Blog Articles

Think Like the Bad Guys: How CIOs Can Plan For Future Cyberattacks

On a recent vacation, my family and I went to Washington D.C. to visit all the great memorials, museums and government buildings that represent a lot of the history of this great country. Two of our favorite museums were the Crime Museum and the International Spy Museum.

The International Spy Museum was filled with fascinating artifacts from throughout the history of spying in periods like World War II when Allied spies battled Axis spies for critical war-time advantage or the Cold War when American and Soviet spies battled for information that would provide the upper hand in the nuclear arms race. Interestingly enough, the last exhibit (and presumably one of the newer) was entitled ‘Weapons of Mass Disruption’. This exhibit was less about history and more about the realities of cyber-terrorism we live with today.

spyvsspy

Similarly, the Crime museum was filled with fascinating artifacts from the age old battle between famous lawmen like Wyatt Earp and notorious criminals like Jesse James or Bonnie & Clyde. Again, the final exhibit was less historical and more about the present, focusing on today’s white collar ‘silent criminals’ or cyber-criminals.

These museums not only show us the evolution of crime and terrorism over time but throughout much of history, the matching evolution of counter-crime and counter-terrorism. Why then, does it seem that over the past 10-15 years the art of counter-crime has stagnated while crime has continued to evolve? This is evidenced in the seemingly at-will security breaches we see in the news day after day, such as; Anthem, JP Morgan Chase, eBay, Home Depot, Target, and many more. The thought that my business is too small or the vertical my business is in is not of interest to hackers has also been proven wrong. Breaches have spanned businesses from financial, gaming, insurance, government, healthcare, education, social, retail, entertainment and the list goes on.

In the past, a CIO’s main focus was how many servers do I need, or how big do my servers need to be to ensure that my infrastructure can handle all my consumers transactions or all my consumers data … the advent of high-tech in business shifted the ‘bad guy’ focus from criminals wanting to steal from my company to the new arch-enemy … ‘downtime’. While CIO’s focused their technical guru’s attention on combating downtime the criminal mindset continued to evolve. CIO’s must now designate equal or greater effort to evolving the way they combat cyber-crime and cyber-terrorism. On the bright side there are already some great organizations and products out there like CENTRI’s BitSmart that are not only geared toward helping combat cyber-crime/cyber-terrorism but dedicated to evolving to stay ahead.

So, when future exhibits are added to museums like the Crime Museum or the International Spy Museum, how will your organization be represented? Will it be one of the organizations that were victimized by now famous cybercriminal ‘masterminds’ or will it be one of those organizations that thwarted the criminals … and maybe even helped lead to their capture?

Thanks for reading,

Mike

About the Author Mike Mackey is the vice president of engineering at CENTRI, responsible for the continued development of the company’s data security and optimization solutions. Mike brings tremendous depth and experience leading teams that build market-leading products, and his strong customer focus is one of the keys to the continued growth of CENTRI.  Connect with him on LinkedIn.

The Three Little Pigs and Network Security

The Three Little Pigs is a timeless classic. You remember it, right? Three pigs. Two of them spent their time slacking off and built really flimsy houses out of sticks and straw. The third pig worked really hard and built a strong house out of brick. Once the big bad wolf comes calling, he makes short work blowing over the first two houses and the pigs run for cover to pig #3 and his more secure brick house. The wolf is thwarted and the pigs are safe. Great story, happy ending and the moral is simply to work hard and you’ll be okay.

3littlepigs

I see a lot of parallels between this tale and how enterprises have to survive with securing their networks today. However, if this story was re-written in 2015 in a world of increased threats, it’s a little less about working harder and a lot more about working smarter.

Let’s pretend that it’s present day and the pigs represent your enterprise data and the wolf is a hacker. No way that the wolf gives up at the sight of one brick house. After all, the U.S. State Department alone faces thousands of hacking attempts each day on its computer networks. This wolf runs over to Home Depot and buys a sledgehammer. Maybe he gets a few dozen friends to help him dig under the house. Or he rents a bulldozer. Whatever happens, I’m sure that these three little pigs end up as three little dinners.

Perhaps the pigs could have built an even bigger house, maybe something with a fence, a moat or a fortified basement. No matter what, the wolf would have found a way around the defenses. This is much like how enterprises try to defend themselves against external hackers. In fact, they also have to deal with internal threats. Maybe the third pig is in on it and the first two pigs are already bacon?

The pigs don’t need a bigger house. That’s akin to deploying more firewalls or detection systems. What they really need are invisibility cloaks to protect themselves, just like enterprises need to encrypt their data to protect themselves from hackers. Something that will completely protect them once the wolf eventually breaks in. This is the same strategy that more enterprises need to employ today.   The point isn’t just to make it difficult for the wolf to get inside, the point is to completely protect the pigs. This is why old ideas about network security don’t cut it anymore and new ideas about data security and proper encryption solutions are much smarter – and will lead to the road of survival and secure data.

