AntiHack.me is hoping to change how people think about cybersecurity services, and how pay-as-you-use methods like bug bounties could play a pivotal role in safeguarding against vulnerabilities.
SINGAPORE: Fully aware of cybersecurity threats, AsiaLawNetwork has had to explore different IT security services and tools since it started in 2014 but found them difficult to implement, said Ms Cherilyn Tan.
In an interview with Channel NewsAsia, the CEO of the legal services platform shared that she also found the services provided by conventional cybersecurity vendors to be just “too clunky”.
The length of time needed to deploy traditional cybersecurity services is also undesirable, Ms Tan said, especially as AsiaLawNetwork moves quickly and frequently to offer new services to its user base, which includes more than 1,500 lawyers in Singapore.
These cybersecurity vendors would also tend to just assign one or two of their employees to her company and this may not be enough to adequately monitor and secure the company’s IT system.
The company’s platform matches those who need legal services with available lawyers and, given the sensitive details that might exchange hands on the platform, it is vital to safeguard it against vulnerabilities, the CEO explained.
She would be billed each time the vendors scan the system, even if it yielded nothing, she added.
Another bugbear was the lengthy, word-filled reports periodically generated by the IT security vendors.
“I’m already short of time, yet I still have to read through the whole report to see if there are vulnerabilities I need to fix?” Ms Tan pointed out.
These reasons also illustrated why she was happy to give a local bug bounty start-up, AntiHack.me, the chance to secure her business.
Ms Tan said she has been on the bug bounty platform since June this year, and is one of the early adopters of its service.
Every time AsiaLawNetwork wants to launch a new service, it will get AntiHack.me’s pool of more than 400 ethical hackers to find vulnerabilities before the service is rolled out. This was done, for instance, when the company wanted to deploy email authentication and two-factor authentication for its customers recently, she said.
Given that it’s a pay-as-you-use model, there is very little risk on Ms Tan’s end.
“We only pay when the hackers find something,” she explained, but declined to share how many bounties have been paid up or how many bugs found given that these are sensitive information for its clientele.
The reports generated by AntiHack.me are also easy to understand as these are in point form, screenshots and even videos – detailing how a hack can be performed step by step – allowing AsiaLawNetwork’s tech team to replicate and troubleshoot the vulnerability.
The bug bounty platform’s co-founder and chief technology officer Dexter Ng said in the same interview that he helped start the business because he hoped to change the way companies think when it comes to procuring cybersecurity services and tools, especially those with smaller tech budgets.
“Why should you pay for the process, when you should pay only for the results?” fellow co-founder and director Andy Prakash chimed in.