The CompTIA IT Security Community met today at CompTIA’s Annual Member Meeting at the Swissotel in Chicago, held March 20 to 23, presenting some sobering but nevertheless entertaining perspectives on the current state of cybersecurity.
First up, in a conversation moderated by Ron Culler, CTO of Secure Designs, Ian Trump, global cyber security strategist with Solarwinds and Lysa Meyers, security researcher with ESET presented “Scary Security Facts.” Trump illustrated the tenuous nature of cybersecurity: “You are secure today and tomorrow something happens that can tear apart your infrastructure.” He added that the criminal element on tends to stick with what works; pointing out that the recent hack of Yahoo was accomplished using e-mail; a method that’s 10 years old.
“There’s an economy of scale that happens with breaches,” Meyers added. “For a small company, a batch of breaches costs a lot more than it would a Fortune 500 company.”
Thankfully, Trump added, this hasn’t gone unnoticed. “Cybercrime has gotten on the radar of law enforcement and we’ve seen some huge takedowns,” he said.
Meyers pointed out that some data breaches are worse than others – particularly in health care. “Medical records follow you your whole life, so they’re more serious than a [credit] card that can be cancelled tomorrow,” she said.
Entertainingly, Meyers described the Star Trek franchise, generally considered a utopic piece of science fiction because it depicts the human race as having come together for a greater good – space travel – as a “dystopic future where everyone has given up on security.” This is true; throughout the 726 episodes of the show and the 13 movies it inspired, starship crews routinely experience hacks; complete scans of their computers; significant disruption. Star Trek: The Next Generation even features an android named Data who occasionally goes berserk, commandeering the entire ship, then when his reasons are uncovered he is just put back into service without a second thought.
Trump loved the comparison. “In business, it’s like we’re in the expanse of space,” he said, adding that for some businesses a data breach is like a hull breach on a space vessel. “If that happens, we’re done.”
Next up, the meeting presented “Hacked in Less than 10 Minutes,” by Andrew Bagrin with My Digital Shield. Bagrin informed the audience, “Security is not a red pill or a blue pill,” he said. “It’s a combination of a bunch of things you need to do to be secure.”
His first demonstration basically showed how a hacker could uninstall a computer’s anti-virus software. This, he said, showed how security precautions need to improve. “It has to get better than, ‘Watch out for that Nigerian Prince,’” he joked.
His second demonstration showed how ransomware basically works. He stated a billion dollars was paid out to ransomware criminals last year; up from 25 million dollars in 2015.
“And [ransomware criminals] are honest right?” he joked. “They’re going to take everything off your computer! They’re not going to leave anything there!”
Click here to learn more about CompTIA’s IT Security Community and get involved today.
