Why Akamai CEO Says You Need to Protect Your Data From Your Own Employees

Share on Facebook Tweet Snapchat Share Reddit Comment
Why Akamai CEO Says You Need to Protect Your Data From Your Own Employees
Highlights
  • Akamai delivers content to most Internet users
  • It has observed a sharp increase in credential abuse
  • Employees are easy to trick into clicking bad links online

Though not everyone reading this would recognise the name, Akamai is one of the important parts of the infrastructure of the Internet, with over 240,000 servers across 130 countries. It’s also the company that powers streaming of cricket matches in India, apart from being the backbone of many other popular websites and services. With its widespread presence around the world, Akamai is also positioned to be able to observe trends - whether in terms of access, speeds, or security. Gadgets 360 spoke to Akamai CEO and co-founder Dr. Tom Leighton to learn more about the security trends that the company has observed recently.

In Akamai's State of the Internet/ Security Q4 2017 report, the company noted that it's seen a sharp increase in the threat of credential abuse, with bots that try and log into your account - according to Akamai, more than 40 percent of login attempts are malicious.

"Globally, the volume of attacks has risen sharply, as has the frequency and sophistication," says Leighton. "Just weeks ago we saw a very large scale DDoS attack GitHub. It was the most powerful one recorded with traffic of 1.3 terabits per second. We were able to manage it, but it was very large scale."

"We're also seeing an increasing use of bots," he adds. "They take stolen credentials, and then try them on multiple sites, so if you've reused your credentials somewhere, your account can be stolen."

To address this, the company uses artificial intelligence and machine learning to detect if a user is human. "Things like how you hold the device, how you tap, we use that to learn what is a human," adds Leighton. Behavioural biometrics of this sort are also being pursued by companies like MasterCard to secure financial transactions and IBM for enterprise security. This is needed, Leighton says, because of the increasing sophistication of the threat landscape, which is also why Akamai advocates for a "zero trust model" to prevent credential abuse.

"You really can't trust anyone anymore, not even your own executives," says Leighton. "Because it's too easy to induce an employee to click on the wrong link. You need to be able to protect your data from your own employees too. 'The firewall will protect you' is not valid anymore."

computer ock Akamai

Globally, some of the industries that Akamai sees as being targeted most are retail, hotel, and financial services, and according to Amol Mathur, Director, Product Management, Cloud Security, Asia-Pacific & Japan at Akamai, this is also the case in India. "One difference is that India sees slightly more traffic over mobile, and so APIs also have to be protected,” Mathur explains.

Another area of concern that the Akamai executives flag is the Internet of Things. "There are billions of IoT devices getting connected and they do not have adequate security," says Leighton. Connected devices often have limited security, and even simple things like updating a password can be complex, so users will often leave these on the default settings. And that's a problem, because as Leighton points out: "they have strong CPUs that can be used to run different malware, and a full communications stack connected to the Internet."

"They can launch sophisticated attacks, and volume attacks," he adds. "There is much more capacity at the edge of the Internet than at the core, and because we place our servers at the edge we can defend at the last mile."

The other change that's happening here, as Mathur alluded to, is the rapid growth in mobiles connected to the Internet, thanks to the entry of Reliance Jio, and its subsequent impact on the overall telecom market in India.

"It's very exciting to see what's happening with Jio, as there are many more people getting online now," says Leighton. “But that also provides more demand on infrastructure, which we have been able to help with. Cellular is a challenge because you don't have the capacity, but we're trying to help for quality of service."

However, a large number of new Internet users that aren't necessarily as aware about security also brings some challenges, says Mathur. "A few months ago, we published a blog on a botnet named WireX, which was running on hijacked Android phones," he explains. "A lot of these are first time users who are not following cyber hygiene, and this can become the source of attacks in India or abroad. Eventually, Google removed around 300 apps from Google Play because of this."

For enterprises, Akamai offers cloud based security solutions that it says are simpler and cheaper than traditional methods, and Leighton reiterates that the firewall and perimeter are no longer enough to keep a company secure.

"Akamai is ground zero in some senses," he adds. "We defend banks, governments, media companies, and are constantly defending ourselves from attacks, and we have an excellent track record so far."

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Gopal Sathe Gopal Sathe is the Editor of Gadgets 360. He has covered technology for 15 years. He has written about data use and privacy, and its use in politics. He has also written extensively about the latest devices, video games, and startups in India. Write to gopal@ndtv.com or get in touch on Twitter through his handle @gopalsathe with tips. More
Oppo F7 Specifications, Features Officially Revealed Ahead of March 26 Launch
Super Lucky's Tale: Gilly Island Review

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com