- Content Marketing
Your Customers Aren’t Listening! How to Create Consumer Dialogue that Converts4 Tools for Nonprofit Social Listening and Reputation ManagementThe Promising Role of Social Listening in Treating Health IssuesThe Importance of Social Listening for Brands
- Public Relations
Facebook Testing a Way for Users to Buy Products on the Platform7 Website Tips to Attract More Shoppers to Your PagesHow eCommerce, Augmented and Virtual Reality Will Redefine the Retail ExperienceSearch Query Analysis to Increase eCommerce Website Conversions
Technology & Data
Social Startups: Bizible Connects All the Dots from Marketing Contributions to RevenueCreating the Perfect Profile for Your Social Media Marketing EffortUsing GPS and Localization for Social AnalyticsAnalytics and Prospect Intel: Discovering Your Ideal Prospect
- Big Data
- Tech & Innovation
3 Security Risks You’re Taking Every Day While Using Social MediaShould the President Have the Power to "Pull the Plug" on the Internet?How Safe is Your WordPress Website From Hackers and Other Malicious Attacks?
- Software & Tools
Join us September 15th in Atlanta for The Employee Advocacy Summit and learn how to unleash the power of your employees.
Post your event here and we'll share it with our community. If one of our members is featured, we'll promote as well on their profile.
- Marketplace & Webinars
The SMT Marketplace
Your resource for exclusive content and insights from Social Media Today, and opportunities to reach our community of professionals.
The Social Business Book Club brings you books, discussions, and insights from today's to business thought leaders.
Join interactive talks and and panel discussions with leading thinkers and practitioners on social media and networked business, or browse the catalogue of recorded sessions - all completely free.
Reach Social Media Today's community of marketing and communications professionals in an editor-approved context with a native advertising package.
Talking Online Security for Startups at SF New Tech
Posted on May 31st 2013
Last night, we were excited to participate in a panel on online security hosted by SF New Tech. Along with Impermium CEO Mark Risher, the panel included Joe Sullivan (Chief Security Officer, Facebook), Michael Coates (Director of Security Assurance, Mozilla), Deron McElroy (Department of Homeland Security) and was moderated by Dan Goodin of Ars Technica.
The discussion focused on the security needs of startups in an increasingly dangerous online world. Many startups assume that they are not at risk, believing that their small size and relative lack of conspicuous popularity makes them less vulnerable to attack. Panel members all agreed that this is simply not true, citing the recently released 2013 Verizon Data Breach Investigations Report, an analysis of the online security landscape based on over 47,000 incidents reported in past year. According to the report:
Smaller organizations tend towards complacency, believing that attacks only target government, military and high profile organizations. This leaves them vulnerable to easily preventable attacks.
Attacks targeting end-users are major vulnerabilities. Phishing, malware and misuse of credentials have become increasingly sophisticated. Phishing schemes in particular have evolved to target specific users such as customer support staff.
A breach may not be detected for months after the attack. In 84% of cases analyzed, the actual attack took less than an hour. And in 66% of cases, the breach wasn’t detected for several months and in 22% of cases, it took months to contain the breach.
These findings have major implications for internet security needs. Joe Sullivan of Facebook shared that engineers often come to him with requests to use technologies like Evernote and Dropbox on the Facebook network. His team must evaluate whether those services or apps pose a risk to the security of corporate data. If a potential vulnerability does emerge, he may work with those companies to find a way to collaborate that keeps data secure. This collaboration is essential to maintaining a secure environment.
The idea of smaller companies working together or in collaboration with larger, more established companies emerged as a theme. All panel members agreed that startups should not use their limited resources to develop their own identity management and access systems. Instead, while all companies need someone paying attention to account security, they should participate in federated efforts that leverage combined resources to increase security across the web.
Another theme that emerged, and one that we often discuss here at Impermium, is the need to balance security concerns with usability. Mozilla’s Michael Coates shared that an extremely secure product that no one wants to use due to the number of (very secure) barriers to entry is, in fact, not a good product. The gold standard, and what we’re working towards at Impermium, is a strong security solution for businesses that has minimal impact on the user experience.
Mark spoke specifically about our work at Impermium. It has become more accepted that a username and password are no longer sufficient security measures. Hackers have become so adept that relying on them is not unlike leaving your spare keys under the welcome mat to be found by robbers. As we’ve blogged about here before, multi-factor authentication is, likewise, not a perfect solution.
Authentication shouldn’t be based on a binary system of “open” or “closed.” Rather, it should exist on a continuum, designed with progressive entitlements based on a risk factor determined by automated systems. A log-in with low risk would be allowed unrestricted access, higher risk could have lower permissions or be prompted to enter a second password before gaining access, etc. With a system like this, you can kick off the bad guys instantly instead of banning them from future access, a measure not unlike closing the barn door after the horse has escaped.
Joe Sullivan helped wrap things up by observing that if you follow security stories in the media, you could come away with the belief that internet security efforts are futile. Why try if the bad guys are so determined? The entire panel took the opposite view. Daily reports of cyber-attacks and security breaches emphasize the critical need for coordinated security efforts, with the startup and online business community working together to keep data and users safe.
Thank you to SF New Tech for hosting a great panel and we look forward to being a part of future discussions!
The post Talking Online Security for Startups at SF New Tech appeared first on Impermium.