You can NO LONGER prevent a cyber attack, but you CAN prevent the business impact and cost. What costs money is the breach, not the attack in itself.
"Secure Your Bottom Line: The Forgotten Cybersecurity Battleground" was a presentation given at the 2019 Silicon Valley Code Camp CyberCrimeExperts.org to help software developers secure the weakest link, their own devices. It's also a call to assist in implanting a new generation that is aware of the drastic affect of default passwords to incentive them to design sourcecode and IoT devices that don't have such a master key nor default password that is not enforced to change.
MAIN TAKEAWAYS:
* Espionage has moved from physical to stealing technology to copy (like the Chinese J31 program and commercial C919)
* Don't store master keys or any passwords in your github or source code. Stored encrypted is better, but not having either is best.
* Stolen passwords is everywhere, which makes cloud not that secure if you are reusing passwords or your own computer is not secure (regardless of your IT's efforts). 94% of data breaches had an Antivirus (not Next Generation Endpoint Protection with Intrusion Prevention System) and a high-end Firewall. Github ransomcloud had developers either pay the ransom or risk having their sourcecode published as open-source :(
* A few tools to protect your source code or storing you device's processes in a database to query for any anomalies (if you love databases)
* Default passwords on routers allowed one group to take over 500,000 US home routers and redirect DNS requests, and taking over 10s of millions of IoT devices with default passwords attacked the internet in 2016. The bad guys have a lot more power now! So stop developing devices with default passwords, and think twice before plugging anything to the network or your machine.
* Don't write passwords in spreadsheets and on your computer. They're safer on a paper, but not on your screen! Try password managers for passwords you use the most, but understand what tool you're using and secure that very well.
* Make sure your laptop is encrypted, a stolen or lost laptop can cause a data breach.
* Passwords are so cheap on the dark web, know what your have out there.
* Wifi devices connect to the strongest link. Use hotspot from your phone instead of public wifis, or at least use a know VPN and not the cheapest (you paying them to store your traffic).
* Validate phone encryption and privacy, know what apps you're installing on work phones regardless of how famous they are. We are looking for companies to perform research on new phone privacy techniques.
* CCPA (The California Consumer Privacy Act) is due in January 2020 and most companies haven't even heard about it. As a non-profit, we are looking for companies to have open dialog about ways to reduce an impact of a cyber attack or data breach. It is similar to GDPR, and enforcement can be either by the Attorney General or class-action lawsuit.
18. CA’s Senate Bill 1386 Effective July 2003
•CA Breach Notification Law: “immediately following discovery”
•Federal Breach Notification Laws: Notification shall be made without
unreasonable delay, but no later than 90 days after the discovery of a
breach…
CyberCrimeExperts.org
19. CA’s Senate Bill 1386 Effective July 2003
•CA Breach Notification Law: “immediately following discovery”
•Federal Breach Notification Laws: Notification shall be made without
unreasonable delay, but no later than 90 days after the discovery of a
breach…
CyberCrimeExperts.org
26. Topics:
• What threats are you facing
• How to keep your source code and career safe
• CCPA Privacy Law & Open Discussion
CyberCrimeExperts.org
27. CCPA Privacy Law – In Effect Jan 1st 2020
•Real Name or Alias
•Biometric Information
•Network activity, including IP Address and other online identifiers
•Geolocation
•Products or services being considered or purchase history
•Electronic activity, including search & browsing history
•The right to be forgotten in backups (restoring after deletion)?
•Fines up to $2500 or $7500, plus per-consumer damages $100-$750
CyberCrimeExperts.org
28. 10/20/2019
Secure Your
Bottom Line:
The Forgotten Cyber
Battleground
by Adam Sbeta
Cyber Security Analyst & Speaker
AdamS@CyberCrimeExperts.org
LinkedIn & Twitter @AdamSbeta
Facebook & LinkedIn @CyberCrimeExperts
Text your email to
(510) 830-1312
