Cyberark: When It Comes to Cyber-Security, Beware of Apps and Updates

This article was written with Oliver Pursche, the Co-Portfolio Manager of the GMG Defensive Beta Fund. It was part of a series of articles developed under an agreement with thestreet.com to work with a variety of contributors and assist them in delivering actionable investment ideas each week.

Hackers know that the easiest way to get into a network is through a mobile device, and the easiest way to get into a mobile device is to send an update notice, according to Udi Mokady, CEO of cyber-security firm Cyberark (CYBR) .

Who knew playing solitaire on my phone could pose such a threat?

It seems that just about every week a new hacking scandal is reported. Hacking costs consumers and corporations billions of dollars, a lot of wasted time and nervous energy.

Of course, this has also given rise to the multi-billion dollar cyber-security industry, which begs the question: If companies are spending so much on protecting our data, why do some many hacks occur?

It turn out, it’s partially our own fault because we literally invite hackers and spyware into our “secure” networks. I’ll use myself as an example.

I love my iPhone, and I have about 60 applications on it — everything from Facebook (FB) to the Bloomberg and CNBC apps. According to information released on Tuesday by IBM (IBM) , “dating sites” used via mobile phones pose the greatest threat, but they are certainly not alone.

Here’s why: As many of us do, I check my emails through my phone, which means that I’m connected to our company network. In other words, when I check my emails — and more importantly reply to emails — I am sending information through our corporate servers. If I have any sort of an attachment to the email, I may be sending all sort of “extras” through our servers.

Worse, many apps will update on a weekly basis. While most updates are legitimate and necessary they can also open up our phones to intruders.

Mokady, the Cyberark CEO, with whom I caught up in the fall at the annual Ernst & Young Strategic Growth Forum, the accounting firm’s conference on entrepreneurs, explained that we have to re-train employees and change behavior to make them aware of this threat. More importantly, companies have to rethink their security protocols. Cyberark focuses on isolating servers and various pockets of information to help insure that when the system is hacked, only part of the information is stolen.

The theory is pretty straightforward: If a thief has your social security number but not your name or address, it isn’t worth much of anything, it become just a series of numbers.

Paul Martini, CEO of iBoss, a global cyber security firm and one of the highlighted companies at the conference, agreed that “the conversation has finally shifted from ‘how do we keep from being hacked’ to what to do to minimize the effects of being hacked?”

Isolating servers and insulating information is the best protection. As the lines between personal devices and business devices become more blurred, the threat from applications and other mobile downloads will grow exponentially.

Mobile device users, which means pretty much all of us, need to be aware that hackers may not be interested in our personal data, but certainly are interested in the data to which we have access.

The advice from experts: separate work and personal devices are best. Do what you can to limit hackers getting into your system, and make sure that your downloads come through the official provider (in Apple’s (AAPL) case through the App Store).

This article is commentary by an independent contributor. At the time of publication, the author held no positions in the stocks mentioned.

http://www.thestreet.com/story/13045764/1/cyberark-when-it-comes-to-cyber-security-beware-of-apps-and-updates.html

More Posts

Financial Institutions Feeling the Crunch in Countdown to CECL Implementation

I was retained by Big Four accounting and consulting firm KPMG to assist them in their thought leadership efforts centered on changing accounting regulations. In this case, the Financial Accounting Standards Board or FASB had instituted new rules on the measurement of current and expected credit losses, i.e. CECL, that would require massive reorganization of financial reporting for the largest financial services organizations in the world. This thought leadership piece concerned the results of a survey among C-suite executives about their state of preparedness in the final countdown to the CECL implementation.

Read More »
Scroll to Top