About the talk
Bill Dunnion’s background includes working for the Canadian Government on IT and access infrastructure but now works in a cyber security role at Calian. Bill’s talk covered the “new world” of cyber security and how complex the monitoring of cloud applications, mobility, Internet of Things (IoT), and Platform-as-a-Service (PaaS) models has made everything. He also spoke about where the responsibility for security may lie within organizations.
When I was asked to go to present a kind of said well, what do you want to talk about? And I said, well I see security and they said well, what what does it security mean? What's a very good question. I mean it security is huge. And so I thought about it and it happens. There was something kind of funny that happened on the way to the conference. I was going through customs and yeah, I'm Canadian. Eh, I mean I saw the cameras. I know you're using facial Rec. So you've already he already knew who I was before I even got into line with facial record up my homeland security
profile file. So you already know my family my friends where I live. My security clearance is my border crossings for the last little while. You know, what was that information? And then with my travel reservation you already know where I'm coming from where I'm going, you know, whether I'm a security risk or not. So again, I ask you why do you need to see my ID and much to my surprise? He didn't like that response very much. And so they invited me to have a much longer in-depth conversation about it in a private room. But that said I made it through and
that story kind of is a light-hearted way of kind of summarizing the issues in the dilemmas facing organizations today. But before we get into some of the solutions, let me know. I look at the issue of the problem a little bit more. Digital transformation. What does it mean? I like a lot of things digital transformation is going to mean different things to different people. So for the gray hairs in the room like me May understand to remain remember terms like process re-engineering business transformation workflow automation Others May resonator
relate to a different terms, like data center design user-centric design data Lakes social media and regardless of whether you're looking at a paperless office or if it's a little bit more modern like a scene out of The Minority Report where you've got interactive displays and screens that are prevent that that are presenting customized and personalized content is as you walk up. There's no denying the fact on the volume of data that's available today. And this is the day that the huge desire that organizations are
looking to try are trying to gain a competitive Advantage by analyzing that data. And if that's not enough, let's take a look at 2018 and what an internet minute has to has to offer. So in one minute on the internet around the world in 2018. There were 18 million tax. I'm pretty sure half of them came for my kids. There were 187 million emails. error 3.7 million Google searches 973000 Facebook logins over 266000 hours of content reviewed on Netflix. Are over $863,000 spent on online shopping and all this is just in one minute. So for those of you keeping score at home that works out to
1.24 / 1.2 for a billion dollars spent online each and every day in this quest for the almighty dollar organizations are looking for an edge and that Eng Edge is Insight on what is it? What is it what it is or what? We'll take it what it will take to separate you from your money. And the key to that inside is data. So a lot of these Services they did they used to describe two and you working with on a daily basis. A lot of these services are free. I mean, all you need to
do is input a little bit of information a little bit of data and you've got access to that service. Propose put this to you. If the service is free, then really you are the product. If you think about that for a moment. You're willing to give away all kinds of information. I think everybody's probably here from out of town. You're probably staying at hotel. Think about this how many people have posted about the meal they had last night for the mule this morning or the view from their room or posted something about the conference all
of this information and all of this data is it can be used to identify who you are and I and where you are and what you're all about. I mean it's a little bit foreign to me, but it's so many people are willing to give away their most intimate information online for free and they're talking about their friends online. They're talking about their family their likes or dislikes their opinions their swipes both left and right. I've been heard about a new service that is matching pets to touch the needle home and you can swipe left or right on the dog and where the cat so all of
this information is being posted in your giving it away freely. So with that in mind. You can start to think about from a security standpoint how difficult that is. If you're willing to give all this away all of this information away for free. Well then, how can you protect what's really important? So if we shift from some of these online social feeds to something that might be a little bit more near and dear. So let's say is pick up a bank account with a bank. You may want to take out a loan. You may want to set up a new account. What is her information? Are they
getting to they have to give you or do you have to give them to its it to get it started while you're going to need your date of birth? You're going to need your address. You're going to need some of your employment history a family situation. And so if we shift over for a second, we look a little bit closer. If you look at that list, and then you think about some of the information that you may post kind of online freely just so people will know who they were to build a Golem in a trust in order to work it to achieve what what it is that your company's paying
you to do. You notice I challenge you to tell me the difference between let's say the question said that your financial institutions asking you to set up your account or the information that that you're posting for your online profile. And I just put this up just at illustrator to highlight that the line is being blurred between what public domain and what's private and if that line is so blurred. Well, then it kind of highlights the challenge that that organizations face today when it comes to information security.
