Black Hat and Def-Con 2013: Hack all the things!

Leave your laptop at home, shut down your phone and venture into the world that is Hacking versus Security. Leading up to the world’s biggest hacker conferences, there were plenty of warnings about how all but the most secured devices would be easy prey to hackers eager to prove their skills among their peers. People familiar with the conference warned me of rogue WIFI access points tapping your every move, illegal mobile phone hubs and networks that are teeming with probes, scanners and designer viruses. Is this the reality that is looming ahead for us all? Will we all quietly resign to the fact that Information Technology will never be secure? Because if there is one thing that becomes clear at a conference like this: indeed all things can be hacked, from a trivial printer to the most advanced information systems. And if all else fails, we can attempt to ‘socially engineer’ our way into a system by using information from Facebook and Twitter. We know all this, rationally, but somehow we ignore it or say to ourselves ‘Yes, but we are really not an attractive target”, right? On the other side of the fence, the defense, there is a lot of hope and ambition. We can let code run in containers, virtual machines or use strict rules about what behavior is allowed or not. We can encrypt or obfuscate and we can hide behind many layers of security software. But in the end, there is no 100% guarantee. The consensus is: You will be hacked! So what does this mean for Business Technology? If anything: Security (and the closely related concept of Privacy) should be as main-stream as testing, version control, interface design and all other elements that are part of our industry. Are your systems, data and people secure by design?