During DefCon in Las Vegas every year, hackers
and security experts look to expose the real-world vulnerabilities that plague
financial institutions and other major companies. This year was more of
the same, as the technology behind stealing personal information evolves just
as fast, if not faster, than current security measures.
A two-day contest during DefCon led
to embarrassing incidents related to employees at some large corporations turning
over information they should have kept private. In one such incident, a
participant was able to convince an employee he was a part of the IT
department, and she began to explain her PC and how it was configured.
The provided information from the worker would
make it even easier for a criminal to compromise the PC -- and possibly enter
the company's network -- just because of a few minutes of carelessness over the
phone.
According to event organizers, software giant
Oracle turned over the most amount of information, while AT&T, Apple, Delta
Air, Symantec, and other companies were also put to the test.
This is an important lesson for U.S. companies
trying to better improve their networks from foreign attacks, as the number of
cyber attacks continues to increase. In addition to increasing cyber
security efforts, these companies must be vigilant about what their employees
are doing when connected to the Internet.
Even the "DefCon Kids village," aimed at
helping younger children learn how to hack and manipulate code, offers a
glimpse into how the next generation is being prepared. For criminal
organizations originating in Eastern Europe and China, this type of effort has
already been well under way for a few years now -- and governments and
companies across the world have noticed.
Although some outsiders criticized this new
direction, it's this new generation that could help
close the cyber gap, security experts counter. Software makers are
now forced to release products that are functional and secure from cyber
intrusion, even though this has proven to be relatively difficult as of late.
Repeated cyber attacks against South Korea --
many of the attacks originating from China and North Korea -- have led to a new
set of security standards that Korean companies must abide by.
So-called "social engineering" also is
another problem, in which criminals will phish for information via e-mail and
social networking sites. After impersonating a friend or trusted
colleague, criminals will trick users into downloading a virus or hijacked
website.
The battle between cyber criminals and
companies/governments trying to protect information will never end.
Independent criminals and organized cyber groups are able to have extremely
easy access to confidential information they can use and sell to U.S. rivals.
