CryptoMill Cybersecurity Solutions

Toronto, Canada
Nandini Jolly, President & CEO
Which of the following best describes your company?
Small- or medium-sized company

Type of company (check all applicable)
  • Software

If other, please specify

Area of Specialization
  • Cybersecurity

If other, please specify

Do you have a need for / interest in hiring a coop/intern student?
Not at this time

Describe your company's current technology and solutions
Currently, our focus is on our Circles of Trust Ecosystem which consists of Circles of Trust, BLAZE, and Circles Orchestrated Discussion Arena (CODA). Outside of our Circles of Trust ecosystem we have ‘SeaHawk', an endpoint security solution that protects information from being lost or stolen using encryption. It can be applied to your computers, hard disk, as well as removable media such as USB disks.

Circles of Trust is a distributed client/server software solution that uses encryption to protect sensitive data. The solution is based on patented technologies, which cryptographically bind data to a dynamic group of users/devices/processes, greatly reduce latency involved with key-lookups, and enable secure access while offline. The innovation empowers an organization to create groups, or “Circles”, to secure data both within and outside the organization. Circles protect data-at-rest, in-use and in-motion, when sharing and collaborating. Application-independent, Cross-Platform support, Transparent Access achieves a seamless user workflow.

Access is dynamic and can be revoked any time, even if the recipient has downloaded the data. Circles can be defined by users, existing organizational structure, or through automation via a rich set of REST APIs. With a much smaller infrastructural and economic footprint, Circles offers disruptive security to address today's evolving cyber-threats.

We create an impenetrable Circle around groups authorized to work with sensitive assets. Division of administrative roles eliminates internal rogue activity. Only designated members can access protected data. Organizations can revoke access to data anytime. There is no organization-wide master key. There are no built-in back doors. Only the organization running Circles will have access to its data. Our key management allows security to be operational in offline mode

Circles is a lightweight security overlay that can run over any existing business processes.
*supports all file formats
*encryption follows the data
*facilitates secure sharing & collaboration via emails / mobile devices /cloud (any cloud) / web
*activities regarding Circles are logged
*protection provides a critical balance between security & usability independent of existing business process & file sharing workflow
*protects against hacker attacks, prevents bulk theft by rogue insiders

Circles of Trust is the foundation of our ecosystem. Since the outbreak of COVID-19 has caused us to expand our ecosystem hence our BLAZE and CODA solutions.

BLAZE is a security toolset to protect sensitive data from being accessed by hackers. Blaze ensures data at rest protection and secure sharing & collaboration of all data pertaining to government & healthcare efforts towards a vaccine, national defense, and relating to protecting Canada's critical infrastructure. A no-install application with SaaS hosting options for quick and easy deployment, Blaze is a critical COVID-19 security tool.

Circles Orchestrated Discussion Arena (CODA) platform provides secure virtual chat rooms to collaborate with built-in security. The platform encrypts files and messages ensuring full life cycle data protection.COVID-19's effect on work has created an unprecedented challenge for security staff. Departments are scrambling to enable collaboration apps, but without proper security, they are at a big risk. Collaboration apps provide a rich repository for data that hackers consider to be a jackpot.

Are you aware of any current government challenges or opportunities that would be addressed by using your technology solution? Or a future need you can identify?
The Cyber Centre assesses that the COVID-19 pandemic presents an elevated level of risk to the cybersecurity of Canadian health organizations involved in the national response to the pandemic. The Cyber Centre, therefore, recommends that these organizations remain vigilant and take the time to ensure that they are engaged in cyber defense best practices, including increased monitoring of network logs, reminding employees to practice phishing awareness and ensuring that servers and critical systems are patched for all known security vulnerabilities.

While this alert highlights risks to the medical and health communities in Canada during the COVID-19 crisis, the advice and guidance also apply to other Canadian businesses, particularly those with employees teleworking through VPNs. Suggested mitigations and best practices are outlined below.
Cybercriminals may take advantage of the COVID-19 pandemic, using the increased pressure being placed on Canadian health organizations to extract ransom payments or mask other compromises.

Sophisticated Threat Actors
---------------------------
Sophisticated threat actors may choose to target Canadian organizations involved in supporting Canada's response to the pandemic including organizations within the medical research community. These actors may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis or to steal ongoing key research towards a vaccine or other medical remedies, or other topics of interest to the threat actor. Organizations should exercise increased monitoring in order to detect attempted compromises by sophisticated threat actors. Attempts to compromise an organization by a sophisticated threat actor may leverage social engineering, spear-phishing campaigns, critical vulnerabilities, compromised credentials, or a combination of these and other threat vectors. (Through CODA we can help researchers and Canadian organizations supporting Canada's response to share information securely)

Ransomware
----------
The impact of a ransomware incident on Canadian organizations involved in supporting Canada's response to the COVID-19 pandemic could be more severe during the current pandemic than if it were to occur in a non-crisis environment. It is therefore recommended that organizations take extra care in identifying, as early as possible, vulnerabilities, and possible compromises that may lead to ransomware being deployed. The Cyber Centre strongly advises that all organizations become familiar with and practice their business continuity plans, including restoring files from back-ups and moving key business elements to a back-up infrastructure. (We can help Canadian organizations involved in supporting Canada's response from extortion after ransomware attack as the data is already encrypted.)

Critical Vulnerabilities
------------------------
The Cyber Centre assesses that vulnerabilities related to telework are of particular concern during the current pandemic. As organizations rush to make more infrastructure available to remote users, configuration errors may be made and unpatched software may be deployed. Multiple critical vulnerabilities have been identified in VPN devices over the past year, and multiple successful exploitations in the past have led the Cyber Centre to assess that they are likely to be leveraged for renewed compromise attempts over the short term. Recently disclosed vulnerabilities in Microsoft Windows and Linux operating systems, particularly those affecting remote desktop usage and certificate authentication, are also likely to be targeted.( Even though VPN might be compromised or any of the cyber defence mechanism of an organization fails, the organization would still be having their unstructured data safe as it is encrypted by our Circles of Trust security software suite.)
https://cyber.gc.ca/en/alerts/cyber-threats-canadian-health-organizations

As the COVID crisis continues, please describe specific opportunities where your technology might support Canadian needs / government needs
Our Circles of Trust Ecosystem is agile and comprised of solutions that can help small, medium, and enterprise businesses in allowing employees to work from home in a secure manner. BLAZE and CODA were developed to accommodate the 'new normal' we live in as a result of a COVID-19.
The Communications Security Establishment (CSE) warns Canada's COVID-19 researchers that hackers may "steal ongoing key research toward a vaccine". Our ecosystem protects the government, healthcare, defence, and commercial-sensitive information by using a unique model based on "Circles", which restricts access on a need-to-know basis (enforced using encryption). Security travels with the data, and assets stay protected on endpoints (mobile devices and in the cloud); thus, ensuring shared data stays protected anywhere, everywhere.

Do you have any final reflections or comments?
CryptoMill's fundamental belief is that security is like freedom, everyone should have it.