[Music]
we head home after a long day at work
fire up your computer you’re ready for a
long evening of well-earned and largely
meaningless web surfing until you see a
terse message that says all your files
have been encrypted all your documents
photos videos and databases are
unaccessible suddenly your heart starts
to beat a little fast your head starts
to spin you realize something is very
very wrong you start to think like most
human beings wait a second
this is supposed to happen to other
people not to me now that I’ve got your
attention I’m John Dixon I’m a cyber
security professional and for the last
20 years I’ve been helping really large
companies protect themselves from the
attacks of a rogue’s gallery of hackers
and black operatives and all these bad
guys and what I’ve learned over the last
20 years is that even at this point
after all the headlines we still
struggle as individuals as individual
users to protect ourselves this thus was
the case last May May 2017 when the one
a cry ransomware attack occurred across
the world about 230,000 computers and
about 100 countries were locked out many
of you know about this after about a
week we kind of whistled through the
graveyard and most of our clients were
okay we were good at the end of the week
I get a call from my parents they said
hey could you come over after work I
think we’ve had a problem and sure
enough they got hit that was the bad
news good news is I went over there and
spent the whole evening with them they
had backed up everything so it wasn’t
catastrophic but as our evening wound
down my mom asked me a question she said
what could we have reasonably done to
protect ourselves
you see my mom’s a a layperson a
civilian so to speak she’s not an IT
person she’s not a security person she
has no idea about the behind-the-scenes
Titanic struggles between the blackhat
attackers and the white hat defenders
her question really not on me for a long
time and it brought up a bigger question
which was how could regular users
reasonably protect themselves against
increasingly sophisticated cybersecurity
attacks the problem is really it starts
with us right here’s a truism the
attackers the hackers so to speak they
know that if they exhaust all their
technical means they will go after the
weakest link that’s us that’s the users
that means that before you fix the
internet before we fix the web before we
do all the technical stuff in about
behind the scenes we’ve got to fix our
own behaviors online and to that end I
like to introduce you to this concept of
what I call the resilient user the
resilient user is an individual who
through it implements a series of habits
a series of practices online that make
themselves less susceptible to hacking
it’s very simple that means a series of
technical means like protecting
themselves by making sure their systems
are updated that could also mean be much
more mindful online because many of this
behaviors if they have many of the
actions actually put themselves in a bad
position and then finally that can mean
for individuals to protect their private
information and and guard it jealously
because guess what attackers do they use
that private information against us to
craft their attacks so that’s the
challenge before we go into it let me
just say I get us a hands up to see how
many people saw the free underscore TEDx
underscore Wireless that was out there a
few y’all that was this guy for the
record that this is the Wi-Fi pineapple
what the Wi-Fi pineapple is is a I’ll
use the term oddity device what it does
is that some pretty cool things it sets
itself up as a wireless access point or
a rogue or fake wireless access point
and will do things like look at all the
traffic that you have going through
after you connect to the internet you
know what else it does it will sit there
and watch all your traffic and log it it
will also look at all the other wireless
access points you view attached to and
download all the credentials for those
all the usernames and passwords of all
the other wireless access points you’ve
done so the key point here is people
looking for wireless internet will hop
on these things mindlessly
and put themselves into a very difficult
position
so what I’d ask you to do is to really
think about and steal a concept from the
physical world I’ve been struggling
about this how do you how do you get
regular users to stop doing these things
and I really latched on a term an idea
around defensive driving because
defensive driving is something we all
understand we all understand the two
second rule about putting yourself at
putting a cushion between you and the
driver in front of you you understand
not to put yourselves in risky positions
and you largely put yourself in
dangerous environments and survive those
dangerous environments every day I
thought about that when I drove from
Denver to Vail two days ago for example
with so-so I can’t think of a more
fitting metaphor for the online world so
we’ve got to pull those concepts and
start to make those habits as users to
become much more resilient so let me
talk to you about the resilient user and
what that means becoming resilient user
first of all I talked about technical
means what I mean by that simply is you
need to be obsessive like I am about
updates you need when you see those
little updates to come on your iPhone or
on your computer yes a few of those are
feature requests are new features most
of them these days or security patches
it’s those patches that not applied put
you at a weakness and allow attackers to
come in
and exploit your systems I mean none of
us would jump on the road knowing
full-well or the brakes were pretty
shaky I sure as heck wouldn’t do that
drive again if I knew my brakes were
shaky I wouldn’t drive at night if my
taillights didn’t work but somehow many
of us will hop on the internet if they
haven’t updated their Windows computer
that is the almost the exact same
metaphor as you’re putting yourselves at
risk to the latest malware and the
latest attacks that are out there you’re
putting yourself at a structural
disadvantage the second thing I would
throw out there is backing up can you
think of a more unsexy topic these days
than backing up your stuff but guess
what if it weren’t for the backing up my
peers would have lost everything and
with ransomware and getting much more
sophisticated much more pervasive if you
have everything backed up online or some
other means that type of event is not
catastrophic so the second concept I
want to throw in there is this one of
mindfulness what I mean by mindfulness
is really the pregnant pause the the
consciousness of when you’re online you
know being a little bit of paranoid
which I know is an antithesis to this
conference but to be to maybe say no to
the
to say no to that link that your friends
sent you but what I mean is a level of
thought they an approach to the way you
conduct yourselves online because again
the attackers know if they can’t get you
technically they will come after you and
they are incredibly smart these days so
things like trusting your intuition if
something looks fishy err looks bad it
probably is absolutely it probably is so
it’s okay to say no in this instance the
other thing I would throw out there is
really around protecting your private
information you wouldn’t believe how
much stuff is out there I don’t know how
many people have done an audit of their
online profile and the things that are
out there on flink tin Facebook and
other sites but we had a client several
years back who used a private bit of
information for all of his domain
registries so all of his website domains
and it was his favorite vacation spot
was the secret that the GoDaddy had and
everybody else had and sure enough the
attackers just kind of did a little bit
of research and call back in and said
favorite vacation spot Oh at San Diego
and they rerouted all of their websites
to a neo-nazi site I think it was at the
time that’s not really hacking that’s
just really not being mindful and not
protecting the private data so here’s a
bit of advice
you know those shared secrets you have
to do for banks and stuff like that you
don’t have to tell the truth so my first
girlfriend think about that my first
girlfriend was Marilyn Monroe my first
car was a Lamborghini and so you start
to think that way I mean you don’t have
to put down the actual answers that are
true that people can research so you so
again a mindset change here right so let
me just wrap up really quickly and say a
couple of things first of all if you
read the headlines you could get that
you could perceive that
we’re losing this battle right and
there’s some good days and bad days
every day there seems to be another
breach story but I would argue that as
individuals that if you apply some of
these concepts of resilience you will
change now lots of power between the
attackers in the attacked if you if you
really implement and become obsessive
about those updates if you really are
much more mindful about what you do
online and if you guard your private
data very preciously
you’ll make it harder for the attackers
to do their job it’ll make it harder for
them to steal information to steal your
data steal your money and I think
that’ll make the world a better place
thank you
[Applause]
[Music]
[Music]
we head home after a long day at work
fire up your computer you’re ready for a
long evening of well-earned and largely
meaningless web surfing until you see a
terse message that says all your files
have been encrypted all your documents
photos videos and databases are
unaccessible suddenly your heart starts
to beat a little fast your head starts
to spin you realize something is very
very wrong you start to think like most
human beings wait a second
this is supposed to happen to other
people not to me now that I’ve got your
attention I’m John Dixon I’m a cyber
security professional and for the last
20 years I’ve been helping really large
companies protect themselves from the
attacks of a rogue’s gallery of hackers
and black operatives and all these bad
guys and what I’ve learned over the last
20 years is that even at this point
after all the headlines we still
struggle as individuals as individual
users to protect ourselves this thus was
the case last May May 2017 when the one
a cry ransomware attack occurred across
the world about 230,000 computers and
about 100 countries were locked out many
of you know about this after about a
week we kind of whistled through the
graveyard and most of our clients were
okay we were good at the end of the week
I get a call from my parents they said
hey could you come over after work I
think we’ve had a problem and sure
enough they got hit that was the bad
news good news is I went over there and
spent the whole evening with them they
had backed up everything so it wasn’t
catastrophic but as our evening wound
down my mom asked me a question she said
what could we have reasonably done to
protect ourselves
you see my mom’s a a layperson a
civilian so to speak she’s not an IT
person she’s not a security person she
has no idea about the behind-the-scenes
Titanic struggles between the blackhat
attackers and the white hat defenders
her question really not on me for a long
time and it brought up a bigger question
which was how could regular users
reasonably protect themselves against
increasingly sophisticated cybersecurity
attacks the problem is really it starts
with us right here’s a truism the
attackers the hackers so to speak they
know that if they exhaust all their
technical means they will go after the
weakest link that’s us that’s the users
that means that before you fix the
internet before we fix the web before we
do all the technical stuff in about
behind the scenes we’ve got to fix our
own behaviors online and to that end I
like to introduce you to this concept of
what I call the resilient user the
resilient user is an individual who
through it implements a series of habits
a series of practices online that make
themselves less susceptible to hacking
it’s very simple that means a series of
technical means like protecting
themselves by making sure their systems
are updated that could also mean be much
more mindful online because many of this
behaviors if they have many of the
actions actually put themselves in a bad
position and then finally that can mean
for individuals to protect their private
information and and guard it jealously
