online.”