In Depth
5 Ways Google Is Shaking the Security World
Whether you're charged with preventing hacks, protecting assets, stopping fraud or defending trademarks, Google and other search engines present a new mix of risks for everybody in the security game.
By Sarah D. Scalet
"If Rummy's not worried about it," Pike says, referring to Secretary of State Donald Rumsfeld, "it's hard for me to see how anyone can lose much sleep over it."
What to do: If your organization's security plan is based on no one being able to obtain aerial or satellite photography of a facility, then it probably ain't much of a plan. "Anybody who has the capacity to constitute a threat that rises much above graffiti is going to have it in their power to get imagery of a facility," Pike says. "If security managers have something that they don't want to be seen, they need to put a roof on it."
Beyond that, be prepared for cocktail party banter about the risks and rewards of Google Earth and Google Maps. At the U.S. Food and Drug Administration, for instance, CISO Kevin Stine finds Google Earth personally fascinating, and he likes to muse about its potential for use in, say, disaster planning. "From a CISO perspective, I think we need to be aware of these kinds of tools," he says. But for his security group, the only impact he thinks Google Earth might eventually have, if it begins to encompass more business applications, is a drain on bandwidth. In other words, it's a concern about as big as your lawn chairs seen from space.
Shock waves: 1 (minimal). Security by obscurity is so 20th century. Google Earth just illustrates why.
4. Click Fraud
What it is: The act of manipulating pay-per-click advertising. Perpetrators inflate the number of people who have legitimately clicked an online ad, either to make money for themselves or to bleed a competitor's advertising budget.
How it works: With pay-per-click advertising, an advertiser pays each time someone clicks an ad hosted on a website. Google, Yahoo and other search engine companies make their money by selling advertisers the right to have their text-only ads appear when someone searches for a particular keyword. There are two ways to manipulate pay-per-click advertising: competitor click fraud and network click fraud.
First, the competitor variety: Let's suppose a company that sells life insurance wants to advertise on Google. The company might bid for and win rights to the phrase "life insurance". Then, when someone runs a Google search for that exact phrase, the company's ad appears next to the search results as a sponsored link. (How close to the top of the list depends on both the price per click and the superpowered algorithms that constitute Google's secret sauce.) Each time someone clicks the sponsored link, Life Insurance Co. pays the agreed-upon price to Google—say $5. With competitor click fraud, an unscrupulous competitor tries to run up Life Insurance Co.'s advertising bill by clicking the link. A lot.
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
