Insights from Collision: Alex Stamos on cybersecurity

Professor Alex Stamos, the director of the Stanford Internet Observatory, began Collision 2021 with a question and answer session on developments in cybersecurity.

Alex Stamos

Alex Stamos is a cybersecurity expert, business leader and entrepreneur. He’s working to improve the security and safety of the internet through his teaching and research at Stanford University. Before joining Stanford, Alex served as the chief security officer of Facebook and Yahoo.

Private hacking groups

Sophisticated private hacking groups formed in recent years because key hackers learned they can earn tens of millions of dollars with ransomware and other attacks. The groups started as side gigs. They quickly realized that the number of hacking opportunities has exploded far beyond large companies and government departments. Every organization is now a hacking target.

Current and former employees of Russian and Chinese government-sponsored hacking organizations founded most of these private hacking organizations. That’s how these groups acquired the same advanced hacking skills that government-sponsored hacking organizations accumulated over the past decade.

Private hacking groups are forcing us all to improve our cybersecurity.

SolarWinds hack

The SolarWinds hack is the primary product of Russian state-sponsored espionage that began years ago. The Russians inserted brilliantly designed, custom-built malware into the software package build process. SolarWinds distribution provided the Russians with about 18,000 targets that are all large corporations and government agencies.

Unfortunately, we don’t have enough qualified security personnel to fix the problems caused by this Russian hack. It will take quite a while to identify and remove all the malware that the Russians installed. No one should think that the discovery of the SolarWinds hack means it’s almost history.

Security of IoT devices

Many IoT devices are easy targets for hacking. Consumers should quit buying IoT crap. Too many IoT devices will never be patched because they can’t be patched or their owners are not managing them at all.

Many enterprises are starting to insist on security features in the IoT devices they buy. Unfortunately, consumers are not paying attention to the security of their IoT devices. As a result of this divergence of attention, IoT devices will remain easy hacking targets for many years to come.

Managing our personal security risks

We all need to quit reusing passwords for multiple accounts. These recurring passwords are an invitation to identity theft. To achieve this goal, we all need to use a password manager.

We should all implement OpenDNS, NextDNS or any of their competitors in our homes to raise the level of security.

Secure login certification

We can’t tell how well or poorly any company is managing our login credentials. Apple and Google are moving toward federated login identities. I hope that in the future, we will identify ourselves strongly to one or two identity providers. Our chosen provider will then certify who we are to all other participating organizations.

Face ID offers the considerable advantage that nothing leaves our personal devices. There’s nothing for hackers to steal. Impersonation is almost impossible.

Non-fungible token (NFT)

I’m amazed that some people are paying millions of dollars for these tokens. NFTs are a scam. There is no legal framework around NFTs that regulates how they work and how transactions are protected. There’s no blockchain involved to protect the parties. Sellers may be violating securities laws because the issuers of NFTs are not selling something of value.

What ideas can you contribute to help organizations strengthen their cybersecurity defences? Let us know in the comments below.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Yogi Schulz
Yogi Schulzhttp://www.corvelle.com
Yogi Schulz has over 40 years of Information Technology experience in various industries. Yogi works extensively in the petroleum industry to select and implement financial, production revenue accounting, land & contracts, and geotechnical systems. He manages projects that arise from changes in business requirements, from the need to leverage technology opportunities and from mergers. His specialties include IT strategy, web strategy, and systems project management.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight