Can we ever be one step ahead of the hackers
cyber crime industry
is way bigger than the cyber security
industry
let me explain cyber security industry
is a 180 billion dollar industry
whereas the cyber crime industry is more
than six trillion
this is equivalent to the gdp of
australia canada brazil and south korea
all put together or the equivalent work
of google amazon facebook and apple
the one guarding the internet the good
guys white hats
on the other side the bad guys black
hats
the hackers this shows that people are
not assets
only good people are assets the world of
hacker consists of people who write and
sell exploits in the dark web
for as less as 50 dollars and all these
transactions
are also very anonymous because of
bitcoin
in fact there a very popular hacker joke
where did the hackers go
i don’t know they ran somewhere
every single day half a million malware
is written in the dark web
in fact most of the darkweb forums have
become the alibaba and amazon of the
cyber crime industry
to fight big wars you need to have deep
pockets
with all these statistics you clearly
know who’s winning
but i feel intellectual capital will
always term financial capital
let me explain if you see the top three
nations
in terms of cyber attack traffic lb
united states
china and russia the cyber investment by
all these nations
is enormous but still they get hacked
every single day not only nations
even corporations see some of the top
hacks
2013 yahoo attack where 3 billion user
accounts were compromised
2016 mirai iot botnet attack
which was ddos based 2017
wannacry ransomware attack if you see
all these attack patterns you’ll
understand that
defending all the time is not easy there
has to be a better strategy
before we get into the solution zone
let’s try to understand what this
world of hackers look like this how they
look like
christopher warren hassell the world’s
youngest hacker
at the age of five he broke into
microsoft xbox security
ruben paul at the age of nine
he had his own cyber security firm
but i wonder if kids can do this what
about the experts
and two more stats see the world average
of hacker
it’s 25 years old and most patents
awarded to people
are below 26 years common denominator
youth a child grows to curiosity
and so does hacker and curiosity is a
never-ending game
be finding the depth of ocean or
reaching mars
what starts off as a computer hobby
turns into unethical hacking
and that’s where the problem begins even
if you see the world’s most
famous hacker kevin mitnick in his
childhood days he was drawn by the world
of magic
again common denominator curiosity
i think there are only three reasons why
hackers do what they do
money fame activism
if you see some of the hacker lifestyle
swanky cars multi-million mansion
would want to give it up at a very young
age
some hacker groups hack into rival
hacking groups and pose their
credentials in the dark web
gives them fame in their hacker
community
for few money is not a motivation
ideologies this activist group
hack into government websites and post
their credentials
and messages all over in public or
they give access to citizens to
government-censored websites
anonymous is one of the hacktivist group
known
i think the world needs a technology
where even if a slight
evil idea comes into anyone’s mind
the keyboards should get locked and the
screen
should get blacked out well sharing some
startup ideas
well now that we understand the cyprus
world
can we ever be one step ahead of this
hackers game
well there are no silver bullets but
definitely a solution approach
i propose a three-prong approach
software coders
government schools universities and
social awareness
let’s start with software programmers
software coders
are the heart of every application that
is built today
software coders build the code but don’t
imagine how it can be misused
so the question is can every code be
trusted
because even a bad code can function
hence i propose a campaign that should
be run in mnc’s government institution
schools
it says secure everything you build
coders need to write defect-free
software
and this depends on the quality of
professors it depends on the
quality of schooling system
and this vicious cycle needs to be fixed
first
see if you are an atheist you need to
know what is religion right
so if you want to be a good hacker you
need to know how a bad hacker thinks
because even a bad hacker thinks like a
coder first
you know one can argue that the bad
hackers keep you at check
because that will help you get a good
software code
i met vitalik buterin in may 2017
in india who’s the inventor of open
source blockchain ethereum
who brought in the concept of smart
contracts we had some deep conversation
about the future of blockchain
he said every new version of software
that comes in
disrupts the earlier version to bring a
better product
this is how evolution will happen made
me think
why don’t all the software coders open
source their
product in the world and tell everyone
to break their code this will bring in
good coding practice
not just coding see
software will become smarter and
the day they become self learning will
be very difficult to control them
so the focus should be on upscaling the
resources
in cyber security alone 4 million jobs
are still vacant
because of lack of quality resource
the second pillar government university
schools
i think the real education happens once
you leave university design school
and the problem is when you leave
schools and university and join the
corporate world
you’re bound by policy regulations
and you end up doing only ethical
penetration testing
on the other side hackers are
independent free and available as
hackers
for higher program in the dark web most
of them
also offer 24x7 support can you believe
that
so the question is why in schools
ethical hacking is not taught
schools should focus on difference
between cyber legal and illegal
schools should teach students critical
thinking
and logical reasoning this will help
