SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

Point of View: $100MM cost of hacking

Many people think wires are the most secure way to send large sums of money. I’ve seen how many of these wires get processed, even wires for billions of dollars.  And it’s just like most other enterprise software — lots of vulnerabilities waiting to be discovered by hackers.

It’s a good example of what Andressen called “software is eating the world” - handling wires used to be a manual paper business.  Wires would get printed out and put into wire baskets (get it) on people’s desks as they worked their way through the various approvals required.  This process was relatively secure because an attacker simply couldn’t get access to these papers or affect the business.

It’s a good example of what Andressen called “software is eating the world” - handling wires used to be a manual paper business.  Wires would get printed out and put into wire baskets (get it) on people’s desks as they worked their way through the various approvals required.  This process was relatively secure because an attacker simply couldn’t get access to these papers or affect the business.

But now this business is almost entirely automated. This has great benefits, most of all that I don’t have to go into a branch office and wait for hours to get a wire sent.  However, it creates a lot of risk that attackers can break into these systems and steal information or money.  Sometimes it’s difficult to see these risks because they aren’t always concrete.  But remember that when you automate, you almost always dramatically increase the pool of possible attackers.  That means you’re going to need a lot more defense and assurance work to make sure it’s protected.

For the record, I don’t buy into the idea that you can only have one, security or convenience.  In fact, the more convenient automated version could certainly have better security than the old manual one.  But we just haven’t done very well at ensuring that we maintain at least the same level of security when we automate things.  And that should be our touchstone for security — don’t allow things to get worse. 

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff Williams, Co-Founder, Chief Technology Officer

Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.

SUBSCRIBE TO THE BLOG