Cyber thieves are having a field day and there is little law-abiding folk can do to stop them, said top security expert Bob Shaw.
Speaking to The Times of Israel, Shaw, CEO of the IT security firm Net Optics, said, “Every 15 minutes, information is stolen from some 10,000 customers. And the worst part is, the administrators responsible for that data won’t even realize that 9,500 customers’ files have been compromised, until they hear about it from a third party” — like the police or a lawyer hired by a customer complaining about unauthorized use of a credit card.
Shaw was in town for the second annual cybersecurity conference sponsored by the Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security. The conference comes at a time when interest in cybersecurity is at a peak, as a result of speculation about who was behind the Flame attack and the recent Stuxnet virus attack that is thought to have damaged, or at least delayed, progress by Iran on its nuclear program.
Speaking at the conference were a host of top security and government officials, including Defense Minister Ehud Barak, Israel Space Agency chairman Yitzhak Ben-Yisrael, former Shin Bet director Yuval Diskin, and others.
As someone who speaks daily to top decision makers in the world’s biggest corporations about their security problems, which are many, Shaw said that the hackers who are out to steal data are simply working faster and smarter than most corporate IT departments, especially when it comes to the invisible threats of data purloining, identity theft, credit card compromising, and more, said Shaw. “In most cases we’re playing catch-up, determining that there is a threat only after an incident.”
There are several reasons for this. One has to do with the lag in deployment of tools powerful enough to deal with the fast networks coming online. “Telcos and large financial institutions have begun deploying networks with speeds of 40 and 100 gb to process their data, but the most sophisticated detection tools out there right now will work effectively on networks of 10 GB speeds,” said Shaw. “We’re going to be playing catch-up for several years, until new and more effective tools are written, but those tools are going to be very, very expensive when they come online.”
And that’s just for data on a network. When it comes to cloud and virtual systems, Shaw said, it’s basically a security free-for-all, with companies unable to see what happens to their data when it’s being transmitted. “They see what it looks like at the starting point, and they can see its status at the ending point. But there is almost no way for them to see what the data goes through in the middle.” That means that as data is transferred between virtual servers and devices in the cloud, anyone could get at it undetected.
Another problem is the disjointed IT policy in many organizations. “You have a team of people working on networks, another working on the cloud, and another on virtualized servers,” Shaw said. It’s difficult to get a sense of what is going wrong if you don’t have access to the whole picture. “The idea of an IT czar is a good one, because it puts an individual in charge who can get a sense of when something doesn’t smell right in a system.”
The best companies can do, said Shaw, is to keep an eye on every aspect of data transfer using a tool that NetOptics makes, called Phantom Virtual Tap that monitors data transfers in the cloud and on virtual machines, integrating with existing security tools to allow administrators to keep an eye on what is going on. “With Virtual Tap you can capture data passing between virtual machines, and send traffic of interest to virtual and physical monitoring tools of choice.” The product and the company have received numerous awards, and Shaw estimates that 5% of Fortune 100 companies and 50% of Fortune 500 companies rely on Net Optics products.
NetOptics has a research and development facility in Israel, and plans to expand its efforts here in the coming year in order to take advantage of the strong IT knowledge and experience here. “We are to build and hire,” Shaw said “Working in Israel will help us secure our leadership in the IT security industry, enabling us to hire the best and brightest.”
NetOptics was actually started by an Israeli, Eldad Matityahu, who founded the company in Silicon Valley in 1996, “and is returning to his roots by expanding NetOptics R&D work in Israel.”
What would really help security matters along, Shaw said, is more cooperation between governments, which, like many corporate IT departments, are failing to see the big picture. That, of course, may entail sharing of information with foreign governments, something citizens of many countries might be uncomfortable with. But we’re really coming to the point where governments – and citizens – may have no choice, and may be more willing to engage in the classic tradeoff of more security for less cyber-privacy. “The more commonplace these thefts become, the more people are going to demand that something be done,” Shaw said. “If the online, connected life we live today is to survive, it’s definitely an idea whose time will come.”