“It will add mindfulness to the way employees perform their jobs with a security first mentality,” says Brian Arellanes, Founder and CEO of ITSourceTEK, when asked about the role of cybersecurity in business transformation. As best known as a seasonal entrepreneur and a security leader, Arellanes believes in the importance of security training for every employee at every level to protect their respective companies from any possible breach. Moreover, “From a higher level, corporations must have the right processes, tools, and awareness to meet compliance requirements for the protection of their employee and customer data.”
Having an extensive experience in security supporting for large DoD secured facilities, Arellanes helped in building teams for the U.S. Navy to create software for top secret weather based war planning programs. Besides that he worked in leading financial companies where his teams won the highest level of customer satisfaction in bank history to that date. After serving in the National Security, he started ITSourceTEK to disrupt the security industry and give back to the community. ITSourceTEK is one of the first technology leaders to create and adopt a data-centric security approach and leverage Cloud to automate IT functions. “We take a unique approach to help companies securely protect their data and securely move their workloads to the Cloud.” Apart from securing data on endpoints, big data lakes, enterprise and custom applications, and systems, the company provides several encryption, masking, and tokenization technologies. “Our technologies can be selected to secure our client environments based on their compliance requirements. Additionally, we enable migrating our clients’ off-antiquated compliance systems that have costly 7 figure maintenance and even more costly customization.” Their GRC platform help automate everything all the way down to compliance reporting for various or multiple frameworks, which truly empowers companies and their compliance organizations.
Injecting AI into their sophisticated technology products, ITSourceTEK better understands and identifies what customer behaviors are normal and abnormal so they can flag or even prevent abnormal behavior from happening. “However, this will not stop all fraud as customers must also be vigilant in addressing fraud by monitoring their accounts and transactions, especially in financially related accounts. It is also important to verify the personal data is secure given the amount of sensitive data that has and will continue to be breached by using credit monitoring services,” states Arellanes. The company provides significant automation by consolidating tools and/or aggregating data from existing tools that cannot be replaced to give a powerful, yet singular view. Most of their security and GRC initiatives bring about immediate to fast ROIs due to this approach, while also significantly enhancing their clients security and compliance posture.
“We take a customer-first approach that looks to address the most challenging problem statements our customers are looking to solve,” notes Arellanes. “Most companies we work with are amazed at what we can do to help transform their organizations with an ROI and/or TCO focus to make the CIOs, CSOs, and CPOs happy, because they don’t just get their security or compliance needs addressed, they get a positive payback on their investment.” For instance, one of their clients that has billions of dollars in assets under management installed and configured ITSourceTEK’s enterprise platform that automatically detects anomalies in behavior to protect their clients from anomalies in their data access as well as employee actions that may be malicious or a result of stolen credentials. Upon implementation, the client data is now completely protected from breach given the sophistication of the system that was put in place along with other controls.
ITSourceTEK is now led by President and COO, Nina Do, who has 25+ years of experience and 12+ of those years at ITSourceTEK. “In addition to having my support, she also has support from our CIO, Walter Jones, that’s been with us for 5+ years and has 45+ years of experience primarily at Wells Fargo where he led 3,000 plus people in their Infrastructure and IT Operations. Additionally, our EVP, Matt Whitmarsh has been with us for 9+ years and has led teams greater than 500 people for massive government projects. Lastly, our VP of Operations, Jean Dubois, who has been with us nearly 5 years bringing decades of financial and process improvement experience to ITSourceTEK.”
Going forward, “we will continue to be a trailblazer in the cybersecurity and GRC market by partnering with the most stable cutting edge solutions on the market that fit our client’s unique requirements.” Being one of the first product resellers to be able to offer a wide range of security and GRC tools through the AWS marketplace, ITSourceTEK today aims to help their clients easily scale for enterprise and cloud based security/compliance.
Blockchain is the future of cybersecurity
Blockchain is a non-editable record of data managed by a cluster of computers. The system is not owned by anyone and it acts like a democracy of data. The technology is all about ‘blocks’ of data ‘chained’ in a public database. It’s like an encrypted digital ledger that is shared among a closed network. Blocks can usually store upto 1MB of data. So if you have more transactional information, you have to store it in different blocks and chain them together. Once a block is added to the Blockchain, it turns public for anyone to view. Blockchain offers complete transparency of the transaction but at the same time ensures privacy too. This is why experts call it the future of cybersecurity. Still, critics question the scalability and sustainability of the technology. So is the technology really viable? Let’s discuss!
Why is Blockchain transparent?
You can connect your computer to the Blockchain network and receive updates whenever a new block is added. Since every piece of information is spreading across a network of computers, it is very difficult to manipulate the data. This is because, the hacker will have to hack into the thousands (sometimes millions) of computers in the network and manipulate every copy of the Blockchain. Not that easy!
Is your information kept private?