My rewrite of the classic tale picks up at the end like this: Wolf breaks into brick house, but it’s empty. The pigs seem to have disappeared. Wolf looks around, gives up and moves on to the other house down the street. The pigs are happy and safe. Moving forward, all pigs can live in houses made of sticks, straw or bricks and play outside as long as they wear invisibility cloaks. The End.

Thanks for reading,

James

About the Author James Salter is the Director of Marketing at CENTRI. James has nearly 20 years of experience in software and technology marketing and enjoys sharing his insights on data security, enterprise issues, the Internet of Things and driving value from solutions. Connect with James on LinkedIn

Encrypt Everything, Period: Enterprises Today Cannot Leave Their Data Exposed

Cyber security is top of mind for every corporate executive, while consumers read the headlines about recent data breaches and wonder if these enterprises are doing enough to protect their data. Most corporations and consumers are relying on outdated security solutions that were believed to be sufficient just a few years ago. That is not the case today; we now live in a mobile-first world where data about everything and anything we do online is captured, analyzed and used to help deliver a more personalized experience. The corporations that capture the data have an ever growing responsibility to prevent misuse of the data and the consumers have an every growing concern regarding the security of that data.

Traditional security measures have been focused on defensive technologies that are reactive in nature, such as a corporate firewall between an internal trusted network and the external untrusted Internet. Or more commonly understood anti-virus software that scans emails and computers looking for malware. One of the primary changes in recent years is the use of mobile devices as the primary connection to the Internet for online shopping, banking, gaming, health and fitness and countless other uses.   In the not too distant future the number of connected devices – often referred to the Internet of Things – will grow from about one device per person to perhaps 10 devices per person; the number of connected devices could reach 20 billion within the next few years.

With the rapidly increasing number of connected devices and the vast amount of data created by these devices, a new way of thinking about data security is required. Ways that build upon the traditional solutions that act as the first line of defense but also focus on protecting the corporate and consumer data in the event that the first line of defense fails. This is generally accepted by most security professionals as the most responsible approach and best practices for computer security. Encrypting all data through the entire life cycle of the data has the highest potential of preventing data breaches – if all data is encrypted, then hackers and thieves that gain access to the data are not able to make sense of the data – simply put, the motivation goes away.

Data encryption has been used selectively for many years; however, its wide use has been limited by the complexity of traditional encryption technologies or by the additional processing power and increased processing time required by these solutions. Most security professionals understand the need for encryption but have had to choose between flexibility and good security – security was often a lower priority until recently. Technologies like CENTRI’s BitSmart can provide data encryption and compression for the entire life cycle – at the point where data is generated, through the network where data is transmitted, within the application where data is process and within the storage where data is saved.

Layered security is the best approach to prevent cyber security and data breaches, but traditional defensive solutions are no longer sufficient, full lifecycle data encryption is necessary. Zero trust is a philosophy promoted by Forrester Research where there is no longer a trusted internal network and an untrusted external network. CENTRI believes that by leading the industry with BitSmart and an encrypt all data mantra, the zero trust model is made possible. Enterprises interested in truly protecting their data would be wise to adopt an “encrypt everything” policy and supporting solutions now.

Thanks for reading,

Vaughan

 

About the Author Vaughan Emery is the founder and CEO. He works closely with customers and technology partners to deliver the company’s solutions. Throughout his career, Emery has developed key business relationships with fortune 5000 companies, mobile operators and technology partners within the United States, Asia and Europe. Previously, he founded a mobile security technology company, which developed an advanced malware security solution for mobile phones and embedded devices. He has over 20 years of leadership experience in commercial product development, technology services and business development. Connect with him on LinkedIn.

Looking for Financial Security?

Willie Sutton never said he robbed banks because that’s where the money is, but that logic still motivates plenty of other folks, including hackers. They’re increasingly using distributed denial of service (DDoS) attacks to distract banks’ security and IT staff so they can steal electronic funds.

Most DDoS attacks on financial services firms are still aimed at disrupting their day-to-day business rather than robbery, but that’s cold comfort for banks and their customers. In the span of just six weeks in 2013, 15 major U.S. bank websites were offline for a collective 249 hours. Imagine being a business customer of one of those banks and not being able to make payroll because you can’t log in to its website or mobile app to transfer funds. Actually, you don’t have to imagine it. As one Wells Fargo customer lamented: “Day 8, still can’t get in … getting old. I have a business to run.”

