Partner Recap: The Golden Age of Hacking
Last Wednesday, I attended the Grand Rapids Cyber Security Conference at the GVSU Eberhard Center. David Wood, one of the most technically certified humans in the world with Fishnet Security, opened up the day with a dissertation about the Golden Age of Hacking. Here are some key take-aways:
- Malware morphs over time – it changes and waits.
- The new attack vector is people – phishing – not websites or ports.
- Compliance is not security.
- Hackers are after your money - $$$.
- Hactivists are pursuing an ideology and can sweep you into their lair.
- The CryptoLocker virus grossed $30 Million.
- A high value credit card is worth $200 on the black market.
- Ninety-eight percent of threats come in through Oracle Java, Adobe Flash and Adobe Reader.
How do I protect my person or organization?
- Perimeter protection like a firewall.
- DNS white & blacklist blocker – don’t let viruses phone home.
- Detection and response based on behavioral analysis.
- Two-factor authentication: What I have (ATM card) and what I know (PIN number).
- Password protection complexity and timeliness rules.
- Patching and update policy.
- Education of end users.
This four-hour jaunt into cyber security threats reinforced my commitment to web and technical safety. Each of us choose our personal and organizational risk tolerance and assign value to it by the amount of insurance that we buy. Our personal investment in products like LastPass password management and organizational investment in technology security management is becoming more and more important in this, the Golden Age of Hackers.
Recap by Mike Ritsema, i3 partner