T HE F IVE L AWS OF C YBERSECURITY N ICK E SPINOSA C HIEF S ECURITY F ANATIC
• Chief Security Fanatic of Security Fanatics NICK ESPINOSA • CIO of BSSi2 • Professional Hacker • Member of the Forbes Technology Council • Regular contributor for Forbes.com & Smerconish.com • Co- author of an Amazon Best Selling book “Easy Prey” • Nationally syndicated radio show host of “The Deep Dive” • TEDx Presenter • Board Member | College of Arts and Sciences, Roosevelt University • Board Member | Center for Information and Cybersecurity • Board Member | Bits N’ Bytes Cybersecurity Education • Board Member | KEEN Chicago
W E H AVE A S ERIOUS P ROBLEM O N O UR H ANDS • The general population has a healthy percentage that are ignorant of how unsafe the infrastructure around them can be. Consider: • 27% don’t know that Public WiFi can be unsafe • 52% have no idea that Ransomware involves criminals encrypting their data for ransom • 61% don’t understand that “Private Browsing” doesn’t shield them from their ISP tracking them • 86% don’t know that a VPN helps minimize risks of insecure connections! • 89% can’t identify what multi -factor authentication is when given screenshots!!
N ERDS , D ON ’ T T HINK W E ’ RE O FF T HE H OOK H ERE E ITHER ! • The general population has a serious problem with technology interactions and IT/Cybersecurity personnel: • Surveys show that only 37% of people trust major tech companies with their data • Studies show that while people love tech they dread calling for technical support EVEN if they know their tech support person • Only 38% of people think that technology has benefited them personally • The #1 problem cited by people for IT and Cybersecurity interactions with support is the use of jargon and confusing terminology • If we cannot talk to our personnel and even our friends about Cybersecurity how can we begin to fully defend them!? • We NEED a common language understood by all!
L AW N O . 1: If There Is A Vulnerability, It Will Be Exploited
L AW #1: I F T HERE I S A V ULNERABILITY I T W ILL B E E XPLOITED • There Are NO EXCEPTIONS here! • Humanity’s history is full of examples of this: Consider the bank! • A hacker’s mentality is the key to understanding the motivations for this law • Examples translate into the non-technical world: Ever think about automatic tollbooths? • Life Hacking is everywhere!
L AW N O . 2: Everything Is Vulnerable In Some Way
L AW #2: E VERYTHING I S V ULNERABLE I N S OME W AY • People can’t trust us because people keep getting breached! • Hardware development is hit constantly (Spectre! VPNFilter!) • Software has caused some of biggest breaches of all time (Equifax!) • IoT development has seen some major disasters over the years • Our homes, offices, coffee shops, airports, hotels and on and on can get everyone compromised
L AW N O . 3: Humans Trust Even When They Shouldn’t
L AW #3: H UMANS T RUST E VEN W HEN T HEY S HOULDN ’ T • We need to understand why humans trust before we can examine this one in depth. • Cognitive Trust – based on our knowledge and evidence about we choose to trust • Affective Trust – based on emotional ties with others and the confidence we place in our interactions • Object Permanence reinforces our trust mechanisms • If we break down what a hacker does into a single concept it’s this: Hackers exploit trust!
L AW N O . 4: With Innovation Comes Opportunity For Exploitation
L AW #4: W ITH I NNOVATION C OMES O PPORTUNITY F OR E XPLOITATION • With evolution and innovation in technology comes evolution and innovation in hacking • As IoT explodes in popularity, and device population, we have serious development challenges in terms of cybersecurity • Increased competition to be the next “game changer” comes with corner cutting to the detriment of us all • We can’t ever forget the pacemaker! • When the next Mirai hits, not “If”
L AW N O . 5: When In Doubt, See Law No. 1
L AW #5: W HEN I N D OUBT , S EE L AW N O . 1 • No matter what the concerns or problems with Cybersecurity are, they ALL stem from a vulnerability of some kind • This is human nature! • We need to start thinking like hackers if we’re going to stop them • Reinforce this common language to non-technical people • We need to build a global herd immunity for Cybersecurity!
The Framework We All Fall Into: T HE F IVE L AWS OF C YBERSECURITY Law No. 1: If There Is A Vulnerability, It Will Be Exploited Law No. 2: Everything Is Vulnerable In Some Way Law No. 3: Humans Trust Even When They Shouldn’t Law No. 4: With Innovation Comes Opportunity For Exploitation Law No. 5: When In Doubt, See Law No. 1
T HANK Y OU ! Keep Up with the latest in Cybersecurity at: /NickAEsp *D AILY V IDEOS ! /in/nickespinosa *D AILY V IDEOS ! /NickAEsp *D AILY V IDEOS !
Recommend
More recommend