Once upon a time, I went to a talk on cybersecurity at Chicago Ideas Week. Here’s what I learned from the former commissioner of the NYC police department, a Harvard Law professor, the global head of cybersecurity at Palantir, the cofounder and CTO of HackerOne, the founder and CEO of WISeKey, and the general counsel for Wikimedia:
1. Cyberterrorism hasn’t actually happened yet — but when it does, it may come in the form of a spider.
While you’re washing your face, a cyberterrorist can remotely instruct a spider-shaped drone to inject you with lethal poison, crawl out your window, and self-destruct — all before you open your eyes.
2. Unauthorized access is usually gained by exploiting weaknesses in people, not software.
It’s far more practical to socially engineer private information out of people than it is to gain access to protected networks.
If I wanted to hack your email, I could talk to you about my mom having the weirdest maiden name ever, hoping you’ll mention your mom’s maiden name during the conversation. If you do, I’ll be able to answer your secret question and force a password reset.
3. Anyone can buy a Denial of Service attack.
The going rate on the Deep Web is $150. The average damage to attacked businesses? $40,000/hour (Incapsula).
4. Facebook has 1.3 billion products.
They’re you, me, and everyone we know. Facebook sells what we “Like” to advertisers for more effective targeting.
5. Hackers: they’re just like us!
Criminal hackers are not as sophisticated as you think. Most of them have bosses, budgets, and impending carpal tunnel, too.
While the security risk landscape is vast, it’s knowable. We just have to be smart.
Tip: Make it as annoying as possible for a hacker to access your information through things like dual-authentication. They’ll most likely move on to someone with the password “admin”.