Jason Truppi: Why do hackers win the game of security?

Jason Truppi: Delusions are what can cripple government and industry's ability to fight cyber threats, says former member of s FBI netsec who spoke to security B-Sides. The B-Sides convention was held in San Francisco.

Society is working under the illusion that governments and businesses make rational decisions about computer security, but reality is another: bad management, and a false belief in the power of technology that can save.Jason Truppi

"The government is very reactionary," said Jason Truppi, director of security company Tanium and a former FBI investigator.

"Over time we have learned that it did not work, to be reactive, not precautionary"

Jason Truppi said that we should not think that government and industry are working together to protect themselves from various online threats. In fact, he says the trade and government are working on very different agendas and the result is a hopeless confusion.

For the exchange of information on threats, for example, the government encourages businesses to share vulnerabilities. But businesses are increasingly reluctant to share data if it exposes them to wider risks, such as a bad reputation that will make customers run by trying to protect themselves.

The fact that companies have INFOSEC teams does not seem to have such serious results. Truppi, who has now moved to the commercial sector, said companies are still trying to hire security specialists, but stick to false warnings and panic management.

A single fake μπορεί να διαρκέσει πολλές από τις μέρες του χρόνου, προειδοποίησε, και μια ανώτερη διοίκηση που δεν κατανοεί τέτοια τα he may miss several days when the team deals with a non-serious alert. Stock market scams are one such case.

The traditional view is that hackers will try fake pages to trick transactions, but Truppi argued that this tactic is outdated. It is much easier, and much more profitable, to use insider trading to extract money than to attempt fake transactions that can be verified before .

All that is needed is an unsecured endpoint, the former agent said. After that the keys are theirs. Staff compliance rules do not help much, as they are about yesterday's threats.

But dealing with incidents from the IT department with so much false information about threats results in fatigue, and that means they burn in the heat…

The big picture

The biggest illusion in computer security is the belief that businesses, and the government, know what they are doing, said Jason Truppi.

Five years ago everyone thought the big financial companies knew what they were doing to lock up their bank accounts.

At least banks are better than most businesses, according to Jason Truppi. Too many companies believe that if they have a disaster recovery plan, it does not work that way.

We are only still in early stages of distributed denial of service attacks (DDoS), said Jason Truppi. We will see big internet holidays thanks to IoT botnets that will be able to download entire sections of the Internet.

"A Mirai botnet could download over the internet for long periods of time," he warned. And don't expect these fancy AI systems to secure you. "

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).