Cyber security : The Five Laws of Cybersecurity by Nick Espinosa
Image of Nick Espinosa | Image Source : |
I'd like you to consider for a moment
that there are about 6,900 languages spoken on our planet daily,
and these thousands of languages serve thousands of cultures,
from the smallest community to the largest continent.
Now, even with this vast diversity among our global population,
we have some alternative languages and methods for communication
that are understood by everybody.
For example, the world has mathematics.
If I have one apple and somebody gives me another apple, I have two apples.
This is understood worldwide without fail.
Now, as of today, the largest culture by far is that of the Internet user.
With 7.6 billion humans on Earth, around 3.6 billion of us are online
and communicating with each other and institutions daily.
Thus, another common language we all share but most don't realize
is the networking protocols that the Internet runs on
and the social media platforms that tie us together -
and emojis; we can't forget the emojis.
But what our internet culture tends to lack is a common understanding,
to foster true, true understanding about cybersecurity and threats online.
Outside of hardcore cybersecurity and IT people like myself,
most people don't understand the language that is nerd.
And so, it is my job to be the best nerd-to-English translator I can be
in order to help the world stay safe online.
So without further ado, here are my five laws of cybersecurity
that are designed to do just that.
Law number 1:
If there is a vulnerability, it will be exploited.
No exceptions.
Consider for a moment
that when the first bank was conceived of and built,
there was at least one person out there who thought, "I want to rob that."
In the more modern era,
since the first computer bug was discovered,
hackers good and bad have been looking for ways
to get around the laws and framework that govern a computer system,
a program, or even our society in general.
Now, think about this for a second.
There are those out there who will literally try and hack
absolutely everything within their capability.
Now, this could be the more basic exploit,
like the person who figured out how to cover their car's license plate
to go through an automatic tollbooth for free,
or this could be a more obscure,
such as infecting a complex computer network
to derail an entire illegal nuclear weapons program,
which actually happened in the mid-2000s.
Finding ways around everything for both good and bad purposes
is so ubiquitous today, we even have a term for it: life hacking.
And with this, we'll move on to the second law:
Everything is vulnerable in some way.
We cannot assume that anything is safe,
nor is anything off the table for hacking anymore.
We've seen a series of massive breaches by corporations
that literally spend millions annually on cyber defense strategies.
From enormous retailers to gigantic health insurance providers,
these corporations hold millions of records
on virtually everyone in the United States
and fall under multiple government-compliance laws
for data security -
yet here we are.
And we can go straight out of left field
or even more obscure for examples of this law.
So, for decades
we've just assumed our computer processors are safe and harmless,
just doing the job that they were meant to do.
In the beginning of 2018, it was discovered
that these technological workhorses are carrying a serious mass of vulnerability
that would allow a malicious hacker to wreak havoc on all of us.
From minor to major,
law number 2
is really inescapable.
Before we go on to
law number 3 I'd like everybody in the audience,
to look under your seat for something that my team put there.
If you can.
All right.
Did anybody find anything?
No? All right. You guys can stop now. You guys can stop now.
(Laughter)
I want to go on to law number 3:
Humans trust even when they shouldn't.
(Laughter)
And I'm sorry to make you all part of this talk,
but it really helps to underscore my point here:
trust, quite frankly, sucks.
Now, we need trust in our lives.
We can't have a society without it.
And we have positive expectations of our technology
and those people that help us with it.
We expect the light switch is going to flip on the light when we turn it on.
We expect the mechanic we pay to fix our car
to actually fix it and not rip us off.
But we have to question
the technological infrastructure and online people around us.
This is our greatest vulnerability in cybersecurity.
Now, because of trust, people fall for phishing scams.
They believe the $20 anti-virus they bought for their computer
will turn it into Fort Knox; it will not.
They also believe that the form they're filling out online is legitimate;
it sometimes isn't.
And it sounds weird to say that we have to combat trust,
but we have to if we're going to survive the nonstop hacking that takes place.
And with this, we can move on to law number 4:
With innovation comes opportunity for exploitation.
The world is full of brilliant people:
Alexander Graham Bell invented the telephone
that made the world a whole lot smaller.
Bill Gates created a global computer operating system
that got humanity on the same technological page.
Mark Zuckerberg created a social media platform
used by billions daily to share our lives.
However, with these evolutions in innovation and our technology
come certain exploits.
Now we live in the age of IoT, or Internet of Things,
and by virtue of this, our lives have hopefully been made a little easier.
New, unique, innovative products are constantly being made
to help us live in our homes or drive our cars
or even improve our health.
However, one of the biggest examples of innovation exploitation
is IoT hacking.
In 2016, a virus known as Mirai infected millions of IoT devices worldwide
and then weaponized them against targets,
creating some of the largest bandwidth attacks the Internet has ever seen.
As the world continues to develop and create amazing new technologies,
we cannot forget the lesson of law number 4.
And finally, law number 5:
When in doubt, see law number 1:
If there is a vulnerability, it will be exploited.
No exceptions.
Now, this one isn't a cop out; it's really not.
Every single issue with cybersecurity and our technology
stems from a vulnerability of some kind.
If we ever forget this, we are doing nothing but asking for trouble.
Our ability to properly defend ourselves
comes from understanding that human nature itself makes these laws immutable.
And when we start thinking like a hacker is when we can actually stop them.
So here's to our new, common language
that hopefully helps us and the world stay safe online.
Thank you.
Who is Nick Espinosa
An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small businesses up to the Fortune 100 level. Nick founded Windy City Networks, Inc in 1998 at age 19 and was acquired by BSSi2 LLC in 2013 where he is their CIO. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations, was launched. A nationally recognized speaker, member of the Forbes Technology Council, regular columnist for Forbes, on the Board of Advisors for both Roosevelt University’s Center for Cyber and Information Security and Bits N’ Bytes Cybersecurity Education, award winning co-author of a bestselling book “Easy Prey”, and host of “The Deep Dive” radio show on 101.3FM WHIW, Nick is known as an industry thought leader and sought after for his advice on the future of technology and how it will impact every day businesses and consumers. An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small businesses up to the Fortune 100 level. Nick founded Windy City Networks, Inc in 1998 at age 19 and was acquired by BSSi2 LLC in 2013 where he is their CIO. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations, was launched. A nationally recognized speaker, member of the Forbes Technology Council, regular columnist for Forbes, on the Board of Advisors for both Roosevelt University’s Center for Cyber and Information Security and Bits N’ Bytes Cybersecurity Education, award winning co-author of a bestselling book “Easy Prey”, and host of “The Deep Dive” radio show on 101.3FM WHIW, Nick is known as an industry thought leader and sought after for his advice on the future of technology and how it will impact every day businesses and consumers
Post a Comment