CHEQ Raises $150 Million, led by Tiger Global

Learn More

The People Fighting the Fake Web: Chen Yotvat

Chen is the Head of Operations at CHEQ. She joined our Fight Against the Fake Web back in 2021, after years of working at Salesforce Datorama.

Why did you join the fight against the fake web?

When choosing where to work, the decision goes beyond the job title and the financial compensation. When a company is moved by a purpose, the people working at it are driven by something bigger than themselves, and this makes the day-to-day more significant.

I believe in the importance of what we are doing at CHEQ, the impact it has on the internet, and in our leadership. I had the opportunity to work with Toby and Omri in my previous work experience, and that motivated me even more to join their fight.

How your role enables the fight against the fake web?

My role is to improve the day-to-day of every employee. I like to think I enable the daily work life of those who are fighting the fake web. Think about it: to work and collaborate, you need a working environment that will meet your needs. Not just at the traditional office, this is also true for your home office or for anywhere else you choose to work from.

So I help making it possible for employees not to worry about their daily needs, from the smallest thing – as if they have a good internet connection -, to every other operational detail that will improve their work quality.

How has your perception of the fake web changed since you joined CHEQ?

Beyond understanding what it is, I now see the impact it has on the industry and I feel the importance it has for each one of us working in the company.

What do you appreciate most about working at CHEQ?

Having fun! Meeting the other CHEQers and interacting with them on a daily basis, both work-related and “life related”.

It’s never been a better time to join one of the fastest-growing companies in SaaS, as we continue to Fight the Fake Web, building out the future of Go-to-Market security. See what our dear CHEQers have to say about our culture and work-life and take a look at our open positions.

Fighting the Fake Web means giving our customers the trust and transparency they need to accomplish their objectives in the digital world. This is not a one-person job – it belongs to everyone. As a company, each individual has a shared responsibility for security, and this mentality is crucial in increasing the confidence that both the clients and the industry have in us.

From building internal cyber awareness to enabling our product technology to be developed in a safe way, security must be part of every department and every employee’s routine. Having worked in private and public sectors, including for the Israeli military forces, I learned this to be the only way of having a trustworthy product, built around a high-security posture. 

In practical terms, there are several components that make this possible. Here are three that I find to be crucial:

1- Security as a development enabler

I know it might seem odd at first, as you may think that applying security measures can constrain the work of technological teams. But to be the leader of a category, the mentality must be the exact opposite: security must enable development, not block it.

From upgrading or downgrading features, to scanning and reviewing code to making sure we have a good UX, everything needs to be done according to a high-security standard, as each aspect of the product can have a security impact even from the point of view of how the customer interacts with our applications. Once every team understands that these standards provide the right guidance for developing a trustworthy product, then minimum impact and minimum-security risks for customers become something organic.

One good example is the CHEQ JavaScript tag. The tag, designed to be a seamless addition to websites, was only possible by having security as an enabler for all teams. At first, reaching no latency or discernible impact on the user experience and not blocking or delaying the rendering of the page, is something that could be understood as a UX solution only. But our teams knew that improving user experience was also crucial for our security posture. The tag must be bulletproof to attacks, and so does the platform serving it.

2- Being one step ahead

Just as with technology and product development, keeping a high-security posture is always a work in progress. That’s why while we secure Go-To-Market teams and their strategies, our eyes are constantly open to different security challenges that might come our way.

As these challenges evolve, we too need to develop our strategies to face them. That’s possible on two fronts.

One is being compliant with the most updated regulations, like SOC 2 and ISO 27001, GDPR, and others. As we continuously work on privacy and other sensitive security topics, employing industry-standard procedures and policies to ensure data safety and prevent unauthorized use of any information is key. That’s how we put a level of commitment to cybersecurity into practice that is crucial for building trust.

The other is constant monitoring. By having a pro-active security posture, instead of playing defense, we stay one step ahead of threats. Here lies the importance of having different monitoring platforms, which allow us to broadly monitor the web 24/7. As we gather information from different sources and investigate the darknet with our cyber research team, we can have a better picture of possible external issues, including actions by black hat hackers. 