Because if you think about it on one hand, we're giving all of this information away on the other hand whenever breach happens were very quick to vilify those organizations that failed to keep there at that information safe. Ain't that if you think about it others all of the big names, right everything from Yahoo to Equifax to Walmart to the list goes on and they have all this information and all the sudden. It's out in the open for the bad guys to use against us. But
then when you think about it half of that information you're posting online for out for the world to see so kind of highlights why Security today is so important. So where did we come from? And I think Donovan kind of ended up. Well, I kind of set the stage there was a way that that that in this case Microsoft was doing things in software development and they've been forced to change. I feel like it organizations today. There's a traditional bricks-and-mortar type of organization and security was done
in a certain way in the international environment. You've got your building your it closet is in that room. Your network is in that room. If you want to get access to the to your company resources while you showed up to the work I said to the office in the morning you logged in He when you're done you logged out then the way you laugh and everything stayed the inside that that building. But the world is changing. So now we're in a day and age where Uber is the largest taxi provider and they don't own a single car today. Airbnb is the largest hotelier and they don't own a single property.
So every organizations and companies are changing. still in this world where Everybody is connected all the time. How does security change in order to keep pace? So what's the lowest common denominator while information or data is the lowest common denominator whether it's On-prem with it's in the Datacenter whether it's in the cloud dokkan Jewels for any organization now is information or data and so it would be Jose organizations to protect data wherever it exists or wherever lives.
so I happened in on a conversation not too long ago was pretty cool. So the Chief Information Security Officer ran out to the CEO and he was so excited. He goes 8 teams are working hard on this for a long time and I'm very happy to report that we've narrowed down the threats facing our organization to two groups. Te'o's ecstatic. He says great only two groups. That's awesome. Tell me more what we've narrowed the threats down to those that work for us. I know she don't. I wish point the
conversation took a dramatic change, but but that's a different story. So when you think about it and you hear about a hike or a breach in the news today, usually immediately come to mind and image of a of a hacker. Not sure what's what what it is with the hoodies, but apparently hoodies are the thing and use you've got that image and it's probably accentuated with Halle by Halle. Would you think about some individual working alone and probably in her mother's basement and all hours of the night at talking through the firewall in organizations. It defenses.
But we need to look at the numbers and you do the analysis and you roll back the covers really the larger threat is human nature. Is that the end of the day? The chair to keyboard interface is only human and accidents happen. And so when accidents happen via the tools policies and processes in place in order to help minimize that risk. I like stories. So here's another story. This one's actually true. Actually, he's always just makes it even better than I was at a auto parts store with with a buddy of
mine and we're going through and I not sure how the conversation came around to it. But I finally bought him I said, hey I bet I can get your phone number from the cashier. Hayden Hayden goes really. Well. What do you want to bet? And I said well, let's keep it simple cuz I know it's easy. So how about a pint? All right. Sure, no problem. And so we go through we finish shopping for whatever it is. We wanted to shop for I go first. I'm up in the cash register in a lovely day. Lovely girl is say, how was your experience? Did you find everything you needed? Yes. Yes. Everything's fine. Can I get
your phone number? Are you first made me smile, but then I thought about it, but actually before I give you my by number, I'm pretty sure that I my files already set up. How would I tell you my name? You can call up the file that you tell me what number you've got on file and I'll tell you if it's current. It's just want to share. All right, and I said so Jon Snow. All right number is 555. Point. I turned in my buddy and I just smiled it. Was that easy.
