Alex Zaharov-Reutt's trustworthy technology news, reviews, guides, how-to and more.

Category Archives: Security

Cyber security strategy: a vital component for listed company executives

Threatmetrix

Way back in 2006, I wrote the first of several articles for Australian tech news site iTWire about an Australian developed product called TrustDefender, launched in late 2005 – the brainchild of its then-CTO Andreas Baumhof and then-CEO Ted Egan.

Back then, TrustDefender was the first and the original true cloud security solution for banks and other e-commerce organizations, well before Trusteer began operations in 2006 and was subsequently acquired by IBM in 2013.

Over the next few years, TrustDefender grew its cyber security footprint and launched TrustDefender Labs under Ted’s leadership, primarily in the financial services sector, while Andreas continued constantly improving the underlying security technology, including in-depth research into malware threats and cyber security trends, so much so that TrustDefender caught the eye of US security titan ThreatMetrix in 2011.

The two companies merged to build an enhanced global cyber-security platform which addressed cyber-security challenges for financial institutions, telecommunications companies through to e-commerce operations and social networks based on the premise of enabling their customers trust or validate, verify and authenticate the customer regardless of where they come from across the globe.

During the merger, Mr Baumhof took on the role of global ThreatMetrix CTO at its San Jose headquarters in California, while Mr Egan was tasked with establishing ThreatMetrix in the hugely important Asia Pacific region, taking on the Asia Pacific VP role.

Since that time, Mr Egan has quickly established a strong Threatmetrix footprint across Asian and greater Australasia, covering a range of major financial services, corporate and retail/e-commerce brands.

On a trip back to Australia this week, I caught up with Ted Egan and started with his views on how cyber security threats are affecting his current and potential customers in 2014 and beyond.

Beyond the well-known and devastating effects of data corruption, leakage and loss through successful raids by cyber criminals, Mr Egan explained that cyber security has become the most important threat to the careers of C-Level executives and directors of both public listed and non listed boards due to the damage that cyber crime is doing, not only to vitally important customer and company data, but more importantly brand degradation and damage to the share price of the publicly listed companies.

As Ted Egan put it, “a cybercriminal may not steal money the traditional way, but can short stocks on the stock market or hedge on the fact the stock price will fall while causing a data breach, which either becomes public via internal messaging, or once the breach is made public due to disclosure under new data breach laws. This means the cybercriminal can make more money in a clean manner without being caught, this is the new wiser cybercriminal,” Mr Egan said.

One of the most recent examples surrounds the US big box chain store and Fortune 500 company Target, which saw over 70 million of its customers see personal data lost after a devastating attack by Eastern European cyber criminals, leading to the resignations of Target’s CEO, CIO and a cost that Forbes reports could be as high as an incredible US $18 billion.

These kinds of cyber attacks are naturally leading not only to intense pressure from customers, but pressure from shareholders for directors of the board to resign owing to a clear lack of preparedness through the formulation and strict implementation of an extremely robust and ever evolving cyber security defense strategy.

Mr Egan re-emphasized that, as that data breaches are one of the biggest issues for company directors, cyber security is not just the responsibility of IT departments or Infosec teams anymore.

He explained that they are “now a responsibility for C-level executives and non-executive directors of the board to have a strategy in place that can prevent these threats and, if there is a data breach, to deal with it effectively so that the share price and brand is not adversely affected”.

To do that, Mr Egan said that C-Level executives and directors of companies boards need contextual based threat intelligence and awareness of all devices accessing their networks, whether it be BYOD employee devices, customer devices and even unknown devices.

Naturally, this includes device intelligence, behavioral analysis, persona identification, malware protection and most importantly, enhanced cyber security visibility across mobile devices – beyond just apps.

However, a great deal of companies today are simply not prepared for the ferocity of today’s cyber threats and data breaches, despite the endless parade of media stories concerning ever more deadly cyber attacks.

Mr Egan explained that “You cannot rely on a defensive play in regards to changing cyber threats or threats to customer data. You need to have, as in US football terms, an offensive play strategy that enables you to see pending threats before they attack your organization or confidential customer data.

“It’s about customer threat intelligence”, said Mr Egan, “having customer threat intelligence that is real time, that detects and understands malware even if never seen elsewhere before, alongside understanding the behavior of any and all devices connecting to and from company networks, while also reducing the friction traditional security measures put in place for customers of online businesses and banks or financial institutions of any size – whether it be via desktop devices or mobile devices which have emerged as the No.1 way that consumers and business users are transacting online.”

Mr Egan continued that: “It is important, as by reducing customer friction, the customer experience is measurably improved, allowing online businesses to acquire new customers faster, quicker and more cleanly – improving return customer usage, thus improving the business P&L bottom line – an area which ThreatMetrix specializes in”.

Naturally, Ted Egan says that ThreatMetrix, as the world’s most advanced cyber security company, is best positioned to demonstrably and measurably ensure today’s online businesses, banks, financial institutions, government and other online organizations – and their customers – to protect against the truly frightening realities of infiltration, data breach, data loss and the costly damage to customer data, executive reputations, company performance, brand equity and share price value.

Heartbleed OpenSSL bug – details here

A quick post for anyone interested and listeners of the ABC Drive radio program in Perth, Australia, to whom I spoke today on the topic of the Heartbleed OpenSSL vulnerability that has put people’s passwords at risk – even if they saw the little “lock” in the address bar of their browser. Full technical details…Continue Reading