The cyber security sector is on the rise and for the sixth year now, an Estonian startup RangeForce is training IT professionals in USA and Estonia to recognize cyber attacks and build secure systems.
Cyber-attacks are taking place on a daily basis around the world and the rapid adaptation to remote work caused by the COVID-19 virus outbreak and the transition to new platforms are likely to lead to an increase in the attacks.
A cyber attack can reach a company very easily as a phishing letter or malware, targeting the individual as the weakest link. According to Margus Ernits, co-founder and CTO at RangeForce, the attacks are mostly done for monetisation motives and hackers take advantage of uncertain situations.
In the current crisis situation, sharp focus is kept on health related issues, which distracts cyber security and opens up opportunities to influence people's behavior. This in turn opens a window for cyber attacks toward companies. In large organizations, according to Ernits, it is almost impossible to prevent an attack and very difficult for an employee to understand that he has done something wrong.
According to the company's co-founder and CEO Taavi Must, no company alone can defend itself against all possible cyber attacks, and cyber defense skills must be provided to both development teams and cyber security teams. RangeForce makes sure that developers learn to detect attacks and build systems in a way to minimize the impact of attacks.
Companies are more and more starting to realize that the first step in protecting themselves is to increase the relevant know-how. Furthermore, that a successful defense against attacks can only be achieved as a team. IT teams have not always been trained in cyber security, especially if cyber security officers were involved in the company. However, it is increasingly recognized that security can be achieved only through a complete solution.
According to Ernits, everyone is in the role of a defender in IT, and a larger number of trained cyber security specialists would not solve security problems. It is important to know how to make systems secure during the development phase.
As an example Must draws a parallel with the development of fire safety. "The big fire in London didn't happen because there weren't enough firefighters, but the city was built in a way that was really hard to protect. In the cyber sector, it is also beginning to be understood that in order to be able to protect systems, they must be complete, i.e. that security principles must be followed during development, and in case of an attack, there must be a team in place who is able to protect it," he said.
The simulation of a real attack gives an unforgettable experience
RangeForce enables the company's IT and security teams to experience attacks built by cybercriminals in realistic conditions. For example, a person experiences someone breaking into their computer and changing the wallpaper. "We simulate real attacks, the feeling you get by protecting a company that is under attack is an unforgettable experience. Malicious networks that feed users and attack servers are also simulated. Everything happens as if in the real world," explained Ernits, when describing the playful learning environment created by RangeForce.
The aim of the training is to understand the dangers of attacks and the consequences of actions and omissions. RangeForce also teaches to recognize attacks, which, according to Ernits, may be the biggest weakness of developers. However, in his opinion, the average level of protection in Estonia and other Eastern European countries is often better than elsewhere.
It is normally believed that things are changing very quickly in the cyber field, but according to Must, most of the attacks are very old. 99% of the attacks used in the world today are well known to RangeForce. However, new attack methods are constantly being added and the company is able to react quickly. Within a week of identifying an important method, it is possible to develop a corresponding module through which you can learn to defend yourself against it.
Lessons from a large market: you can't do just a little work
The US market plays a very important role in the development of RangeForce. It is a large market with large corporations and greater readiness to engage in cyber security. Entering the market went fast, in which getting into the world-famous New York Barclays Techstars accelerator played an important role. With the help of investors and consultants, the sales team was quickly built up.
According to Must, the founders of European startups can face a number of challenges when entering large markets. One of the most important is product differentiation. According to him, the problem that the product solves must be large and critical enough to be able to build up both the business and sales side rapidly.
According to Must, the time required for sales and marketing is often underestimated, and the sums that the founders of European start-ups are willing to spend on building a sales organization are not always enough to do well. "You can't do just a little work on a big market. A full commitment of time and money must be ensured to build trust with the customer. This cannot be done alongside other things. There are two ways to do this, either to move your company largely to America or to find a good and reliable team on the spot. But neither the time nor the money factor can be underestimated," he said.
RangeForce approached sales in the same structured way as product development. With the help of experienced specialists, sales were built like software, taking in consideration the speed of movement and the necessary capacity to succeed, and in a few months there was a strong sales team together. After that the first results came quickly.
'Super awesome' or 'very good'
It is of no less importance to have an in-depth understanding of the differences in language cultures when entering the American market. "We all think that we are more or less able to speak English on some level. But in practical communication, it can actually be difficult. First of all, words can mean different things and expressions, attitudes and how we interpret one sentence can be very different," said Must, explaining the phrase 'super awesome', which the RangeForce team quickly had to learn in the new market.“ Translated to Estonian it means something very special, and is used maybe once a year, but in America it is equivalent to 'very good'. However, if you say 'very good' to an American in Estonian terms then he asks you what went wrong," he explained.
Must also drew attention to the difference in the choice of communication style when writing an e-mail, which can create great obstacles in reaching the right people. While in the European business culture you have to communicate an e-mail politely, asking about the weather and the course of the weekend, after which you can get to the description of the problem, then according to Must, such an e-mail can be considered very rude and a waste of time in America.
RangeForce is a cyber security training platform created in 2014. It provides simulated cyber attack experience for IT professionals in Estonia and the USA. The company has 46 employees with more than a third located in the United States. RangeForce has attracted a total of 3.5 million dollars from Estonian and foreign investors, most recently in May 2019. The company's customers include well-known large banks such as Barclays and Santander, as well as big technology companies like Microsoft and Pipedrive. The company was founded by Jaanus Kink, Margus Ernits and Taavi Must.