GPWA Times Magazine - Issue 29 - July 2014
“Workon the theory that youwill bebreached” —an interviewwithMTI’sDavidHobson D ata and cyber security is another segment of online gaming – and eCommerce in general, for that mat- ter – that you don’t spend a lot of time thinking about, until something goes wrong. There have been several high- profile data breaches in recent months at major retailers. And the online gaming industry isn’t im- mune from theseproblems.Onlineopera- tors have been known to pay off hackers attacking themwith distributed denial of service attacks (DDOS), for example. Earlier this year, GPWA Editor-in-chief Vin Narayanan caught up with David Hobson, the director of the security prac- tice atMTI. Hobson, who has decades of experi- ences in computer security, walked us through what MTI did and some of the latest trends in hacking. And before we wrappedup our conversation, he impart- ed somewords ofwisdom: “You’ve got to work on the theory you will be breached,” Hobson said. “You’ve got to have policies in place to copewith that.Workon the theoryyou are going to bebreached.Youmayhavebeenalready.” That’s sound advice for affiliates, affiliate programs andoperators alike. VN: Tell us a littlebit aboutMTI. DH: MTI Technology was founded 25 yearsago tobeadeveloperofstorage tech- nology, data storage.About 10or 11years ago, they gave up the arms race. They couldn’t keepupwith the bigbrands and they sold all of their (intellectual proper- ty) to EMC. MTI at that stage became an EMC partner. They (MTI) went Chapter 11 in the States in 2007, and theEuropean armwas bought out fromChapter 11 and that’snowMTI Technology. They’ve grown anddeveloped from there togobeyondselling theEMCstoragesolu- tions toaddCISCOUCSandVMwareand to be a data center on a pallet. So anyone in thegaming industry that’sgoingonline, we can justwheel it inandoffyougo. In 2011, they acquired a business that I founded in 1996whichwas calledGlobal Secure Systems, which dealt with data security – pure-play data security be it gambling, be it financials, be it retail, be it government. In the U.K., we have a data protection actwhich is pretty serious. There’s a new data protection act coming out in Europe where there’s the potential to fine any- one doing business in Europe 5 percent of turnover if the data is breached. That’s fairly significant – it could impact mas- sivelyon this industry. If they ever fine anybody 5percent, I’ll be shocked. But that’s what the bill would allow them to do. So it is something that people at the board level will have to wakeupand takenoticeof. So that’sus as a business; we hope to offer clients a full data center anddata security peace. Back in thegoodolddays, securitywasdefined as confidentiality, integrity and availabil- ity – CIA. The storage piece provides the availability, andwe add the other (parts) wrapped around it so the client’s data is managed securely. VN: Aredistributeddenialofserviceat- tacks (DDOS)and intrusion/hackerattacks the two biggest security problems facing anoperator?Are theremoreor less? DH: DDOS is relatively simple. We knowwhere it’s coming from. There are different types of denial of service attacks – application level or just pure flooding. But the actual hacking attacks are chang- ing. Malware and targeted malware are thebiggest problemsnow. If you stop and look at how hacking has changed in the last 20 years, you used to have hackers that would find faults in software and the first thing they would do is let the software developer know. Microsoft would get hundreds of e-mails everyweek saying, “You’vegot thisprob- lem, you’ve got that problem.” They’d take it all in, they’d fix it, release a patch –happydays. Now those vulnerabilities, those zero- day vulnerabilities, are not being found by anybody else. Those zero-day vulner- abilities are worth real cash. Your own NSA ( Editor’s note : Not really "our own," but point taken.) has a budget of $25mil- lion a year to buy exploits. So that gives you some idea as to themoney involved. A relativelyminor exploitmight beworth $5,000 or $10,000. Amajor exploit (might beworth) more than $10,000. There’s big money out there, so that’s how things are changing. If I can focus on hacking you, any signature-based defense will miss it because I’ve got it changed tobe “at you” andnobodyhas ever seen it. VN: Howdoesasecuritycompanykeep upwithanever-evolving landscape? DH: We’re having to change the way that we work and our clients have to change as well. Historically, people have focused on controls. The first bit of data security I guess would be anti-virus soft- ware. Back when it was first released, if you can remember that far back, it came on a big floppy disk and you’d get one a month and you’d loadup and off you go. And itwould takefiveyears for avirus to spread. That viruswill now spread infive hours or five minutes across the world. So anti-viruses had to change.And if you look at anti-virus software, the size of it just grows and grows and grows. The problem is now that it takes toomany re- sources.But that’sonecontrol.Thenyou’d THE EXECUTIVE CORNER “Work on the theory that youwill be breached”— an interviewwithMTI’s DavidHobson
Made with FlippingBook
RkJQdWJsaXNoZXIy NDIzMTA=