Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Black Hat Handed CIOs Plenty to Think About

    Written by

    Eric Lundquist
    Published August 5, 2013
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Black Hat hacker conference saw nearly 8,000 digital security pros talking, hacking and holding press briefings on the latest security holes in the corporate armor.

      Smartphones were hacked and demonstrated to act as secret recorders relaying your conference room discussions to outside listeners. Sensors running in manufacturing plants and on oil pipelines were remotely hacked and ordered to shut down. WiFi networks were compromised and had all their traffic redirected as users’ browsing habits and passwords were stolen.

      These were just demonstrations on a stage, but the message was clear: The new era of smartphones and the Internet of Things can be a dangerous place to do business. It is enough to make a CIO long for the days when the biggest security threats were passwords written on sticky notes attached to computer monitors or the “Stoned” virus that made PC screens images jiggle.

      While the new threats are real—although at times overblown as the white hat hacker economy depends on a questionable relation between hackers wanting to turn their digital cracking prowess into a business and vendors who want to keep bad publicity to a minimum—CIOs and corporate technology execs need to focus on the big security picture rather than sink into a morass of fixing every new vulnerability. Here are some lessons learned from attending this year’s Black Hat conference.

      The expanding digital world means expanding digital danger. Smartphones, sensor-based networks and new computing devices create new, mobile business opportunities but also new vulnerabilities. Vendors tend to talk up the opportunities more than the risks. But CIOs need to perform a risk assessment for each new round of devices joining the corporate network. The central security role belongs with the CIO and is a good reason why new technologies should require a centralized approval process.

      Creating a security process is more important than buying the latest security product. The discovery of security holes and vendors offering fixes is a continuous loop. Creating a process where security is part of the daily, weekly and annual technology evaluation and investment is difficult when you are rushing about trying to patch the latest leak, but it is the only way to get out of the race.

      Cloud computing is a permanent piece of the enterprise infrastructure. Customers are evaluating whether or not to build their own cloud, mixing private clouds with outside public clouds or moving entirely to the public cloud. Every customer has to find their own solution.

      While much of the cloud discussion centers on costs, that is the wrong tack. Customers also need to include cloud security in their deliberations. The range of cloud security offerings is as wide as the assortment of cloud infrastructure offerings, and should be evaluated and tested.

      Taking some time to make sure you and your users are applying the privacy and security settings already included in products is a good place to start. While advanced digital criminal organizations are indeed a real and growing problem, a lot of corporate leaks still take place because users (even IT administrators) employ easily guessed passwords, don’t use mobile security dual authentication procedures, or don’t change passwords and security settings regularly. This all falls into the category of making sure you lock down your stuff with the current tools available.

      The year’s Black Hat and DEF CON represented a community in turmoil. The careful ballet between hackers and government officials was upset by the National Security Agency surveillance leaks. Vendors are more frequently bypassing the public leak revelation process and providing bounties for hackers to find weaknesses in their products.

      Meanwhile, hackers also have to keep up with the new products and services out there. Knowing a lot about hacking personal computers is not much in demand when that market has gone mobile. How this turmoil will play out is still in process, but customers and CIOs need to look at those trends and consider how their companies should react.

      Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008, authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article. All duties are disclaimed. Lundquist works separately for a private investment firm, which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.

      Eric Lundquist
      Eric Lundquist
      Since 1996, Eric Lundquist has been Editor in Chief of eWEEK, which includes domestic, international and online editions. As eWEEK's EIC, Lundquist oversees a staff of nearly 40 editors, reporters and Labs analysts covering product, services and companies in the high-technology community. He is a frequent speaker at industry gatherings and user events and sits on numerous advisory boards. Eric writes the popular weekly column, 'Up Front,' and he is a confidant of eWEEK's Spencer F. Katt gossip columnist.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.