There's an awful. I think that's wrong about that that situation right first off. Why is the cashier giving volunteering information without actually validating who I am but what's even more Strange's what is an auto parts store doing with my phone number? What do they need it for? I mean, is it a life-and-death situation for a recall? If the screwdriver I bought is faulty. So and I find this over and over and over again organizations are quick to collect information and collect data, but they don't have an immediate need for it. So why are they collecting it in the first place? Because once
you collect it when you're on the hook to protect it. That's just one example. So if we look into this a little bit more and you look at what's behind a lot of the breeches when information gets out when it shouldn't well over three-quarters of it is accidental. I think everybody here is in the room are in. The room is had that occurrence where their eyes are sending a text. And as soon as I click Send, they realize I went to the wrong conversation in the wrong list or they've done that email. And it auto populating
picks the wrong Bill and then they clicks and and soups. Hopefully it wasn't important. All of those are accidental disclosures and you can't get away from eliminating all of them. But with the right policies procedures and tools and place you can definitely mitigate it. I've got another story here in about An organization they were taking part in a large IPO and it was going to be huge for this organization all the sudden with the wrong auto-populate information about that that release we got sent to the wrong
party. It was premature disclosure that organization was prevented from participating cost him tens of millions of dollars. So accidental disclosures are real and that but they can be prevented. Another story kind of around that surround how being helpful is actually potentially at risk. There's a large city in Canada. Their website was taken over was kind of hijacked a couple years back and the story behind that hijacking is is fascinating the entire city website was taken over and not a single finger to keyboard
was used. The person called into the IT Help Desk. They had the name of an actual employee that worked in the in the it group and they had the first name of his manager. And with sides they had a 15 to 20-minute conversation with the help desk and they just pleaded their case. I'm sick and working from home. I have to do this deadline with password just changed. I can't remember what it is. Can you help and Southern that they talked about and they said well, who are you this is my name. What are The Challenge questions said they started asking The Challenge questions. What street the July
due date. Did you grow up on? And the guy was struggling and he was feeding them along and then all the sudden that the help desk person became very helpful and laughed them leading questions to the point where they was able to get through the Challenge questions. As it once they validated who this color was and that they had the right to know then he kept on going right to say while we're doing this move. I have to change the the website did the DNS address for the website rather than me log in and do it since you there can we would you mind changing the DNS address?
Sure. Why not we've gone this far. I had so yeah, can you please change it to? Tuesday to this new address couple keystrokes later that help desk successfully reassign the DNS address for the City website and the rest is history. And that's human nature people are designed their prey for the most part. They're they're programmed to be helpful. But in their desire to be helpful, they often and I can put information security or data address. So now looking at it and switching over in a little bit and starting to
look at the technology and some of the things that you can do behind the scenes, but where to start I'll try to put technology into a frame of reference and might be a little bit easier to understand I think during the intro they covered off the huge amount of security, right all kinds of different topics. But if I kind of summarizing break it down, I think probably the who what where when why and how So the 5 W's in a friend. So if we what is this so identity, who are you? And do your
INR you who you say you are and do you have a right to due to be asking to do to be asking entrance into the system and then the access is the what? What are you authorized to see? And this is really the foundation for any sort of security profile our security posture. and and without it you really putting your entire security posture at risk doesn't matter where that information or where that data lives weather is an on-premise solution, whether it's a hosted solution, whether it's a Cloud solution, it's the key thing is the inside Lighting in identifying who that person
is coming in. So they the Cornerstone there is what do username and password. So password policy is important. You see a lot of breeches and passwords are involved. There's always a quick analysis of all of the information that was just as closed and it still blows me away how password and password 1-2-3 or two of the top three passwords that are being used in in that bridge, right? So am I mind the only time you should ever use password as your password is if you spell it out I use password as my password. Pallet out speaking a 14 character simple password is harder to crack
than a character complex password. So make it long make a complex make a drawing out. The other aspect of on the identity piece, who are you is put a second Factor authentication in their multi-factor authentication is the single largest stumbling block that the face or put another way. It's easiest thing that you can do to add that extra layer security to prevent inadvertent access or De La Follette unlawful access. Pentest teams in the NBA teams that we lead
the practitioners routinely come back to me and they say the single largest thing that start that stymies them when they try to do a review or where they try to break into a system is second-factor authentication something you physically have the weather is mobile code that one time password that comes to your phone whether it's a little dongle that the changes every 15-20 seconds that second Factor makes it very hard much harder to or much more secure. And then the authorization piece. The right to know the need to know
just because you'd like to have access to certain information doesn't necessarily mean you should have access to that information. So that the home concept of least privilege access is important. So does somebody need to have admin rights to their phone or at Midnight Red midnight still there laptop if you limit that if you limit access to only those that actually need that information to do their job. You're making your environment more secure. And with this rush to the cloud on finding that a lot of organizations are kind of skipping this step and make the assumption that
the cloud environment that they're moving to is secure. And there it is. The infrastructure is secure. But it doesn't matter what provider of that hosted service is or who they are. They are not responsible for the data in the information that you put there then ends up being your responsibility. So whether it's a casby solution to Cloud access security broker, whether it's an information a minute and I am solution protecting that information and protecting that data is your responsibility. All right, so that's who the who
