Web's Bad Guys Prey On Lack Of Knowledge
Hackers, crackers and purveyors of malware take advantage of IT security managers who don't communicate, including to users of their own networks.
That's the word from Patrick Gray, principal security strategist at Cisco Systems Inc.
Gray, a 20-year veteran of the FBI before his Cisco post, gave an amusing, entertaining talk on the deadly serious subject of IT security threats Wednesday on the first day of Secureworld Expo Detroit at the Ford Conference and Event Center in Dearborn.
"You are a target for the baddies," Gray said. "It doesn't matter who you are, where you are, how big you are, you are on the Internet, and therefore you are a target."
What are they after? Your intellectual property, your credit card numbers, your employees' personal information -- basically anything and everything in your network.
Where are they? Russia tops the global list, where they're just in it for the money. China is second, where they're in it for geopolitical advantage. Brazil, Israel and the United States round out the top five malware generator countries.
How do they get at the stuff? Gray said malware is no longer just an e-mail problem -- it is now embedded in malicious Web sites, fake software updates, fake age-18 confirmations, fake coupons and fake antivirus programs.
Gray said IT managers must make "human firewalls" out of the "98 point six degree piece of protoplasm that sits between the keyboard and the chair" through constant education. "If users are clueless, it's our fault they're clueless," he said.
IT managers are famously reluctant to network and communicate with users. They need to get over that -- including communicating more regularly and more meaningfully with the users of the networks they manage. After all, the bad guys network ferociously, trading tips and best (or would that be worst?) practices.
Mobile applications and Web 2.0 have proven to be fertile ground for the bad guys, too.
Mobile apps mean corporate and government users now expect their data to be anywhere, on any device, with a rich experience. As a result, the border of the network has disappeared.
As for Web 2.0, half a billion people are now on Facebook -- many doing really stupid things, like putting their full address on their Facebook page with a picture of their house, and then announcing they're about to leave on a two-week vacation to Hawaii.
"How about telling them when you get back from Hawaii?" Gray implored.
But even with the best defenses, Gray said, "every network represented in this room today will be touched some day by a bad guy." He urged those attending the conference to use the training and post-hack support provided by the FBI's Infragard organization to prepare and react afterward.
Secureworld Expo Detroit concludes Thursday. Around 300 people attended Wednesday.
(c) 2010, WWJ Newsradio 950. All rights reserved.