Takeaways from Hack NYC 2018
“For me, the biggest take away from this event was how well organized the hacking world is,” says Tade Reen, Talener’s Information Security Business Development Manager. Reen attended Hack NYC at Microsoft’s NYC headquarters last week to learn more about various types of cyber-attacks and situations that organizations are dealing with today.
“Every minute of every day, the ‘bad guys’ are developing new ways to compromise networks and applications, while the ‘good guys’ are constantly trying to figure out how to stop them,” explains Reen.
As companies and governments go completely digital, the security risks are almost unquantifiable. It’s a game of cat and mouse; where the mouse has a highly organized infrastructure that rivals many companies and governments.
Many of these hacking operations are in Eastern Europe and across Asia. But don’t expect dark basements or dodgy back alleys. The majority of these operations occur in office suites full of employees who are on payroll and have insurance plans. Many maintain similar lives to your standard sales role; meeting KPIs and generating revenue for the organization. High performing hackers are rewarded with the best working hours, including the holiday shopping season or hours when purchasing traffic is high (especially in the United States). The competition is fierce.
An event speaker broke down his experience covering, guarding, and shadowing one specific hacker in the Ukraine. The speaker’s client, a big box retailer, hired him to defend their system against this single hacker. Like playing defense in a one-on-one game of basketball, he had to anticipate the hacker’s next move to ensure he was a step ahead.
Security breaches in financial institutions or eCommerce are at the forefront of everyone’s mind. But there are much scarier implications to these types of hacking incidences. In the medical technology field, Reen noted, “Hospital systems can be easily compromised. From patient records to digitally ordering & mixing IV medications, these new systems and practices open the medical community up to potentially deadly threats.”
One session described how, at the push of a button, doctors can digitally input IV medications. This means that hackers could replace an intended medication with any cocktail of their choosing. In 2016, a case from the Hollywood Presbyterian Medical Center proved just how easily hackers can digitally lock down their target. A hacker demanded 40 Bitcoin (approximately $17,000) after seizing control of the hospital’s systems. Due to the gravity of the situation, the hospital paid the hacker to regain access.
This case was one of many that prompted a wave of cyber-attacks. In 2017, WannaCry, a widely known ransomware worm spread through networks across the world. It infected computers and encrypted files, paralyzing users until ransoms were paid. One widely publicized WannaCry attack locked down the UK’s National Health Service.
Companies are digitizing at a record rate; making the opportunities for hackers endless. Information security experts are in high demand and a step behind. The days of filing cabinets and floppy disks have been replaced with cloud-based servers and mobile tap-to-pay. Every day presents new challenges and tests the information security industry’s ability to outwit, outpace, and outlast a new generation of highly-organized hackers.