Information is power, power that needs to be kept out of the wrong hands

Friday, June 17, 2011

The constant flow of information through social networks, emails and the internet in offices, as well as in the daily lives of employees, has turned the internet into a goldmine for unscrupulous hackers.

This murky world of information mining has become so lucrative that a thriving black market has developed where information has been commoditized and can be bought and sold for a profit.

Enterprises and governments are encouraged to increase security measures to protect their information without compromising on the adoption of new technology.

Adauto de Mello Junior, Latin America and the Caribbean VP of US web filtering and desktop security software manufacturer Websense, spoke to BNamericas about net security risks and black market data, led by a new generation of money-motivated hackers, and the solutions that Websense is currently presenting to counteract this threat.

BNamericas: What are governments' main concerns about security?

De Mello Junior: They worry about security - for example, hacking. A few years ago, a hacker only wanted to hack a site to prove that it was possible as a challenge. But nowadays there's only one motivation - money.

The latest reports show that cyber attacks are trying to get information [for the purpose of] getting money. Hackers are well organized, and it's a parallel business. Cybercrime is managed as a business, and it's all about money.

BNamericas: But if data is the main leak today, who is buying this information?

De Mello Junior: Have you ever received a phone call on your mobile phone from competitors of your suppliers - gas, electricity, telecoms, etc - offering you a better and cheaper service from the one you currently have? Where do you think that info is coming from?

BNamericas: So, potentially the same companies that could be buying or investing in security products are also buying this data?

De Mello Junior: In this case, yes, I think that's what is happening.

BNamericas: Going back to the government...

De Mello Junior: Governments are managing their information digitally. Even in courts of law, you can see certain cases, but what information will be allowed in the public domain? Certain information can have a big impact outside. WikiLeaks taught us a lot, so that's why security is so important, especially in the public sector, where information can be both individually and politically sensitive.

There are certain attacks targeting specific information, like the attacks on Gmail users' accounts. Behind that attack there was a political reason, not just a random attack, with specific objectives.

BNamericas: Are we heading towards a cyber war?

De Mello Junior: Well, you know information is power, it has always been like that. Technology is a very powerful tool as well. You can use it either benevolently or malevolently. Security is not just about companies or governments; information fits nowadays into small devices, so security is what you do with that information.

BNamericas: And what's your point of view in terms of data protection legislation?

De Mello Junior: There must be a balance between data and legislation, not only locally but also internationally. Legislation is a main driver, but the market can also - and does - self-regulate. If you want to have a bank account and you have three options to chose from, you won't chose the one with issues regarding information leaks, so data protection and security is a key selling point for these companies and trust is king.

BNamericas: What's your company's business model?

De Mello Junior: At first, we focused on one product to balance companies' security policies with web use. Together with web development, the net also became the main vector for infections and security threats. So we changed our product to adapt to the new market place. That's the key - the market is evolving fast and so must our offering.

BNamericas: Tell me about this change in your service offering.

De Mello Junior: Through acquisitions and internal developments, we have developed solutions to reach three main sectors that require a line of action in terms of security. One is a solution for the web itself, which is where we started and is still our focus, but we have also developed a solution for email and data protection, to avoid data leaks. These are the main security risks in a company, so we designed a platform called Triton to attack these three variables.

BNamericas: How does this platform work?

De Mello Junior: It's designed to work on the web, data and email. A client can decide to choose one of the services, for example, just email or data and email together - it's all configurable. But clients can also decide what type of implementation they want, depending on requirements. They can set it in the cloud or in their hardware, or both. The important thing is that the equipment is always the same.

BNamericas: Are your clients mainly from big companies?

De Mello Junior: We have clients ranging from 25 users, up to those with 250,000 users. The product and service will always be the same. It's the price that varies, depending on number of users and service requirements.

BNamericas: Social networks are used globally, and they seem to be part of the working culture. What are the risks versus benefits of them?

De Mello Junior: There are many companies that are developing their business through social networks. In some cases, they are the main drivers of their business. For example, if a company is seeking to hire a new employee, they go to sites like LinkedIn.

Social networks are dynamic sites, not static, and their content is constantly on the move. That's why companies must have a system that allows them to prevent and detect risks, to ensure that what you're entering is in fact the website that you intended to enter.

It's also critical to ensure that the information being generated and distributed by the company does not become a risk in itself. An employee can post a comment about something, [but] what happens when that post is about a financial statement that will be announced later? This could be a serious problem. So social networks are important, but you need to integrate proper security.

About Adauto de Mello Junior

Adauto de Mello Junior joined Websense in January 2003 as a commercial director of Latin America. The executive has more than 20 years experience in the market for products and services.

Prior to joining Websense, Adauto was regional sales manager of professional services for Sun Microsystems. He was responsible for developing sales planning and marketing services for Brazil and Latin America, and helped the company to strengthen sales strategy services in the region.