The content for this blog post was put together by michael korens
Editor’s Note: Week 6 of the program when all the students were busy trying to get their code running and gaining feedback from their industry mentors, Brian Zaugg, the Director of Information Security at Authentic8, visited us and provided great industry insights and feedback on all the five student projects.
He also provided a guest lecture on the importance of cybersecurity and the threats to be aware of, in terms of a business leader running an organization, giving the students an idea of being a security expert.
Why should I care about Cybersecurity?
Brian Zaugg, speaking about the importance of cybersecurity, stated that Ponemon did a study of data breaches, which covered 1900 individuals across 419 companies in 13 countries or regions and 17 industries. The study revealed:
- Financial, industrial, services and technologies were the main targets.
- US and UK are the two biggest countries affected
These are organized crimes that are carried out specifically targeting these sectors. It was also found that one of the behavioral heuristic of attackers is that sometimes they will close a hole they used to get in or even patch something up.
The average cost per data breach is estimated to be $3.62 million.
Analyzing the black market
Talking about how black market works and how worthy each of our information could be, Brian revealed the rates of a few sensitive information according to the stats from 2014:
- CVV code is about $2
- Full package of identity $3
- Bank account with details $5
- Credit card (old) $5
- Health credentials $10
- Credit card market flooded $10
- Paypal acc $27
- Credit card fresh $32
This revelation was surprising to all of us as to how easy it is to make money out of any information someone could get hold of. This also ringed a bell on how important cybersecurity is in everything we develop.
Who are the bad guys?
Covering the details about a few of the most important threats that we need to be cautious about, Brian mentioned the top few that needs utmost attention. They were:
- Insider officials
- APT 1 (Phishing/Zero day attack)
So, what should a business leader do?
According to Brian, a business leader needs to know the value in their business. The questions that must be asked and found solutions for are:
- Are my software and products secure?
- How do I improve the security of my software?
- How do I ensure critical assets are protected on an ongoing basis?
Responsibilities of a CXO
According to Brian, a Chief Experience Officer (CXO) has the following responsibilities to have a balance between access, speed, confidence and control in an organization:
- Conduct a security health check
- Establish baseline for security
- Monitor third party tools
- Use industry recognized methodologies
He also feels that it is necessary to perform a security program evaluation adapting the NIST framework for cybersecurity, which is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. The approach involves the following steps:
Authentic8 developed Silo — What is it?
Authentic8 has made a secure remote web browser called ‘Silo’ that runs in the cloud. It is in a secure container and has a bunch of policy containers in it. The main focus is about protecting the endpoint from malicious activities. They also have write only images setup. A lot of federal customers and about 170 commercial enterprises use their technology.
After interacting with the enthusiastic bunch of students, Brian has offered to provide Silo accounts for all of us at Cyber Defenders, to give us an idea of how working with a secure web browser is different from regular browsers.
Concluding his speech, Brian also addressed all of the questions that the students had and also related it to a few war stories from his past experiences, which gave the students an overall idea of what all can go wrong when developing applications and how important it is to beware of everything we do!