Scott Petry

Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007. He served as Director of Product Management at Google until 2009. Prior to Postini, Scott was General Manager and Vice President of Cygnus Solutions (acquired by Redhat), Director of Advanced Messaging Products at SkyTel, and a Product Manager at Apple Computer. He graduated with a B.S. degree from San Diego State University. Scott is currently a director of Authentic8, Return Path, Memeo, and Driptech, and an advisor to SendGrid, Scriptrock, and Cloudsnap.
Find me on:

Recent Posts

Book Review: What They Really Do With Your Medical Data

Posted by Scott Petry

Jan 28, 2017

Thumbnail: Book Review: What They Really Do With Your Medical Data - Illustration for Authentic8 blog review of Our Bodies, Our Data by Adam TannerSECURITY, IDENTITY, NEWS

Happy Data Privacy Day.  A new book provides an in-depth look at the commercial trade in patient medical data.  Sensitive data, a vibrant market, and not much cause for celebration.

*

A while ago, I wrote about the wave of data breaches at healthcare organizations and medical identity theft that is impacting millions and what we can do to protect ourselves better.

One of the readers of that post was acclaimed journalist Adam Tanner, who has reported on data collection and consumer privacy since 2012.

Adam and I have had an ongoing discussion on data privacy and security matters since we met a few years ago.  He was covering the issue for Forbes, and I had a chance to brief him on our secure browser solution.

A few weeks ago, he kindly directed my attention to an unknown - to me, at least - aspect of our personal medical records.

Topics: News, Identity

Face Your Worst Cyber Security Fears

Posted by Scott Petry

Oct 27, 2016

Illustration: Face Your Worst Cyber Security Fears (National Cyber Security Awareness Month / Halloween blog post)SECURITY, NEWS

Survey results: What cyber security issues scare people most?

"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.

Topics: Security

8 Easy Tips for Better, More Secure Passwords

Posted by Scott Petry

Oct 11, 2016

Thumbnail Illustration for Authentic8 Cybersecurity Awareness Month Blog Post Illustration: 8 Easy Tips for Better, More Secure PasswordsSECURITY

We all know the Ben Franklin quote about two certainties in life being death and taxes. It’s time to add a third: passwords.

We can’t avoid passwords. The problem is, when using them, most of us can’t seem to avoid taking shortcuts either. Hackers count on it, which is why weak or unprotected passwords are still the #1 reason for most major data breaches. I’ve blogged about the reasons here.

No National Cyber Security Awareness Month should go by without pointing out methods to improve password security. I recommend you take the following simple steps sooner rather than later: 

Topics: Security

Malware Targeting Energy Utilities                        Avoids AV Products

Posted by Scott Petry

Jul 14, 2016

Illustration: Thumbnail: Critical Infrastructure: Malware Targeting Energy Utilities Avoids 400 Windows-based AV ProductsSECURITY, NEWS

…and so should we.

At least that’s my take after looking into various reports about a particularly aggressive malware that is targeting specifically energy utilities that operate Windows-based Industrial Control Systems (ICS).

So far, malware of the “Furtim” variety - as analyzed in-depth by IT security vendor Sentinel One - has breached the security perimeters of at least one European energy provider. Add this to the long list of (often web-borne) attacks against ICS that are covered in Booz Allen Hamilton’s recent Industrial Cybersecurity Threat Briefing.

In my recent post Industrial Control Systems Under Attack, I commented on the documented threats that critical infrastructure providers have been exposed to recently, in many cases due to their continued use of regular browsers.

So you could say I’ve thinking about how ill-prepared utilities are to deal with that kind of threat. But the new findings regarding Furtim (Latin, meaning “Stealth”) - and what they could mean for the U.S. utility sector - are prompting me to follow up with a postscript.

Topics: Security

Personal Email at Work - the "Hillary Factor"

Posted by Scott Petry

Jul 7, 2016

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.

Topics: Security, Policy

Industrial Control Systems Under Attack: Secure Browser, Anybody?

Posted by Scott Petry

Jun 28, 2016

Illustration: Blog Post Industrial Control Systems Under Attack - Secure Browser, Anybody?SECURITY, NEWS

The primary threats against Industrial Control Systems (ICS), the computing infrastructure at the heart of utilities and manufacturing plants, come from secret agent style espionage like you see in the movies, right? Wrong.

***

Remember the “Stuxnet” attack that sent the centrifuges in Iran’s Uranium enrichment plant into a self-destructive spin? In that attack, a USB stick was used to cross the security “air gap” of that unconnected computer, and drop malicious software on the (Windows-based) Siemens control units.

Now, attackers targeting critical infrastructure don’t even need to drop a USB stick in the parking lot. They can simply rely on employees opening a phishing email, or visiting a compromised website. That’s all it takes for a motivated outsider to wreak havoc, steal data or lock down critical ICS processes with ransomware.

Topics: News, Security

Smart Nation. Dumb Move.

Posted by Scott Petry

Jun 13, 2016

Image: Singapore SkylineSECURITY, POLICY

Singapore is awesome. Since starting Authentic8, I haven’t been back, but I was lucky enough to visit regularly in previous jobs. The island city-state is known for taking care of business and of its citizens, as well as for its “Smart Nation” technology initiative.

Topics: Security, Policy

How Medical Identity Theft Works, and How it Can Impact You

Posted by Scott Petry

Jun 7, 2016

Image: Patients in Waiting Room with Chart: Indivituals Impacted by Healthcare Data BreachesIDENTITY, SECURITY

The healthcare industry currently tops the target list of cyber criminals, according to IBM’s 2016 Cyber Security Intelligence Index [PDF]. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (Ponemon Institute) reveals that 89 percent of healthcare organizations and 60 percent of their business associates experienced data breaches over the past two years.

Recently, ransomware attacks (incidents where hospital data are encrypted and only released after a ransom is paid) have dominated the headlines. But most data breaches within the healthcare industry involve an even more lucrative target: medical records and related Personal Identifiable Information (PII), like Social Security numbers.

What does this mean for you? Medical identity theft via computer comes at staggering cost to the victims. They have to pay a steep price to get their life back: on average more than $ 13,000, according to one study. To make matters worse, victims can find themselves cut off from their doctors or get misdiagnosed, due to fraud-related errors in their medical records.

How to protect yourself? 

Topics: Identity, Security

Credential Management Fail. Time to Reset.

Posted by Scott Petry

May 17, 2016

Meme: I changed my password...SECURITY

Credential management as we know it is not secure and doesn’t work. How else would we explain that weak, default or stolen passwords were used in roughly 63 percent of data breaches in 2015, as documented in a new comprehensive report?

It is time to take the human factor out of the equation.

***

The Verizon Data Breach Investigations Report (DBIR) provides a great amount of detail on 2,260 data breaches in 2015. Web-based attacks were up 33% in 2015, with financial motives behind 95 percent of them. So what drives this trend?

The report shows that in most attacks, stolen or guessed credentials of legitimate users were entered in order to obtain unauthorized access. Malware, phishing and keyloggers ranked next (each of which is also related to the credential issue).

Topics: Security

I see what you did there. You blamed the victim.

Posted by Scott Petry

May 3, 2016

Graphic: Blame the User T-ShirtSECURITY

Security experts warn that “many people still don’t know what ransomware is.” Would it do consumers any good if they knew? As an industry, we need to stop blaming end users for systemic failures.

Topics: Security