Battling forces of darkness: Cybersecurity expert talks Equifax, more

SUNNYVALE, Calif. — For millions of Americans, the cybersecurity problem plaguing U.S. businesses hit home in about the worst way possible. The failure of one business, Equifax, to keep its data secure will lead to a decades-long threat to the finances of more than half the nation’s adults.

Major companies such as Equifax are under constant bombardment by hackers seeking everything from customers’ credit card numbers to company secrets. Attackers may be freelance profit seekers, contractors, organized criminals or nation states.

Increasingly, attackers and defenders are focusing on the weakest link in virtually any company, the digitally connected worker. Joe Schmo’s cubicle has become the new battleground in a war that sees the criminals and spies furiously innovating to stay one step ahead of people like Gary Steele. He’s CEO of Proofpoint, a Sunnyvale cybersecurity company whose researchers helped stop the world-wide “WannaCry” ransomware attack in May. The $4 billion public company counts among its customers almost half of the Fortune 100, all five top U.S. banks, six of the world’s top 10 retailers and seven of the top 10 technology firms.

The Mercury News spoke with Steele about the threats facing individuals and companies, and what we can expect the future to hold for personal and business data — including what was taken from Equifax. His comments have been edited for length and clarity.

Q: What does the Equifax hack say about security of Americans’ personal data?

A: The Equifax breach has broad impact on many Americans today, exposing their personal data to hackers. It also speaks to the fact that every company in America is vulnerable and we still have a long way to go to improve the overall security posture across corporate America.

Q: What are the hindrances to an improved security posture?

A: The bad actors continue to operate broadly. Their trade craft and capabilities continue to improve and corporate America has to continue to invest in cybersecurity. Frankly, we’ve seen a faster rate of innovation from the bad actors than we have from corporate America keeping up a security posture. It’s investment, it’s getting the right people in place that can help drive an appropriate security posture, and its vigilance, you’ve got to stay on it every day.

Q: With names, Social Security numbers, dates of birth and addresses stolen from Equifax — all that’s necessary to fake an identity or loot a bank account — are we all under threat for life?

A: There’s definitely a large population that is at risk and vulnerable. What’s required is close monitoring for a long period. This will likely be used for many years to come. So it’s incumbent upon all individuals who were impacted by the Equifax hack to closely monitor their credit over a long period. This won’t go away — people need to be thinking in terms of decades not just in terms of a few years.

Q: Is it likely that stolen Equifax data will get sold around on the dark web?

A: It really comes down to who that actor was. But it’s highly likely that it ends up on the dark web for sale.

Q: What can we expect next from this dangerous cybersecurity threat environment?

A: We will continue to see high-profile breaches, for example the notice about Deloitte (reports in September revealed a major hack of the accounting giant) was another significant breach in a very short period of time. We should be ready for significant breaches throughout corporate America.

Q: How does Proofpoint prevent phishing attacks from being successful?

A: We have a set of techniques including machine learning that enables us to very quickly identify these kinds of attacks and make sure they don’t get delivered. These attacks have gotten much more sophisticated and they’re truly socially engineered in that the email that is sent has lots of information and context (to fool the recipient into thinking it’s from a legitimate source). The best way to protect that employee is frankly not having them see it at all.

Q: Where is our personal data most vulnerable?

A: Your personal data is spread across many different organizations. Retailers you do business with. Banks. Credit-reporting agencies. Your doctor. Your insurance company. Many, many organizations have personal and private data that needs to be well protected.

Q: What measures should a person take to protect all that data?

A: Use two-factor authentication with all your bank accounts and financial accounts. Use credit reporting to understand whether there’s any bad actor that’s already gotten to your data. Think hard with who you do business with and how you interact on the web — think about who you’re providing your personal information to. We see malicious mobile apps, which may look like it’s coming from your favorite bank but they might not actually be the publisher of that app. It’s not uncommon for bad actors to post malicious links on social accounts, or place malicious content there.

Reader Comments ...

Next Up in Business

Hartsfield-Jackson weighs new locations for Uber, Lyft pickups
Hartsfield-Jackson weighs new locations for Uber, Lyft pickups
Hartsfield-Jackson International’s new Uber and Lyft  pickup areas have frustrated many passengers who have taken the long walk to an economy parking lot to catch their ride. Airport officials are now working on a plan to relocate one of the pickup areas later this year.  Hartsfield-Jackson opened the remote pickup zones ...
Kempner: Why cash is no longer on the restaurant menu
Kempner: Why cash is no longer on the restaurant menu

Allison Hill wants success for the Neapolitan pizza chain she’s helping launch in Atlanta. She just doesn’t want cash. Patrons at The Local Pizzaiolo on Atlanta’s Westside can pay by credit, debit or plastic cash cards, but not with the legal tender of the United States. Some nearby restaurants also recently put in place policies...
Amazing $20 camera you can use to protect your home, office and family
Amazing $20 camera you can use to protect your home, office and family

I don’t review products, but The Watchdog makes an exception here because I found something exceptional and fun. The Wyze camera is a $20 camera for indoor use that I’ve tested for a month. If you’ve longed for an indoor home surveillance system but didn’t want to spend a lot of money or deal with wires or data storage machines...
CNET: Smart thermostats to make your home the right temperature
CNET: Smart thermostats to make your home the right temperature

Thinking about swapping out your old thermostat for a state-of-the-art smart one? Take a look at these four smart thermostats that are among the best CNET has reviewed so far to see if you might be ready for an upgrade. ——— Ecobee4 Product Review: CNET...
‘Shadow of the Colossus’ has resolutions to dig into details
‘Shadow of the Colossus’ has resolutions to dig into details

Video game remakes are a tricky business. Developers can color within the lines and create a title that hews close to the original. Afraid of ruining the magic of the code, they create an old game with fresh paint on it. That works but the results are boring and sterile. It’s important for developers to put a little of themselves in the work...
More Stories