the what the where where is your information? Where is your data? Where is it moving the whole concept of data loss or data leakage prevention isn't new this term is the first product. You know, I don't know what 10 12 14 years ago and when they came out at that time, they were doing keyword searches. They were bragging bragging about how they could go 11 layers deep and attachments. They'll look as dildo do that with the word analysis and the keyword search for end with four attachments inside of attachments inside of attachments and they were very
secure. There she was ever so secure they were catching all kinds of things. But they said that that that were just normal business so that it didn't the DLP Solutions of the time they be turned on and immediately what would happen is while those for those filters at the perimeter would trigger it would stop an email from going and it was mission critical or was regular business email and the person that sent it to know that it was blocked for another day or two. I was so many false positives that the business owners second plane and there was great and crying bloody murder
to the it guys to the security guys and they said hey, whatever you're doing stop because we can't conduct business this way. So all this money was spent on the Solutions in the end next thing, you know, they're just sitting there an observation mode because because the way that they were actually implemented was failing the organization, which is the key thing because Really, but it's not a technology problem. You have to start with the people the people in the organization need to understand the value of the data that they're dealing with in their handling
and touching on a daily basis. They need to know the significance of it. They need to know how to treat it any other policies and procedures in place in order to dictate what happens to that information. Nomenclature is huge company confidential company proprietary. What's the difference if your Dad's getting one in the organization, I need to come back with the same definition. Do they know how that information needs to be treated? The difference between a customer's address in a customer's credit card. Is it the same as a different? How should I be handling it those policies and
procedures need to be in place before any sort of Technology technical solution can be even come close to being supportive. And then there's a lot of talk these days around Shadow it night. So Shadow it. What is that? Why those RIT systems that are being used to conduct business that aren't sanctioned by the it girl. Okay, fine. Why does that happen? Why does that scenario, come up to exist? The email filters are put at 5. Megabytes per attachment. So fuck out a large file. I need to share how else am I going to give you going to do it? I'm
going to put it on a USB. I'm going to carry it around in my pocket. I'm going to use my personal email gmail. I'm going to use my Google Drive or I'm going to use dropbox. I'm going to share that information. But now all of a sudden the company I T is lost visibility of that data and is it sensitive is it not sensitive if that information all of a sudden get doubt. It does present a risk to the Oregon to the company. So comes back to processes. Do you have the processes in place in the ability to be able to support business and once you do then you can put the tools in place to control it and in
restrict where information flows and in what form or how does it flow? What where when so when when is information accessed? Winter people accessing the information and behavioral analytics is something new and relatively new. And really what it is is is analyzing information analyzing data to try to figure out if a certain action was normal or not. And I like to say that I mean if you think about it all of the devices and all the applications that you're running their
generating blogs are generating data their judge generating records data and my mind is not the problem especially itdata cheese. We've got more itdata that we know what to do with actionable. It date is really what the issue is. So how do you find that needle that you need to pay attention to and that huge stack of needles and this is where technology in my mind can really come to me and come to help his whether it's algorithm-based weather today. I baste using tools to help to automate the mundane tasks to searching through all of the ones and zeros to find the one to find that one bit
of information that you really need to pay attention to his key. It's a really what these behavioral analytics tools are doing is there. Normal for you the individual with normal for the department. And then when a new act action comes in its able to compare that new action to what believes his normal and make a determination as to whether it's it's a it's a safe action or whether it's something that that maybe shouldn't be the warrants a little bit more attention paid to it. So the story here on this one was an organization here in the states the FBI came knocking on the
front door one point. They said Is it supposed to work for you? Yes, while we believe that that this person's been stealing intellectual property for your company and selling it overseas. Oh, really? Yeah. We need your help in order to build a case into the mood to really determine for sure whether or not this is happening. So they put a behavioral Analytics tool in place and then really span of a couple weeks. They had more than enough information to determine without a fact it will be on a shadow of a doubt that this person has been accessing intellectual property and and
downloading and taking that information. out of the company not only did they have that that case built up against that one individual at the FBI was asking about but they also found the six other people that were working with him at the FBI didn't need to know about So nice that that that that sort of example is pretty powerful when it's saying not right. We're looking at the behavior. They're accessing files or access code and IP that they normally don't have access to or don't have a need to do on a daily basis and are accessing it weird hours at different times of the day. There's also
a positive side effect of her another way that this in technology end up being used as another case where regional manager so the company had the regional managers and they rotated every quarter. And so all of a sudden the system all sudden flag every single one of these regional managers for suspicious Behavior at the end of the quarter close a business also now after hours last day of the quarter, they all the sudden downloaded huge amounts of data that it's a different pattern is suspicious kind of looks like maybe they're trying to take the company secrets
and they're going to start working for a competitor the next day. So then when the when the managers are asked about it, they said hey, we noticed a downloaded a huge amount of information. Why is that so well every quarter you move it to a new territory. Hang oh, yeah, well all of the information in the files that we need in order to manage the new territory. I don't have access to once I move until I download everything that they didn't said today in order to do my job tomorrow to make sense. But it also highlights a broken process.
