Next week I’m attending Def Con 24.Work isn’t sending me; I’m taking vacation to go with my friends. Because that is what nerds do. DefCon is something I’m doing for my own professional development (and enjoyment!). One of the hottest topics in cloud these days is cybersecurity. There’s good reason for that: ransomware is so prevalent that now it is even available as a service.
Yes, RaaS (Ransomware as a Service) is a real thing. If deployed into an organization’s data structures, these viruses encrypt all of the org’s files and demand a ransom to send the key to decrypt the data. What a nightmare if you haven’t hardened your systems as NIST (the US National Institute of Standards and Technology) Cybersecurity Framework has been urging us to do since 2003!
DefCon and the history of computer malware and viruses
At DefCon, I find myself remembering what is was like to be a sysadmin and have to deal with the Sasser virus. It definitely disrupted business, and took a combination of user training and isolating (and nuking) machines to get rid of it. I started wondering: how long have we been dealing with the impact of viruses? Most timelines of computer virus histories date destructive viruses and worms back to the 1970s. Some of the events were accidental, the result of unintended consequences of a well-meaning program or script. But once it was evident that you could cause mischief, or even real damage with these sorts of programs, people started writing them with malicious intent.
Skip to today, when people are rapidly adopting cloud as at least part of their infrastructure, and the impact ransomware and viruses have on the trust that’s required to allow a cloud provider to host your critical services and apps. The ICIT (institute for Critical Infrastructure Technology), a cyber-security think tank, wrote a very informative Ransomware Report that points out (with examples from several verticals) that ransomware works because our economies rely on our systems and on the information contained inside of those systems for day-to-day operations to run smoothly.
Why are we still struggling?
If this has been going on since the 70s, why are organizations in this predicament? Are we just not as vigilant as we once were? Our end users have certainly changed. They used to be afraid to purchase items online, and now they are willing to give up their personal information in exchange for free access to online sites that offer a wide range of services.
It’s bad enough that infrastructures and end devices are targeted, but what happens when malicious actors move on to IoT devices? Are any of us prepared to deal with that threat?
Getting answers to some of these questions is why I’m excited to be attending DefCon. I believe the best way to learn new technology is to break things (the US Government agrees!), and I find myself (re-)learning the things I need to lock down before I even land in Vegas, so my things don’t get broken by others! J
I’m looking forward to learning from field hardened experts at sessions such as “Phishing without failure and frustration” (teaches you what the successful phishers do so you can protect your org), and “Beyond the MCSE: Red teaming and Active Directory (I’m hoping what it says on the label), and lots more.
This conference always re-energizes me, makes me remember that what we do as IT professionals is important, and how important it is to always keep those skills fresh. After all, the world depends on us to build the systems that store their data, manage it, keep it safe, and restore it if the unthinkable happens.
How are you keeping your skills fresh?