CyberSecurity Then and Now

Morey Haber, Vice President of Technology, Office of the CTO

blog-binoculars

Since October is National Cybersecurity Awareness Month I decided to share my thoughts on the evolution of our digital life and the aliases that the digital world have created for us, past and present. For some of you, you may be aware of a fictitious alias that haunts me (I will refer to it as Alias X.) While I am very aware of the story and people behind the legend, a digital persona going back to the late 1990’s is still associated with me and owns my Google SEO ranking as well as plenty of SPAM from curious individuals. In fact, it is an alias I cannot shake even after almost 20 years. My digital presence not only created by myself but also inferred by others has been a cyber legacy that equates to me as a human being.

With the evolution of the Internet, we have created aliases for chat rooms, email addresses, avatars and login credentials. They are all associated with us and serve as fingerprints to identify who the true individual or organization is behind any identity. In my case, the claims of my past represent my Cybersecurity fingerprint. From Alias X, you can find out who I am and almost everything about my family. Even though I am not Alias X, the link between him and I has been well established and unfortunately well documented.

Today, our Cybersecurity fingerprints are everywhere —from healthcare data to taxes. As we have seen in recent breaches, these “fingerprints” are out in the wild and can now tie us to the rest of our digital lives and the physical world via public records and other leaked information. Consider the 5.6 million people whose information was compromised via OPM. That data not only included names, background information, but also their actual physical fingerprints. It’s just a matter of time before criminals act on it.

So, what about the future of Cybersecurity? In order to protect ourselves, we will need to remove the concept of digital aliases. Microsoft has begun an aggressive marketing campaign with the launch of Windows 10 titled ‘The Future Starts Now’ around their vision for the future of technology and Cybersecurity to do just that—children that log in with their smile, identification with more than just a fingerprint, etc. While I have strong reservations about using biometrics for identification and authorization (in case the data is compromised), it presents the next generation of Cybersecurity. An absolute value of who you are, without the need for aliases that leave bread crumbs for someone to research and figure out your true identity and relationships.

As for Cybersecurity in the organization, IT security teams need to think beyond passwords as their primary method of protection against threats. Register for our webinar titled ‘Passwords – then what? A roadmap to complete privileged identity management’ featuring guest speaker, Forrester Research, Inc. Vice President and Principal Analyst, Andras Cser on November 4th.

Morey Haber, Vice President of Technology, Office of the CTO

With more than 20 years of IT industry experience and author of Privileged Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital acquisition. He currently oversees strategy for both vulnerability and privileged access management solutions. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.