Tell us the tools can be are very powerful to the flag anomalies, but they need to be reviewed and they need to be analyzed to just sit to figure out whether those anomalies are malicious or whether there is an indication of a broken process. The how or the why how do you keep how do you keep information? How do you keep your crown jewels protected? I know I've left it to the end. But arguably behind the identity and access management is probably the most important safeguard that you can put in place. Is it the end of the day stopped going to happen?
And when that happens when David leaves the organization if the bad guys can't read it you're still protected. And so the encryption without a doubt is something that needs to be used. And ya tongue and cheek was listen to one guy speak a little while ago. They were talking about Wanna Cry and some of the the huge Global ransomware attacks. It came up with the line at that point. And this was the first time any of these organizations and ever used in encryption. But of course I didn't work out the way that the and I wasn't the encryption for the purpose is a good.
cuz at the end of the day stop Facebook bad stuff will happen and I firmly believe that organizations are going to be judged by if something happens there going to be judged more by how did they respond and did they take the right steps ahead of time in order to try to protect that information and protect that data? They're going to be judged on whether that is that whether their response was timely weather was sincere what it was accurate weather was open. Did they communicate quickly efficiently effectively? Did they cooperate?
There's a case a few years ago. If I did it take you to take this example outside of the it spaces in the food processing space. So Maple Leaf had an E. Coli outbreak. And somewhere in one of their food processing plants Cole. I was being put in people got sick. And in the food industry and it says incident like that, you can be a death knell for them right is send people running from the brand forever. But the way that Maple Leaf conducted themselves in the face of that at that incident actually improved their brand image and improve their Customer
Loyalty cuz they responded immediately. They didn't wait until they figured out where the plant was fit to do the recall as soon as that as soon as they had that first incident instance. They immediately pulled all of their product from the shelves immediately went to all other plants and they took and took and took them all apart. They cleaned everything all aspects of all plants that they kept the public informed what they were doing what they were doing why they were doing it their able to definitively identify the source. And and they were able to
respond I guess in the eyes of the public in a very professional consistent in and trustworthy manner. So that's an example where the company wasn't judged by the event. They were judged by how they respond responded to that event. And in the eyes of world of it Security in the information security, I believe it said there's a lot of similarities there. So was it is a company acting responsible with the information that they're collecting. and when something happens are they are they sincere
and responding appropriately? Even gdpr and then some of the other privacy legislations the fines are less around if something happens and more around was a company doing their due diligence ahead of time. And did they respond appropriately after the fact The final fight in a lot of ways to tie ties into with Donovan was talking about this morning at the end of the day. It's people processing technology in that order. Technology Technologies. Not a problem. We got more technology than we know what to do with weave vendors
his trade shows all over the place San Gennaro's willing to come up and tell you why their product is so much better than anybody anything else in the market. Why would she get this is going to be the secured everything that ails you have to start with the people invest in the people do they have the training in the understanding of what they're doing? Do they understand? Do they know how to manage and maintain the products? The process is in place and the policies in place. Does everybody know how the organization wants information treated
in a certain manner in different instances? And then once you have that P the people and the process is then technology can be used to enforce those policies in to make those processes might allow more efficient. So with that I'm going to thank you very much for your time. And if you got any questions at all, as long as it doesn't have to do with the Ottawa Senators, cuz they're an embarrassment and at the moment and please feel free to ask OK your comment on cdpr. So have you seen a particular client where they
should have been fined and because they had shown that they are working on it or they were sorry or whatever but they actually got out of that fine. Very good question. So no gdpr from an enforcement standpoint is new the first fine. I believe against other Microsoft or Google for 63 million dollars. That was the first find that are there around it is is more the interpretation of the legislation before it before I came in in in to act so who companies are responsible for looking after the data and protecting the information at the end of the day, there's a couple of Concepts out
there security by Design and privacy by Design and and really with gdpr is trying to do is reinforce those principles, I guess right. So privacy by Design make sure that the the owner of that information which is you knows what's being collected and where and when you give your consent And that is only that information that is needed and it to conduct that transaction is being collected. So I kind of at the main Cornerstone but the interpretation around the legislation was more about it. There's a lot of emphasis on response as well as the obligations are for
maintaining that information in the first place. So no haven't seen a lot on the Fightin side yet. I have a question about cyber more in the physical sense as opposed to kinetics on Noah's becoming a bigger and bigger issue. I'm just wondering whether not you guys been doing any working at space. Kinetics, so the whole idea that was on the elevator I take over the elevator and kill them. Short answer is yes. So yeah, we when you're when we look at things.
