“People say to me, 'I want to use technology to share sensitive information,' and every time I am told that people don’t know how to do it easily and securely.” Speaking to Infosecurity, Rick Goud, CEO of Dutch cybersecurity firm Zivver, said that too many technologies are seen as being too complicated, and while he admitted that is not actually true, his own research could not determine a solution that was user-friendly.
“There were solutions that did encryption, but in my view not well enough to disguise the data,” he said. “You don’t want data to end up in the wrong person’s hands, or have a data leak.”
Accidental data leaks have been a part of cybersecurity for many years, and research released by the Information Commissioner’s Office last year showed that 80% of breaches were not “cybersecurity related,” meaning not caused by offensive or external attacks. Goud said that these instances are often caused by employees who are not aware of the sensitivity of some data, and often encryption is used but it needs to be part of a wider ecosystem.
“I saw challenges: before sending with the human aspect, during sending with encryption and after sending with authenticating, being able to retract messages and seeing who read your messages.” This led to the foundation of his company. “I always say, we are a platform with a goal to change the businesses communication.”
Goud explained that many companies rely on file transfer services, but a common issue is that many are not manageable with a gateway solution, so the technology needs to be evolved to consider how the human works.
He said that the SaaS-based platform looks at keywords and uses decision trees to create rules to determine what the data is that you are sending, and who you are sending to. He said it can also determine unusual behavior and cannot access data during sending.
“We’re looking to help secure and make the digital communications of businesses more effective by being as user friendly and enabling as possible”
The company is also set to introduce a new product, which will be able to identify personal data such as resumes –which often reside in desktop folders – and flag when that should no longer be held. “We’re looking to help secure and make the digital communications of businesses more effective by being as user friendly and enabling as possible, and engaging with the user to make them aware to make better decisions,” he said.
After all, email use has not declined even in the age of end-to-end encrypted messaging apps, and people are still using email, and Goud said: “I like email as it has good usability and bridges the gap to make communication easy” but often it is best to not be limited to using a specific protocol.
Goud added that a challenge is that SMTP “is difficult to secure and that is why you see most vendors in this space now cannot do what we do because they started with email as a protocol, working with SMTP and IMAP and from there tried to secure it.”
Instead, “you want to take it one level higher and secure what the user is doing and only use SMTP if it is appropriate.” This is the difference between traditional email and Zivver’s offering, he said.
He went on to say that threats are becoming more sophisticated and are able to bypass common technology rules, and in particular when it comes to Business Email Compromise, and the reason that they are so effective is because gateway solutions “are used to determining on an individual email level whether it is phishing or not.”
Now you can only determine by looking at the context of the conversation, and traditional systems need to be able to learn from users’ behavior, and involve the people. “Educate and enable people instead of providing them with black box gateway-based tools,” he concluded.