Black Hat 2012: Webroot Researcher Says Delayed Breach Disclosure is Advisable

“Often, when a data breach has happened, it is best that the compromised organization keep quiet until a mitigation plan is in place”, he said. “Crashing the stock market is in nobody’s best interest. Going public before there are any answers causes people to panic, which isn’t good for anybody.”

The data breach of the future, predicts Webroot's Milbourne, will use mobile phones and smart phones as the attack vector. To some extent, he explained, this is already the case. “Mobile is the next frontier of threats. I expect to see more and more SMS spam – especially targeting rich countries like the U.S. As we become more reliant on handheld devices to replace laptops and PCs”, they become more targeted.

Often with mobile devices, explained Milbourne, usability comes before security. “Often people don’t secure their devices because they don’t understand how critical the data on their device is”, and how valuable it is to a cybercriminal. “The hackers return on investment is selling the data and getting remote access to the device.”

SMS threats are evolving and becoming more intelligent and targeted, explained Milbourne, who has seen proof of concept attacks.

Milbourne, a self-confessed “big fan of Android”, admits that the platform is inherently less secure than its rivals. “People want the freedom to use their device however they like, but yes, it will be more vulnerable as a result. The same risk applies to users who unlock or jailbreak their devices. Apple thinks of itself as impenetrable – it’s not.”

The Webroot SecureAnywhere product, which makes use of cloud-sourced discoveries in malware, allows Webroot to stop threats faster, explained Milbourne. He admitted that the 93.4% detection rate that Webroot SecureAnywhere recently achieved in testing was “very frustrating because customer satisfaction is through the roof”, and was due to the fact that the “testing methodology didn’t let us test in the cloud or for long enough.”

The increase in speed of threat mitigation due to the crowd-sourcing nature of Webroot SecureAnywhere means that Webroot no longer offer the ‘pay more for a quick fix’ price model that Milbourne “never agreed with”. He explained the former methodology to Infosecurity. “Webroot would find a critical problem and tell the customer that they could either wait three days for a free fix, or pay $100 and have it patched immediately. Of course, customers often needed to pay the $100”, he said. This model was neglected, to Milbourne’s relief, with the launch of SecureAnywhere.

 

What’s hot on Infosecurity Magazine?