Hey, we do a lot of government work and is a term threat risk assessment, which is pretty common on the government side Industries in my mind benefit from the same process or processes, but they look at it in a different way government and it's a checkbox. We have to do a threat risk assessment. Where is industry there more is more interested in the outcome. And on that day when you do a threat risk assessment, you're looking at all assets human physical virtual so information data i, t is in then one of those scenarios end up being the
threats against individuals. So yes, there are definitely R1 tools at their help identify threats before they happen. There's tools that that that we work with that basically monitor social media and the wildfires that were happened up in Alberta and smoked kind of affected. Tire Northeast North Northwest these tools actually identified the outbreaks about a half hour an hour before nine-one-one was even called so just because of looking at social media
picking up the threats picking up the feeds in so that those sorts of kinetochore or physical threats. There are tools out there to help identify them ahead of time it but potentially but the whole process about identifying and quantifying that potential risk and then prioritizing it is covered up under the right risk analysis and often leads to policies where Executives can travel in the same plane do that sort of thing. Right? So it's a matter of point
of identifying the rest quantifying it and then comparing it to the way your threat profile what year is profile. will tolerate and it's about when your IP enable everything then you are cyber is expand dramatically. That's a little more example. I was meeting with the airline and they were talking about how they going to use Biometrics help you speed up the process of getting on a plane while you think about if I show up and I'm a terrorist and but I look like Rick and then in terms of the Biometrics and I'm and I'm Rick now I get on the plane safely, but I'm an actual
Tara. So I end up, you know, I'm picking up and technology is helping and get some work with organizations in Canada that don't carry business. Cards and introduce themselves by first name only and that those folks would you see you open up a drawer and you got and I gay teen different passports all with the same picture and all with different names that doesn't exist anymore. There's a little story I talked about it started with facial rectal. That's real. And if you're an asset traveling for the purposes of good or evil and you've got multiple identities, you're
going to be flagged by facial wreck before as you walk into an airport. And so all of a suddenly if your flag by facial rack and today I'm traveling under the name Bill and tomorrow. I'm traveling under the name John all the systems are going to flag that they're going to know that and so now more and more people need to travel under under under one name and one who won identity but yet so Biometrics is a way of really upping the security posture and because it's something that you have something that you are it's very difficult to fake. So yeah, it becomes key.
Absolutely in the system to do more voice recognition, but they don't want nobody wants to own a database internally because it's a big threat phone that came out with the with the with the tongue tied to access and they realized that one of the fingerprints are already on the display. All I have to do is put like a piece of paper and you can press down on it and it actually at the phone right away. So anytime technology involves. There's going to be an Affiliated or Associated Counterpoint.
And then really that's why security is ever-changing cuz technology is ever-changing. Hey, there's a casino in the states. They had this iot fish tank fish tank and it had sensors in it. And it to tell when the water was needed to be cleaned and then a healthy environment for the fish, but it's plugged into the same network is as all other gaming tools and their High Roller table until all of a sudden the bad guy comes in says all that's wirelessly connected all the sudden that
fish tank became an attack factor for the casino and they made off with the entire High Roller list. So it's say I'm in Ennis the stories go on and on. Yeah, you got a coyote cattle so that you can click a button on your phone and you can and you can trigger the cattle was remotely. Well, that's cool. But the password for your home network ends up being hard-wired into the kettle and it never changes. So now all of a sudden a cattle is no longer cattle. That's a Threat Vector so that scenario Emily Wright the technology evolves then the bad guys are trying to figure out how do we
Buy this talk
Access to all the recordings of the event
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.