#alternate TechCrunch » Feed TechCrunch » Comments Feed TechCrunch »
Surely, Cybersecurity Must Have Your Attention Now Comments Feed Amazon
Again Tries To Unload Its Fire Phones, Dropping Price To $189 Off
Contract, Including Prime AT&T Announces Rollover Data Plan, Starting
On January 25 alternate alternate TechCrunch WordPress.com
Menu TechCrunch Search
* Follow Us
* Facebook
* Instagram
* Twitter
* Youtube
* Flipboard
* LinkedIn
* Google+
* RSS
* More
+ Youtube
+ Flipboard
+ LinkedIn
+ Google+
+ RSS
Got a tip? Let us know.
* News
+ Channels
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
All Topics All Galleries
Video
Shows
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* Gadgets
* Interviews
* Reviews
* TC Cribs
* TC Features
All Shows
All Videos
Events
* TechCrunch Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* News About
* CES
All Events
CrunchBase
* Trending
* Apple
* Google
* Samsung
* News
* Startups
* Mobile
* Gadgets
* Enterprise
* Social
* Europe
Search TechCrunch
Search TechCrunch ____________________ (BUTTON) Search (BUTTON) Search
9th Annual CrunchiesFind Out Who Will Win The Crunchie For Best Mobile
App - Citymapper, Messenger, Periscope, Robinhood or Wish Get Your
Tickets Today
Enterprise
* FiveStars Gets $50M To Help Small Retailers Run Loyalty Programs
Like Their Bigger Rivals
FiveStars Gets $50M To Help Small Retailers Run Loyalty Programs Like Their
Bigger Rivals
* Iterate’s New Platform Helps Corporations Find The Best Tech
From Startups
Iterate’s New Platform Helps Corporations Find The Best Tech From Startups
* IBM Confirms Acquisition Of UStream, Forms New Cloud Video Unit
IBM Confirms Acquisition Of UStream, Forms New Cloud Video Unit
*
Browse more...
cybersecurity
* Why Cloud Computing Will Shake Up Security
Why Cloud Computing Will Shake Up Security
* Cockroaches Versus Unicorns: The Golden Age Of
Cybersecurity Startups
Cockroaches Versus Unicorns: The Golden Age Of Cybersecurity Startups
* Where Are All The Women In White Hats?
Where Are All The Women In White Hats?
*
Browse more...
Surely, Cybersecurity Must Have Your Attention Now
Posted Jan 7, 2015 by Ron Miller (@ron_miller)
* 0
SHARES
*
*
*
*
*
*
*
*
*
Next Story
Amazon Again Tries To Unload Its Fire Phones, Dropping Price To $189 Off
Contract, Including Prime
[canstockphoto6886684.jpg?w=738]
As 2014 came to a close, we got a front row seat to the horror show
that was the Sony hack.
As if we needed a case study to show us, we saw, with vivid clarity,
what can happen when hackers run amok inside servers and start sharing
confidential business content with the world — and we learned it gets
ugly in a hurry.
We’re less than a week into the new year and already we’ve seen a
major Bitcoin attack. You know that it’s only a matter of time before
we hear about the next catastrophic system assault. It’s a bit like
cybersecurity roulette. We keep spinning the wheel to find out who the
next victim is.
The question is, why are we still so vulnerable, and why is the
industry not banding together to solve this once and for all?
Security matters to everyone from governments to finance to private
sector companies of all sorts. Nobody wants to be the next JP Morgan,
Home Depot or Sony. Yet everybody seems equally vulnerable. That’s why
we must work together and put the best minds to bear on the problem to
figure this out. The trouble is these are dreadfully difficult problems
or we would have solved them by now.
If Security Were Easy, We Wouldn’t Be Having This Discussion
David Cowan, a partner with the venture capital firm Bessemer Ventures
has been working with security companies since the 1990s and says the
problem for most organizations is that they’re just not in the security
business. “Sony has a technology business, but they are not Google or
Amazon. They make movies and they hire people who are great at making
movies. That’s what they think about. They don’t think about data,
trust and security,” Cowan told me.
