Start today, secure tomorrow.
Today I spoke at the E-crime conference in Amsterdam about how to embed hackers inside your company instead of only keeping the bad guys out.
From a functionality perspective, we are quite addicted to technology and we are getting very dependent on it in multiple ways.
Have you ever thought about that smartphone (perhaps the one you’re using to read this blog ); in what way do you use it? And how would it feel if you’d forgotten it when you left home this morning? If you don’t know, I would recommend you try it for a day; you will be surprised.
Second to that, there is the issue that we only focus on the costs of functionality and care less about the quality of security; security is a “non-functional”. But is it?
With the increased use of technology, it’s also increasingly interesting for cyber-criminals to invest in stealing your devices and information. The business case is really there. A few examples:
- Your Social Security Number is worth 3€ on black markets
- And your Mother’s Maiden Name is worth 6€
- If you died, your social security number would already be worth 10€
- The Mag-stripe data from a “secure” premium-level credit card is 80€
- And your name and password for your online bank account is worth 1000€
Security traditionally contains policies, secure infrastructure and auditing, but is that enough nowadays?
Not in my opinion. We have to learn to think out of the box. Two major subjects are crucial:
(1)Measurement: Do you have enough eyes in your company to see what is happening. This can be done by analyzing your logs, but don’t forget you also need to be more pro-active to find out where you have to monitor. And do you monitor the world trends?
(2)Creativity: We are set to think in certain ways we feel comfortable with. But in that way, we tend to forget the world is changing.
The big question is: How can you change this within your organization?
The answer is quite simple, but harder to accomplish: GET YOURSELF HACKERS!
Why? Because they’ll have the creative approach you need. They will think outside your box and find your vulnerabilities.
And it gets even better: those hackers will probably be able to invent creative solutions for those vulnerabilities.
That’s the way you will get 2 steps ahead of criminal hackers.