Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Why CXOs Must Become Better Informed About Cyber-Security

    By
    Chris Preimesberger
    -
    April 22, 2015
    Share
    Facebook
    Twitter
    Linkedin

      SAN FRANCISCO—C-level executives need to get with it and become better educated about how prudent cyber-security practices in networks and devices should be deployed and the overall critical value of tight security to their companies.

      Why? Because if security doesn’t get the right amount of attention in the C-suite, the business that CXOs could lose could well be their own.

      These statements don’t come from an analyst or theorist. They came from a CEO who’s been there, one who has worked in both telecoms and security and knows exactly what it takes to protect an enterprise security system from bad guys inside and out.

      “The use of the Internet is an essential part of doing business on a daily basis,” Harri Koponen, CEO of the Finnish security development and products provider SSH, told eWEEK. “We can’t continue to do business without thinking: Is this secure? Is this sound? Is everything OK, because your customer records are online? If you’re not thinking about this part of the business, eventually you will destroy your business.”

      Breach Can Happen Any Time, Any Place

      This is because a data breach can happen at any time, any place, and from sources about which C-level executives may not even dream. In fact, new methods to infiltrate systems in search of financial, personal and business information that can be resold or used in nefarious ways are being created on a daily basis by people motivated by huge financial payoffs.

      A recent example of what can happen is that of Code Spaces, a now defunct code-hosting company that a year ago was hit by a hacker who accessed the company’s Amazon EC2 control panel and took control of all its business data.

      After the hacker obtained access to all the files, he held them hostage for a price. When Code Spaces refused to pay, he deleted everything, and the company was left twisting in the virtual wind, completely out of business.

      This isn’t a common event, but an attack like this can happen to anyone.

      Koponen and eWEEK had a conversation at RSA Security 2015, the world’s largest IT security meetup, which has about 30,000 people at Moscone Center here through April 24. Koponen and members of the SSH team attended several session tracks this week and came away a little puzzled about the program.

      No Track at RSA for CXOs

      “I’m really surprised that there isn’t a track here specifically for CxOs,” Koponen said. “This is a big hole in the program. C-level executives need to be aware firsthand about the cyber-defense of their company. This is extremely important. They need to understand what safeguards need to be in place and what their security can or can’t do when an attack occurs. This is because attacks will eventually occur.”

      There should be no CEO, CFO, board chairman or audit committee head who’s not thinking about this, Koponen said.

      “They should be thinking about ‘How is my reputation going to be affected if we are attacked, and our systems go down?'” he said. “This is because everything is on the Web.”

      An enterprise’s job is not only to provide products and services for its customers but to also make sure that business transactions are conducted in a clean, efficient and totally secure manner, so as not to put any type of business or personal information at risk.

      SSH Now in Its 20th Year

      SSH, the parent company of which is based in Finland, is celebrating its 20th year of operation in 2015.

      Secure Shell, or SSH, is a standard protocol used throughout the Internet, in virtually all mobile connected devices and in data centers. It is an encrypted network protocol for initiating text sessions on remote machines in a secure manner. This allows a user to run commands on a machine’s command prompt without the user being physically present near the machine. It also allows a user to establish a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server.

      Common applications include remote command-line log-in and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

      SSH keys can used by system administrators to log into remote computers without a password. Keys must be tightly managed, and those that have been outdated or unused must be disabled. The SSH company provides tools and services for those purposes; that’s the company’s primary business model.

      SSH keys, like other security tools, can be used for malicious purposes when they get into the wrong hands. Certificate-management firm Venafi posted an analysis in 2013 stating that National Security Agency whistleblower Edward Snowden likely used SSH authentication keys to give his account privileged access to other servers in the network.

      “This is why companies need to take stock in all their authentication keys, because they can stay around forever and be used for bad purposes,” Koponen said. “Some companies have literally millions of keys lying around from over the years. They cannot be deleted, but they can all be permanently disabled using the right tools.”

      Avatar
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 16 years and more than 5,000 articles at eWEEK, he has distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×