Andre Durand, CEO at Ping Identity says another aspect of the problem
is that the security industry as a whole tends to be reactive, rather
than proactive.
“An attack happens, and they plug it. They don’t invest proactively to
stop a class of threats in a fundamental manner. It’s not like they
don’t try to aggregate threats and think ahead, they do, but by and
large, they respond like an immune system. Nothing happens until a
virus comes in and they address it,” he explained.
Sony has a technology business, but they are not Google or Amazon.
They make movies and they hire people who are great at making
movies. That’s what they think about. They don’t think about data,
trust and security
— David Cowan
Cowan points out that there is a basic security disconnect in most
enterprises, and given the number of highly publicized incidents, he
says, we might finally be reaching the point where organizations have
to take this more seriously.
“Up until this year, most businesses and people had the attitude that
cyber-crime and warfare were things that happened to other people.
Everyone had the idea, ‘I’m not that interesting. Nobody wants to read
my email.'” Cowan says people realize now that just about anyone can be
interesting, and if a nation-state or organized hacking collective is
hell bent on getting into your servers, there’s not a lot you can do
about it.
“I can assure you if Russia or China, or the US or Israel, or North
Korea or Iran — if one of those players wants information, [they] will
get it,” Cowan told me.
Sharing Is Caring
Against that cheery backdrop, governments, companies and individuals
alike must face the grim reality they are always vulnerable and there
is always some element of risk, unless they plan on shutting down the
internet. And even if they did, let’s not forget that Edward Snowden
didn’t perform some elaborate hack. He simply walked out the building
with some incriminating files on a thumb drive.
That’s why this isn’t FUD as some might suggest, it’s just the stark
reality of computing in the modern age. Cowan says that’s why after
each breach, we desperately look for a simple answer so we can feel
better about our own situation, but he says there just aren’t any easy
answers.
“If it’s because so and so didn’t patch their system, now we know how
they got in. Now we aren’t vulnerable. People are desperate to feel in
control,” he explained. But he says, security is a complex set of
problems and there is no one answer to solve it.
He likens it to a border fence, that’s just riddled with holes. “Some
criminal gets in, and we found the hole and we closed it, and we have
cameras and armed guards pointed at it. Now we feel safe,” he said.
Unfortunately, when we pull back, we see it’s a much bigger predicament
than it would first appear. “The trouble is the fence is thousands of
miles long, and focusing on one hole is missing the point. Whatever
vulnerability we found is just one of many.” And the same goes for our
systems.
One way to begin to gain control is working together, to see security
as a collective problem and not an individual one, while putting the
power of modern technology to work on it.
Steve Herrod, who is managing director at General Catalyst Partners
and the former CTO and SVP of R&D at VMware, wrote a post on TechCrunch
this past weekend in which he suggested that sharing security data both
internally and externally could be the key to gaining some semblance of
control over the problem. Companies have been reluctant to share data
to this point because they see their security information as
proprietary, but as Herrod pointed out, this is a wrong-headed view.
“By sharing data and applying the latest in big data analysis —
which has a very real application in the security industry —
companies are realizing the power in numbers. Holding off organized
crime and malicious nation-states is a daunting task for any
individual company, but the odds look much better as like-minded
companies band together for their collective defense,” Herrod wrote.
Hugh Njemanze, CEO at ThreatStream, a cybersecurity company (which gets
funding from General Catalyst) agrees, saying there is safety in the
herd. “When the first organization gets attacked, the rest can be
informed and defend themselves,” he explained.
Another approach, one that Google and other companies have taken, is to
offer rewards for people who find vulnerabilities in their products.
Once they know the hole is there, they can take steps to close the
holes before a hacker can exploit them. HD Moore, chief security
officer at Rapid7, a security vendor, says this could be a good
investment for these companies.
A couple of startups have launched in recent years to help companies
create their own bug bounty programs including HackerOne and Synack.
These platforms use reward systems to encourage users to find bugs in
their programs, putting this type of system within reach of every
company, not just the big ones like Google, Yahoo! and Facebook.