The blocks contain more of transactional data recorded with a unique user ID called the ‘digital signature’. All your transactions will be stored under this digital signature and not your name. So even if your blocks are on a public database one cannot search for your transactions that easily. For example, Instead of “Roger sent 1 BTC” , your transaction will be recorded like this:
“1MF1bshFLkBzz9vpFYEmvwT2TbjCt7NoJ sent 1 BTC”.
This is how Blockchain ensures privacy and transparency at the same time. Blocks are differentiated from the other blocks using a code called hashes. Each block has a unique hash. The position of a block in the chain is called ‘height’.
Why is Blockchain Immutable?
Also, you can’t stealthily alter a block. If you edit a block, it’s hashcode changes as well. Since blocks are stored sequentially, the changes in one block would affect the hash of the other and this would go on like a chain reaction. So every tiny change you make would be apparent and it is almost impossible to hack these systems. So the bottom line is this “once you add a block to the chain, it is difficult to edit it and impossible to delete it.
So, where is the Blockchain server?
Nowhere! Blockchain is stored in a cluster of computers using peer to peer networking. Having a single server for all the nodes in the network would slow down the process of downloading and uploading. Also, when there is a server failure, it would affect all the nodes in the network. But this is not the case in peer to peer networking. By eliminating the single server system, even if one computer fails, there is always another one to download data from. Peer to peer networking also have the advantage of not being prone to censorship.
What Blockchain means to Cybersecurity?
Apparently, Blockchain is a very viable technology when it comes to protecting data. Here’s a list of top 4 use-cases:
In the data age, there’s nothing as harmful as storing all your data in one place. By decentralising data storage, Blockchain revokes hackers from having a single point entry. Another advantage of blockchain data storage is that even if you give access to third parties, you can revoke the cryptographic access key anytime.
2. IoT security
IoT is becoming ubiquitous in enterprises and every system is networked. If one trivial device like a smart doorbell or a thermostat is hacked, it becomes a doorway to hack the other devices. This is where Blockchain comes in to save the day. With blockchain, devices don’t need to rely on a centralised control system. This way devices can make their own decisions and block necessary data if any suspicious behaviour is detected. Blockchain would also render a safer DNS and private messaging systems.
3. Secure authentication
ID management is one of the most sensitive systems in an enterprise. Passwordsense considering the advancement of hacking systems today. But blockchain systems are reliable because they use biometric data and private keys. According to Facebook, accounts are hacked 600,000 times a day.
4. Automated Updates
Hackers inject malware into the systems in the form of updates. This becomes worse in the case of automated systems where there is no human entity to verify the authenticity of the updates. But blockchain based systems recognise potentially harmful components and block them.
Wrapping it up,
The scope of Blockchain is not just limited to Cybersecurity. The technology is making significant strides in other industries as well. Since it is very secure and transparent, the transactions can be totally done between two parties without needing a middle man. This means you can hire a cab without Uber and book a stay without Airbnb. Cutting out the third party applies to financial institutions too. Blockchain will replace all the operations carried out by a bank. So in the future, bankers would just be mere advisers and not the gatekeepers of your money. Also, Stockbrokers will not be able to earn through commissions. It’s truly going to bring revolutionary changes in the next few years.
Insights on Cyber Security, Types of Cyber Attacks & Their Effect
With the advancement and modernization of technology, the threat of cyber-breaches has reached sky high and somehow we are also responsible for the growth of these activities as proper security steps are not always been taken to restrict them.
However, since last few years due to the increase in the awareness, the security features against cyber crimes has been made strong in both government and private sectors but still there are huge loopholes which is being used to commit these kinds of crimes.
Types of Cyber Attacks, Their Effect and Solution:
DDoS Attack: – Distributed Denial of Services what DDoS means. In this, the attacker takes control of several computers by hacking into the system and creates many zombie computers. Then all the systems are used together to send bulk data to any particular websites or server causing overloading and end result is slower service to the legitimate users and even complete shutdown of the website or the server.
- Solution: – It may not directly affect you, but your system may be responsible for a bigger incident. Below are the steps that can be followed to reduce the chances of anyone taking over your system: –
Install latest version of antivirus.
Firewall is also very effective in restricting the generation of unwanted traffic from your system.
Manage unwanted emails.
Avoid clicking on links or opening attachment sent from any unknown source.
Hacking: – This one is the most common term related to cyber attacks, here someone gains access to your system by unauthorized manner. So after the access is taken, the attacker can get access to any files in the system, like private files, pictures, information and others. Installing Trojan horse allows the person to get access to your system at any point in time.
- Solution: – To secure the confidential data and information, you need to protect your system from getting hacked by:-
Strong and uncommon password.
Update software’s on regular interval to protect from Malware.
Ensure security while making internet phone calls.
Get antivirus for additional security.
