Safety Detectives: Please share your company background, how you got started, and your mission.
Cyphere: Cyphere is a cybersecurity provider delivering expert services across pen testing and managed security. Our engagement is free from selling Fear, Uncertainty, and Doubt (FUD) factor and do not include leveraging your lack of awareness on the subject. Our clients range from multinational companies across Europe and USA, mid-sized businesses to family businesses.
Cyphere was rebranded last year from my previous business that started in 2016. Our aim is to provide a secure cybersphere for every organization we connect with’ helping them provide a safe and secure environment.
SD: What is the main service your company offers?
Cyphere: We specialize in context-aware exercises delivering cyber security assessments across web applications, APIs, mobile, networks, and cloud space. Our approach includes a combination of manual testing and automated scans where necessary (such as vulnerability assessments). Our background in delivering advanced infrastructure hacking training at Black Hat and corporates would give you an idea about our delivery standards.
We have definitive know-how around infrastructure security, especially active directory and Azure landscape.
SD: What is something unique that helps you stay ahead of your competition?
Cyphere: Our flexibility, engagement process, and delivery approach is referred to as ‘personal’ or ‘fresh alternative’ by customers.
Service Quality underpins everything we do. Our extensive focus on service quality, insight into client business ensures we have an understanding of the drivers and contextual awareness. We are more than a ‘report and run’ consultancy.
Our support includes post-engagement debriefs, risk mitigation plans, and advising clients when they need us the most (during security incidents).
SD: What do you think are the worst cyberthreats today?
Cyphere: The most important matters in the modern world are where data is served (cloud), how it is served (APIs), how it is stored (data security at rest and in transit), and where it is served (endpoints). The security threats arising from these main components lead to an increased attack surface. These threats are:
- Insecure digital transformation where security remained an after-thought
- Insecure APIs
- Cloud misconfigurations & vulnerabilities
- Password attacks (credential stuffing, password spraying)
- Targeted ransomware attacks
- Phishing