“Service providers like Yahoo, Google and Dropbox are offering bounties
for vulnerabilities because it’s a better deal for them. Paying a
thousand dollars to find [an exploit] is money well spent,”
Moore explained. As he says, it won’t draw security professionals for
that kind of cash, but it will get people involved from economic areas
where folks have these skills and the money means more to them.
Making Security Part Of The Plumbing
Helping one another find security vulnerabilities and sharing
information is all well and good, but the best approach might be to
make our devices and software more secure from the git-go. Cowan says
we need to think about this at the programming level, but in most
cases, programmers aren’t security experts.
“One of the important changes is to build security into application
development itself. Programmers don’t understand encrypted files,
access rights or multi-factor identification. Most people don’t know
how to do these things,” he told me.
“We’ve been riding the tech wave and it’s time we paid for a life
vest… We have to increase budgets in our business for security and
have people who think about it so that trust is part of what we do
for employees, customers and investors.”
— David Cowan
He added, “Fortunately there is a new class of security company
focusing on app developers providing APIs to embed these kinds of
[functionalities] into applications.” He offers Stripe as an example,
which gives developers access to an API that allows them to add a
security layer for credit card payments without a lot of heavy
lifting.
Despite the doom and gloom, not everyone is so pessimistic about
security. ThreatStream’s Njemanze says it’s an ongoing battle, and in
spite of the high profile hacks, he says we are doing better than you
think.
“It’s all about whether you look at the glass as half full or half
empty. It’s an arms race between us and the bad guys. If it weren’t for
[security tools like ours], the Internet would have ceased to function
long ago. It looks like we are not winning and yet we still exist,” he
says.
That’s true, but the situation remains tenuous for many companies. As
Cowan says, if someone is determined to get at your data, chances are
they’ll find a way to do it. That means we have to be all the more
vigilant as an industry and find ways to defend ourselves because the
technology and the security are not necessarily in sync.
“We’ve been riding the tech wave and it’s time we paid for a life
vest,” Cowan said. “We have to increase budgets in our business
for security and have people who think about it so that trust is part
of what we do for employees, customers and investors.” Hard to argue
with that.
Featured Image: CanStockPhoto (c)
* 0
SHARES
* 0
Share
* 0
Tweet
* 0
Share
* 0
* 0
* 0
*
*
Advertisement
Advertisement
TechCrunch Newsletters
[ ] TechCrunch Daily Our top headlines Delivered daily
[ ] TC Week-in-Review Top stories of the week Delivered weekly
[ ] CrunchBase Daily The latest startup funding announcements Delivered
daily
[ ] TC Europe The top European tech stories Delivered weekly
[ ] TC Gadgets Top stories about gadgets Delivered weekly
[ ] TC Mobile & Apps Top stories about apps Delivered weekly
[ ] TC Startups Top stories about startups Delivered weekly
[ ] TC Social Media Top stories about social Delivered weekly
[ ] TC Asia The top Asian tech stories Delivered weekly
[ ] Crunch Network The best from our contributors Delivered weekly
View More
Enter Address ____________________ (BUTTON) Subscribe
Latest Crunch Report
* Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch
Report
Facebook Sports Stadium Wants to Be Your New Sports Hub | Crunch Report
Watch More Episodes
* cybersecurity
* Enterprise
* Popular Posts
