<img height="1" width="1" src="https://www.facebook.com/tr?id=1953097804934218&amp;ev=PageView &amp;noscript=1">

Blog

5 Things I Learned about Cybersecurity at Chicago Ideas Week

This week I went to a talk on cybersecurity at Chicago Ideas Week. Here's what I learned from the former commissioner of the NYC police department, a Harvard Law professor, the global head of cybersecurity at Palantir, the cofounder and CTO of HackerOne, the founder and CEO of WISeKey, and the general counsel for Wikimedia:

1. Cyberterrorism hasn't actually happened yet.

But when it does, it may come in the form of a spider in your shower. No, really. 

While you're washing your face, a cyberterrorist can remotely instruct a spider-shaped drone to inject you with lethal poison, crawl out your window, and self-destruct—all before you open your eyes.

Dolomedes_tenebrosus_e_2_PEMBecause this isn't creepy enough. (Source)

2. Unauthorized access is usually gained by exploiting weaknesses in people, not software.

It's far more practical to socially engineer private information than it is to gain access to protected networks.

If I wanted to hack your email, I could talk to you about my mom having the weirdest maiden name ever, hoping you'll mention your mom's maiden name during the conversation. If you do, I'll be able to answer your secret question and force a password reset

password-reset
Soon I'll find out that you Uber across the street.

3. Your mom can buy a Denial of Service attack.

The going rate on the Deep Web is $150 (TrendMicro Research). The average damage to attacked businesses? $40,000/hour (Incapsula). 

Norse_Attack_MapThis is why we do DDoS Mitigation. (Source)

4. Facebook has 1.3 billion products.

They're you, me, and everyone we know. Facebook sells what we "Like" to advertisers for more effective targeting.

facebook-privacyOnly post information if you don't mind sharing it with corporations.

5. Hackers: they're just like us!

Criminal hackers are not as sophisticated as you think. Most of them have bosses, budgets, and impending carpal tunnel, too.

While the security risk landscape is vast, it's knowable. We just have to be smart. Make it as annoying as possible for a hacker to access your information through things like dual-authentication. 

They'll most likely move on to someone with the password "admin".

hacker
What, you don't look like this? (Source)

Topics: Security