Today, I am blogging from the Black Hat Convention, which prides itself in putting delegates face-to-face with the people on the cutting edge of network security.
This morning’s keynote was delivered by Shawn Henry, a gentleman whose credentials include former executive assistant director of the FBI.
Henry kicked off his discussion pointing out the similarities between physical threats and cyber threats, noting how both can be thwarted with the right intelligence. For instance, knowing that “a woman with short brown hair and a tattoo on her ankle is about to bomb XYZ Company’s car manufacturing plant” is a bit more helpful than knowing “a woman, somewhere, is going to wage an attack.”
Shawn is right: if we can have more intelligence about the people that might attack us, then we can be better prepared to stop them. If we better understand our data and how our data puts us at risk, we can begin to understand who might find this data valuable and what methods they might use to obtain it. Once we have a better sense of who our data attackers are, we can get a better sense of how to keep our data safe.
It reminds me of some advice I gave to a friend who was traveling to the UK for the Summer Olympics: “Sure, bring your laptop, but leave everything you have on it at home.” This is one of the reasons why everyone should have a back-up storage device. If someone steals your laptop, and it’s devoid of many years worth of financial and other personal data, all you’re losing is a laptop.
The lesson here in security-speak is, understand the threat so you can proactively mitigate the risk. In layman’s terms, if you know somebody is after your wallet, put it away. Intelligence means being able to predict who might attack us and how, but it also means being smart about defending our vulnerabilities. If hackers are actively trolling the Internet for data with which to harm us, we should limit the amount of data we put out there.
This may be common sense, but if a former FBI man felt he had to remind us to be mindful of our defenses, perhaps it’s advise many of us still fail to take.