The digital habits of the world’s citizens have changed since the pandemic locked everyone indoors and forced them to maintain social distancing. This also has great consequences on cybersecurity and to better understand the impact we interviewed an expert, Pierguido Iezzi, founder of Swascan.

What has the covid19 impact been on cyber security risks?

There is no doubt the pandemic has also made itself felt on the Cyber Security front. Forcing millions of workers to work remotely in a very short time did not allow many organizations to organize actions for adequate cyber security that took into account the new scenario. This is obviously understandable. When ensuring business continuity becomes imperative, solutions like Smart Working become indispensable. But there is a downside: a much larger attack surface for Criminal Hackers is created in a very short time. Smart Working, from a strictly Cyber point of view, brings 4 fundamental problems: the standard company equipment is outside our company perimeter and therefore operates on home networks sometimes not sufficiently protected or, in many cases, must interact with unsafe IoT devices. In addition, some workers find themselves forced to work on their own devices, certainly not aligned with the software security measures installed – by best practice – on company ones.

With Smart Working, the use of VPN connections has increased, allowing users to connect to the company network directly from home. Especially in the myriad of free editions that exist at the moment, these are neither secure nor reliable and if they are breached they can open the door to an attack on the company by Criminal Hackers. In smart working, there may be a need to use remote control, specifically the Windows Remote Desktop Protocol, to access a machine or help desk procedures.

In recent years, there has been an increase in cyber security incidents in which attackers have remotely connected to a Windows server from the Internet using RDP and logged in as the computer administrator. The pandemic has only accentuated the need to use the RDP protocol, thus exponentially increasing the risk that Criminal Hackers will be able to access company machines to carry out a series of attacks and especially to install ransomware.

As for other types of Cyber attacks that have seen the increase in intensity we can not ignore Phishing. This, by its nature, leverages on people’s needs and fears, and what better way to lower the guard to the victims of COVID-19 if not through themed email scams?

Since the beginning of the contagion, numerous malicious email campaigns have been observed using the Covid-19’s bait to try to convince potential victims to click. Criminals have sent waves of emails ranging from a dozen to over 200,000 at a time, and the number of campaigns tend to increase. Approximately 70% of the phishing emails discovered in recent weeks are used to deliver malware and a further 30% aim to steal the victim’s credentials.

There have also been even more direct attacks and contagion maps were the bait. These campaigns to spread malware are specifically aimed to target those who are looking for cartographic presentations of the spread of the virus on the Internet, deceiving them and convincing them to download and run a malicious application. This one, on its front-end, showed a map uploaded from a legal online source, but in the background compromised the computer through infostealers and malware of a similar nature

Which are the sectors most at risk and how should companies react themselves?

The risk in this case is transversal, the world of Cyber Crime, even during a Pandemic operates following two basic concepts: the path of least resistance and vulnerability attacks. What does this mean? It means that Criminal Hackers will, in most cases, look for the easiest path to attack their victims, regardless of who they are really going to hit in the end. This goes hand in hand with the concept of vulnerability attacks; when you find an exploit, you look for systems that can be attacked through the vulnerability chosen by the Criminal Hacker. It doesn’t matter whether the target is an SME, a healthcare facility or a large structured company. In the world of Cyber Crime as a Service the skill level required is much lower than you can imagine, pre-packaged attacks are sold at a low price on the Dark Web and are already Ready to Use. Concretely this means that the alert must be a general one because the increase in the available attack areas has simply provided more potential victims to Criminal Hackers.

The scenario described underlines even more the need to consolidate and constantly improve the fundamentals of each Cyber security perimeter: the technological and human side. On the one hand, in fact, it is essential to have a clear vision of what possible flaws may be present at any time within our company. Carrying out regular Vulnerability Assessment and Penetration Testing activities guarantees the correct identification of those unresolved problems that could be nesting within our perimeter and then promptly correcting them before Criminal hackers are able to exploit them. Of course, we also need to understand who might be interested in attacking us. This is where Domain Threat Intelligence comes in: the knowledge that allows us to mitigate or prevent these attacks. Strongly based on data, Domain Threat Intelligence provides useful information and indicators to implement better cyber defense strategies and improve the resilience of its corporate perimeter. It is an evidence-based knowledge, including context, mechanisms, indicators, implications and advice on an existing or emerging threat.

This information can be used to better inform and consequently make decisions regarding the response of the targeted individual by that threat or danger. In short, Domain Threat Intelligence can provide timely, contextualized and – above all – easily interpreted actionable intelligence even by those who are not specifically in the industry, but are still in charge of strategic business decisions. On the “human” side of the defense strategy, the activity must be twofold and active. Phishing Attack Simulation services must throughly teach their smart workers how to recognize and avoid phishing mails combined this with more technical training and awareness that is,however, doable thanks to webinars and online courses. The same goes for those who have chosen to use a VPN for the first time: you always need to Inform yourself and choose carefully the product that best suits your needs, never forgetting to put cyber security best practices into practice, carry out careful and scrupulous security testing and adopt proactive security solutions.

