In our times it’s well established that the perimeter is the end point but my theory is that you are the perimeter. As a security professional I am often asked what my forte is as a ‘hacker’ and I will tell you, I am a life hacker, a human hacker. The truth of the matter is that hacking a person is always easier than hacking a machine.
Lets look at ‘Threat Intel’ for human hacking vs machine hacking and why compromising a person is so much easier. Generally speaking systems are engineered for security (humor me). Sure lots of systems are easy to exploit and with poor design networks are easy to penetrate. A few network protocols will yield lots about the hosts they connect to, or even the user using the protocol.
But not like a person will. With some kind words, a drink, a well crafted email. I can flatter, trick, taunt, or tantalize my way into a company. I don’t need password crackers and fancy tools; I need the same tools (against the same security) that have existed for all time. Even look to our favorite narcissistic toy, Facebook or Linkedin. Where I can find your kids names, and birthdays, your mothers maiden name, your fathers middle name, your dogs name, need I continue?
No people are much easier, without a natural suspicion and distrust humans are trivial hacks. So how do we help this?
I think we have to help people, not just educate (preach at) but really design systems that help them not be so open (I know I need it). Everything in today’s gadget driven world is open, made to be ‘easy’, connecting for free, instantly syncing. I realize the cost is convenience, but what’s the real price of that luxury?
So far the cost is ransom ware on my TV, thermostat, or in my car. The cost is a loss of trust with my doctor, bank, and with my gadgets (no I’m a luddite remember). Do you trust the Internet or online banking, or basically anything on this gadget? (you shouldn’t).
This is preventable.