The Dutch Institute for Vulnerability Disclosure (DIVD), whose volunteers were instrumental in uncovering the scale of the Kaseya ransomware attack in the summer of 2021, has been given a $100,000 donation to fund its work by US-based Huntress Security, whose analysts and researchers also ran point during the early phases of the extensive REvil/Sodinokibi cyber attack.
Huntress, which itself raised a $40m Series B funding round in 2021, said it wanted to invest its cash haul in ways that would enable “different types of organisations to better secure and support the 99%”, referring to the small and medium-sized enterprises (SMEs) that make up the bulk of the global economy and are effectively unable to defend against cyber attacks, particularly those against third party suppliers and managed service providers (MSPs) such as Kaseya, over whose systems they have no influence.
In a blog post, the Huntress team said: “Real talk: the MSP vendor community needs to get its s*** together.
“Small and midsize businesses are depending on us to protect them from today’s determined cyber criminals and nation-state actors. But we’re not doing enough to help them.
“2021 was a year filled with high-profile attacks and vulnerability disclosures within the SMB and MSP communities,” said the team. “That’s because attackers know most small businesses struggle to defend themselves and that MSPs act as gatekeepers to dozens – if not hundreds – of SMEs.”
Moving into 2022, the Maryland-based firm said it wanted to destigmatise and celebrate those who were transparent about cyber incidents and share the work they do to strengthen their platforms; to help IT pros increase their cyber knowledge and awareness; and to establish incentives for MSPs and small business users to take time to test, break and fix their IT to uncover issues.
“To be clear: we’re not here to shame anybody,” said Huntress. “We’re here to acknowledge that unless we come together and hold ourselves to a higher standard, this problem is going to get worse before it gets better. And we’re holding ourselves to that higher standard, too.”
DIVD will put $50,000 of the money into supporting its future growth, hiring its first full-time staffers, research coordinator and head Lennart Oudshoorn, research head Victor Gevers, and director Chris van t Hof, while the remaining $50,000 will be used to fund a DIVD-led bug bounty programme, incentivising better vulnerability disclosure relating to MSP and SME IT tools.
DIVD also recently received the Digital Trust Center’s Cyber Resilience Reinforcement Grant for 2022-2024, and has just signed a collaboration agreement with the Dutch National Cyber Security Centre (NCSC), which will see it share data about the vulnerabilities its volunteers uncover.
Additionally, it has played a key role in setting up a new cyber hotline for Dutch organisations, set up an international computer security incident response team for cross-border cooperation, and later this year will launch a training camp for ethical hackers.