by Dan Cook
Did you know one in five typical employees routinely break basic cyber security rules at work? Worse, one in three millennials is downloading apps without mentioning it to IT—and 23 percent of millennials intentionally down apps on IT’s “not approved” list, even though an approved app is available.
That’s what a recent survey by IT services provider Softchoice found. But none of this is news to Bhushan Gupta, Gupta Consulting, LLC. This cybersecurity expert will be presenting at PNSQC 2016, and his message will be a warning to security bosses everywhere: Your company’s assets and secrets are at risk every day, and as more services and tools move to the cloud, those risks are growing.
During a recent webinar hosted by PNSQC’s Phil Lew, Gupta offered a taste of his full presentation. He focused on four specific areas of security that, he said, pose great threats to business.
“I have gained some serious interest in security in the last few years—it’s a serious problem,” he said. “You can see problems from corporate America—Sony Pictures, Target, Home Depot—and from government websites being hacked. Such breaches not only impact corporations financially, they also tarnish the brand image. The customers loyal to the corporations lose their confidence in their private data security and take their business to safer pastures, thereby financially impacting the business. Both corporate America and Government agencies are working towards controlling cyber security threats.”
“In this millennium it has only gotten worse. That’s because companies are moving rapidly to the cloud to avoid investing in their own system. But security on the cloud is not well defined at this time. This is an area where we need people to share their knowledge and experiences.”
Gupta’s Big Four cyber security topics included:
Social engineering: The weakest link in the web security chain, he said, with “very limited exposure in the industry.” A large part of his mission as a speaker and consultant is to raise awareness at all organizational levels by fostering discussions of ways in which social engineering is practiced, the cyber threat it represents and solutions to prevent social engineering issues that lead to compromised systems.
Cloud security: As more companies are moving to the cloud to realize the cost savings, both initial investment and maintenance, the threat of a hack or breach increases. An important aspect of this approach is the level of security it requires and its ownership, especially when hybrid clouds are deployed and BYOD is an option. “Some deep thinking of these aspects will serve the PNSQC audience well,” he said.
Security metrics: How does one measure cloud security? Is a system 60 percent secure? 100 percent secure? “This is a new area that has begun to evolve,” he said. “A discussion of security quantification at the conference would provide some thought-provoking ideas.”
Cloud quality: How does one test on the cloud, especially when hosting a web application? The quality of that application must be validated before going live with it. Who provides the staging platform—the user or the host? “The quality is an absolute must for web applications because as soon as you go live, you are open to the world,” he said.
“Clearly, cyber space has been invaded by the “Bad Guys” and our security and privacy has been threatened. The Web security of big corporations, the federal government has been compromised and the consumer has suffered identity theft as well as loss of credit card information,” Gupta says in his 2015 paper, Web application security: What you need to know. “Web security is becoming increasingly important and to protect ourselves, we must have a sound understanding of security and how breaches are manifested.”
He promises to address this hot-and-getting-hotter topic in detail at PNSQC 2016.