Professor Alex Stamos, director of the Stanford Internet Observatory, kicked off Collision 2021 with a question and answer session on the evolution of cybersecurity.
Alex Stamos is a cybersecurity expert, business leader and entrepreneur. He works to improve Internet security through his teaching and research at Stanford University. Prior to joining Stanford, Alex was the head of security at Facebook and Yahoo.
Private hacking groups
Sophisticated groups of private piracy were formed in recent years because major hackers learned that they can earn tens of millions of dollars with ransomware and other attacks. The groups started as side concerts. They quickly realized that the number of opportunities for hacking has exploded far beyond large corporations and government departments. Now all organizations are a target of piracy.
Current and former employees of Russian and Chinese government-sponsored piracy organizations founded most of these private piracy organizations. This is how these groups acquired the same advanced piracy skills that government-sponsored piracy organizations have accumulated over the past decade.
Private hacking groups are forcing us to improve our cybersecurity.
The SolarWinds hack is the main product of Russian-sponsored espionage that began years ago. The Russians inserted malicious software of bright and custom design into the process of building software packages. The distribution of SolarWinds provided the Russians with about 18,000 targets which are large corporations and government agencies.
Unfortunately, we do not have enough qualified security personnel to fix the problems caused by this Russian hack. It will take quite some time to identify and remove all the malicious software that the Russians installed. No one should think that the discovery of the SolarWinds pirate means it’s almost a story.
Security of IoT devices
Many IoT devices are easy targets for piracy. Consumers should stop buying IoT shit. Patches will never be made with too many IoT devices because they cannot be patched or their owners do not handle them at all.
Many companies are beginning to insist on the security features of the IoT devices they buy. Unfortunately, consumers are not paying attention to the security of their IoT devices. As a result of this divergence of attention, IoT devices will remain targets of easy piracy for many years to come.
Manage our personal security risks
We all need to stop reusing passwords for multiple accounts. These recurring passwords are an invitation to identity theft. To achieve this goal, we all need to use a password manager.
We should all implement OpenDNS, NextDNS or any of its competitors at home to increase the level of security.
Secure login certificate
We are unable to determine the extent to which any company manages our login credentials. Apple and Google are moving toward federated login identities. I hope that in the future we will strongly identify with one or two identity providers. The chosen provider will certify who we are to all other participating organizations.
Face ID offers the considerable advantage that nothing leaves our personal devices. Hackers can’t steal anything. Impersonation is almost impossible.
Non-fungible token (NFT)
I’m amazed that some people pay millions of dollars for these tokens. NFTs are a scam. There is no legal framework around NFTs that regulates their operation and the protection of transactions. There is no block chain involved to protect the parts. Sellers may violate securities laws because NFT issuers do not sell anything of value.
What ideas can you provide to help organizations strengthen their defenses against cybersecurity? Let us know in the comments below.