To confused executives, today’s cybersecurity scene must look like an unsettling mixture of outrageous criminality and confusing technical jargon, laced by a creeping, destabilising paranoia.
Ten years ago, cybersecurity was something technical people worried about. Five years ago, CSOs and CISOs were suddenly the men and women with furrowed brows.
Today, in a period when data breaches, targeted attacks and huge denial-of-service events regularly shake the commercial Internet, the anxiety has spread to everyone, customers included.
How well can a company defend itself? With certainties in short supply, nobody can be sure.
US security firm Proofpoint sits smack in the middle of this troubled zeitgeist but with an unusually down-to-earth engineering outlook that marks it out from a noisy crowd of contemporaries.
Founded in 2003 by former Netscape CTO Eric Hahn as an anti-spam and email security specialist, 13 years on and this expertise remains at the core of its thinking. For Proofpoint, cybercrime is still about how organised groups turn apparently simple communications channels such as email, messaging and social media against their unsuspecting users.
Businesses and criminals are tidally locked in a defining battle for control that demands clear thinking on the part of the defenders.
“You need to think of the hackers as a company. This is not a group of individuals who are doing this in their spare time. Their strategy is no different to a legitimate company,” opens Proofpoint’s EMEA sales vice president, Gary Rider.
It’s an observation that implies something deeper about IT security Rider believes organisations should take on-board: cybercriminals are a large, organised industry that to a surprising degree resembles a conventional business.
Their existence is not simply a passing danger but a permanent one that requires long-term planning.
A career at the sharp end
Rider’s CV reads like an industry veteran who’s arrived in his current job after an interesting journey.
Starting at HP’s services arm in the late 1980s, he moved to senior management roles at StorageTek, NCR, and Polycom in the 1990s and 2000s before finding his way to Proofpoint in 2014.
Has cybersecurity been a culture shock?
“HP was very much into encouraging you to move into different aspects of the business. I not only did sales and support but consulting and engineering. It gave me a big interest in diversifying,” says Rider.
Rider’s first brush with the new and unfamiliar problems being thrown up by security came, of all places, at ATM company NCR.
“I found out that the use of cash was not declining, it was increasing. That’s what got my interest in security – cash machines are a magnet for criminals in a physical and software sense.”
What attracted him to Proofpoint was its mixture of SaaS security – the service idea he understood from Polycom days – and the security world he had caught a glimpse of at NCR.
Proofpoint’s portfolio, augmented by a few careful acquisitions over the years, now encompasses everything from core email protection, message encryption and data leak protection, to archiving, compliance, social media, mobile and cloud security services.
On the latter theme, the firm recently bought Israeli startup FireLayers to give itself a stronger foothold in Targeted Attack Prevention (TAP) for SaaS.
A trademark remains the way the company has carefully evolved its understanding of email protection to keep up with evolving threats.
These days, email is only the beginning of a complex chain of threats that encompass highly targeted attacks that can be fiendishly difficult to even spot and a multiplicity of mobile app and connectivity threats.
“Email remains the number one attack vector. It’s business critical for communicating. It’s an obvious opportunity for attackers,” reminds Rider.
A major problem is that new types of vulnerability appear faster than companies and their customer base can assimilate them.
One under-reported threat is the way cybercriminals have started using social media platforms such as Twitter to phish customers. A typical attack would involve, say, a bank customer tweeting a support issue to a legitimate Twitter account only for that to be answered by a fake account pushing a phishing link.
Proofpoint’s 2016 report looking at social media brand fraud found that 19% of the accounts connected to a selection of 10 big brands turned out to be fraudulent. Nobody in the security world would have been surprised by this finding but it’s astonishing nonetheless. In an age when brands are hyper-sensitive to their image, when it comes to social media it’s as if anything goes. In the absence of clear systems for authenticating anyone or anything, the criminals can more or less do what they like.
But while many organisations underestimate the scale of this threat they aren’t defenceless.
“Once we show customers that their presence is in multiple places they didn’t know about you can’t not act on it,” says Rider.
“You can shut down some of those social presences that aren’t real. You start the process of taking control of your social presence.”
In response, the company launched Social Media Protection, a platform designed to gather intelligence on fraudulent and spam accounts as well as ones being used by employees without authorisation.
And the issue expands beyond simple fraud.
“How much information can you gather about an influential person in a bank by going to their LinkedIn profile? You can quickly gather information on their friends which provides the information to spearphish.
“It’s not difficult to build a picture of an individual and then target that person.”
Anticipating an attack
Another development has been the rise of threat intelligence.
This sounds logical – the idea is undergoing a boom across the industry – but it heralds a huge cultural shift in cybersecurity that not everyone has picked up on.
“You need to know the origin and type of the attack. Are you being targeted as an individual, is it industry-wide? The more you know you know about an attack the better you can prepare.”
Hitherto, cybersecurity has become about deploying static systems to detect and block attacks in real time. Threat intelligence holds out the possibility of researching them before they happen, a radically new approach to security.
The trick is knowing what to look for and how to feed data to cybersecurity teams without over-loading them with information.
To this end, Proofpoint recently partnered with Palo Alto to embed its intelligence inside the latter’s next-generation firewall platform.
“The smart customer will demand that companies will work with each other,” observes Rider.
“Being cloud based we are able to gather information from our customers very quickly, anticipating where attacks are coming from.”
This hints at a world in which network security is increasingly about hardening security on-the-fly, bracing for attacks that have been predicted or at least risk-scored. The industry isn’t at that level yet but you can see from Rider’s enthusiastic description how Proofpoint technology could evolve in step with its demands.
After a quarter of a century in the technology industry, Rider finds himself at the sharp end but seems confident about the prospect.
“We are quite happy to be judged on proof of concept. We ask our customers to let us prove it to them.”
“Put us behind your incumbent and we’ll show you what they let through. We’re happy to be judged on results.”
Gary Rider joined Proofpoint in 2014 as vice president of Sales, EMEA. He leads the EMEA management team in developing and executing strategies while driving aggressive revenue and market-share growth in the theatre. With more than 20 years of leadership experience, Rider joined Proofpoint from Polycom, where he served as President for EMEA. Prior to Polycom, he held several senior roles in EMEA with NCR Corporation, StorageTek, HP and Digital Equipment.
Mr. Rider holds an MBA from the Henley Business School, University of Reading.