Target shoppers won't be the only ones who have had their personal information breached, says John Watters of iSight Partners.
In business, when a customer of a company becomes an investor in the company, that’s a strong endorsement.
An even stronger endorsement might be when a company emerges as an ally of the U.S. Secret Service and the Department of Homeland Security in the effort to track cyber scammers who stole the personal information of tens of millions of credit and debit card customers.
Both are true for iSight Partners, a global cyber intelligence firm started here in 2006 by Dallas native John Watters.
“That’s two signs of credibility,” Watters said in an interview Friday, a day after iSight issued a joint publication with federal agencies that said the security breach during the holiday shopping season was part of a sophisticated cyber scam that affected several retailers.
Last year, iSight received funding from Blackstone, the giant investment firm. During the previous year, Blackstone had been a customer, relying on iSight to better understand the cyber threats it faced.
With iSight’s new report, Watters and his company vaulted to national attention.
He said his Friday was packed with news interviews. And he warned that the fallout from this round of cyber-attacks is probably not over.
“There’s likely a heck of a lot of victims out there who don’t yet know they are victims,” Watters said.
“This is going to unfold over days, weeks and months.”
He said iSight couldn’t mention specific names of retailers involved. News reports have indicated at least two, Target and Neiman Marcus.
Watters said that while the origin of the malware source code used was Russian, iSight and federal authorities do not know where the attacks originated. “It’s like buying a gun in Russia and selling it in Brazil,” he said.
He said his company detected the malicious software — dubbed Kaptoxa (Kar-toe-sha) — being sold around the world last summer. By now, it has potentially infected a large number of retail information systems, he said.
Watters, an entrepreneur, said that he started investing in cyber security firms in the early 2000s. He became chairman and CEO of Virginia-based I Defense, a security intelligence firm acquired by VeriSign for $40 million in 2005, according to reports then.
“I bought it for $10 out of bankruptcy in 2002,” Watters said of I Defense.
On its website, iSight says its network of security analyst’s numbers more than 200 in Washington, D.C., the Netherlands, Brazil, Ukraine, India and China. The company operates in 24 languages in 16 countries.
Using a sports analogy, Watters said his company creates playbooks to help organizations defend against potential adversaries in different circumstances. These plans provide specific information to counter discrete threats, such as the recent attacks on retailers’ point-of-sale systems.
“We give them the equivalent of an audible,” Watters said.
In an interview with ExecutiveBiz in 2010, Watters said his business “always tries to intersect the future rather [than] replicating the current.”
“It’s a risky way to roll, but way more fun,” he said
IN THE KNOW / BE VIGILANT
On its website, iSight advises retailers who believe their point-of-sale system has been compromised to immediately contact the local Secret Service/Electronic Crimes Task Force field office.
The company advises consumers to be vigilant but not worried:
Regularly check bank statements for fraudulent charges, monitor credit statements for unusual activity, and do not open email from unknown or suspicious sources.
If you receive an email from what appears to be your bank or financial institution, do not open the email or click on any links. Instead, contact your financial institution directly via phone or website to avoid any phishing scams.