Cutting chance of data theft
What began as an innocent search for a car deal morphed into attempted corporate espionage that was discovered and halted by the security operations team at Tulsa-based True Digital Security.
ITULSA — t started with a visit to a local auto dealer’s website. Then a company’s data started flowing to Russia.
What began as an innocent search for a car deal morphed into attempted corporate espionage that was discovered and halted by the security operations team at Tulsa-based True Digital Security.
The client’s encounter with malicious software showed how vulnerable a business’ data can be, said Jerald Dawkins, Ph.D., True Digital Security’s founder and chairman of the board.
“What we identified was that an executive with the company was looking at vehicles at the local car dealership,” Dawkins said. “The dealership’s website had been hacked by a malicious actor; that actor placed malicious code unbeknown to either the dealership or to its patrons. We were able to identify the malicious code and actively disrupted the exfiltration of company information.”
Bottom line, even the most innocent appearing websites can put a visitor’s data in jeopardy of malware, ransomware or theft, Dawkins said.
“Some people think that ‘I can only get hacked if I go to bad websites,’ and that’s not true.” Dawkins said. “In this particular case, the car dealership didn’t update their system and it was compromised. The company executive inadvertently downloaded malicious code that allows the attacker to extract the executive’s sensitive Word and Excel files.”
Founded in 2005, True Digital Security provides security consulting and assessments, compliance readiness, testing and validation and managed IT services for clients across the nation.
Before starting down the entrepreneur’s path with True Digital, Dawkins earned his Ph.D. from the University of Tulsa, where he was part of TU’s cybersecurity program.
True Digital has grown to about 70 employees in Tulsa, Okmulgee and in Florida after its recent merger with West Palm Beach, Florida-based SLPowers. Rory Sanchez, who was president and CEO of SLPowers, is CEO of the combined companies.
Along the way, True Digital established a strong relationship with the Oklahoma Center for the Advancement of Science and Technology (OCAST), which resulted in multiple research grants and placements of interns through the OCAST Intern Partnership program.
For example, a $300,000 Oklahoma Applied Research Support grant supported research into the concept of tokenization. That led to the founding of a spinoff company known as TokenEx.
The OCAST Intern Partnership is a costshare program that brought promising Oklahoma students to True Digital Security. Today, True Digital employs five professionals who began their careers as OCAST interns.
“Leveraging the OCAST internship program and giving the interns an opportunity to come in and learn about the space and explore some of these research ideas has had a big impact for us,” Dawkins said. “The internship program allows us to grow the talent and bring them along as full-time hires. I’m very proud of our success in the internship program.”
One of those former interns is 34-year-old Steven Anderson, a military veteran who came to True Digital Security via the Tulsa Community College and TU cyber security programs. Anderson describes his role as “security consultant” whose job involves activities such as penetration testing and vulnerability scanning.
“As an intern, I got involved with real-life clients,” Anderson said. “I got some experience with vulnerability scanning, risk assessments, threat monitoring — you name it, I got my fingers into it. I stayed with the company because I like the close brotherhood and family feel of True Digital Security. And I love the work, so that’s a bonus.”
For Anderson and the True Digital Security team, the mission is as much in helping clients navigate complicated regulatory and compliance issues as it is fending off threats like data theft, Dawkins said.
“Addressing cybersecurity in today’s world requires more than just technology,” Dawkins said.
“It’s a business problem and the risk must be appropriately identified and managed. True Digital Security has always been focused on ensuring vulnerabilities are identified and known so that bad actors can’t take advantage of them, like updating a car dealership’s website. We have always had the expertise to support and address a potential cyber incident.”
Jim Stafford writes about Oklahoma innovation and research and development topics on behalf of the Oklahoma Center for the Advancement of Science & Technology (OCAST).