It is easy to point out the dramatic and scary cyber attacks that can occur to anyone at any time.
It is almost too easy. A French bank reported an employee hacked into the system and the bank lost $7 million; TJ Maxx was hacked and lost about 40 million VISA and MasterCard accounts; French President Sarkozy’s bank account was hacked; the White House network was repeatedly hacked into. These are all news event reported.
“These are just a few things,” said Dan O’Dowd, founder and chief executive of Green Hills Software during his keynote address at his company’s Technology Summit 2008 in Santa Barbara, Calif., today. “Most attacks have been covered up, so no one will know. There are plenty of dangerous people out there.”
It is now time, however, the make sure hackers can’t get in. There are hackers and scriptkiddies out there that a user will know entered the system, but the real quality hackers that want to garner as much information as possible and either steal data or money or anything else for that matter, will be invisible.
“There are people that hack in and you don’t even know about it,” O’Dowd said. “Almost any enterprise can be hacked into for as little as $25,000,” he said.
O’Dowd added there are four points of vulnerabilities: Human interface, servers, embedded end points and networks.
“There are thousands of vulnerabilities in your system today that won’t be addressed for years and hackers are learning about these vulnerabilities every day,” he said. “They stay one step ahead.”
Adriel Desautels, co-founder and chief technology officer at Netragard, agrees.
“That is what security is all about: Out running the bad guys,” Desautels said.
“Threat intelligence will not come from security companies. They learn after the fact. You have to infiltrate the hackers,” he said.
If a person or people have the motivation, there is no real problem getting into a system, Desautels said.
“Our average time to penetrate a system is between 30 seconds to a minute,” said the co-founder of Netragard, a security provider that employs WhiteHat security experts. He defined WhiteHat hackers as ethical and non malicious, BlackHat as unethical and malicious and GreyHat as a combination of the two.
He did say you can have all the technology you want, the human factor is a key to safeguarding any system.
“There is no patch for human stupidity,” Desautels said.
Other than the human factor, companies have to look at security in a different light. Instead of building a system and then checking it for security, they should start with security then build the system, said Jimmy Sorrells, vice president of enterprise products at Integrity Global Security a subsidiary of Green Hills Software.
“Security is backwards; it is broken,” Sorrells said. “Security is the first thing you should do. You get security by building security.”