Featured Stories
* Surely, Cybersecurity Must Have Your Attention Now
Don Baer On Politician's Approach To Technology
VIDEO | 12:03 | Breaking News
* Werner Herzog On His Documentary Lo And Behold, Cockroach Movies
And Moving To Mars
Werner Herzog On His Documentary Lo And Behold, Cockroach Movies And Moving
To Mars
1 hour ago | Matthew Panzarino
* Get Ready For A Smaller iPhone 6s Mini
Get Ready For A Smaller iPhone 6s Mini
4 hours ago | Romain Dillet
* Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago | Sarah Perez
* Forthcoming Samsung Galaxy S7 Benchmarks Leak
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago | Natasha Lomas
Latest From Enterprise
* FiveStars Gets $50M To Help Small Retailers Run Loyalty Programs
Like Their Bigger Rivals
FiveStars Gets $50M To Help Small Retailers Run Loyalty Programs Like Their
Bigger Rivals
8 hours ago | Ingrid Lunden
* Iterate’s New Platform Helps Corporations Find The Best Tech
From Startups
Iterate’s New Platform Helps Corporations Find The Best Tech From Startups
10 hours ago | Catherine Shu
* IBM Confirms Acquisition Of UStream, Forms New Cloud Video Unit
IBM Confirms Acquisition Of UStream, Forms New Cloud Video Unit
yesterday | Ron Miller
* Enterprise Mobile Software Company Nubo Raises $7M Series A
Enterprise Mobile Software Company Nubo Raises $7M Series A
yesterday | Catherine Shu
Up Next
Amazon Again Tries To Unload Its Fire Phones, Dropping Price To $189 Off
Contract, Including Prime
Posted Jan 7, 2015
CrunchBoard
Job Listings
*
Principal Analyst - Marketing Technology
CarMax
*
Architect - Enterprise Information
CarMax
*
Senior Software Developer - Web Development
CarMax
*
Online Systems Platform Manager
CarMax
*
Team Manager- CRM
CarMax
More from CrunchBoard
Advertisement
TechCrunch
[crunch-network.jpg]
* News
* TCTV
* Events
* CrunchBase
About
* Staff
* Contact Us
* Advertise With Us
* Send Us A Tip
International
* China
* Europe
* Japan
Follow TechCrunch
* Facebook
* Twitter
* Google+
* LinkedIn
* Youtube
* Pinterest
* Tumblr
* Instagram
* StumbleUpon
* Feed
TechCrunch Apps
* iOS
* Android
* Windows 8
Subscribe to TechCrunch Daily
Latest headlines delivered to you daily
[X]
Subscribe to Subscribe to TechCrunch
Daily
Enter Email Address ____________________ (BUTTON) Subscribe
© 2013-2016 AOL Inc. All rights reserved. Aol Tech Privacy Policy About
Our Ads Anti Harassment Policy Terms of Service
Powered by WordPress.com VIP
Fonts by
[b?c1=2&c2=6036210&c3=&c4=&c5=&c6=&c15=&cv=1.3&cj=1]
* TechCrunch (BUTTON)
*
News
+ Startups
+ Mobile
+ Gadgets
+ Enterprise
+ Social
+ Europe
+ Asia
+ Old Crunch Network
+ Unicorn Leaderboard
+ Gift Guides
+ All Galleries
Videos
* Apps
* Breaking News
* Bullish
* Crunch Report
* CES 2016
* All Shows
* All Videos
Events
* Disrupt
* Startup Battlefield
* Crunchies
* Meetups
* International City Events
* Hackathon
* Include
* NFL’s 1ST and Future
* TC Davos 2016
* All Events
CrunchBase
____________________ (BUTTON)
(BUTTON)
Most Popular
Get Ready For A Smaller iPhone 6s Mini
4 hours ago by Romain Dillet
A Day After Launch, “Exploding Kittens” Tops The App Store
1 hour ago by Sarah Perez
Forthcoming Samsung Galaxy S7 Benchmarks Leak
11 hours ago by Natasha Lomas
Netflix Makes Good On Promises To Crack Down On VPNs, But Blocks
Are Short-Lived
5 hours ago by Sarah Perez
Why Cloud Computing Will Shake Up Security
2 hours ago by Tom Gillis
Apple Has A New Apple TV Ad, And It’s All About Apps
1 hour ago by Romain Dillet
SpaceX Tested Its Capsule That Will Send Humans To Space
1 hour ago by Emily Calandrelli
These Are The Most-Watched Vines Of The Year
5 hours ago by Jordan Crook
Google Reportedly Paid Apple $1B In 2014 To Remain Default Search
Engine On iOS
17 hours ago by Jon Russell