eBay's security efforts lead to massive fraud drop and 3K arrests
Posted on 08 August 2012.
eBay, the notable online auction and shopping mammoth website and the company that runs it, has taken the fraud threat seriously and has managed to cut it by 90 percent in the last three years, the company's former Chief Information Security Officer Dave Cullinane recently shared at a meeting.

According to CSO Online, this increased interest in shutting down malicious individuals that were trying to take advantage of the site and its users has led to the arrest of some 3,000 around the world, mostly outside the US.

Cullinane, who has left eBay in May this year and joined California-based Security Starfish as CEO, has successfully managed to convince eBay executives to up the budget allocated for IT security from $10 million annually in 2006 to $48 million annually in 2011.

He accomplished this by showing to them the costs of breaches and other security incidents that are likely to befall the company if they didn't invest in security. He also managed to make them agree to physically move five major company data centers from their then position on a major fault line in California.

Given the sheer size of the site and its popularity as a target for cyber crooks of all kinds - scammers, those interested in harvesting customer information, or those trying to bring the site to its knees via DDoS attacks - he realized that in order to keep the site's positive reputation going, he will need to cover a lot of ground.

So during his six-year tenure as CISO, the company has begun investing heavily into IT security by setting up new programs, educating staff, investing in botnet detection and cyber intelligence software, and cooperating heavily with law enforcement agencies by providing the information needed to track down and prosecute scammers and attackers. The company also began disposing of legacy code and made security a priority.

Cullinane pointed out that a good relationship with company executives is crucial to doing a good job as CISO. "The CEO and CFO are your greatest allies," he said to the information security professionals present at the Information Systems Security Association's gathering. "But they shouldn't be hearing about a breach at your company from the press. They should be hearing it from you."

He encouraged them to be paranoid about security and to be always aware that a breach can happen to their companies, too, and urged those working for bigger companies to share their knowledge with security professionals working for small ones, as they are currently heavily targeted, but often don't have the technology, man power and expertise to keep safe.






Spotlight

The Software Assurance Marketplace: A response to a challenging problem

Posted on 20 October 2014.  |  The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has recognized how critical the state of software security is to the DHS mission.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //