We see it in the news almost everyday -- a retail company, hospital or even our government and voter systems got hacked. Their customers' emails, phone numbers, addresses and credit card numbers are out there in the darkness awaiting a proper exploit. Everyone wants answers.
But, as we focus on the next threat and try to secure artificial intelligence, the Internet of Things and other nascent technologies, a panel of Austin's top cybersecurity experts said the cybersecurity industry is still mostly grappling with old school phishing tricks and mind-bogglingly simple social engineering scams.
The panel, put together by Austin cybersecurity advisory group Manifest for a meet up at Impact Hub on North Lamar, seemed to agree that, as the world digitizes, millions of users aren't yet up-to-speed on common scams -- let alone sophisticated attacks. And many companies still haven't dealt with the basic intrusions either.
For example, many of the ransomeware attacks companies in Austin and beyond have fallen for started with a hacker sending a crafty email that enticed an employee to open an attachment.
With that groundwork in mind, let's hear a powerful take on the topic from Kris Lamb, who is the VP and general manager of cloud security for Austin-based Forcepoint, a globally-recognized cybersecurity company.
"Threats dictate where the industry grows, it dictates the entrepreneurial ideas and that is not where we are as an industry and it's not where we are in terms of an entrepreneurial or opportunity to do your own thing right now," he said.
He said that dynamic has led to a retraction in some types of cybersecurity investing. But, he said, it's all cyclical, and there's still opportunity out there as threats old and new emerge.
Joel Scambray, technical director at NCC Group, said software vulnerabilities remain at the root of most of our security problems.
“Until we become adults about manufacturing software responsibly, none of these problems are going to get better,” he said.
And, he agreed, it's still largely about day-to-day email.
“Email is still the worst problem that we have,” he said. Hackers might try breaking through software. But, in the end, they'll shift to social engineering by phishing with email.
“It’s human nature," he said. "Who can’t avoid opening the attachment or link?”