Last year a Federal Judge approved a settlement in the class action lawsuit against Target that made victims eligible to receive up to $10,000 in damages. The settlement was the final chapter in a story that began in 2013 when Target was hacked and millions of customers' credit card information was stolen. The hackers successfully circumvented numerous software security measures Target had in place while their malware was installed in thousands of stores around the world.
Tech security is becoming a bigger issue, not a smaller one. That is not only because hackers are getting more sophisticated, it is because the reward for successfully breaching security barriers is getting larger. Information that used to sit in file cabinets now exists on phones and laptops and servers and in the vexingly mysterious "cloud".
Hackers have the benefit of playing offense and are often able to outsmart the software defenses we have designed to protect ourselves. That is why an emerging trend in tech security is humans. That may sound like a step backwards, but Brian Beyer, CEO of Denver-based startup Red Canary, says that humans are a crucial element of a thorough security protocol.
"Most security products suffer from either crying wolf too often or missing the actual threats, and that's why attackers continue to breach companies. Technology is great at filtering out interesting events, but humans can utilize judgment and intuition in ways that a program cannot."
Red Canary is a company offering a new genre of security solution, one that employs a blend of powerful software with human experts that monitor the findings.
Humans as a Service
The last decade was all about designing software solutions that could detect suspicious behavior. Given the sheer scale of the threats that computers were vulnerable to, it was necessary to have a scalable solution that could efficiently head off the bulk of traditional malwares and viruses. Products like Norton Antivirus and McAfee come pre-installed on most personal computers. Large companies have similar products that are customized to their specific needs.
But hackers have continued to successfully breach the best defenses simply because, according to Beyer, there just is not enough human involvement in monitoring and responding to suspicious behavior.
"Software can be taught to identify anomalies and suspicious behavior, and can be an extremely powerful asset for defenders. But the attackers are real people who change behavior frequently, which is why there needs to be the same combination of technology and human intelligence on the defensive side."
Market Growth in Hybrid Product/Service Offerings
If your company uses Salesforce, it may also employ an outside company to customize that software to its needs. This is a common practice in the enterprise-level software industry. But that trend may be going away.
"The speed with which technology is growing makes it harder for third parties to remain experts on new software, which is marginalizing their value add," says Beyer. "More and more, you will see companies that operate like Red Canary: selling custom security solutions along with the human backbone to deploy and utilize it."
A driving factor in this trend towards in-house expert service is the growing gap of professionals in IT security. Beyer estimates that there could be a shortage of one million such experts by 2020 at the current growth of the industry.
"Companies that build human expertise into their products can use talent far more efficiently and are the most scalable security solution for organizations," asserts Beyer. This model, which Beyer calls Software and Experts as a Service, is likely to become a far more common occurrence in the coming years.
Today, victims of the Target hack are applying to receive damage payments from the settlement. But in the coming years, it won't be enough to pay reparations; consumers will demand fewer hacks and more security. The cost to the economy is necessarily going to drive innovative solutions. Bringing humans back to IT security may be the crucial first step.