/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsSecurity issues and cyber law concerns have been fodder for countless seminars and discussions, providing few answers yet continuing to hold the hot seat for enterprises such as Websense.
Prasad Ramasubramanian from CyberMedia News caught up with Assaf Litai, vice president - Enterprise Sales (Data Security), Websense Inc.
The discussion ranged from knowing the mindset of a hacker to confronting security issues in the current social networking epoch.
How has the mindset of a hacker changed in the last few years?
Earlier in the 80s, when we used to play with computers it was merely out of interest, but today or in the last couple of years people have figured out that you can make a lot more money. It is lot more dangerous when you are sitting on the other side of the world in a remote terminal and you hack a computer that is remote and get whatever information that has value, financial information and other important data on it. Hackers have changed from being time-driven a few years back to being money-driven today.
Many companies have banned Orkut and Facebook in their offices. Is that related to the loss of productivity from employees or more from the security aspects such as information leakage?
The user/ciol/media/post_attachments/11629beb4bfff136652401c8ade8f66185482fcc29fa00848e84581ff641e70c.JPG "publive-image")
2.0 today is very well connected. The earlier perspective of - I would lock everything down and prevent anything from happening has changed. Today I have to open most of my applications so that my employees can do my work and also can get on with their life. At the same time I have to make sure that am not introducing risks, managing the data and stuffs like that.
At Websense we looked at this and identified that there were three critical components to that. The main component is web where most applications work on web whether it’s business or Google applications or social networks. Second is email security and third is data security. The three put together is called essential information and it says you have to concentrate on what is important to you and protect it.
The productivity level is a key question. A user does work for you 7-8 hours a day sitting at the office and during that time they are managing your business and since they work overtime may be 10-12 hours a day because of which they don’t have the time to buy an iPod and so they buy it from a site such as eBay and put an auction and get one. So they spend more time and get your project done.
One question is what percentage of time they are spending on these sites and at the same time you don’t want to stop because if you do that they are going to go home. Productivity is no longer the hours you spend on your office but the results you are creating.
Is there a social mess that we need to counter today?
Social mess was what it was before, as earlier you had to call up your friend and understand what they were doing and now you have Facebook and you would exactly know what they were doing. You can’t say these are bad, but must find out how do I live in this new framework and make it secure. At the end of the day, 15 year olds and 17 year olds have accounts in Facebook and they are not going to give that up.
Would we see consolidation happening in the social networking space?
Modern social networking sites from a security perspective allow all kind of applications to run on it and aren’t controlled by the social networking vendor. If you look at Facebook, you have plug ins and once you click on that it says we don’t have access to that data and you have to look at it from a Web 2.0 perspective, you look at it from data leakage which says I have my laptop, information is flowing from here---is it going to the place where am allowing it to go or is it going to some sort of application which is bad? It is not as difficult as it sounds because if you look at applications, they should not send confidential data unless you are sitting on sites like salesforce.com for example, there is no reason for your bank account no to go out or you social security no to go out. Security has always been about confidentiality, integrity and availability and that has not changed but risk has.
Can’t we institute better cross border cyber laws with so many hacks and nuisances created by people sitting in a remote corner of the world?
I think part of that is your politics and you can’t address that to the owner of the network. The vast amount of hacks come from a particular part of the world, at the end of the day, you can only cut down so much and the risk would still be there as someone still has a financial motivation to go after you.
What about the phishing attacks that Websense has found out lately?
If you look at phishing or email security, we have the best capability of identifying compromised websites. Also we are identifying areas of concern.
Would we see continuous attacks even in the future?
I think we would keep evolving in our fight against web security threats and newer threats would be happening disguising themselves in newer ways.