Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Criminal hackers prove limitlessly inventive

Dave Barton, Websense

9-September-2015 “There is no such thing as foolproof, because fools are endlessly inventive.” – author unknown and thanked.

As much as honest folks dislike the behavior of criminal hackers, sometimes we have to admire their ingenuity.

Stealing press releases early is insider trading from the outside. Using laundered money to trade on pre-release information – it’s an elegant approach to doing bad things.

“We didn’t expect to see press releases taken prior to release and stocks being bought and sold around that information,” said Dave Barton, CISO Websense. “Although not new in capability, method or technology, it’s new that it’s brought $30 million in trading return over five years. It’s the first time we’ve seen a monetary reward for an attack on data that isn’t initially valuable to bad guys.” 

Of course bureaucratic exaggeration and self-aggrandizement grew that $30 million into $100 million, similarly to how police always multiply by 10 the imaginary street value of drugs they confiscate.

Regardless of the claimed dollar amount, Barton doesn’t believe this is unique to any industry or vertical. There is a shortage of qualified technical folks to help companies make the right decisions about with whom to share their data.

“If we had more workers with security knowledge, they might have asked the right questions,” he said. “Perhaps the data was unencrypted. Had due diligence been done, maybe the bad guys in this case wouldn’t have been able to use the information for five years. Similar to a third party questionnaire you’d send a partner.”

For example…
•    Do you have a security policy in place?
•    Is your policy communicated to your user base?
•    Do you have an incident response plan in place?
•    Are you leveraging best of breed technology internally?
•    Are your data encrypted?
•    Do you have intrusion protection and detection?”

It’s mandatory to ensure everyone with access is protecting our data. Legal people don’t always understand security implications.

“Part of our duty is to educate our partners,” Barton said. “We have to build teeth into contracts. Hold our third parties accountable. And we must verify – confirm you’re doing these things. If you have ISO, that’s a great place to start, because it tells me there’s some security to your program.”

As a customer it’s incumbent on you to ask the right questions. Even the data that may be sensitive but seems innocuous, has the potential to cost companies millions and millions of dollars.

The news wire attack appears to have ties to organized crime. And Barton is certain about one thing: The next one is going to surprise us as much as this one did.

For example, as we move to the Internet of Things, some claim there will be 50 billion connected devices in the near future. Why does your refrigerator need Twitter updates?

“These manufacturers don’t understand security,” said Barton. “What about cars and aircraft – why put your control systems on the same links as your untrusted user WiFi?

“Front door locks are WiFi connected. I can unlock the front door, turn the lights on, and there aren’t enough security people to prevent that from happening. WiFi security systems will be more pervasive, so you’ve got more targets to crack. From that perspective it’s important to make sure we’re doing the right things to protect the data.”