because guess what attackers do they use
that private information against us to
craft their attacks so that’s the
challenge before we go into it let me
just say I get us a hands up to see how
many people saw the free underscore TEDx
underscore Wireless that was out there a
few y’all that was this guy for the
record that this is the Wi-Fi pineapple
what the Wi-Fi pineapple is is a I’ll
use the term oddity device what it does
is that some pretty cool things it sets
itself up as a wireless access point or
a rogue or fake wireless access point
and will do things like look at all the
traffic that you have going through
after you connect to the internet you
know what else it does it will sit there
and watch all your traffic and log it it
will also look at all the other wireless
access points you view attached to and
download all the credentials for those
all the usernames and passwords of all
the other wireless access points you’ve
done so the key point here is people
looking for wireless internet will hop
on these things mindlessly
and put themselves into a very difficult
position
so what I’d ask you to do is to really
think about and steal a concept from the
physical world I’ve been struggling
about this how do you how do you get
regular users to stop doing these things
and I really latched on a term an idea
around defensive driving because
defensive driving is something we all
understand we all understand the two
second rule about putting yourself at
putting a cushion between you and the
driver in front of you you understand
not to put yourselves in risky positions
and you largely put yourself in
dangerous environments and survive those
dangerous environments every day I
thought about that when I drove from
Denver to Vail two days ago for example
with so-so I can’t think of a more
fitting metaphor for the online world so
we’ve got to pull those concepts and
start to make those habits as users to
become much more resilient so let me
talk to you about the resilient user and
what that means becoming resilient user
first of all I talked about technical
means what I mean by that simply is you
need to be obsessive like I am about
updates you need when you see those
little updates to come on your iPhone or
on your computer yes a few of those are
feature requests are new features most
of them these days or security patches
it’s those patches that not applied put
you at a weakness and allow attackers to
come in
and exploit your systems I mean none of
us would jump on the road knowing
full-well or the brakes were pretty
shaky I sure as heck wouldn’t do that
drive again if I knew my brakes were
shaky I wouldn’t drive at night if my
taillights didn’t work but somehow many
of us will hop on the internet if they
haven’t updated their Windows computer
that is the almost the exact same
metaphor as you’re putting yourselves at
risk to the latest malware and the
latest attacks that are out there you’re
putting yourself at a structural
disadvantage the second thing I would
throw out there is backing up can you
think of a more unsexy topic these days
than backing up your stuff but guess
what if it weren’t for the backing up my
peers would have lost everything and
with ransomware and getting much more
sophisticated much more pervasive if you
have everything backed up online or some
other means that type of event is not
catastrophic so the second concept I
want to throw in there is this one of
mindfulness what I mean by mindfulness
is really the pregnant pause the the
consciousness of when you’re online you
know being a little bit of paranoid
which I know is an antithesis to this
conference but to be to maybe say no to
the
to say no to that link that your friends
sent you but what I mean is a level of
thought they an approach to the way you
conduct yourselves online because again
the attackers know if they can’t get you
technically they will come after you and
they are incredibly smart these days so
things like trusting your intuition if
something looks fishy err looks bad it
probably is absolutely it probably is so
it’s okay to say no in this instance the
other thing I would throw out there is
really around protecting your private
information you wouldn’t believe how
much stuff is out there I don’t know how
many people have done an audit of their
online profile and the things that are
out there on flink tin Facebook and
other sites but we had a client several
years back who used a private bit of
information for all of his domain
registries so all of his website domains
and it was his favorite vacation spot
was the secret that the GoDaddy had and
everybody else had and sure enough the
attackers just kind of did a little bit
of research and call back in and said
favorite vacation spot Oh at San Diego
and they rerouted all of their websites
to a neo-nazi site I think it was at the
time that’s not really hacking that’s
just really not being mindful and not
protecting the private data so here’s a
bit of advice
you know those shared secrets you have
to do for banks and stuff like that you
don’t have to tell the truth so my first
girlfriend think about that my first
girlfriend was Marilyn Monroe my first
car was a Lamborghini and so you start
to think that way I mean you don’t have
to put down the actual answers that are
true that people can research so you so
again a mindset change here right so let
me just wrap up really quickly and say a
couple of things first of all if you
read the headlines you could get that
you could perceive that
we’re losing this battle right and
there’s some good days and bad days
every day there seems to be another
breach story but I would argue that as
individuals that if you apply some of
these concepts of resilience you will
change now lots of power between the
attackers in the attacked if you if you
really implement and become obsessive
about those updates if you really are
much more mindful about what you do
online and if you guard your private
data very preciously
you’ll make it harder for the attackers
to do their job it’ll make it harder for
them to steal information to steal your
data steal your money and I think
that’ll make the world a better place
thank you
[Applause]
[Music]
[Music]
Please follow and like us: