Seven Deadly Internet Security Sins

David Blumberg, Founder and Managing Partner at Blumberg Capital, takes a look at the seven deadly sins of internet security.

For those of us involved professionally with cyber security, we know the underbelly of the Internet to be a treacherous and ever-shifting domain where menacing actors motivated by the most basic human vices threaten us all. It is critical for enterprises and governmental organisations to anticipate threats so they can protect their networks and shareholders from those who’ve surrendered to the Seven Deadly Internet Security Sins.

This is often considered the source of all the other sins. Pride certainly motivated the first hackers, the relatively naïve and benign computer nerds who wrote viruses and hacked into sites believed to be impenetrable, simply to demonstrate that they could break-in. There are no doubt hackers still motivated by pride, but as the Internet attracts new breeds of criminals motivated by other sins, pride is very much becoming a sin of those who believe their systems all already secure and/or that they can outwit and thwart attackers. But security is a classic arms race, and the only way to stay ahead of bad actors is to always assume your organisation is behind.

Greed motivates almost all online criminal activity. From online payment fraud to stolen credit cards to identity theft and personal healthcare information scams, fraudsters are coming after customer data, whether network security systems are ready or not. One key defence is to Know Your Customer or KYC management. Internet Identity Bureaus or verification services, which confirm individual identities through knowledge-based authentication questions or by matching their profiles to public and private data bases, are critical for any company that needs to instantly know customer or potential customer identity in order to minimize the risk of fraud and adhere to regulatory compliance regimes.

In the past few years, we’ve witnessed the emergence of a frightening new frontier in cyber security. What was once the domain of nuisance hackers and then later greedy criminals, has increasingly become a target for highly sophisticated actors tied to terrorist groups or affiliated with enemy governments. As more of our vehicles, homes, workplaces and infrastructure systems become increasingly connected to the Internet of Things, we open ourselves up to new vulnerabilities. To protect our organizations and society, we must adopt cyber-defense solutions to protect connected systems and specifically mission-critical systems.

Some unscrupulous vendors are targeting their competitors’ highly trafficked websites, injecting adware, spyware and phony widgets on their rivals’ sites to steal their web traffic and take customers. While phony pop up ads might seem annoying but harmless to consumers, this fraudulent content can confuse or siphon off valuable customers, slow down website performance, drive traffic off site and quite likely contribute to click fraud and e-tail theft. Fortunately, there is a new generation of cyber-defence companies that can help monitor and protect websites from these Javascript Injection attacks.

Too many organisations assume their current security tools are sufficient to keep them safe. Unfortunately, the truth is many of the currently deployed anti-virus/anti-malware systems are like castle fortress walls made of Swiss cheese – nearly useless. In stark contrast, the only sure rule in cyber-security is that the bad guys are growing increasingly aggressive, sophisticated, costly and dangerous. Coming to the rescue are a handful of startups that are applying the artificial intelligence domain of Deep Learning to develop self-learning algorithms that can detect and stop “first seen” threats from these new vectors.

There’s a lot of it about on the Internet. By some accounts, there are more than 7 million pornography websites worldwide and according to analytics firm Alexa.
Advertisers want nothing to do with these sites, but unscrupulous actors might not care quite so much. Industry experts report that more than 30% of display advertising was not shown where it was intended to be placed. Some insiders say 15% of online ads appear on pornography or gambling websites that harm the brand’s reputation and that up to 40% of video traffic is driven by bots. Tens of billions of dollars out of the $135 billion in global Internet advertising revenue in 2014, was spent on ads placed in undesired websites. With sophisticated fraudsters and suspect websites gaming the system, advertisers need to protect their reputation.

The first order of business for any Chief Information Security Officer (CISO) is to keep outsiders out. Advances in password protection and biometric identification have enhanced security, but these systems are not fool proof. Good defence also requires internal real-time and ex-post monitoring systems to ensure that even credentialed insiders do not abuse their privileges. A growing tactic is pattern recognition: the average guest at a dinner party won’t get noticed, but the person who puts 17 drumsticks on his plate will raise a few eyebrows. A new breed of security companies is tapping behaviour analytics to detect when someone has commandeered an employee account, or worse, when an employee has gone rogue. This is the last line of defence and no company should be without it.

The following two tabs change content below.

David Dungay

Editor - Comms Business Magazine