Malware: – It is the most common way used to gain access to your system or damage the same. In this process malicious software’s like Trojan horses, adware, virus and others are used to infect the computer. It is same as gaining complete access to your system as do all kind of possible damages.
Cybersecurity market trends – The Past, Present and the future
The privileges of digital transformation bring with them their fair share of cybersecurity risks. According to McKinsey, 47% of companies encountered cybersecurity breaches. This is serious considering the quantum of sensitive data being digitised today. Besides strong passwords and multifactor authentication, experts recommend an insurance too. Some experts say that cyber attacks are more dangerous than nuclear weapons.Keeping privacy private has become a hardwon luxury. So how did these cyber crimes evolve? Do we have enough resources to defend? Are companies future-proofing their data against these threats? Let’s discuss!
The Past: Evolution of cybercrimes
It all started with a failure project
Three decades ago the word cybersecurity did not exist in the IT vocabulary. It all started with an error created by a student of Cornell University in 1980. The project intended to measure the size of the internet by infecting UNIX systems. But an error made all the networks clog and systems crash. This was called the computer worm and is the world’s first cyberattack (though that wasn’t the intention).
“I Love You” Virus and the Mafia Boy
The 1990s introduced the world to more aggressive threats called viruses. Two viruses named “ILOVEYOU” and “The Melissa” had a front seat among the group of viruses. They made headlines for failing the email systems across the world. In 2000s, Michael Calce (a.k.a. Mafiaboy) attacked the e-commerce websites that cost the industry a whopping $1.2 billion. Followed by this was an era of credit card hacking and corporate data breaches.
Yahoo Data Breach
Yahoo is the biggest victim of data breach in history which exposed over 3 billion accounts in just a year. Post this scandal, Yahoo had to sell the company for $4.48 billion, though it was once valued $100 billion. And now, we have reached a point where everything on the internet is at risk!
The Present – What’s happening?
Let’s face the truth: Today’s solutions are not sufficient! Current cybersecurity models don’t operate at cloud speed. Also, there’s a huge talent gap in the industry. Despite witnessing disasters like the Yahoo data breach and Capital one breach, over 60% of the companies don’t update their IT systems. Today, business can lose up to an average of $2 trillion per year due to cyber crimes. IoT insecurity is more threatening than phishing links. Gartner predicts connected devices en route to hit 25 billion in 2021. This equates to a titanic amounts of cyber risks. The entertainment industry is also facing big challenges as hackers leak the content before production companies itself.
The Future: Cybersecurity business is the next big wave!
Where there’s a problem, there’s an opportunity! Yes, Cybersecurity market is getting off the ground. Cyber Crimes have given birth to a whole ecosystem of cybersecurity startups. Companies started offering free cybersecurity software to secure future elections. The catch? Publicity! Just imagine advertising your software company to a whole country. Cybersecurity companies and the government are doing all the heavy lifting to prevent the damages that are estimated to hit $6 trillion in the next few years. This eventually creates a demand for talent which reflects on 3.5 million open positions by 2021. Besides human talent, cybersecurity would need tons of automation. Infact, the cybersecurity industry runs by less than 2% of humans. The rest is automated. The cybersecurity industry is also being empowered by technologies like AI and Blockchain. So the demand for cybersecurity would reflect on the AI, Robotics, automation and Blockchain technologies as well. Cybersecurity business seems to be the next big wave!
Cybersecurity stocks to watch
Digital transformation and cloud are making significant strides in the tech industry. This is one of the major reasons for making the cybersecurity market really lucrative. Here’s a list of top 3 Cyber Security stocks to watch in 2019:
- FireEye: The Milpitas-based start-up provides cybersecurity solutions for enterprises and governments. Founded in 2004, the 15-year-old company has hit a valuation of $2.69 billion (as of 2018). The unicorn has acquired over 7 startups and generates an annual revenue of $831 million dollars.
- Qualys: The Foster City-based company is providing cybersecurity solutions for cloud-based applications and data. The company has made over 3 acquisitions so far and is valued at $360.6 million. The company generates $289.4 million in revenue annually.
- Fortinet: The Sunnyvale-based startup provides integrated and automated cybersecurity solutions. The company valuation has hit a whopping $14.03 billion and generates an annual revenue of $1.08 billion. Fortinet has made 11 acquisitions so far.
Wrapping it up,
Governments and corporations are starting to realize the importance of cybersecurity. Almost all the tech companies have decided on having cybersecurity expert as a board member. Though speculations suggest cyberwars in the future, countries are getting ready to defend. In fact, the National Security Agency (NSA) of the USA has already launched its cybersecurity arm. Also the defence department is creating a Blockchain based cybersecurity shield. Tech giants in the U.S are dumping millions into the industry. New York which is the capital of Media and Finance is trying to become the cybersecurity capital as well. The future looks like a more secure place.