Discussion Point How Big are Data Security Threats

You may have heard that some cyber criminals in Russia recently stole more than a billion user IDs and passwords -- yes, that's billion with a "B."  

In the past year, online security and data theft has been making international headlines, as evidenced by huge security breaches at retailers like Target and Neiman Marcus.

How bad is it? With our lives becoming more digitally entwined, it makes sense that potential security threats are more visible. Think about how many times a day you exchange digital information using either an Internet connection or a mobile device.

Despite the security hysteria, experts say there are simple ways to take steps to tighten up your Internet security -- whether for your own personal or business use. CMSWire reached out to a collection of Internet security experts to find what's going on.

The Question

Is Internet security a growing security concern given recent massive data breaches?

The Answers

Kate Westmoreland, lawyer and Fellow, Center for Internet and Society, Stanford University


Westmoreland is a lawyer and policy advisor with over eight years experience advising government and the United Nations on law enforcement cooperation, cybercrime and human rights. She is an expert in the domestic and international aspects of international legal cooperation, having negotiated treaties on extradition and mutual legal assistance as well as advising the Australian Federal Government on cybercrime policy. Tweet to Kate Westmoreland.

Internet security has been a real concern for many years.  However, for too long, questions of internet security were only being taken seriously by small numbers of technical, legal and policy nerds.  

The last year has seen the general public finally take an interest in these issues and realize that there are significant questions that need to be debated.  The challenge now for developers, civil society, and concerned individuals is how to harness this attention and ensure that we use the momentum to drive meaningful change.  

Marc Gaffan, Co–Founder and Chief Business Officer at Incapsula


Before founding Incapsula, Gaffan was Director of Product Marketing at RSA, EMC's security division, where he was responsible for strategy and activities of a $500 million IT security product portfolio. Before that, Gaffan was the Director of Marketing for the Consumer Solutions Business Unit at RSA. While at RSA, he appeared before the US Congress, FDIC and Federal Trade Commission on cyber security and identity theft topics. Tweet to Marc Gaffan.

As the Internet becomes an integral part of our everyday lives and the “Internet of things” is promising to interconnect everything with an electronic pulse, security concerns are on the rise.

Prior to “everything being connected,” crime was a lot harder to commit. In order to rob a bank, you needed to physically go to the bank, or in order to steal personal and business records, you had to break into an office and to scam people into giving you money, you had to get on the street and put on a credible act. Today, all that can be done from any country in the world, while sitting at home in your pajamas. 

While the early adopters, which include the entrepreneurs but also the criminals, are finding new ways to drive their respective business, the moms and pops of the world have still not internalized the risks. This expands further with larger (and often slower to adapt) organizations, such as government agencies, that need to adopt the required measures to adequately address the risks at hand. Furthermore, in the electronic age, everything can end up “on the record” and will remain that way forever, increasing the “time window to steal the information” and significantly increasing the risk of compromise. It is a hard enough task protecting some of the data, some of the time, but protecting all of the data, all of the time is essentially “mission impossible”.

While organizations still need to step up and apply more security measures in place, they also need to assume that they are going to get compromised. These organization should therefore also focus on “breach identification and containment” and not only “breach prevention.” As one CISO put it, “I am assuming that someone will get in. It’s my job to ensure that they can’t get out or that they can’t take anything with them, on the way out.”

Kevin Breaver, Founder, Principal Information Security Consultant, Principle Logic


Before starting Principle Logic in 2001, Breaver served in various information technology and security roles for several healthcare, e-commerce, financial firms, educational institutions, and consulting organizations. He has appeared CNN television as an information security expert and has been quoted in multiple publications. His work has also been referenced by the PCI Security Standards Council in their Data Security Standard Wireless Guidelines. He is he author or co-author of 11 information security books. Connect with Kevin Breaver on LinkedIn.

Internet security is the same concern it's been for years. It's just gaining more mainstream visibility. Interestingly, most businesses and individuals could resolve the majority of their security vulnerabilities if they fixed the low-hanging fruit that the criminals like to exploit such as weak passwords, missing third-party software patches, and zero controls on mobile devices. Many believe that's too easy to be true. 

As Warren Buffet said: "There seems to be some perverse human characteristic that likes to make easy things difficult." It's really not. The keys to turning things around are knowing where critical systems and sensitive information are located, understanding how it's all at risk, and then doing something about it. Most businesses and people are deficient in all of these areas.

Stu Sjouwerman, CEO, KnowBe4


Stu Sjouwerman, the  CEO of KnowBe4,  is originally from Holland and is now based in Clearwater, Fla. He is a long-time entrepreneur and technology expert, having worked as a systems and network administrator and manager. He previously founded Sidha Computer Systems (SCS) and Micro Instructional. Micro Instructional was sold to IT Publisher SoftKey, now Wolters Kluwer. He worked there as well as the IT department of the Dutch Postal Service, Sunbelt International and GFI Software. He has co-authored three books about Windows system administration and recently published Cyberheist, which is available on Amazon. Tweet to Stu Sjouwerman.

Internet security is more of a threat now than ever. With the growing access to the internet with smartphones, tablets and computers, the opportunities for scams are exponentially increasing. Business and individual users rely on internet access for their livelihood and there are attempts to regulate the internet as a utility underway in Washington. Although some have become wary with the discovery of the extent of the NSA’s tracking, the real danger lies in threats from eastern European cyber gangs. Cyber gangs make a living stealing information in countries where they cannot be prosecuted.

Spear phishing -- a malicious e-mail that targets specific recipients by including either personal or corporate information that fools them into trusting the source -- has heightened the need for more employee education and network defenses. These criminals do their homework on the intended target and are very successful. After 3 emails, the chance of success is over 60%. 

Another one of the most successful methods is ransomware, which is the use of malicious software to extort money. Cyber criminals use this to go after smaller businesses more frequently as they often lack security layers and can be an easy target. IT professionals agree, this threat is not going away any time soon. Other forms of malware might harvest your personal information, bank account data, contacts or any number of things. And the criminals are off and rolling -- with your company or your personal information.  

They way to avoid this is to think before you click. If you didn’t request it, don’t open it. Make sure it is from someone you trust. And get your important data backed up off site,  then make sure these backups are tested. After all, it is your digital life?

Title image by Asa Aarons Smith / all rights reserved.