NEW YORK (TheStreet) --Companies are collecting an ever-increasing amount of information on their customers via the cloud and mobile devices. Faceless cyber attackers are licking their chops at an opportunity to profit.
Target's (TGT)holiday 2013 data breach was one of the harshest examples of the risks to consumers and businesses from cybercrime. However, the fact is that companies from Starbucks (SBUX) (leading in mobile payment) to Nike (NKE) (wearable devices and apps) and Amazon (AMZN)(cloud) are thriving on data to improve their financials, but are also at risk of attacks as cybercriminals become more sophisticated.
According to data from internet security firm Symantec (SYMC), over 552 million identities were exposed by way of data breaches in 2013, up 62% compared to 2012. Roughly 38% of mobile users have experienced mobile cybercrime in the past twelve months.
TheStreet talked at length with Symantec's chief operating officer and executive vice president Stephen Gillett to dive deeper into the major issue of cyber attacks, and how Symantec is addressing them though its products, services, and long-term research and development investments. Gillett was also instrumental in building the digital experience as executive vice president of digital ventures and chief information officer at Starbucks, leaving the coffee king in March 2012 to join Best Buy (BBY) as executive vice president and president, digital, global marketing and strategy.
Brian Sozzi: You have literally watched, and helped to create, entirely new fields in tech being born. What now keeps you up at night in terms of threats to all of these new tech platforms (cloud, mobile experiences, etc.)?
Gillett: There are several things. The biggest problem isn't what you think. Cyber security is a big issue, cyber threats, workloads moving into the cloud, physical and logical security converging. These are all hugely important. But, for me, I would say it's the education of our citizens and of internet IP users. Even with the best technology, even with the best training, even with the most well-funded IT or security organization, if your users and your customers aren't educated on how the threats are coming at them, or where personal information is being identified and used, then that for me could unwind even the most sophisticated, well-thought out architectures for your home or work.
Sozzi: From what I can tell, wearable devices from a consumer perspective are not being protected from outside threats. In fact, there is a big unknown as to how companies such as a Nike (and soon Apple (AAPL)) are protecting the data they are collecting via these snazzy-looking devices.
How do you see Symantec playing a role in wearable devices?
Gillett: When a new platform is introduced, the threats start off as very mild. As there is adoption the threats grow -- remember the bad guys are only going after the platform if there is a wide enough adoption or way to monetize intellectual property. If it's connected, it has to be protected. The way I think about it is, look at the device adoption, look at the amount of information being captured and if that reaches a critical mass, if it has a direct connection through your computer, you need to start thinking about what information, what technology is running on that.
As it relates to wearable technology in general, I think we need to start thinking about what it's collecting, how is it being stored, and what is the residency of that information. Look at how these devices connecting with other things in your home via a Linksys router -- is it automatically sending information or do you have to connect. Is it using Bluetooth to connect with your phone? Is that phone an Android? As you start to map that ecosystem you start to realize that at the beginning there may not be a huge threat, but as you collect more and more information, more people use it, that platform becomes a target.
Sozzi: Everyone is enthralled with the "smart home", but could this be a major risk as well?
Gillett: Yes, absolutely. Most people think you get a home security system and good deadbolt locks on your door and you're safe. But, but when you look at -- we just bought a new LG refrigerator that is connected, we have a Samsung television that's connected, we have a DVD player that's connected, we have Netflix (NFLX), Amazon, Xbox, a Linksys router, three different kinds of Kindles, two different kinds of iOS devices, and three Windows machines, all of these are talking to each other and are talking to the world. You need to understand what's going on.
Sozzi: Symantec plowed over $1 billion into research and development in its latest fiscal year. What are a few of the areas the company is investing in under the "long-term applied research" category?
Gillett: What we talked about in our latest earnings call was the shift in the research and development budget in order to put some of those funds against promising opportunities. One of the fastest-growing businesses that we have today is our mobile offering, which has grown 76% year over year, and is a huge opportunity in the market and a huge opportunity for us. Another one is we have a product called NetBackup, and we have made that into an appliance. And that is growing at about 27% year over year in revenue.
Sozzi: You are a proficient user of Twitter (TWTR)@StephenGillett, in fact we often joke you are angling for my job in the news business. How does Symantec view Twitter (even FaceBook (FB)), are there products in the works, or being envisioned, to help safeguard threats to personal lives, and businesses, given all of the information floating around on the platforms?
Gillett: We will talk about on our blog how cyber criminals are using what's called "social engineering", they will go and look at your kid's names, your birthday, where you went to high school, because you didn't set your privacy settings right on LinkedIn (LNKD), Facebook, Tinder, or Instagram, they will go and social engineer a profile on you and then they'll use that to try and comprise the weakest link in your chain.
Last year 12% of social media users in our research told us that someone had hacked their account and pretended to be them.
On our consumer business Norton, you will see this product will scan my newsfeed on Facebook and will tell me if any of the links or posts are redirected or trying to send you to malware infected sites. You could run a scan, share results of the scan to your Facebook feeds so people could see you have scanned your stuff.
Sozzi: Target data breach, beyond frightening. Do you think these types of breaches are done? What is the retail sector still not doing correctly at headquarters to minimize its risks from outside attacks? All retailers now are transacting sales on apps on devices and inside of automobiles, outsiders have to be licking their chops.
Gillett: The first thing I hear when I talk to retailers is that they are embracing the "omnichannel" movement. So where is your customer, how do you interact with them whether they are on a tablet or phone, on your website, in your store, how do you make sure you show up as a retailer in the omnichannel experience.
As you classify retailers across the ability to invest in the digital technology and IT infrastructure in order to offer these experiences, you have sort of a continuum -- those that outsource it and use third-parties and go to market with those activities and those that try and build it in house. In our latest IT threat report, we introduced a concept called the "megabreach", which is anytime 10 million or more identities are leaked. In 2012, there was one megabreach according to our new definition. In 2013, there was nine of them, just to show the growth. This year we are on track to exceed that.
As retailers converge in the digital, as they converge in the omnichannel experience, as they try to offer the latest and compete with each other for that attention to the customer in whatever channel they are coming in on, they are increasingly using more and more technology that either they are not proficient in, or they need third-parties. I think that risk is increasing. Some are doing it very well, some of them need some help, but the customer is demanding that the retailer engage with them in these new channels and experiences. That brings many of them into unchartered territory.
Sozzi: Five years from now, mobile devices will be doing what that they don't do today?
Gillett: What happens if not just apps and data were delivered from the cloud, what would it look like if the actual operating system itself was wrapped and secured, and delivered to the actual device. If you picked up my iPhone or my Android device and you have that experience. That's years out.
What we're talking about now as a company is what we call our "Sealed Program." What we are able to do with enterprise grade companies is say let us help you with our technology, wrap your applications. So as you develop your enterprise ready apps, you could have more control over what data flows in and outside of that app. The wrapping through the Symantec Sealed Program is something we are going to market with today for partners in order to get our technology in all these enterprise grade apps so they could better secure their apps without any additional cost on top of that for the enhanced security protection for enterprises.