Last Week’s Hacker Conventions Showcased the Acceleration of New Threat Vectors & Cyber Vulnerabilities
New York, NY (PRWEB) August 06, 2013 -- It’s only natural for cyber-paranoia to creep in when surrounded by some of the world’s best hackers, so there was undoubtedly a lot of that going around last week at the famous annual hacker conventions in Las Vegas, DEF CON and Black Hat. But, as Bob Knudsen, Northeast Regional Manager of Global Digital Forensics says, “it’s certainly not irrational paranoia, it’s anchored real life experiences that make headline news stories all the time, a lot of them really scary stuff. The question is, what are today’s organizations doing to fight those fears?”
Who and what is at cyber risk?
“The short answer is just about everyone, and increasingly, just about everything. The cornerstones of the hacker world are still there concerning networks, like the theft of intellectual property, malicious payloads meant to infect, infiltrate and/or paralyze organizations, stealing Personally Identifiable Information (PII), and a host of other threat vectors everyone is by now familiar with. But now, as technology seeps in to every little nook and cranny of our lives, we’re getting into a stage where things we never thought about getting hacked are also on the menu. Now we have to worry about televisions and gaming systems becoming conduits for cyber espionage, we have to worry about on-board electronics in our vehicles getting hacked and manipulated to the point of possibly becoming dangerous, and we even have to worry about having our electronic medical implants hacked and manipulated,” like renowned hacker Barnaby Jack, who dropped jaws a few years ago by getting an ATM to start spitting out money at the Black Hat conference, was set to demonstrate this year in Las Vegas before his untimely and still mysterious death a little over a week ago. Undoubtedly, the fact that he was about to reveal a cyber-vulnerability which could actually end the life of a real person with a cyber-attack is more than enough fuel to get the gears of conspiracy theorists everywhere going full bore.
Splash the Zeroes … and ones.
“If DEF CON and Black Hat proved one thing, it’s that the craft of hacking never stands still, and neither can the wheels of cyber security, or it will never be a fair fight. Think of it this way. Years ago, or should I say decades, there was a movie called The Final Countdown. The premise of the story was that the USS Nimitz, a modern nuclear powered aircraft carrier, was launched back in time to the days right before the Japanese sneak attack on Pearl Harbor. The storyline of course was hinged on the moral and ethical dilemma of whether or not use their modern technology to change history and the paradox repercussions that could be unleashed if they decided to flex their tech-muscles to change the outcome of an event that changed the world at the time. It would have been F15s at Mach 2 against propeller powered Zeroes, guided missiles against bullets and a sitting duck fleet, all the while being armed with the knowledge of history and knowing exactly what was about to take place, when and where. Essentially, the Japanese fleet would have stood no chance against 40 years of advancements in technology, like when it took just seconds between a ‘splash the Zeroes’ order going out over the radio, to the conformation of ‘two Zeroes splashed’ coming back. They had no chance. But that’s the kind of lopsided fight that unfolds every day in the cyber realm. There are still national infrastructure entities out there relying on SCADA (Supervisory Control and Data Acquisition) systems implemented decades ago, there are still businesses relying on technology that is so out of date it’s like a wide open door to today’s hackers, there are still organizations and institutions out there relying on cyber security plans developed and instituted years ago. And if you need a more real and modern example, just think back to the paralyzing hubbub the Y2K scare caused over a something as simple as incorrectly coded date fields that didn't account for the future. Yesterday’s programmers may have been living on the cutting edge of technology, but that edge gets duller and duller as time passes and technology evolves. So to survive on today’s cyber battlefield, it has never been more important to step at least into the present, but always with both eyes squarely fixed the future. That’s what we help clients do, survive and thrive in today’s landscape of zeroes and ones.”
How to stand tall against the relentless threat.
“To chart a course to where you want to be, you first have to know where you are. Improving your cyber security posture is absolutely no different. Regular cyber threat assessments and comprehensive penetration tests are more important than ever, and ours are designed to do just that, let you know where you stand, where you’re weak, and what needs to be focused on to stand up to today’s cyber threats which are lurking around every corner. A cyber security plan from five years ago probably doesn’t focus at all on threat vectors posed by smartphones and tablets, but they are definitely part of the equation today. Applications designed or purchased just a few years ago may not be up-to-snuff security-wise by today’s standards, and the plethora of cloud-based applications and SaaS (Software as a Service) platforms which have popped up over the last couple of years can pose problems that are most likely not even on the radar of outdated cyber security plans, but they can certainly have grave consequences if exploited. From the big picture, to all the intricacies and details of a client’s unique digital architecture and cyber functionality, including regulatory compliance issues, we shine a spotlight on their weaknesses and help them significantly improve their cyber security posture. Unfortunately, the only thing we can’t do is pick up the phone for them to make the call that gets us started. But even if they waited too long and already got victimized, we have emergency cyber incident responders standing by 24/7, ready to spring into action to take control of the situation and dramatically reduce the consequences and aftermath that inevitably follow a successful cyber-attack, intrusion or breach.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber-incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.
Aris Demos, Global Digital Forensics, http://www.evestigate.com, +1 (800) 868-8189, [email protected]
Share this article