Computer hacker silhouette of hooded man with binary data and network security terms
Leo Lintang, Getty Images/iStockphoto
"The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown."
The hooded hacker hunches over a clacking keyboard, face illuminated by the dim and flickering glow of a monitor. He punches a button and executes the code. He lurks in the dark. He's a monster with the power to annihilate people, governments, and companies.
For most people, the archetypical anonymous and malcontented hacker is as mythological as ghosts and goblins. For enterprise companies, SMBs, and government agencies, however, hackers and hacking teams represent a terrifying threat. According to a recent ZDNet report, the average corporate hack costs companies $4 million. Hacking can can also damage a brand and expose employees and customers to privacy risks.
Cybersecurity experts warn that large-scale, coordinated cyber-strikes targeted at essential infrastructure, like last week's Dyn DDoS attack, could cost the economy billions of dollars in lost productivity and potentially harm individuals.
We spoke with several cyber-defense executives about cybersecurity worst-case scenarios. Each executive—CTO and SVP of customer care and co-founder of security analytics company LogRhythm, Chris Petersen, CEO and Chairman of RedSeal, Ray Rothrock, Corey Williams, Senior Director of Products and Marketing of Centrify, and Domingo Guerra, co-founder and president of Appthority—expressed cybersecurity concerns about the burgeoning IoT market, vulnerabilities with the electric grid, and mobile malware.
When attacked, TechRepublic ordinarily advises companies to follow damage-mitigation best practices. In the spirit of Halloween, however, let your fears run wild with these hacking horror stories.
Could someone die or be injured from a hack?
Chris Petersen: Someone could absolutely be killed from a hack, and it is possible someone already has been. We've known for years that medical devices are vulnerable and could be taken over by a malicious actor operating within a hospital's network, who could easily tamper with life support or drug infusion systems, killing someone in the process. What is unique about hacking as a weapon though, is that a killing blow can be thrown from thousands of miles away. If someone hasn't already been assassinated via a targeted hack, it is only a matter of time.
Ray Rothrock: Unfortunately, yes. Car hacking has been demonstrated. Shutting down power to a hospital can threaten lives. Network-connected healthcare devices can be misused. IoT is a new frontier with new risks - the things we're putting on the internet range from convenience devices for comfort and lighting to life-sustaining devices like pacemakers and other medical implants.
Corey Williams: Wearables are deceptively private. Owners may feel that due to their ongoing proximity to the body, they're less likely to fall into the wrong hands. However, hackers don't need to take physical possession of a device to exploit a hole in security. The best news is that solutions already exist that can easily wrap wearables into the identity management picture.
Domingo Guerra: While most hacks aren't life threatening, successful hacks have been executed on a pacemaker, a radiation machine (to give higher than prescribed doses), IV drip therapy devices, etc. Naturally, any attack that alters the operation of life-dependent devices or doses of life-saving drugs puts people at risk of death.
What is the real-world, material threat of a cybersecurity hack?
Ray Rothrock: Exactly the same as the results of Stuxnet. A purely digital attack, carried on a USB stick, caused an industrial controller that had control of a real-world spinning centrifuge to misbehave. A purely digital disruption caused cracking and failure of real equipment processing real Uranium. These are well engineered attacks. In the west, we have nuclear power facilities, fuel processing plants, oil refineries, chemical plants handling toxic substances, dry cleaning facilities, even old-world manufacturing plants dealing with paints and carpets, and the noxious chemicals that go with them. Any and all of these include digital devices that can cause real world damage if connected to a network that is not resilient.
Corey Williams: For example, the Springfield, Illinois, water utility hack from Russia in 2011 destroyed a primary water pump. The hackers stole the usernames and passwords from a third-party vendor that maintained the control software for its customers, and then used those credentials to gain remote access to the utility's network and reconfigure the pump for
Leo Lintang, Getty Images/iStockphoto
"The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown."
The hooded hacker hunches over a clacking keyboard, face illuminated by the dim and flickering glow of a monitor. He punches a button and executes the code. He lurks in the dark. He's a monster with the power to annihilate people, governments, and companies.
For most people, the archetypical anonymous and malcontented hacker is as mythological as ghosts and goblins. For enterprise companies, SMBs, and government agencies, however, hackers and hacking teams represent a terrifying threat. According to a recent ZDNet report, the average corporate hack costs companies $4 million. Hacking can can also damage a brand and expose employees and customers to privacy risks.
Cybersecurity experts warn that large-scale, coordinated cyber-strikes targeted at essential infrastructure, like last week's Dyn DDoS attack, could cost the economy billions of dollars in lost productivity and potentially harm individuals.
We spoke with several cyber-defense executives about cybersecurity worst-case scenarios. Each executive—CTO and SVP of customer care and co-founder of security analytics company LogRhythm, Chris Petersen, CEO and Chairman of RedSeal, Ray Rothrock, Corey Williams, Senior Director of Products and Marketing of Centrify, and Domingo Guerra, co-founder and president of Appthority—expressed cybersecurity concerns about the burgeoning IoT market, vulnerabilities with the electric grid, and mobile malware.
When attacked, TechRepublic ordinarily advises companies to follow damage-mitigation best practices. In the spirit of Halloween, however, let your fears run wild with these hacking horror stories.
Could someone die or be injured from a hack?
Chris Petersen: Someone could absolutely be killed from a hack, and it is possible someone already has been. We've known for years that medical devices are vulnerable and could be taken over by a malicious actor operating within a hospital's network, who could easily tamper with life support or drug infusion systems, killing someone in the process. What is unique about hacking as a weapon though, is that a killing blow can be thrown from thousands of miles away. If someone hasn't already been assassinated via a targeted hack, it is only a matter of time.
Ray Rothrock: Unfortunately, yes. Car hacking has been demonstrated. Shutting down power to a hospital can threaten lives. Network-connected healthcare devices can be misused. IoT is a new frontier with new risks - the things we're putting on the internet range from convenience devices for comfort and lighting to life-sustaining devices like pacemakers and other medical implants.
Corey Williams: Wearables are deceptively private. Owners may feel that due to their ongoing proximity to the body, they're less likely to fall into the wrong hands. However, hackers don't need to take physical possession of a device to exploit a hole in security. The best news is that solutions already exist that can easily wrap wearables into the identity management picture.
Domingo Guerra: While most hacks aren't life threatening, successful hacks have been executed on a pacemaker, a radiation machine (to give higher than prescribed doses), IV drip therapy devices, etc. Naturally, any attack that alters the operation of life-dependent devices or doses of life-saving drugs puts people at risk of death.
What is the real-world, material threat of a cybersecurity hack?
Ray Rothrock: Exactly the same as the results of Stuxnet. A purely digital attack, carried on a USB stick, caused an industrial controller that had control of a real-world spinning centrifuge to misbehave. A purely digital disruption caused cracking and failure of real equipment processing real Uranium. These are well engineered attacks. In the west, we have nuclear power facilities, fuel processing plants, oil refineries, chemical plants handling toxic substances, dry cleaning facilities, even old-world manufacturing plants dealing with paints and carpets, and the noxious chemicals that go with them. Any and all of these include digital devices that can cause real world damage if connected to a network that is not resilient.
Corey Williams: For example, the Springfield, Illinois, water utility hack from Russia in 2011 destroyed a primary water pump. The hackers stole the usernames and passwords from a third-party vendor that maintained the control software for its customers, and then used those credentials to gain remote access to the utility's network and reconfigure the pump for