3 – Awareness: responsibility starts with tying your shoelace in the morning

The third component is keeping a high cyber awareness level. Many people talk about cyber education, but that is only part of it. My belief is that awareness is 80% of cyber security efforts, as every organization is only as strong as it’s weakest link. Therefore, we are ensuring all the time that even our weakest links are as strong as they can be. 

Beyond learning about new threats and different ways of protecting ourselves, being aware means having cybersecurity as an integral part of our daily routines, just like tying your shoes in the morning.

That doesn’t mean that everyone needs to understand concepts like DNSSEC, OWASP, Forensics, what an XML bomb is, or an XSS. Still, it is crucial to provide relevant information for employees so they can stay safe wherever they are by explaining and performing exercises and tutorials on a regular basis.

At the end of the day, the aim is that no one will be a weak link or, at least, that even the weakest link at the company will have a high awareness level of daily security practices. Especially in a working-from-home environment, small practical actions like being vigilant while surfing the web or opening emails can keep the entire organization safe.

 ___

Orr Nir is the Global Director of Cybersecurity at CHEQ. A former white-hat hacker and reverser, forensics expert, and all-around security junky.

Leandro is a Senior Customer Success Team Leader at CHEQ. He joined our Fight Against the Fake Web back in 2019, after immigrating from Brazil to Israel.


Why did you join the fight against the fake web?

The Fake Web affects everyone, willing or not. With CHEQ, I’m able to add value to the industry, solving this serious problem. For me, it has always been important to work with a product that has a real, day-to-day impact on people’s lives and this is what I feel we are able to accomplish at CHEQ.

How your role enables the fight against the fake web?

I’m the bridge between the customers and the company. My team and I are always ready to support customers in whatever they might need and we are able to see the daily impact our product has on them, as well as how much value we can add, which is very rewarding. At the end of the day, it is only through them that we are able to fight this problem. 

How your perception of the fake web has changed since you joined CHEQ?

Back in Brazil, I had my own business and I felt the impact of the fake web directly on it. I remember seeing a big part of the clicks on my website not converting and my marketing campaigns being filled with fake users. But, at the time, I didn’t have the full picture, and I wondered if I was doing something wrong.

When I joined CHEQ, after moving to Israel,  I could actually understand the dimension of the problem. I started to see how billions are lost annually and how every industry is affected by the fake web. It was like “oh ok, the issue wasn’t me not knowing how to do marketing, I just had a big problem and didn’t fully understand it.” So yes, the perception definitely expanded.

What do you appreciate most about working at CHEQ?

CHEQ’s workspace is the type of office you say “Wow” every time you arrive there, in addition, it has the most modern equipment available on the market and a jaw-dropping decoration. But the biggest plus is the horizontal hierarchy, all teams and all positions communicate with each other, and you don’t feel tied to your desk… there are opportunities for collaboration in any corner of the office.

The view is an add-on that doesn’t exist anywhere in the world, overlooking the Tel Aviv sea while working is a true privilege.


It’s never been a better time to join one of the fastest-growing companies in SaaS, as we continue to Fight the Fake Web, building out the future of Go-to-Market security. See what our dear CHEQers have to say about our culture and work-life and take a look at our open positions.

Our guest today is Adi Pinko Rubinstein. She is a Security Sales Consultant at CHEQ. Adi joined our Fight against the Fake Web back in August. Previously, she was a Director of Corporate Sales at GKI Group

Why did you join the fight against the Fake Web?

On a personal level, I always liked to work at purpose-driven companies, companies that do something that matters and have an impact. With CHEQ, I know I am making a positive change in an important industry, helping companies to be secure against a crucial problem on the internet.

How your role enables the fight against the fake web?

My role helps companies to understand the impact the Fake Web has on them. Some people ask themselves, “why would I be a target?”. What we show them is that the threats of the Fake Web are not always represented by malicious actors. Fake Traffic represents almost 40% of all internet traffic and not all of it is made by malicious users, but they still affect your Go-To-Market strategies, be it a bot, a fake user, or a non-malicious automation tool.

How has your perception of the fake web changed since you joined CHEQ?

