Tuesday, November 15, 2011

Cyber Security Smackdown – Organized Crime vs. Agile Start-ups - VLAB

Great panel discussion put on by VLAB (MIT/Stanford Venture Lab) on November 15. The topic: Cyber Security Smackdown – Organized Crime vs. Agile Start-up. Part of the event description - Most organizations are unaware they have been hacked until it is too late. Just as the Mafia at the turn of 20th century changed the law enforcement landscape, black hat hacking has become a profitable, illegitimate business that harms individuals, companies, and national security. McAfee estimates that global cyber crime cost corporations and individuals over $1 trillion annually.

Some sound bites that came out of the discussion:

• IPv4 versus IPv6 – With respect to the “volume” of IP addresses that can theoretically be connected to the internet: Think of a golf ball versus the size of the sun.
• There are two kinds of companies when it comes to their preparedness for being hacked. Those who have been compromised and those that are still unaware of how vulnerable they are.
• Wells Fargo thought that one of the apps they had created for customers was just sitting out there until they hired one of the panelist’s companies. They then found that the app had been downloaded several million times. Kind of surprising that “someone” in the IT group didn’t realize this.
• Antivirus companies have been failing in protecting their customers. The solution(s) for protecting companies will not come from developers these companies.

Interestingly enough, Trend Micro Executive Eva Chen had a Q&A with CRN (www.crn.com) in March 2004. Chen stated in response to a question about security management, “The other thing we are thinking about is outbreak prevention. We always say we are in the antivirus business. But I was so frustrated that I called our CEO, Steve Chang, and said we've been lying to our customers for 10 years. We call ourselves antivirus, but we have never prevented a virus from hitting our customers'" http://www.crn.com/news/channel-programs/18841262/crn-interview-eva-chen-trend-micro.htm.
http://kensek.blogspot.com/2011/07/security-executives-say-every-security.html

• Companies need to look at any agreements they have with companies such as Microsoft, Amazon, etc. regarding security. In general, these sites have a statement regarding keeping your company protected: they aren't responsible for security lapses. But, they can hold your company responsible if they suffer damages because of the relationship.
• Question from the audience – “How can a company with a low budget stay protected?” Answer, “Try to maintain a very low profile.”
• Social engineering or gaining an entrée through an internal employee is how many cyber criminals get into a company.
• More than a few developers are good guys during the day and bad guys at night (colloquial restatement.

What does this mean with respect to security? Don't slash that budget. Look to some of the smaller companies. Read your agreements with the larger companies you are doing business with and may be relying on for protection.

Panelists for the discussion:

Jeffery Carr - Carr is the author of "Inside Cyber Warfare: Mapping the Cyber Underworld" (O'Reilly Media 2009). He is also the founder and CEO of Taia Global, Inc., a boutique security-consulting firm for Global 2000 companies.

Mike Eynon - Eynon is the Co-Founder, President of Silver Tail Systems, has substantial experience in building fraud detection and prevention tools for some of the highest traffic, and fraud targeted websites on the internet. Before co-founding Silver Tail Systems, Mike managed payment risk at PayPal, as well as fraud policy at eBay. www.silvertailsystems.com

Ali Golshan - Golshan is the Co-founder & Chief Architect at Cyphort. Golshan has over 12 years of experience in Security, Virtualization, and Data Mining using Probabilistic Pattern Matching. http://cyphort.com/ . Currently in stealth mode.

Marc Goodman -Marc Goodman is the Founder and Chairman of the Future Crimes Institute. Additional information is available at www.marcgoodman.net.

Jacques Benkoski - Benkoski joined US Venture Partners in 2005. Before joining USVP, Benkoski was President and CEO of Monterey Design Systems from 1999. Synopsys (SNPS) acquired the company in 2004.

About VLAB www.vlab.org

The MIT/Stanford Venture Lab (VLAB) is the San Francisco Bay Area chapter of the MIT Enterprise Forum, a non-profit organization dedicated to promoting the growth and success of high-tech entrepreneurial ventures by connecting ideas, technology and people.

No comments: