You can have the data encrypted but who has the keys?

You can have the data encrypted but who has the keys?

We talked with Przemek Kucharzewski, a co-founder and VP of Sales at Cypherdog Security Inc., about the confidentiality and security of data, the effects of data leakage and their protection thanks to asymmetric encryption and blockchain solutions. Get to know one of the MAIN Partner Community companies.

The data is said to be the gold of the 21st century. What does this mean in practice for companies?

Data is the basis for the functioning of companies and they are the most valuable resource. Its loss may mean disruption of business continuity, image, and financial losses. Without access to data, many enterprises would be unable to continue production or service provision. It is associated with a decrease in customer confidence and, in some scenarios, even a lack of financial liquidity. In the event of personal data leakage, there are also administrative penalties under the GDPR.

The danger of such situations is growing — each of us has heard about more and more frequent cyberattacks not only somewhere in the world but also in Poland. Therefore, effective protection of corporate communication should be one of the priorities in every industry.

Most enterprises have different types of security and even encrypt some data.

This is true, but in such a situation, I always ask one important question: You can have the data encrypted but who has the keys to it?

Let me present my favorite analogy. Let’s compare the place where we keep our data or our e-mail to the self-storage. We want to get to our box, but before we do that, we must prove to the receptionist that we own it. We show the proof, or we receive a confirmation text from the receptionist, or we provide personal data — 4 digits of our social security number and the mother’s maiden name. Only then we receive the key to our box.

It sounds safe, but in fact, every element of this situation comes with risk. The proof can be forged (think of the so-called collector’s evidence, for instance) while personal data can be found on the Internet so long as you know the basics of OSINT. In the case of the key itself — the receptionist has a copy of it “for that just in case use” and he can be visited by the relevant services or someone pretending to be them. The receptionist “not wanting to have any problems” will hand over our “private” key.

It’s like installing an armored door and then storing the key under the mat.

So how can companies ensure full data confidentiality and its security?

Have your private key in “your pocket.” What does it mean? First, choose a solution that is decentralized, 100% confidential and secure. With this in mind, we created Cypherdog – an alternative to e-mail and file sharing platforms. We provide users with secure file and text messaging, an encrypted cloud drive and local resource encryption.

We use asymmetric end-to-end encryption, which means that two keys are involved in the exchange of data or messages — public, used for encryption and available to everyone, and private — necessary for decryption. Unfortunately, in most popular solutions, the private key is only in name. Why? Because the service provider has access to it and thus also to the data. If the provider has such access, others can access it, too.

Our service allows only the user to have the private key while the public key is stored in blockchain. Additionally, by using the “zero-knowledge security” method, we ensure that the data is 100% private. This means that if you lose your login credentials, Cypherdog will not help you recover your encrypted data or regain access to your account as there is no such possibility.

We do not use SMS, any “trusted third party” such as Google, Facebook or Microsoft, or electronic signature vendors and certification authorities to prove identity. For this purpose, the user uses the QR code during a personal meeting with the participant of file exchange and chat.

The uniqueness of our solution is supported by patent applications filed in the USA.

Which companies do you address your offer to?

Cypherdog clients belong to many sectors as the processes we protect apply to virtually all companies. However, some industries are particularly exposed to security breaches and loss of image. For them data protection is crucial. These include the legal sector, accounting offices, auditors, healthcare, HR, and marketing agencies that process personal data. Many of these companies are subject to strict regulations, such as NIS 2, DORA, or ISO 27001/2 — to comply with them, companies should effectively encrypt data.

Our solution also helps enterprises counter the double extortion of next-generation ransomware, where attackers not only encrypt data, but also blackmail companies with publishing it if they do not pay the ransom. In addition, it protects against invoice hacking and business email compromise, i.e., paying cybercriminals based on forged invoices, bills, or other documents.

In addition to the technology offered, do you provide security support?

We absolutely care about properly secured communication, which is why we help companies identify the most important data and the processes in which they participate. The simplest example — several confidential documents are regularly sent to external accounting firms or law firms. Usually, this is done via e-mail, and such communication is insecure. Every company should ask itself — what would be the consequences of intercepting and using these documents by competitors?

For the identification of key data and processes, we propose a “process analyzer” developed by us. This sheet, when fully completed, creates a matrix of processes — it indicates which departments it is in, what data it covers and what risks they are associated with. Identifying and securing communication within these processes allows you to prevent economic espionage and leakage of sensitive and personal data, which is a requirement of, inter alia, GDPR.

Then would you say an expert and service provider can be a friend?

In my opinion, even it should, after all, we create our solutions for people. We are, as the saying goes, “disruptors” because we act against current trends. Today, the largest corporations collect mass information about us, personal data — our activity is to protect people from what seems to be obvious and impossible to fight.

In the last plebiscite of the CRN Channel Awards, you received an award in the “Polish product / service” category. What is your recipe for success?

Cypherdog is growing both dynamically and globally. In addition to Poland, we also operate, among others in the United States, Israel, and Singapore. Our international team combines the energy, talent, and enthusiasm of a young team of developers and leading experts with many years of experience. We have two generations that support and learn from each other, creating a coherent team.

Together, we have already achieved a lot — in 2021, we were also the laureate of the plebiscite “Ambassador of the Polish Economy” organized by the Business Center Club in the “Creator of 21st Century Solutions” category. This distinction is intended for companies with a high degree of innovation, promoting the Polish economy by offering their own innovative products or services not yet available in the world.

What are your plans for the coming months?

We are not resting on our laurels. On January 25, we introduced the CDOG utility token. It can be used to pay for our applications and, in the future, it will enable the purchase of other cybersecurity solutions. We also want our token to be an alternative method of obtaining financing — global, simpler than venture capital or angel financing.

Tokens and cryptocurrencies are often associated with insecurity — because they are new, unregulated, and most often heard of in the context of cyberattacks. However, it is a natural continuation of the development of blockchain technology and the crypto world, as well as the activities of our company.

We also have several new functionalities planned for the coming months — we are expanding our service with a password manager, adding voice and video communication to the messenger, and introducing a secure electronic signature.

Cypherdog is also part of the MAIN Partner Community.

Looking at all available channels, we have decided to sell through partners. We have chosen this model because it guarantees scalability — acting with the help of partners, we reach their customers as a trusted company. In cybersecurity, trust is the basis — no wonder, after all, we must trust the company that is to secure our most valuable data.

We decided to join the MAIN Partner Community, because many well-known companies are already there, so it is not only a lever for us in building range, relationships based on trust, but also the possibility of establishing interesting cooperation and jointly creating effective, safe, and modern IT solutions for companies all over the world.

Thanks to our solution, MAIN provides customers with full confidentiality of communication, which includes, among others, secure file exchange, the use of a private, encrypted cloud to store important data, encryption of resources on disks and text communication.