Have you launched any particular initiatives or are you planning any?

During the emergency period we have made the Domain Threat Intelligence service available in a free trial version of the Cyber Security Swascan platform. This has the purpose and objective of identifying any public information available at OSINT and CLOSINT level relating to a specific target. Domain Threat Intelligence is not only applicable in the domain of very large and structured companies, but provides valuable insight to any type of business, despite its size. An essential tool, therefore, sbearing in mind the scenario we are facing. We have also intensified our webinar activity with weekly appointments of 30 minutes dedicated to Cyber Security, obviously open to everyone.

Stay up to date on Fintech District’s activities and events,SUBSCRIBE TO OUR NEWSLETTER

Soisy and Swascan, two startups who’ve just concluded three intense months of acceleration at the Startupbootcamp FinTech & CyberSecurity Program in Amsterdam are Italian, and from our community! As we were curious about their experiences in the program, we caught up with them once they returned to Italy. How would they describe their 13-week journey in Amsterdam? What were their biggest highlights? Read on to find out!

But first, here’s a bit of context on Startupbootcamp, the global accelerator for startups. And who better to give us a closer look than Joost Bergen, the Managing Director & Co-founder of the Startupbootcamp FinTech Program in Amsterdam. Here’s what he had to say

1) What makes Startupbootcamp’s FinTech & CyberSecurity program unique?

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators that helps startups scale internationally. Currently, we run over 20 industry-focused programs across 22 cities, worldwide. Specifically, in our FinTech & CyberSecurity programs, we empower innovation and facilitate effective collaboration between startups and corporates, coming from the banking, insurance and regulatory sector.

To date, we’ve worked with over 700+ startups and counting, across all the different programs and in the last 7 years, our FinTech-focused programs have been active in 7 cities across the globe.

What makes us unique is the way we work with the startups that enter our programs. Our focus is always two-fold: Firstly, we help them define their value proposition in the best and most precise way possible; Secondly, we connect them to potential partners, and support them in a growth process that makes them prepared to present themselves to potential investors.

All our accelerator programs conclude with a Demo Day. This is an event during which startups get to pitch their progress and solutions to over 300+ people. Of course, their journey with SBC doesn’t end there – after they ‘graduate’ from our accelerator programs, they join ‘Startupbootcamp NXT’ support program, where they’ll remain in our global ecosystem and are able to benefit from the various opportunities that are offered.

In 2018, relay, one of the startups we worked with 5 years ago, was acquired for 3 million Euros. We’re all really proud to have been part of their journey, from the early stages. What’s more, together with the other players in the Amsterdam FinTech ecosystem, we’re glad Amsterdam is considered as the main Startup hub in mainland Europe.

2) How do you select the startups that will participate in the program?

We look at the team, and then the team and, thirdly … the team. It is clear that for us the team is the most crucial element in our selection process. We select startups with a good and balanced team, with people from different fields working in synergy. The ideas and technologies used are also very important.

3) Looking at the FinTech startup ecosystem, what are the key challenges you’ve seen?

Many startups do not have a value proposition that is recognizable in the market. Often the ideas they pursue aren’t aligned with the needs of the market. Funding is another challenge that startups in this sector grapple with – they often don’t know how to raise adequate funds to move from idea to a market-ready product or service.

4) In the current international, economic context, what should a startup do to stand out?

For a startup, it is very important to know how to propose concrete technologies and solutions that can solve the problems of their potential customers or partners, like the big banks and financial institutions. It is essential to introduce yourself by clearly explaining what you do and what impact your business will have on end customers and on the financial and operational efficiency of the prospect partner and their end clients.

Essentially, a startup must be able to clearly explain the key benefits their product/solution offers, and what makes them unique compared to competitors. To be able to collaborate with banks and other key players in the financial sector they must also be able to demonstrate how they’ll be able to positively impact their respective businesses.

5) What are the top 3 tips you have for startups that are about to join SBC’s programs?

Be clear on the following:

– what is the problem you’re trying to solve?

– why is your product/solution what the market needs?

– what value do you bring to the market?

During the program, each startup will have the opportunity to better articulate their value proposition and learn how to explain why they are unique. Only 2% of startups who apply become part of the program. These are the ones that have the most balanced and motivated team and the clearest ideas on how to put themselves forward on the market.

Startupbootcamp according to Soisy

Let’s hear what Andrea Sandro has to say. He is the Product Development and Founder of Soisy together with Pietro Cesati and Marco Anzelmo. This startup is a peer to peer lending platform where everyone can take out a loan in order to purchase products in physical or online shops and has recently tied up a record crowdfunding campaign with another member of our community: 200Crowd.

1) How would you describe the Startupbootcamp experience to a startup that is interested in taking part in the next edition?

