Safer Internet Day - comments from Zscaler
February 2019 by Stan Lowe, Global CISO Zscaler
Tomorrow, Tuesday 5th February, marks Safer Internet Day, which is commemorated around the world. Stan Lowe, Global CISO at Zscaler has made the following comments on the importance of the day for both citizens and businesses.
"On February 5th, Safer Internet Day will be commemorated around the world, aiming to promote the safe and positive use of digital technologies, particularly among our youths. While the day itself is a good opportunity to remind everyone of security best practices – which is becoming increasingly important given the continued spate of high-profile data breaches – it also has significance for organisations, as devices are interchangeable and commonly used for both personal and business purposes. Additionally, organisations should take this opportunity to review their cyber processes and policies. “With the stakes higher than ever in the era of GDPR, complacency or a false sense of security can have severe consequences for enterprises. As an example, the latest version of the Chrome browser, which blocks HTTP sites, forcing users to only use HTTPS, is good news when it comes to privacy. However, this does not necessarily equate to security. Indeed, information is still at risk if a user is compromised via a phishing attack that enables a hacker to hijack a session or obtain a user’s credentials.
“What’s more, we’re currently seeing a dramatic rise in malware hiding in SSL encrypted traffic. The very protocol that was once heralded as the ultimate privacy guard has ironically become an increasingly popular tool for cyber criminals to hide their activities. Often SSL encrypted traffic is not inspected by organisations because it is assumed to come from trusted sources, however that is no longer the case. While great for privacy, SSL is becoming a significant blind spot for companies. The dramatic rise in encrypted traffic in the last few years has allowed hackers to leverage SSL to infect users, shroud data exfiltration, and hide C&C communications. While SSL provides some level of protection, without inspection of encrypted traffic, enterprises run the risk of an missing and stopping an attack. A multi-layer defence-in-depth strategy that fully supports SSL/TLS inspection is essential to ensure enterprises and users are secure.”
Stan Lowe, Global CISO Zscaler