The 2017 Consumer Electronic Show brought another year of specialized gadgets, high-end televisions and drone technology to Las Vegas. But one aspect of the show’s platform ties these and other artifacts of the interconnected world together: cybersecurity. The show was slated to end Sunday, before press time, but we talked to the experts about what was planned for this year.
Arlington, Virginia-based CyberVista brought the topic center stage with its second Cybersecurity Forum. The all-day program was to focus on several topics, including new threats the industry faces, regulation and law enforcement, the Internet of Things security challenges and the importance of implementing protocols from the executive level.
The topics were planned for individual sessions at The Venetian on Jan. 5 — each led by experts from the public and private sector. Some of the names included Suzanne Spaulding, undersecretary at the Department of Homeland Security, and Eddie Schwartz, president and chief operating officer of White Ops Inc., a provider of advanced cybersecurity detection and prevention services.
Amjed Saffarini, CEO of CyberVista, said a cybersecurity forum was missing from CES before his company launched the program in 2016.
CyberVista is an education company that focuses on training and workforce development in cybersecurity, especially executive-level training. Saffarini said his company offers on-site and off-site training to a variety of company leaders, in the U.S. and on a global scale.
The group doesn’t try to shape executives into tech gurus, but it does try to bring literacy on the subject to main players of an organization.
As an education company, Saffarini said CyberVista’s approach to cybersecurity problems differs from many solutions out there that include solving security issues with technology solutions. CyberVista focuses more on training.
He used the idea of a phishing attack, which usually starts with an email that looks as though it’s from a legitimate source. Once opened by an unsuspecting employee, the attack begins.
“You have a people problem, and you’re treating it with technology,” Saffarini said. “That’s not really very helpful. We look at things a little bit differently.”
Topics from this year’s forum: In 2015, China was accused of hacking into the U.S. Office of Personnel Management. In 2016, Russia allegedly brought threats to the U.S. elections.
“They’re trying different things; they’re doing different things. It’s different actors that are doing those things. But effectively, the recipe with how you deal with it is largely unchanged,” Saffarini said. “It does start at the top. It does start with executive literacy.”
Jonathan Davies, founder of the Southern Nevada Cybersecurity Alliance, said during his career as a cybersecurity professional he’s spent much of his time teaching employees what to watch for during their daily work routine.
He referred to the tactic as social engineering, which is the attempt to get an employee to open an email or text message, possibly loaded with malicious code.
“They’re trying to get you,” Davies said. “They will implement tactics like a sense of urgency to try and persuade you to bypass rational thought to click that link.”
Once you let a hacker in, there’s not much you can do to stop it.
“This is what I tell my clients, no firewall in the world is going to stop something that’s legally allowed,” said Troy Wilkinson, CEO and co-owner of Axiom Cyber Solutions, a Las Vegas-based cybersecurity company. “If your employee says that’s OK; the firewall can’t say that’s not OK.”
Davies, through SNCA, is trying to fill a gap with an educated workforce in cybersecurity. According to a study by Intel Security, in partnership with the Washington, D.C.-based Center for Strategic and International Studies, a bipartisan, nonprofit policy research organization, U.S. companies had 209,000 unfilled positions in the sector in 2015.
SNCA, in partnership with Western Governors University, on Jan. 7 announced two $10,000 scholarships for members of law enforcement looking to enter the field or enhance their skills.
On the technology side, Wilkinson, with Axiom, focuses on creating cost-effective solutions for small to medium-sized businesses with firewall hardware and 24/7 system-monitoring services.
Wilkinson’s background was in IT forensics and cyberterrorism investigation, which he developed through his years at the State Department and the U.N.
One of the biggest threats to companies is ransomware. That’s one threat he sees increasing this year.
“First and foremost is ransomware; I think it’s going to continue to rise to new variants,” Wilkinson said. “The money is there and people are paying, so hackers are going to continue that.”
Wilkinson sees two other cybersecurity threats in 2017: First, a continuation of social engineering tactics such as phishing; and second distributed denial of service attacks, where hackers use devices to overload a server with information, or packets. Once flooded, the network goes down.
The effectiveness of this type of attack was apparent in October, when hackers took advantage of the new world of the Internet of Things. Hackers took over several items such as baby monitors, webcams and thermostats to attack Dyn — a company that helps people connect to websites. For days, major services such as Netflix, Twitter and PayPal were affected by the outage.
Wilkinson said these devices pose a large threat.
“The manufacturers left backdoors, default user name and passwords,” he said. “The best thing to do, when you have any device, is to change that default user name and password, secure it yourself.”
The Internet of Things or IoT, is also hitting other aspects of large industries, including health care and even gaming.
“One of the things we saw in the last forum was a lot of interest from casinos and security teams associated with them,” Saffarini said.
This interest also extended into other aspects of the gaming world, including gaming manufacturers and suppliers, Saffarini said.
Saffarini said there are threats to any industry, even in manufacturing, which is often automated.
We are on the verge of a new era in IoT, with bigger consequences.
“It’s the degree to which interconnectedness, in our devices, is now percolating into the can’t-get-it-wrong territory,” Saffarini said.