Last year we saw an alarming rise in hacking attempts on well known blogs, websites and forums across the interwebs. It’s a scary thing being in our industry when you realise that your hard work can be accessed by some Taiwanese dude sitting in a basement in Taipei.
With this in mind, we invited Justin Stanford to talk to us about security in this week’s Heavy Chef Session.
2. Who am I? 26, entrepreneur and investor Founder, advisor, CEO, director, investor to various companies First business at 13, selling juice Was always interested in business and technology Left school to enter the business world at 17 Current project: 4Di Capital
3. Who am I? Interested in the security space from 15 Became a hacker Appeared on 3rd Degree Noticed clear trends which led me into the security industry
4.
5. Companies First two startup attempts were in security Am today involved in two:
6. Key Trend in my Lifetime The technologisation of EVERYTHING
7. The technologisation of EVERYTHING Communications (E-mail, IM, VoIP, SMS) Personal & social life (Facebook, Twitter) Banking (Internet banking) Taxes (SARS E-Filing) Information (World Wide Web) Business & Shopping (E-commerce) Workplace (Remote VPN, mobile devices, video conferencing) Travel (e-Ticketing, Accomodation, Rentals) Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s) Navigation (GPS) Reading (eBooks, Kindle, Web) Writing (Word, Powerpoint, Excel) Filing (Digital storage, DMS, Dropbox) Access control (Biometrics, keypads, 2FA)
8. Conclusion Our entire lives are technologised and online Security is one of the singularly most important technological considerations for today and the future! Probably not a bad business to be in then…
10. Main security focus historically Infrastructure centric, perimeter defended networks Attackers wanted to own your COMPUTERS Viruses, worms, trojans, exploits Useful for bot nets, DDoS, sending spam, attacking other networks, stealing data, covering up hacks, trafficking in warez Attackers soon became very sophisticated, organised and financially driven
11. Main security focus historically Servers & workstations Internal apps & services Servers & workstations Internal apps & services Internet
12. New shift Shift away from monolithic interconnected networks with fixed perimeters to distributed devices accessing distributed services from anywhere at anytime Security is now a scattered problem: You have to defend your networks, various distributed devices, various distributed services, and rely on cloud networks to do their job Human element now more crucial than ever
14. New shift Attackers want to own your DEVICES But even more so, attackers want to own your IDENTITY Why?
15. The technologisation of EVERYTHING Communications (E-mail, IM, VoIP, SMS) Personal & social life (Facebook, Twitter) Banking (Internet banking) Taxes (SARS E-Filing) Information (World Wide Web) Business & Shopping (E-commerce) Workplace (Remote VPN, mobile devices, video conferencing) Travel (e-Ticketing, Accomodation, Rentals) Entertainment (YouTube, Flickr, Online gaming, Virtual worlds, iTunes, MP3s) Navigation (GPS) Reading (eBooks, Kindle, Web) Writing (Word, Powerpoint, Excel) Filing (Digital storage, DMS, Dropbox) Access control (Biometrics, keypads, 2FA)
16. Devices and identity Countless possible endpoint leakages: Laptops, smart phones, cloud email accounts, cloud CRM, cloud hosted files, etc Identity allows access to EVERYTHING Scary: majority of modern day identity is protected with a username and a password One of the biggest new commodities in the modern day world: TRUST Important for individuals, companies, brands
17.
18. Methods Primary attack & risk vectors today E-mail Phishing e-mails, highly effective at identity theft Attachments to install malware, bots, key loggers, etc Take advantage of hot topics or play on concerns Web Phishing sites, fake sites Embedded malware Search engine / SEO attacks Man in the browser, man in the middle Social engineering Convince consumers or company staff, happening a lot! Loss or theft of devices Careful what you trust! Don’t believe what you see.
19. More trends Apple Macs It’s not coming, it’s here already! Smart phones and tablet devices We do a lot on these already! 2009 saw 4 iPhone exploits in a few weeks! Compromise of one account compromising many Saving of user details Greater use of search engines and social media to spread malware, spam, phishing and create fake presences to capitalise on trust Rogue security software Bot net turf wars and increasingly intelligent malware