Jason Truppi: The authoritiesscams are the ones that can cripple government and industry's ability to fight cyber threats according to a former member of teams FBI netsec who spoke at the B-Sides security conference. The B-Sides convention was held in San Francisco.
Society is working under the illusion that governments and businesses make rational decisions about computer security, but reality is another: bad management, and a false belief in the power of technology that can save.
"The government is very reactionary," said Jason Truppi, director of security company Tanium and a former FBI investigator.
"Over time we have learned that it did not work, to be reactive, not precautionary"
Jason Truppi said that we should not think that government and industry are working together to protect themselves from various online threats. In fact, he says the trade and government are working on very different agendas and the result is a hopeless confusion.
To share information about threats for example, the government encourages businesses to share vulnerabilities. But businesses are increasingly reluctant to share data if it exposes them to wider risks, such as a bad reputation that will send customers running for cover.
The fact that companies have INFOSEC teams does not seem to have such serious results. Truppi, who has now moved to the commercial sector, said companies are still trying to hire security specialists, but stick to false warnings and panic management.
A single false alert can last many days of the year, he warned, and a senior management that does not understand such themehe may miss several days when the team deals with a non-serious alert. Stock market scams are one such case.
The traditional view states that hackers will try with fake pages to cheat transactions, but Truppi argued that this tactic is old. It is much easier and much more profitable to use insider trading to make money than to try with fake transactions that can be checked before payment.
All that is needed is an unsecured endpoint, the former agent said. After that the keys are theirs. Staff compliance rules do not help much, as they are about yesterday's threats.
But dealing with incidents from the IT department with so much false information about threats results in fatigue, and that means they burn in the heat…
The big picture
The biggest illusion in computer security is the belief that businesses, and the government, know what they are doing, said Jason Truppi.
Five years ago everyone thought the big financial companies knew what they were doing to lock up their bank accounts.
At least banks are better than most businesses, according to Jason Truppi. Too many companies believe that if they have a disaster recovery plan, it does not work that way.
Είμαστε μόνο ακόμα σε αρχικά στάδια επιθέσεων distributed denial of service (DDoS), δήλωσε o Jason Truppi. Θα δούμε μεγάλες διακοπές στο Internet, thanks to IoT botnets that will be able to take down entire sections of the Internet.
"A Mirai botnet could download over the internet for long periods of time," he warned. And don't expect these fancy AI systems to secure you. "
