“What Edward Snowden did was give us all a wake up call.” Morey Haber is discussing the safety nets—and lack thereof—that protect our privacy in the digital age. “We have to start with policy, then enforce it. Everyone has to participate in the procedures.”
As the VP of Technology at BeyondTrust, Haber has built a career ensuring that companies have the stopgaps in place to protect themselves and their employees in the face of ever-present cyber threats. He isn’t a fan of the infamous whistleblower, (“He took an oath,” he explains), but by his estimation the Snowden situation shed light on not only what protocols weren’t in place, but which were being ignored. “No one was looking over his shoulder. Even his use of a flash drive to steal the information—flash drives weren’t allowed. Why wasn’t anyone keeping an eye on him?”
The problem of protocol isn’t just a government-issued dilemma—it actively affects our everyday safety as we navigate lives lived online. From the Target breach that affected millions to the small, subtle siphoning of cash from your debit card after you dine at a local restaurant, each represents a failure to follow the steps that keep threats at bay.
“The truth is, some businesses are more secure because there is a ‘Big Brother’ sitting on their shoulder,” he explains. The credit card industry, banks, and healthcare, for example, face fines if they don’t prove the systematic practice of safety protocols. “It is a pain, but it works.”
Safety in Numbers
When a significant breach makes the news—think of Amazon—it’s easy to panic, but Haber believes those types of hacks are safer for the individual. “They are broad stroke attacks, which are harder to monetize,” he explains. When you are one of a million people affected, you are statistically less likely to be targeted yourself. “It’s a compromise en masse, so hackers take advantage by sending phishing emails about changing your password.” So what should you do if you are part of a breach? “You should be changing your password often anyway,” says Haber, who also advises caution when you are prompted to do things like store your information for future purchases.
Conversely, small businesses face larger problems if security measures aren’t followed. “Because there are less people involved, you’re a part of a more targeted attack, which is easier to monetize,” he says. One way to stay safe: Use the credit, not debit, feature on your card, since pin numbers are easily copied.
Safety—Big & Small
“The biggest benefit of what Edward Snowden did is that it motivated the U.S. Government to set better protocols and to actually follow them,” says Haber. As private citizens, we can do the same on a micro level.
Haber suggests securing your information strongly. “You should have different passwords for everything. You should change them often. If you write them down, store them in a locked, fireproof box.”
And, while Haber believes the government’s forced transparency is a nice side effect of Snowden, he is quick to point out that we are, in fact, safer as a nation based on the data that is collected worldwide. “I was speaking with someone recently in a [government security position], and he told me that the hardest part is understanding how our adversaries all believe they are 100% right, just the way we do.”
One safety measure that has proven effective is User Behavior Analytics (UBA), which follows the actions of individuals to predict any potential threats. “It’s based on keys,” he explains. “Did they go and buy 50lbs of fertilizer? What sites are they going to, are they using keywords and phrases that are associated with the terrorist community?”
Haber believes it is a necessity in today’s world. “If it stops another attack—and it does—I am gung ho.”
Data protects us in big and small ways. “If the e-mail app on your phone is tracking where you are and someone tries to log in from Russia, it’s going to stop that from happening.”
Haber offers optimism to skeptics. “There are benefits to these kind of data exchanges, as well.”
Morey Haber is the VP of Technology at BeyondTrust, a firm specializing in cyber security solutions that deliver the visibility to reduce risks and the control to act against internal and external data breach threats. To learn more about their work, click here. Mr. Haber’s perspective is offered as part of a four-part series by Salon.com on behalf of Open Road Films' SNOWDEN, in theaters September 2016.