Before joining CHEQ I was on the other side. I was in the online industry for 12 years and I felt the pain of fake traffic in my day-to-day. Now, I understand the solution to that pain. I know fake traffic is a problem that everyone has because everyone is affected in some way or another by the Fake Web. I always say I only wish I knew CHEQ during my previous roles.

What do you appreciate most about working at CHEQ?

On a personal level, I enjoy working surrounded by great people that really feel like a family, especially being in a great office with all the treats =). The leadership too, I feel there is a real focus on the human side, in understanding the different needs of every team and in appreciating our efforts.

On a professional level, I believe that our product is really changing the way Go-To-Market teams work and I see the impact we have on our clients.

__

It’s never been a better time to join one of the fastest-growing companies in SaaS, as we continue to Fight the Fake Web, building out the future of Go-to-Market security. See what our dear CHEQers have to say about our culture and work-life and take a look at our open positions.

WordPress is an open-source platform that was used mostly for blogging when it started and developed into a complete web solution with time. Nowadays, it is the world’s most popular content management system, powering over 43% of all the websites on the internet. 

There are over 60 million people using WordPress, from websites for small local businesses to famous blogs, news outlets, music sites, etc. One of the reasons behind such popularity is the ease of use.

Creating a WordPress website is different from the process developers go through to create static websites – all the underlying code to a website is accessible. This is the reason WordPress attracted developers to create plugins, themes, and other functionalities aimed for the end-user. At the same time, some of these plugins can lead to increased security risks. 

Additionally, because of WordPress’s massive popularity, it can be hard to control every individual cyber attack that occurs on the platform. Just in 2020 over 2,800 attacks per second targeted WordPress sites.

Even though there are default security mechanisms that protect the platform, constant changes that end-users make by installing various plugins and themes to their WordPress sites create a lot of space for exploitation by hackers.

Cyber attacks have many negative drawbacks, from threatening the security of your visitors, damaging the SEO ranking and the reputation you’ve been trying to build with your website, to taking a lot of energy and resources to repair the damage caused.

In order to protect your website and yourself, you should get familiar with the most common WordPress issues and learn how to avoid and fix them to stay secure.

Brute force attack

Brute force attack is a trial-and-error approach to guess login information, identify encryption keys, etc. Usually, powerful algorithms stand behind this, going through all possible combinations of characters, in order to guess the correct combination. This is an old hacking technique that can take a long time – from a few seconds to many years. It usually depends on the complexity of the information hackers are trying to breach. 

WordPress sites don’t block users who try to log in multiple times. This is why brute force attacks are a popular hacking technique for them. The end result – bots attempting to log in with thousands of combinations per second.

How to prevent Brute Force Attacks?

The solution for brute force attacks is simple – create a strong password. This means that your password should contain numbers, special characters, uppercase letters, and lowercase letters and be long and complex. On top of that, add Two Factor Authentication so you can authenticate the users logging into your site twice. 

SQL injection

Another old hacking trick is SQL injection. Here, hackers inject SQL queries that interfere with or completely destroy a database that a website is using. After the attack happens, the MySQL database can be manipulated, and hackers can steal your WordPress credentials. 

How to prevent SQL Injection?

There are plugins specifically designed for identifying SQL Injections. For example – WPScan or Sucuri Site Check are great tools you can use. Besides that, you should update your WordPress and the related plugins or themes you think could be linked to this problem. You can check past SQL injection attacks to see which plugins are the ones you should pay the most attention to.

Malware

Malware ( malicious software) is code that is injected into a WordPress website in order to gain sensitive data from it. Malware usually reaches your website via themes and infected plugins. If not handled on time, it can lead to serious damages. You might even have to reinstall the whole webpage in case malware affects its core. 

There are many types of Malware, but the most common ones are:

  • Malicious redirects
  • Backdoors
  • Drive-by downloads
  • Pharma hacks

How to prevent Malware?

Malware can sometimes be easily identified, and you can clean it up by manually removing malicious files. You can also install an updated version of WordPress or restore the previous version of your website that didn’t contain the malware.  However, many times, bots and fake users are nearly impossible for the untrained eye to detect. Since the Fake Web is so prevalent today, it is wise to scan your website with a tool like CHEQ Paradome to reveal just how much these users are impacting you. 

