Monday, 30 March 2015

The number one e-commerce security issue is fraud: Christopher Young

Intel Security’s senior VP on cyber security, the McAfee acquisition and the debate over sharing sensitive company information with govts

Mumbai: Intel Security, the $3 billion unit of the $56 billion Intel Group, is sharpening its focus on protecting mobile devices, which it believes is the fastest-growing computing platform. Christopher D. Young, senior vice-president and general manager of Intel Security talks about how the company’s $7.6 billion acquisition of McAfee Inc. five years ago, has helped its growth, Intel’s security solutions for wearables and other devices and the debate over sharing sensitive company information with governments while enforcing security controls. Edited excerpts from an interview: How serious are companies about security? Security can be broadly characterized into three parameters: protecting, detecting, responding. Till recently, the primary focus area of most of the security industry was about protection. However, we are now seeing a clear shift to detection and recovery, given that all the new technologies customers want revolve around these two pillars. Faster time to recovery is the number one focus for our customers today, in terms of advanced malware detection, intelligence tools and analytics tools. Another significant change is the priority that security is being given by enterprises today—evolving from an afterthought to a boardroom discussion, with companies willing to spend a considerable amount on security today. How is India placed in terms of company and individual security? According to Intel Security, in India, of all the attacks, 34% occur in the financial sector and 34% in the IT sector—two of the biggest industries in the country. Interestingly, ransomware or malware is the single highest type of attack accounting for 11% of all attacks, and we think this points to the need for better gateway products that stop the efficacy of ransomware. The second most common of attacks are autorun worms, which take advantage of unpatched systems, accounting for 10% of all attacks. On the consumer side, 48% of all attacks are autorun viruses, which points to the fact that both enterprises and individuals in India are not patching their systems with the latest updates. With e-commerce booming, what are the possible security threats looming ahead? The number one e-commerce security issue is fraud. A lot of the fraud starts with somebody stealing a consumer’s credit card number, bank information, credentials, etc. They do this by putting malware on a person’s device and then watching what the person types to steal credentials. So a lot of money is being lost in e-commerce. However, consumers can do a lot more to protect their systems like making sure their systems are patched, that they have malware cleaner or block malware, and keep stronger passwords. We work with law enforcement agencies and try to message our customers so that they don’t download fake updates. But ultimately, customers need to be more vigilant. What does Intel Security recommend after a company gets attacked? Currently, the security industry is very fragmented. It’s not uncommon for me to talk to a customer who uses 50 different security companies to provide different parts of their security infrastructure. However, if an enterprise were to use a single company or fewer companies to provide their security needs, dealing with recovery after an attack could be a much more efficient process, as it involves fewer systems talking to each other. For example, Intel Security has the ability to cater to at least 80% of an enterprise’s security needs, including a firewall, an IPS (PS stands for Intrusion Prevention System), endpoint security, security gateways for email, browsers, etc. We provide all these products with a connected architecture so that they can share threat information, making it much simpler for the security analyst to solve the issue, saving time and complexity. In this way, we estimate that the number of people involved in alleviating an attack can be cut by at least 30%. Securing mobile devices is equally important. What does Intel Security suggest? On the consumer side, we offer free anti-malware solution for Android devices; so, anybody can go to our website and download it, and it’s one way we believe we can help consumers protect themselves against malware on the mobile device, which is the fastest growing platform in computing. On the enterprise side, we have developed a whole new set of tools, technologies and services that can help our customers become faster in detecting and responding to a threat. Besides, we also have anti-malware for these devices, secure data storage, secure data vaults that will help you encrypt your data on phones and tablets to store them in the cloud. What about protection for wearables? For the Internet of Things (IoT) specifically, we have gateway solutions, application controls, etc., to protect data that gets generated on wearables and other such types of devices. We bundle security with the gateway application that connects the wearable to the cloud and we can provide good controls that way. Companies and governments are yet to reach an agreement over stronger security controls and compromising privacy of individuals… Reaching a compromise on encryption between private companies and the government for surveillance is going to be largely situational. Security and privacy have a complex relationship with one another—most of the times you need good security to ensure privacy. But sometimes, in order to deliver good security, you need to break privacy. The only way to get the balance right is for an organization to apply security and privacy controls to their context. What about cyberwar between nations? It’s a very complex problem to solve when your whole geopolitical system is literally based on geography, when cybersecurity challenges the very notion of any government of any country because it’s not bound by land. We need to have a United Nations-like model for cybersecurity with enforcement being part of it. We are still early in that discussion, but US president Barack Obama has finally started talking about it.


Source: http://ift.tt/1DljYeZ






from cyber security caucus http://ift.tt/1DljXYB

via IFTTT

No comments:

Post a Comment