SecureTheBreach

THE HACKERS ARE COMING
Join us for a lightning debate on enterprise security: December 7, 14:30 GMT
Gemalto0
2017 looks like it could be the year of the big one. But there are steps you can take to mitigate the threat. We hope you’ve enjoyed the conversation. We'll be posting blogs and videos, and don't forget to read the comic http://www6.gemalto....
Cyber Investigators Chronicles
Unmask hackers and protect your data! Every day, 3.7 million records are stolen. So it’s not a matter of if your organization will be hacked, but when.
0 Votes Vote
SPCoulson33
My prediction for 2007 will be
more of the same ...

* Big companies still breached.
* Ransomware will still take out hospitals.
* Celeb will get attacked using a DDoS and we'll wonder why
* IoT will still be a pain!
* Cars will still be vulnerable
3 Votes Vote
Peter W. Singer All agree. Cars is going to be interesting one to follow, especially as see more driverless car prototypes and use
1 Votes Vote
Peter W. Singer but what are your predictions for what will be different?
1 Votes Vote
SPCoulson Agreed. I read once, All code is vulnerable. Enough time has to pass for us to work out why. Cars, planes, boats and toasters.
1 Votes Vote
Jason Hart What’s different now from last year’s prediction? Why will these attacks get worse? The first generation of cyber attacks were about cutting access to data, and then we moved on to data theft.
2 Votes Vote
Jason Hart @Hart_Jason Now, we’re starting to see evidence of that stolen data being altered before transition from one machine to another, effecting all elements of operations.
1 Votes Vote
Lewis Morgan Calling IoT a pain is an understatement :)
2 Votes Vote
SPCoulson I think the only difference will be more criminals having a go... The tools are readily available for curious people to attempt a large scale attack. We saw that with LOIC and now with Mirai.
2 Votes Vote
Neira Jones I think we might see the 1st physical injury due to #cybercrime #IoT
1 Votes Vote
SPCoulson @neirajones I agree on that.
1 Votes Vote
Peter W. Singer I was at a session where someone talked about the need to pentest a new shower. people were like "why"? The answer was that it could be altered from afar to shoot out scalding water
2 Votes Vote
SPCoulson and this is why we can't have nice things.
1 Votes Vote
Lewis Morgan @neirajones Agreed. "How did you break your leg?" "The internet did it" - imagine saying that 10 years ago.
2 Votes Vote
Neira Jones exactly my point. And we have all seen the attacks on hospitals.
1 Votes Vote
Jason Hart @LewisMorgan_ The proliferation of the Internet of Things means hackers have a seemingly infinite number of different attack surfaces and personas that they can manipulate.
2 Votes Vote
Gemalto @neirajones so a car crash? or out of control smart device?
1 Votes Vote
SPCoulson @neirajones it would be interesting to see attacks on medical records so that someone has an un-needed operation and the hospital is liable as they were not secure enough
1 Votes Vote
Jason Hart @Hart_Jason Your Fitbit as an example, look at the number of people who touch it—the user, the manufacturer, the cloud provider hosting the IT infrastructure, the third parties accessing it via an API, etc.
0 Votes Vote
Neira Jones Any of these...
0 Votes Vote
Jason Hart @Hart_Jason This creates a cross-pollination of risk that the security industry has not seen before, and that’s just one person’s “thing.”
0 Votes Vote
SPCoulson @Gemalto kettle blows up as the turn off signal was disrupted.
1 Votes Vote
Neira Jones @Hart_Jason Ah yes. Excellent point, which brings me to Supply Chain Due Diligence...
2 Votes Vote
SPCoulson @neirajones that's the one Neira ... global supply chain. Where your data exists in multiple countries under multiple laws.
2 Votes Vote
Peter W. Singer @neirajones But how can we get better at this? So hard to control? and also have risk not just in software but the hardware side, chips themselves, the attack baked in (scenario in my GhostFleet book)
2 Votes Vote
SPCoulson Is the answer that all data being passed over the internet has to be encrypted and only those with valid decryption key can see it?
1 Votes Vote
Gemalto25
We wrote a comic for people not intimately versed in security to understand the threats that are out there. Is there more we can do to raise awareness @peterwsinger?
2 Votes Vote
Peter W. Singer One fun project I am helping to launch this week is trying to enlist Hollywood into the effort
3 Votes Vote
Peter W. Singer I am writing you from LA, where @NewAmerica and UCLA are bringing our top cybersecurity experts to meet with writers and producers. We'll have folks from CyberCommand and various firms, ethical hackers etc and ~60 entertainment industry people
3 Votes Vote
Peter W. Singer The idea is to try to recreate in cybersecurity what happened with public health projects, where medical experts worked to help not only aid in stories but inject key public health messages (like cancer screening). Can we do same in Cybersecurity?
