breaking news

Amid frigid temps, Gov. Deal issues emergency declaration

Battling forces of darkness: Cybersecurity expert talks Equifax, more

SUNNYVALE, Calif. — For millions of Americans, the cybersecurity problem plaguing U.S. businesses hit home in about the worst way possible. The failure of one business, Equifax, to keep its data secure will lead to a decades-long threat to the finances of more than half the nation’s adults.

Major companies such as Equifax are under constant bombardment by hackers seeking everything from customers’ credit card numbers to company secrets. Attackers may be freelance profit seekers, contractors, organized criminals or nation states.

Increasingly, attackers and defenders are focusing on the weakest link in virtually any company, the digitally connected worker. Joe Schmo’s cubicle has become the new battleground in a war that sees the criminals and spies furiously innovating to stay one step ahead of people like Gary Steele. He’s CEO of Proofpoint, a Sunnyvale cybersecurity company whose researchers helped stop the world-wide “WannaCry” ransomware attack in May. The $4 billion public company counts among its customers almost half of the Fortune 100, all five top U.S. banks, six of the world’s top 10 retailers and seven of the top 10 technology firms.

The Mercury News spoke with Steele about the threats facing individuals and companies, and what we can expect the future to hold for personal and business data — including what was taken from Equifax. His comments have been edited for length and clarity.

Q: What does the Equifax hack say about security of Americans’ personal data?

A: The Equifax breach has broad impact on many Americans today, exposing their personal data to hackers. It also speaks to the fact that every company in America is vulnerable and we still have a long way to go to improve the overall security posture across corporate America.

Q: What are the hindrances to an improved security posture?

A: The bad actors continue to operate broadly. Their trade craft and capabilities continue to improve and corporate America has to continue to invest in cybersecurity. Frankly, we’ve seen a faster rate of innovation from the bad actors than we have from corporate America keeping up a security posture. It’s investment, it’s getting the right people in place that can help drive an appropriate security posture, and its vigilance, you’ve got to stay on it every day.

Q: With names, Social Security numbers, dates of birth and addresses stolen from Equifax — all that’s necessary to fake an identity or loot a bank account — are we all under threat for life?

A: There’s definitely a large population that is at risk and vulnerable. What’s required is close monitoring for a long period. This will likely be used for many years to come. So it’s incumbent upon all individuals who were impacted by the Equifax hack to closely monitor their credit over a long period. This won’t go away — people need to be thinking in terms of decades not just in terms of a few years.

Q: Is it likely that stolen Equifax data will get sold around on the dark web?

A: It really comes down to who that actor was. But it’s highly likely that it ends up on the dark web for sale.

Q: What can we expect next from this dangerous cybersecurity threat environment?

A: We will continue to see high-profile breaches, for example the notice about Deloitte (reports in September revealed a major hack of the accounting giant) was another significant breach in a very short period of time. We should be ready for significant breaches throughout corporate America.

Q: How does Proofpoint prevent phishing attacks from being successful?

A: We have a set of techniques including machine learning that enables us to very quickly identify these kinds of attacks and make sure they don’t get delivered. These attacks have gotten much more sophisticated and they’re truly socially engineered in that the email that is sent has lots of information and context (to fool the recipient into thinking it’s from a legitimate source). The best way to protect that employee is frankly not having them see it at all.

Q: Where is our personal data most vulnerable?

A: Your personal data is spread across many different organizations. Retailers you do business with. Banks. Credit-reporting agencies. Your doctor. Your insurance company. Many, many organizations have personal and private data that needs to be well protected.

Q: What measures should a person take to protect all that data?

A: Use two-factor authentication with all your bank accounts and financial accounts. Use credit reporting to understand whether there’s any bad actor that’s already gotten to your data. Think hard with who you do business with and how you interact on the web — think about who you’re providing your personal information to. We see malicious mobile apps, which may look like it’s coming from your favorite bank but they might not actually be the publisher of that app. It’s not uncommon for bad actors to post malicious links on social accounts, or place malicious content there.

Reader Comments ...

Next Up in Business

How to win an argument at work - or stop one before it starts
How to win an argument at work - or stop one before it starts

No one expects to navigate the work world without the occasional argument. And it's nice to "win" when you're in the right. »RELATED: Does birth order affect you in the workplace? But what really matters more than besting your manager or co-workers in an argument is how you handle the conflicts that are an inevitable part of work, ...
8 easy, money-making side gigs for teens 
8 easy, money-making side gigs for teens 

Whether it's the teen who'd like extra money for things like clothes or gas or a parent who'd like to see their high school or college-aged child get off the couch when school’s out, a part-time job can be a wonderful thing. »RELATED: Apple hiring for work from home positions Of course, child labor laws dictate how young is too young...
Atlanta purchasing chief gets 27 months for role in federal bribery case
Atlanta purchasing chief gets 27 months for role in federal bribery case

Adam Smith, the city of Atlanta’s former top purchasing official, was sentenced Tuesday to 27 months in prison for his part in the city’s cash-for-contracts scandal following an emotional hearing in which supporters and even the government asked for leniency in light of his cooperation and acceptance of responsibility.   ...
Lawsuit accuses Delta of discrimination in restroom run bumping
Lawsuit accuses Delta of discrimination in restroom run bumping

A lawsuit is moving forward in which a Delta Air Lines passenger, who was booted from a plane last year after an urgent restroom run before takeoff, accuses the airline of racial discrimination. The passenger, Kima Hamilton, gained widespread attention after a video posted online showed him being asked to exit the plane. An attorney seated nearby...
Diet Coke rebrands with ‘real (new) thing’ to attract millenials
Diet Coke rebrands with ‘real (new) thing’ to attract millenials

Coca-Cola has introduced new packaging and four new fruit-flavored drinks to its Diet-Coke brand, to attract a new generation of drinkers. In a statement, the company said the re-brand will target consumers interested in trying new things, besides retaining the loyal diet coke consumer. “We’re contemporizing the Diet Coke brand and portfolio...
More Stories