Most of us know to be cautious about certain information online.
We set our Facebook page to private, we avoid making purchases on public WiFi, and we don’t open emails or click on links sent by strangers.
Every so often, we scan our devices for security threats. If it’s clean, great. If not, we take the necessary measures to eradicate any virus that has wormed its way in.
That’s where most of us stop — we feel safe here. Our information is protected.
Or is it?
“Everybody needs to really have better security because attackers are becoming more and more sophisticated,” said Roderick Jones, international security expert and co-founder of cybersecurity firm Rubica.
“A few years ago, we felt like we saw this wave of extremely (advanced) cybercrime coming toward the average consumer, and there was just nothing in the marketplace to help (them),” added co-founder Frances Dewing, a lawyer who worked as Jones’ COO at his previous global security firm, Concentric Advisors.
Both were steeped in the security sphere at Concentric Advisors, where they provided military-grade security solutions for billionaires worldwide. The pair also realized that powerful security measures online were necessary for more than just the wealthy. In 2016, they launched Rubica — dually headquartered in Kirkland and San Francisco — with the goal of keeping safe the digital information of the average, everyday consumer.
At the time of the company’s founding, Dewing said, the only tools available to nonbillionaires in terms of cybersecurity were antivirus software and password managers.
“There’s this asymmetry between the sophistication of the tools and the money that cybercrime organizations have compared to what individuals have to protect themselves,” Dewing said. “That has made this a really ripe playing field for cybercriminals.”
Moreover, Jones added, the continual data breaches that have occurred over the last four years have given cybercriminals all the information they need to convince people to open their doors to invasive malware.
“You can really see this in phishing campaigns, which used to be relatively easy to spot because you’d get an email from some service you’ve never used or some person you’ve never heard of,” Jones said. “But now, because of the data that is available about you, these campaigns can be crafted to be something that is very accurate — something you’re interested in, from someone you might know — and you’re more likely to click it.”
Most unsettling, perhaps, is that malware can be so advanced, it no longer requires a naïve or misguided click: It finds its way onto your devices in much more insidious ways.
A big portal right now? Free gaming apps for kids.
“There are all of these games that are available on the app store that passed all their vetting and seem very innocent,” Dewing said. “But when you’re playing the game, due to the advertising for the game and the prompts to download different things, it opens up a gateway for malware and other device infection and data infiltration.”
Likewise, Dewing said, you could be booking travel through a legitimate website or reading an article from a legitimate news source and an ad banner along the side could have embedded malware that is installed based on your mere presence on the page. Malware also can hide in images in emails, so you don’t even have to open an infected attachment to be compromised — you just have to open the email.
Though Jones and Dewing don’t want to play the role of fearmongers, they want average consumers to be aware that they, too, have become targets in sophisticated attacks.
As a result, people need equally sophisticated technology to act as a defensive barrier.
That’s the gap that Rubica aims to fill.
While the strongest algorithms have previously been designed to protect large enterprises and governments, Rubica has adapted best-in-class methods for detecting and remediating cyber threats to suit the needs of individuals. And it’s not just algorithms that search for threats. It’s people in real time.
“We don’t want to just automate everything,” Dewing said. “We keep that human element so that we don’t have to rely on knowing what threats are out there and writing rules to block them. We do that, but we also have people constantly looking for emerging threat indicators and anomalies in the data so that we can detect hidden and emerging threats — something that has historically only been available to governments and large enterprises.”
That’s how Rubica keeps up with the constantly changing landscape of cybercrime. The company has established a proactive — rather than reactive — model to detect problems long before they ever compromise anything that belongs to one of its clients.
When dedicated cybersecurity measures have been taken to protect individuals previously, they have been available exclusively to the very wealthy. Rubica, however, is modeled to be accessible to average consumers: Protection plans cost $39.99 per month for an individual and $49.99 per month for a family. The pivot toward a more affordable product underlines the importance of cybersecurity for all.
“People think, ‘I’m not rich. I’m not famous. I won’t be hacked,’” Jones said. “But you have digital property, and it’s increasingly becoming less about financial gain and more about digital gain for them. So, even some seemingly innocuous piece of your data that is stolen out of your computer is valuable on a secondary market. I think that’s an important piece of education that needs to happen: It’s not just about losing money — they’re going after other things that relate to your digital life.”
Cybercrime’s complexity has surpassed the tools used by average consumers. The point is not to scare people into using the service, Dewing said, but to give people the facts and let them decide where to go from there.
“We want to let people know what the safe apps are, what the unsafe apps are,” she said. “And if you are our customer, we are your on-call people for literally any question you have about cybersecurity, anything you need help with in the realm. We want to help people feel more empowered around this because there’s a lot that we can do as individuals to take back some control.”
And taking back that control will bring us one step closer to having security in our digital lives, which Jones believes to be a human right — and one that has too long been neglected.