1 Votes Vote
Gemalto so do you think that Hollywood's approach so far to hacking has been too dramatic and not based in reality? Can you recall one of the worst offenders?
1 Votes Vote
Peter W. Singer Given how so many attacks take advantage of lack of user awareness, the hope is that even small levels of greater realism and awareness could have a big impact
1 Votes Vote
Peter W. Singer Plus, wouldn't it be great if movie/TV shows on this topic were just a bit better? They don't have the best track record :)
1 Votes Vote
SPCoulson CSI Cyber, Mr Robot, Hackers 2 and 3 ... Oh wait ... you are right. They don't have a great track record.
1 Votes Vote
Peter W. Singer That is one of the issues, this cross between it being super complex, only the wizard can pull it off, and thus there is nothing that you can do to protect yourself. but also it portrays as simple, just bang on a keyboard for under 30seconds to do
1 Votes Vote
Peter W. Singer A related issue is the characters themselves, every one of them sullen loners, usually in a hoodie. They also are predominantly male or if a girl, a goth
1 Votes Vote
SPCoulson The reason why is Pen Tests are boring to watch !
1 Votes Vote
Peter W. Singer Now we all know folks like that, but it is not the entire field. More importantly, how does it shape both public perceptions of it, and whether young people want to go into it? This is key given human workforce talent gap for industry as whole
1 Votes Vote
Peter W. Singer As one young person put it to me, "I dont see myself in those shows."
1 Votes Vote
Gemalto and a skateboard is an obligatory prop! Swordfish seemed entirely unplausible too. Would you say that reusing passwords and phishing seem to be the topics most in need of being addressed?
1 Votes Vote
SPCoulson I see nothing wrong here ... http://uproxx.com/we...
1 Votes Vote
Neira Jones YES.
1 Votes Vote
Peter W. Singer A Swordfish reference! yes, those would be good. But also imagine a world where more people/firms had multi-factor or encryption. Indeed, Donald Trump would not be president in that world.
1 Votes Vote
Peter W. Singer For those tracking the DNC/Podesta email breaches, the news today was that Trump again denied Russia had any role in it “I don’t believe it. I don’t believe they interfered.”
1 Votes Vote
Peter W. Singer Sorry to get "political" but it is a good illustration of both need for greater cybersecurity awareness and looming problems of attribution, when a leader disagrees with what his briefers are saying
1 Votes Vote
Gemalto So is this the new playground of spycraft then?
1 Votes Vote
Jason Hart22
Are CEOs ignorant of cyber security?
1 Votes Vote
Neira Jones Well, they are certainly more aware now...
1 Votes Vote
Gemalto Asia Perhaps lack of mandatory laws to reveal breaches in several countries help them to remain ignorant.
3 Votes Vote
Neira Jones compliance is certainly a driver.
2 Votes Vote
Neira Jones but bad public exposure in same sector is another driver.
0 Votes Vote
Lewis Morgan @neirajones 100% agree. I'd hate to imagine the start of global security if there were no compliance requirements...
0 Votes Vote
Gemalto Asia @neirajones isn't there any universal body fighting to make it mandatory everywhere?
1 Votes Vote
Lewis Morgan *state, not start :)
0 Votes Vote
Peter W. Singer I would say not ignorant of the growing risk, but ignorant of how to weigh it/what to do about it. Depends on sector though, some like Banking, they tend to have better handle, other like retail/health, are well behind
0 Votes Vote
Lewis Morgan The EU GDPR is certainly going to help
0 Votes Vote
Neira Jones No Universal Body, but plenty of bodies... They have to cooperate.
0 Votes Vote
Peter W. Singer To say "ignorant" is not an indictment or mean spirited. It is just that this wasnt in their background or training. The problem is that will stay this way for long time. MBA programs still don't teach executives the base level things they need
1 Votes Vote
Jason Hart Breaches will continue to happen to expect otherwise would be unrealistic. But as their scale and complexity grows, focusing on them first would take up all of an organisation’s IT security bandwidth.
1 Votes Vote
Jason Hart A better starting point is to know what you are trying to protect.
3 Votes Vote
Neira Jones Hence the importance of the "Modern CISO"...
2 Votes Vote
Peter W. Singer An executive (not just the CISO) has to have some general understanding of this topic area, as they will be making decisions related to it. Cost of worst breaches is often determined not by IT dept but how CEO, public affairs, legal dept (mis)handled
1 Votes Vote
SPCoulson Shoudl they be a non-executive and therefore have no direct relationship to prfit etc? Their advice would be impartial?
2 Votes Vote
Neira Jones Yes, but the "Modern CISO", commercially & business aware should be able to express risk.
1 Votes Vote
Neira Jones @SPCoulson What an excellent idea! I'm game ;)
1 Votes Vote
SPCoulson @neirajones thought you might be? The Virtual Modern CISO?
2 Votes Vote