Translator: Linh Nguyen Reviewer: Lisa Thompson I'd like you to consider for a moment that there are about 6,900 languages spoken on our planet daily, and these thousands of languages serve thousands of cultures, from the smallest community to the largest continent. Now, even with this vast diversity among our global population, we have some alternative languages and methods for communication that are understood by everybody. For example, the world has mathematics.
If I have one apple and somebody gives me another apple, I have two apples. This is understood worldwide without fail. Now, as of today, the largest culture by far is that of the Internet user.
With 7. 6 billion humans on Earth, around 3. 6 billion of us are online and communicating with each other and institutions daily.
Thus, another common language we all share but most don't realize is the networking protocols that the Internet runs on and the social media platforms that tie us together - and emojis; we can't forget the emojis. (Laughter) But what our internet culture tends to lack is a common understanding, to foster true, true understanding about cybersecurity and threats online. Outside of hardcore cybersecurity and IT people like myself, most people don't understand the language that is nerd.
And so, it is my job to be the best nerd-to-English translator I can be in order to help the world stay safe online. So without further ado, here are my five laws of cybersecurity that are designed to do just that. Law number 1: If there is a vulnerability, it will be exploited.
No exceptions. Consider for a moment that when the first bank was conceived of and built, there was at least one person out there who thought, "I want to rob that. " In the more modern era, since the first computer bug was discovered, hackers good and bad have been looking for ways to get around the laws and framework that govern a computer system, a program, or even our society in general.
Now, think about this for a second. There are those out there who will literally try and hack absolutely everything within their capability. Now, this could be the more basic exploit, like the person who figured out how to cover their car's license plate to go through an automatic tollbooth for free, or this could be a more obscure, such as infecting a complex computer network to derail an entire illegal nuclear weapons program, which actually happened in the mid-2000s.
Finding ways around everything for both good and bad purposes is so ubiquitous today, we even have a term for it: life hacking. And with this, we'll move on to the second law: Everything is vulnerable in some way. We cannot assume that anything is safe, nor is anything off the table for hacking anymore.
We've seen a series of massive breaches by corporations that literally spend millions annually on cyber defense strategies. From enormous retailers to gigantic health insurance providers, these corporations hold millions of records on virtually everyone in the United States and fall under multiple government-compliance laws for data security - yet here we are. And we can go straight out of left field or even more obscure for examples of this law.
So, for decades we've just assumed our computer processors are safe and harmless, just doing the job that they were meant to do. In the beginning of 2018, it was discovered that these technological workhorses are carrying a serious mass of vulnerability that would allow a malicious hacker to wreak havoc on all of us. From minor to major, law number 2 is really inescapable.
Before we go on to law number 3, I'd like everybody in the audience, to look under your seat for something that my team put there. If you can. All right.
Did anybody find anything? No? All right.
You guys can stop now. You guys can stop now. (Laughter) I want to go on to law number 3: Humans trust even when they shouldn't.
(Laughter) And I'm sorry to make you all part of this talk, but it really helps to underscore my point here: trust, quite frankly, sucks. Now, we need trust in our lives. We can't have a society without it.
And we have positive expectations of our technology and those people that help us with it. We expect the light switch is going to flip on the light when we turn it on. We expect the mechanic we pay to fix our car to actually fix it and not rip us off.
But we have to question the technological infrastructure and online people around us. This is our greatest vulnerability in cybersecurity. Now, because of trust, people fall for phishing scams.
They believe the $20 anti-virus they bought for their computer will turn it into Fort Knox; it will not. They also believe that the form they're filling out online is legitimate; it sometimes isn't. And it sounds weird to say that we have to combat trust, but we have to if we're going to survive the nonstop hacking that takes place.
And with this, we can move on to law number 4: With innovation comes opportunity for exploitation. The world is full of brilliant people: Alexander Graham Bell invented the telephone that made the world a whole lot smaller. Bill Gates created a global computer operating system that got humanity on the same technological page.
Mark Zuckerberg created a social media platform used by billions daily to share our lives. However, with these evolutions in innovation and our technology come certain exploits. Now we live in the age of IoT, or Internet of Things, and by virtue of this, our lives have hopefully been made a little easier.
New, unique, innovative products are constantly being made to help us live in our homes or drive our cars or even improve our health. However, one of the biggest examples of innovation exploitation is IoT hacking. In 2016, a virus known as Mirai infected millions of IoT devices worldwide and then weaponized them against targets, creating some of the largest bandwidth attacks the Internet has ever seen.
As the world continues to develop and create amazing new technologies, we cannot forget the lesson of law number 4. And finally, law number 5: When in doubt, see law number 1: If there is a vulnerability, it will be exploited. No exceptions.
Now, this one isn't a cop out; it's really not. Every single issue with cybersecurity and our technology stems from a vulnerability of some kind. If we ever forget this, we are doing nothing but asking for trouble.
Our ability to properly defend ourselves comes from understanding that human nature itself makes these laws immutable. And when we start thinking like a hacker is when we can actually stop them. So here's to our new, common language that hopefully helps us and the world stay safe online.
Thank you.