How cybersecurity automation can keep internal threats out
Do you remember when hacking became mainstream? Perhaps not, but Hollywood began glamorizing hackers in the 1980s and pushed hacking to the forefront of what used to be behind closed doors.
In the 1983 hacker flick WarGames, Matthew Broderick plays a young man who finds a back door into a military central computer in which reality is confused with game-playing, possibly starting World War III.
In the real world, teens have hacked the U.S Airforce, luckily for ethical reasons, but there are many more unethical hackers that don’t make the news and pose risk to companies and governments alike.
In the 1986 cult classic Ferris Bueller‘s Day off, Matthew Broderick again plays a would-be high-school slacker/hacker who spends a day off from school in Chicago after hacking the school’s computer system to change his attendance records and is now celebrated for providing the blueprint to playing hooky.
In both movies, Broderick played the precocious and bright student who figured out a way around the school’s computer system. Back then, the students he portrayed had home access to computers (with a dial-up modem no less), which was a rarity then. Now almost every high school student carries a digital device and spends large portions of the day on a school-provided computer.
Their only crime was curiosity.
The 1990s elevated teenage hacking exploits with the glorified portrayal of Hackers, where hacking was the province of beautiful and interesting cliques of students with cool handles like Zero Cool, Acid Burn, and Cereal Killer.
Nowadays hackers gather anonymously online, in varying depths of the web, while taking great pains to conceal their true identities.
The reality of student hackers is an unsettling one. Students have network access with boundless curiosity, and YouTube is full of lessons on how to exploit networks. The two are a wicked combination that can lead to altering student records, leaking sensitive student data, and also broadcasting school CCTV footage to the internet all from behind a school’s firewall.
The threat of student hackers is very real and isn’t limited to exploits that impact the school. Student hackers can use school resources to commit crimes that elevate them to infamy. Yahoo, CNN, eBay, Amazon, and other websites were crashed by a 15-year-old causing $7.5 Million in damage in 2001.
15-year-old hacker makes “denial-of-service” a household phrase causing $7.5 million in damage.
Two of the internet’s biggest viruses, Sasser and NetSky, which infected millions of computers and caused great economic impact, were created by a 17-year-old in 2005.
Fast forward to 2015, three Long Island teens were arrested for committing a Ferris Bueller-style hack, where they pumped up their grades and altered the schedules for 300 students.
Network administrator internal challenges in 2019
Public and private school network administrators face challenges their corporate counterparts do not. Most corporate InfoSec efforts are aimed at external threats and training employees to be aware of phishing and malware to not accidentally infect the network.
School admins have to deal with rooms filled with potential hackers, who already have bypassed the firewall without writing one line of code. This means the majority of the exploits discussed, including the high school characters portrayed by Broderick, was done by using common or easy to guess passwords.
How a device level firewall adds protection
However, before cameras or other devices are hacked with passwords, they have to be found first. That’s where using a device level firewall, like in Razberi’s CameraDefense, prevents devices from being found using a network scanner. CameraDefense will also alert you if a common or easy to guess password is being used on a device.
81% of hacking-related breaches are due to stolen or weak passwords.2017 Data Breach Investigations Report, 10th edition
The inquisitive nature of the young mind and the thrill of getting away with something cannot be changed, but it can be channeled properly by adhering to common cybersecurity best practices like unique logins to remove network anonymity and using stronger passwords while devices are protected by network segregation and firewalls.
Password Guidance from the National Institute of Standards and Technology (NIST)
- Don’t rely on passwords alone to protect anything you value. Turn on multi-factor authentication wherever possible.
- Use a phrase with multiple words that you can picture in your head. “Purple rabbit carrot”, so it’s difficult to guess but easy to remember.
- Give unique passphrases to each important account like banking and primary email.
- Password managers can simplify and automate the management of passwords.
You don’t have to let the complexities of security keep you from the ultimate goal of educating today’s youth. Razberi’s simple, secure video surveillance and IoT solutions can alert you of internal hacks and keep you off the front-page news.