NICK ESPINOSA CIO of BSSi2 Professional Hacker Member of the - - PowerPoint PPT Presentation

nick espinosa
SMART_READER_LITE
LIVE PREVIEW

NICK ESPINOSA CIO of BSSi2 Professional Hacker Member of the - - PowerPoint PPT Presentation

Dec 03, 2022 468 likes •647 views

T HE F IVE L AWS OF C YBERSECURITY N ICK E SPINOSA C HIEF S ECURITY F ANATIC Chief Security Fanatic of Security Fanatics NICK ESPINOSA CIO of BSSi2 Professional Hacker Member of the Forbes Technology Council Regular contributor

slide-1
SLIDE 1

THE FIVE LAWS OF CYBERSECURITY

NICK ESPINOSA CHIEF SECURITY FANATIC

slide-2
SLIDE 2

NICK ESPINOSA

  • Chief Security Fanatic of Security Fanatics
  • CIO of BSSi2
  • Professional Hacker
  • Member of the Forbes Technology Council
  • Regular contributor for Forbes.com & Smerconish.com
  • Co-author of an Amazon Best Selling book “Easy Prey”
  • Nationally syndicated radio show host of “The Deep Dive”
  • TEDx Presenter
  • Board Member | College of Arts and Sciences, Roosevelt

University

  • Board Member | Center for Information and

Cybersecurity

  • Board Member | Bits N’ Bytes Cybersecurity Education
  • Board Member | KEEN Chicago
slide-3
SLIDE 3

WE HAVE A SERIOUS PROBLEM ON OUR HANDS

  • The general population has a healthy percentage that are ignorant of

how unsafe the infrastructure around them can be. Consider:

  • 27% don’t know that Public WiFi can be unsafe
  • 52% have no idea that Ransomware involves criminals encrypting their data for

ransom

  • 61% don’t understand that “Private Browsing” doesn’t shield them from their ISP

tracking them

  • 86% don’t know that a VPN helps minimize risks of insecure connections!
  • 89% can’t identify what multi-factor authentication is when given screenshots!!
slide-4
SLIDE 4

NERDS, DON’T THINK WE’RE OFF THE HOOK HERE EITHER!

  • The general population has a serious problem with technology interactions

and IT/Cybersecurity personnel:

  • Surveys show that only 37% of people trust major tech companies with their data
  • Studies show that while people love tech they dread calling for technical support EVEN if

they know their tech support person

  • Only 38% of people think that technology has benefited them personally
  • The #1 problem cited by people for IT and Cybersecurity interactions with support is the

use of jargon and confusing terminology

  • If we cannot talk to our personnel and even our friends about Cybersecurity how can we

begin to fully defend them!?

  • We NEED a common language understood by all!
slide-5
SLIDE 5

LAW NO. 1: If There Is A Vulnerability, It Will Be Exploited

slide-6
SLIDE 6

LAW #1: IF THERE IS A VULNERABILITY IT WILL BE EXPLOITED

  • There Are NO EXCEPTIONS here!
  • Humanity’s history is full of examples of this: Consider the

bank!

  • A hacker’s mentality is the key to understanding the

motivations for this law

  • Examples translate into the non-technical world: Ever think

about automatic tollbooths?

  • Life Hacking is everywhere!
slide-7
SLIDE 7

LAW NO. 2: Everything Is Vulnerable In Some Way

slide-8
SLIDE 8

LAW #2: EVERYTHING IS VULNERABLE IN SOME WAY

  • People can’t trust us because people keep getting

breached!

  • Hardware development is hit constantly (Spectre! VPNFilter!)
  • Software has caused some of biggest breaches of all time

(Equifax!)

  • IoT development has seen some major disasters over the years
  • Our homes, offices, coffee shops, airports, hotels and on and on

can get everyone compromised

slide-9
SLIDE 9

LAW NO. 3: Humans Trust Even When They Shouldn’t

slide-10
SLIDE 10

LAW #3: HUMANS TRUST EVEN WHEN THEY SHOULDN’T

  • We need to understand why humans trust before we can

examine this one in depth.

  • Cognitive Trust – based on our knowledge and evidence about we

choose to trust

  • Affective Trust – based on emotional ties with others and the

confidence we place in our interactions

  • Object Permanence reinforces our trust mechanisms
  • If we break down what a hacker does into a single concept it’s this:

Hackers exploit trust!

slide-11
SLIDE 11

LAW NO. 4: With Innovation Comes Opportunity For Exploitation

slide-12
SLIDE 12

LAW #4: WITH INNOVATION COMES OPPORTUNITY FOR EXPLOITATION

  • With evolution and innovation in technology comes

evolution and innovation in hacking

  • As IoT explodes in popularity, and device population, we have

serious development challenges in terms of cybersecurity

  • Increased competition to be the next “game changer” comes with

corner cutting to the detriment of us all

  • We can’t ever forget the pacemaker!
  • When the next Mirai hits, not “If”
slide-13
SLIDE 13

LAW NO. 5: When In Doubt, See Law No. 1

slide-14
SLIDE 14

LAW #5: WHEN IN DOUBT, SEE LAW NO. 1

  • No matter what the concerns or problems with

Cybersecurity are, they ALL stem from a vulnerability of some kind

  • This is human nature!
  • We need to start thinking like hackers if we’re going to stop them
  • Reinforce this common language to non-technical people
  • We need to build a global herd immunity for Cybersecurity!
slide-15
SLIDE 15

The Framework We All Fall Into:

THE FIVE LAWS OF CYBERSECURITY

Law No. 1: If There Is A Vulnerability, It Will Be Exploited Law No. 2: Everything Is Vulnerable In Some Way Law No. 3: Humans Trust Even When They Shouldn’t Law No. 4: With Innovation Comes Opportunity For Exploitation Law No. 5: When In Doubt, See Law No. 1

slide-16
SLIDE 16

THANK YOU!

Keep Up with the latest in Cybersecurity at:

/NickAEsp *DAILY VIDEOS! /in/nickespinosa *DAILY VIDEOS! /NickAEsp *DAILY VIDEOS!