Cross-Site Scripting (XSS)

Cross-Site Scripting is a type of attack that works by manipulating a vulnerable WordPress website to return malicious JavaScript to users. The code returned is used to collect data from the website and redirect it to other malicious sites. 

XSS vulnerabilities are widespread and are one of the most frequently occurring web security vulnerabilities.

How to fix Cross-Site Scripting?

To avoid Cross-Site Scripting, you should keep your software updated, use a powerful web application firewall (WAF), validate and sanitize user data, and add a content security policy to your header. Additionally, go-to-market security solutions can scan for these types of threats as well. 

DDoS Attack

Distributed Denial of Service (DDoS) is a malicious attempt to disrupt the traffic of a server, service, or network by burdening the surrounding infrastructure with large volumes of traffic. Multiple compromised computers and devices are used to send or request data from a WordPress hosting server. 

Their purpose is to slow down and eventually crash the targeted server, making the website inaccessible to users.

How to prevent DDoS Attacks?

DDoS are difficult to deal with since they are hard to identify. WordPress websites are especially vulnerable to them since they are publicly accessible. Big websites can take care of this by creating a strong security system that keeps them safe from all the malicious attacks. Smaller ones, on the other hand, tend to neglect this aspect and this makes them prone to DDoS.

In order to protect from DDoS attacks, make sure to get a good WordPress backup solution to enable data protection and secure file transfers. This is how you will keep your website information protected in case an attack crashes your website. You should also disable the rest API for your website. This is an option that is turned on by default for WordPress sites that gives access to third-party apps for your website, and makes it more vulnerable to attacks. You can easily disable rest API without any technical knowledge with a Disable REST API plugin.

Besides that, there are cloud-based anti-DDoS security solutions that can give you extra server security. They will inform you of any suspicious activities before damages to your website occur.

To conclude

The nature of WordPress websites makes them vulnerable to many security threats. In order to stay protected from hacker attacks, you should make regular updates to your website, install security plugins and stay on track with the ever-evolving hacker attacks. Make sure that the tools and plugins you are using are secure: from a good firewall and malware scanner to a safe QR code generator.

Staying informed about cybersecurity threats is one of the best ways to be a step ahead of the dangers. Evaluate a plugin’s reliability and monitor known vulnerabilities as they are announced, and you will increase the chances of protecting your website.

Regardless of your effort in securing your website, security threats will keep happening. When they occur, you should focus on detecting the problem as soon as possible to avoid damage to your visitors and the loss of confidential website data and resources.

About the author 

Dmitriy Maschenko is the head of a division and a Board member at PSD2HTML, a company that offers top-notch web and mobile development services to all kinds of clients, from S&M businesses to agencies and governmental bodies. Dmitriy went all the way from a developer trainee position up to where he is now. With 12+ years of experience in the IT industry under his belt, Dmitriy has a wealth of knowledge to share with his readers. He writes on topics related to business management, website & app development, and everything in between.

Headshot

LinkedIn: https://www.linkedin.com/in/dmitry-maschenko-b0985057/

Every week, we will share with you a bit about the people that make our fight possible. This is Alon Peremulter.

Alon is a Senior DevOps Engineer at CHEQ.
He joined our Fight Against the Fake Web back in September. Before, he worked in companies like mPrest, Otonomo, and Outbrain.

Why did you join the fight against the Fake Web?

For me, it is important to be in a company that has a purpose. In the end, we all want to be on the right side of history. The Fake Web is a pain for everyone and is a big problem on the internet. So joining CHEQ was very important for me, as I know the impact our product has in this fight.

How your role enables the fight against the fake web?

I run the machine behind the scenes, I run the product that enables companies to fight the fake web. At CHEQ, what makes my role different, is how much I am connected with every team and the cooperation we have towards our ultimate goal.

How has your perception of the fake web changed since you joined CHEQ?

It was when I started working at CHEQ that I deeply understood the magnitude and the impact that the Fake Web has on the internet. Most importantly, I understood how it is possible to fight against it.
__

It’s never been a better time to join one of the fastest-growing companies in SaaS, as we continue to Fight the Fake Web, building out the future of Go-to-Market security. See what our dear CHEQers have to say about our culture and work-life and take a look at our open positions.