Startupbootcamp is a vortex that drains so much of your energy and at the same time infuses you with the same amount. It is a charge of pure adrenaline diluted in 3 very intense months. It is a huge network of people that we imagine as a great river, where you have the opportunity to capture the “fish” you want. In such abundance, the challenge is to balance the divergent phase with the convergent phase. It is necessary to really understand what you need. If you have a problem, however, you are sure that somewhere in that river will help you find the ideal solution.

2) What would you recommend to a startup in order to maximize the advantages of participating in the acceleration program?

Keep in mind what you are looking for and why you are participating in the program. Goals that are too general to be able to “grow” or “accelerate” are likely to generate unpleasant surprises. Once you have been selected you need to focus your resources on identifying the most promising opportunities you can find amongst the many that arise during the three months as they are all interesting but at the same time also distracting.

3) What should be expected and what should not be expected from the acceleration program?

What to expect: lots of networking, an excellent training on pitch and presence on stage, high-quality workshops and access to a network of corporate partners.

Don’t expect all your problems to be solved within those 3 months – during the accelerator, you will be laying down the foundations for growth, and as a company, you have to then spend the next months exploring this further

4) Has this experience changed your plans for the coming years?

We now better understand where it makes more sense to focus our resources. It was also an opportunity to validate, review and refine some of the internal processes of discovery and product design.

5) Can you list 3 things that you are bringing home after the acceleration program?

A network of high-value contacts, contacts for future investment rounds or partnerships, more awareness about our product and how to develop it.

Startupbootcamp according to Swascan

For Swascan these also have been three intense and fruitful months. Co-Founder Pierguido Iezzi tells us about them. Swascan is the first CyberSecurity platform in Cloud, SaaS & AMP, Pay for Use that helps companies identify, analyze and solve the vulnerabilities related to websites, web apps, networks and source code.

1) How would you describe the Startupbootcamp experience to a startup that is interested in participating in the next edition?

The program was very intense. It allowed us to look at our CyberSecurity Testing platform from every point of view, understand strengths and weaknesses, understand how to value the former and intervene on the latter. This has contributed to both the personal and business growth of the team.

2) What would you recommend to a startup in order to maximize the advantages in participating in the acceleration program?

To receive a maximum return in terms of expertise it is important to have your goals and priorities clear in mind. Do you want to carry out a first pilot project of your solution? Do you want to check if the target you are addressing is correct? Swascan’s solutions, for example, have been addressed to both a Large Account and an SME audience. Do you want to understand if the commercial strategy is correct and if there can be complementary channels? Do you have to structure a financial model that guarantees sustainability?

3) What should be expected and what should not be expected from the acceleration program?

It is an excellent moment of self-analysis and comparison with professionals who provide an external point of view to the project. Models and structures are provided that can be applied to the components of the business. One should not expect indications to be given or decisions are taken on behalf of the entrepreneur. SBC provides the tools and the vision to do it. For Swascan, expectations were met: we were able to convey our identity as a dynamic platform of Security Testing through a qualified and highly specialized network.

4) Has this experience changed your plans for the coming years?

Startupbootcamp has given us the opportunity to access some international contacts interested in the solution, now we are following these up by defining the subsequent commercial strategies. We are also talking with some investment funds interested in the rounds we are going to open to ensure an even faster international growth.

5) Can you list 3 things that you have brought home with you after the acceleration program?

Training: thanks to SBC we managed to get an overview of our IT security platform adding key elements for correct positioning.

Networking: getting in touch with decision makers and prominent people of the CyberSecurity sector has allowed us to widen our horizons and customize the offering to include the needs of larger accounts.

International vision: operating with an international perspective, Swascan offers its services through qualified partners all over the world and aims to expand its network more and more.

If you wish to stay updated about news, events and initiatives of the Fintech District, subscribe to our newsletter HERE

Swascan is the solution for cyber security, in cloud or on premise, which allows all companies to identify, analyze and solve all critical issues and vulnerabilities concerning the web itself at a web application level and network level, as well as also performing the analysis of the code review.

As co-founder Pierguido Iezzi explains “with a simple click it allows to understand and obtain the analysis of technological risk both for a security governance issue and the legislative compliance to the GDPR in line with what is indicated in the Article 32 “.

In September, this startup was selected to join the Fintech District community: for the team and the platform itself “this was an extremely important recognition”. Being a member of the community, according to Iezzi, “is a big opportunity because it is definitely the most interesting Italian community in the fintech area. Furthermore, the series of events and initiatives that are organized are a unique opportunity for us to let us be known even more both in Italy and abroad.”

Entrance into the Fintech District was not the only autumn news for Swascan which was in fact also selected by the Startupbootcamp, the biggest European accelerator. “It was a very important combination – comments Iezzi -and is the confirmation of the validity of our technological platform and also of the competence and professionalism of our team”

It is not over! In these months Swascan is participating as speakers in a series of events, for a total of 8 in October and 9 in November. Among the main events are those organized by the Fintech District itself specifically dealing with security issues and the meeting between cyber security, banking and insurance sectors. “They are all very important occasions for us”.

If you wish to stay uptodated about news, events and initiatives of the Fintech District, subscribe to our newsletter HERE