David Blumberg, Founder and Managing Partner at Blumberg Capital, takes a look at the seven deadly sins of cyber security.
Those of us involved professionally with cyber security know that the underbelly of the Internet is a treacherous and ever-shifting domain where menacing actors motivated by the most basic human vices threaten us all. It is critical for enterprises and governmental organizations to anticipate threats so they can protect their networks and shareholders from those who’ve surrendered to the seven deadly internet security sins.
This is often considered the source of all the other sins. Pride certainly motivated the first hackers. These were computer nerds who wrote viruses and hacked into sites that were previously believed to be impenetrable, simply to demonstrate that they could. There are, no doubt, hackers still motivated by pride, but as the Internet attracts new breeds of criminals motivated by other sins, pride is very much becoming a sin of those who believe their systems all already secure and/or that they can outwit and thwart attackers. But security is a classic arms race, and the only way to stay ahead of bad actors is to always assume your organization is behind. That’s where security scanning for more than 75,000 vulnerabilities can come in handy.
Greed motivates almost all online criminal activity. From online payment fraud to stolen credit cards to identity theft and personal healthcare information scams, fraudsters are coming after customer data, whether network security systems are ready or not. One key defense is Know Your Customer (KYC) management. Internet identity bureaus or verification services confirm individual identities through knowledge-based authentication questions or by matching their profiles to public and private databases. They are critical for any company that needs to instantly know customer or potential customer identity in order to minimize the risk of fraud and adhere to regulatory compliance regimes.
In the past few years, we’ve witnessed the emergence of a frightening new frontier in cyber security. What was once the domain of nuisance hackers and then later greedy criminals, has increasingly become a target for highly sophisticated actors. These thieves are tied to terrorist groups or affiliated with enemy governments. Our vehicles, homes, workplaces and infrastructure systems become increasingly connected to the Internet. This opens us up to new vulnerabilities. To protect our organizations and society, we must adopt cyber-security defense solutions. They will help protect connected systems – specifically mission-critical systems.
Too many organizations assume their current security tools are sufficient to keep them safe. Can you believe some still think that SSL certificates keep hackers off their sites? These guys are just plain lazy – unconcerned with making any effort to improve their level of security. Unfortunately, the truth is many of the currently deployed anti-virus/anti-malware systems are like castle fortress walls made of Swiss cheese – nearly useless. The bad guys are growing increasingly aggressive, sophisticated, costly and dangerous. Coming to the rescue are a handful of companies. They are developing algorithms that can detect and stop “first seen” threats from these new vectors.
There’s a lot of it on the Internet. By some accounts, there are more than 7 million pornography websites worldwide according to analytics firm Alexa. Advertisers want nothing to do with these sites, but unscrupulous actors might not care quite so much. Industry experts report that more than 30% of display advertising was not shown where it was intended to be placed. Some insiders say 15% of online ads appear on pornography or gambling websites harm the brand’s reputation. Up to 40% of video traffic is driven by bots. Tens of billions of dollars out of the $135 billion in global Internet advertising revenue in 2014, was spent on ads placed in undesired websites. With sophisticated fraudsters and suspect websites gaming the system, advertisers need to protect their reputation. But doing so is a difficult task – specifically because of lust.
The first order of business for any Chief Information Security Officer (CISO) is to keep outsiders out. Advances in password protection and biometric identification have enhanced security, but these systems are not foolproof. Good defense also requires internal real-time and ex-post monitoring systems to ensure that even credentialed insiders do not abuse their privileges. A growing tactic is pattern recognition: the average guest at a dinner party won’t get noticed, but the person who puts 17 drumsticks on his plate will raise a few eyebrows. A new breed of cyber security companies is tapping behavior analytics to detect when someone has commandeered an employee account, or worse when an employee has gone rogue. This is the last line of defense and no company should be without it.
View the original article here.