Between losing money and reputation, and new government regulations, banks know they have to get serious about the DDoS threat. But that’s easier said than done. A big part of the problem is that DDoS attacks target an aspect of Secure Sockets Layer (SSL) that’s as common as it is vulnerable. The traditional response is to add enormous amounts of IT and network infrastructure to compensate for the DDoS deluge, but that’s typically as expensive as it is ineffective – which is why some customers can’t log in for days.

If banks didn’t have enough on their plates with DDoS, there’s also the problem of data loss and theft. Financial services firms already account for more than 9 percent of identity theft breaches, yet another example of how robbers go where the money is. Meanwhile, over 63 percent of financial services firms say they’ve had multiple accidental internal breaches over the past 12 months, such as lost laptops containing unencrypted customer data.

Encryption is the ideal solution, but the catch is it’s easier envisioned than accomplished. For example, banks want encryption solutions that can run on all customer and employee devices, including low-end smartphones and elderly laptops, because that enables the broadest possible defense. That comprehensiveness requires a solution that’s lightweight in terms of code size and power usage, with no tradeoffs in protection.

Financial services firms also want encryption solutions that protect data anywhere and everywhere: on devices, over wired and wireless connections, and in the cloud, regardless of whether it’s public, private or hybrid. The ideal solution would enable them to neutralize DDoS attacks instead of having to buy and operate multiple platforms. And it has to be scalable, including in terms of cost, so it can grow as their business grows.

CENTRI has unveiled a product that does all of that and more. For example, this product uses an industry-first architecture that hackers have never seen, so they don’t know how to wage a DDoS attack on it. And even when this product has become the industry standard, hackers will still struggle to defeat it because of the way it creates more variables than they can possibly accommodate.

Intrigued? Skeptical? Maybe both? Either way, check back here to learn more. We think you’ll agree it’s a solution you can take to the bank.

Thanks for reading,

Vaughan

 

About the Author

Vaughan Emery is the founder and CEO. He works closely with customers and technology partners to deliver the company’s solutions. Throughout his career, Emery has developed key business relationships with fortune 5000 companies, mobile operators and technology partners within the United States, Asia and Europe. Previously, he founded a mobile security technology company, which developed an advanced malware security solution for mobile phones and embedded devices. He has over 20 years of leadership experience in commercial product development, technology services and business development. Connect with him on LinkedIn.

Welcome to a New CENTRI

In 2009 I co-founded CENTRI to answer the data bandwidth and security crunch that existed for mobile operator networks. Our goal then was to deliver a completely unique solution to optimize data on mobile networks and provide a positive user experience for their customers. We accomplished this with a brilliant concept and energetic team to execute on that vision. And we’re still successfully doing that today. But the world has changed and so has CENTRI.

More than ever before, enterprises are struggling to deal with the increasing threats on their valuable data with security as a topic that keeps CxO’s up at night. Networks, the cloud and endpoint devices are all targets for cyber attacks. IT departments now have to secure even more platforms, systems, access points, devices and applications across mobile channels, which raises challenges within the enterprise that require extensive dedicated efforts. One only has to look to recent compromises to customer data with well-known brands in financial services, retail and the healthcare insurance sectors to understand the impact of having any cracks in your data security armor. In fact, one leading IT publication stated that some of the top security threats to prepare for in 2015 will include healthcare records, the Internet of Things connected devices, credit card breaches, mobile devices to name a few.

In addition, data traffic continues to increase putting more pressure on networks to meet those demands and provide positive customer experiences. Worldwide mobile data traffic is predicted to increase by almost a factor of 11 by 2018, largely due to both personal devices but also machine-to-machine communication within the Internet of Things.

Today, after listening to and meeting with customers over the course of many months I can look back and say that we have evolved our company to address the needs that a connected world truly demands. From mobile carriers and enterprises to the Internet of Things, CENTRI has the right solutions to secure and optimize your data. And we are reflecting this vision with our newly launched company website.

You will also notice some new positive changes with our product portfolio to address the needs of some specific industries. The enterprise and the Internet of Things are key areas of adoption of our technology. Financial services, healthcare and retail are new areas of focus as these require the highest levels of protection and data optimization right now. Mobile carrier will continue to be an important market for us as their challenges will only multiply over time. Other vertical markets will be served where either sensitive data or massive data feeds are present. A new CENTRI has arrived – and I can’t wait to show you what we can do for your business.

Thanks for reading,

Vaughan


About the Author

Vaughan Emery is the founder and CEO. He works closely with customers and technology partners to deliver the company’s solutions. Throughout his career, Emery has developed key business relationships with fortune 5000 companies, mobile operators and technology partners within the United States, Asia and Europe. Previously, he founded a mobile security technology company, which developed an advanced malware security solution for mobile phones and embedded devices. He has over 20 years of leadership experience in commercial product development, technology services and business development. Connect with him on LinkedIn.

    Next