them identify vulnerabilities when they
reach the corporate world
establishments should penalize as well
as incentivize
for effective measures three
initiatives can be done we need more of
bug bounty programs and hackathons
this is the best economic incentive that
can be offered
this can drive two purpose okay at least
make sure the good ones
don’t join the bad hacker and since the
bulk bounty programs are lucrative
least it can entice the bad hackers to
come on this side
some of the bug bounty programs offer a
million dollar in reward
programs like tesla and facebook bounty
programs are
quite popular we need more of
ethical hacking schools in the world
this is the best educational incentive
that can be offered to students who want
to
take cyber security as an elective
why not have something called as cyber
credit rating in the world
citizens can be rewarded for good cyber
behavior in the internet
we need to also penalize for
accountability sake
and this can be done through regulations
see jurisdiction of cyber attack is very
difficult to find
because hackers operating multiple
countries keep hopping in different
regions
laws can fix this successful laws like
gdpr in the european union has shown
that
you know regulations can be outcome
driven
we need more of these regulations we
need more
replications of models of estonia and
israel
if you see models like israel they’re
far ahead in cyber security
some of the initiatives like after
school cyber program
is superb see i’ve spent a lot
of time in cyber security space in
various continents
and i still see most of the critical
government institutions
using outdated softwares
there is an immediate need to modernize
infrastructure and also plan to
de-risk the core business
15 years back i did a course on
cryptography
and network security under professor
bernard meneses
and those days is to calculate the
number of years it will take to crack
algorithms like rsa aes
two years back i met professor again he
was so happy to tell me that
he and his team has cracked the aes
algorithm
such a proud moment for me made me think
quantum computing will disrupt
encryption
and when it gets commercialized and it
falls into the wrong hands
it will be very difficult to control the
hacker’s world
the question is can we write better
quantum encryption
the third pillar social awareness
i think people need to understand that
surveillance is the business model of
the internet
this will help them accept the risk way
before
they go to the internet social media
manipulation
to influence buying behavior and
influence election
is well known you know case of cambridge
and aldegar
most of the mobile games and defect apps
might have malware in it so be very sure
of what you download
from the internet see cyber security is
taken as a very
complicated subject so why not bring in
gamification into the space
to add a little bit of fun element so
that
awareness spreads in the masses
see by 2030 50 billion devices would be
connected through iot
in terms of things in fact internet of
things
will be way bigger than the oil economy
and when the whole world gets connected
it’d be very difficult to digitize
trust i met bruce scheiner
the technology expert
of cyber security i met him in
paris in november 2013
for the isf world congress
i asked him is iot the real threat to
the world
and mind you this was way before the
mirai iot attack
it will mean when the world is connected
through devices
two things will happen the world will
change both economically
as well as socially made me think
imagine this you get up in the morning
and your fridge tells you
transfer 500 if you want to unlock me
or the car that you’re driving is
controlled by ai bot
and accidents happen and someone dies
see there will be elements of hacking in
every part of your life
in coming years the only proactive
strategy
is to have a security mindset security
should be in your dna
this is the only way to deal with
hackers
and hence i propose this cyber movement
which propagates this idea of proactive
security strategy the
benefits of this initiative is far
utilitarian
because imagine if you run this campaign
in schools
due to students the parents get educated
and hence mother and we all know once
women do better
economies do better and forget about my
mother clicking into
certain email phishing links even
corporate employees do it
so this problem is absolutely deep
rooted
we need to tell everyone that you know
never trust
always verify do you really want to
connect to any free public wi-fi
think about it i hope this three-prong
approach
is debated and celebrated and discussed
everywhere in the society
because it about debating and
celebrating differences
of all my experience in the cyber
security world
i’ve realized that cyber security is a
shared responsibility
private public partnership along with
responsible institutions like itu
and icann all coming together can fight
this evil
else they will keep controlling you for
the rest of your life
see today 60 percent of the world is
internet
when the remaining 40 percent comes in
the internet and the world becomes
completely digital
only a good hacker can save the world
see you don’t need to manufacture
missiles if there are no wars
so if no war is influenced don’t need to
sell the machinery
because guns don’t hurt people people
hurt people
well i think we all need to think
like a hacker to be one step ahead of
the game
we need to think counterintuitive
only by thinking like a hacker you can
not only be a good programmer
but you can also have a good security
mindset to change humanity
and think like a hacker is like playing
chess
you have to anticipate the opponent’s
move way before
because if you’re predictable you can be
defeated
lastly we are debating quantum computing
today
tomorrow there will be some other
technology which will disrupt quantum
computing
so there is no winning this
technological war
the only way to beat this is by having a
strong
security mindset because hackers
hack people of technology
thank you