Sunday, February 21, 2016

Crowd-sourcing Your Cyber Security

          To some this may sound like an oxymoron, why would a company want more people trying to work on their cyber security? Does this not pose a security threat?  According to Jay Kaplan, CEO of the company Synack, the answer is no, in fact crowd-sourcing is the best method for plugging major cyber security holes. Synack uses a revolutionary testing model where they contract some of the industry's best and brightest to test the security of an enterprise and pays them on the basis of how many errors they can find. Synack does this alongside a their new Hydra technology which in comparison to older computer screening models constantly analyzes potential threats to an enterprise on a day to day basis. Snack believes this model will outpace the current standard of either a group of human testers or a more basic scanning program which cannot monitor day to day activities as effectively as the Hydra can.
          Weaknesses in Cyber Security are an ever increasing threat to the world as more and more areas of our lives become integrated with technology. For example many "smart cities" which have begun using enterprise software and big data to more effectively manage city life, but the biggest concern in these smart cities is the lack of sufficient security (Allen 1). Many major cities with this technological integration worry about insufficient security, considering the consequences if a hacker or organization was able to access or steal all the necessary data to run a major city. This where Synack's new security model could play a major role in the future of cyber security, assuming their model proves to be effective, however there are still some very prevalent weaknesses to consider with Synack's security program.
          The Synack Red Team (SRT) is the name dedicated to Synack's employees as well as the IT experts which they contract their security accounts to. The SRT is incredibly exclusive with only about a ten percent acceptance rate and a gauntlet of various background tests and vetting procedures. Synack must ensure that the people they hire are not a security threat themselves. While this is a strong procedure there are still various flaws when it comes to contracting outside experts. After they have been vetted and are now trusted by Synack they are privy to the security protocols of another company which leaves room for things like corporate espionage, sabotage or just overall neglect of the project based on ulterior motives by the expert. It seems the crowd sourcing aspect of this model can amount to a security risk in itself and from the viewpoint of a company I would not want to pay Synack so they could pay someone else to evaluate my network.
          With this being said Synack's model could prove to still be effective and the breakthrough technology behind the Hydra is going to impact the cyber security industry as it will be able to provide up to date information on potential security risks as opposed to the more retrospective approach of current scanning models.

References
Allen, Natalie. "Cybersecurity Weaknesses Threaten to Make Smart Cities More Costly and Dangerous than Their Analog Predecessors." USAPP. N.p., 18 Feb. 2016. Web. 21 Feb. 2016. <http://blogs.lse.ac.uk/usappblog/2016/02/18/cybersecurity-weaknesses-threaten-to-make-smart-cities-more-costly-and-dangerous-than-their-analog-predecessors/>.
Florentine, Sharon. "How to Crowdsource Your Way to Better Security." ITNews. N.p., 18 Nov. 2015. Web. 21 Feb. 2016. <http://www.itnews.com/article/3006182/security/how-to-crowdsource-your-way-to-better-security.html>.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.