CyberSecurity PodCast - Issues in the industry - With Daniel Ellebæk
Summary
TLDRIn this video, the speaker addresses the prevalent issue of hardware hacking and the security vulnerabilities within various industries. They discuss the common oversights such as improperly configured Wi-Fi routers and wireless devices susceptible to attacks like mouse jacking. The speaker emphasizes the need for better security practices, lamenting the focus on speed and cost-cutting over secure implementations. They express frustration with the lack of attention given to security experts' advice within companies and advocate for more investment in security measures. The video also touches on the challenges of educating employees about security and the ineffectiveness of some security training programs, urging a more professional approach to security within business plans.
Takeaways
- 💻 The speaker discusses the importance of hardware hacking and security in the tech industry.
- 🔒 System administrators are often good at their jobs, but the real issues lie in human error and improperly configured devices.
- 🐭 The example of a vulnerable wireless mouse highlights how simple devices can pose significant security risks.
- 🏢 Industries sometimes prioritize speed and cost-saving over security when implementing new hardware devices.
- 👨🎓 There's a societal trend where young people aim for high salaries and titles rather than focusing on doing their jobs well, which can affect security.
- 💡 The speaker emphasizes the need for better security practices and investment, despite the common mindset of 'it won't happen to us'.
- 📚 Education on security is crucial, and the speaker hopes it will be taken more seriously in business plans.
- 💼 Security is foundational to business operations; without it, there's no business to protect.
- 📈 Budgeting for security is challenging, and companies often struggle to allocate resources effectively.
- 📊 The speaker criticizes the use of gamified educational programs for security training, arguing they are ineffective.
- 🗣️ The speaker calls for more listening to security experts and implementing their recommendations to prevent attacks like ransomware.
Q & A
What is the main focus of the video?
-The video focuses on hardware hacking devices and the challenges in maintaining security within the industry. It discusses common security vulnerabilities, human errors, and the need for better security practices in companies.
What are some examples of hardware devices mentioned that can pose security risks?
-Examples of hardware devices mentioned include Wi-Fi routers, wireless mice (specifically the Logitech M85), and various IoT devices. These devices, when improperly configured or outdated, can introduce vulnerabilities.
Why does the speaker emphasize the importance of configuring hardware correctly?
-The speaker stresses that improperly configured devices can introduce significant security risks. They note that organizations often implement new devices quickly without considering the security implications, which can lead to vulnerabilities.
What are the main human errors highlighted in the video?
-The speaker highlights human errors such as failing to update devices, neglecting security practices, and underestimating the importance of educating employees about cybersecurity. These errors can leave a company vulnerable to attacks.
Why do many companies fail to take security seriously, according to the speaker?
-The speaker believes that companies prioritize saving money and completing tasks quickly over implementing proper security measures. They often focus on speed and cost-efficiency rather than ensuring secure practices.
What are mouse jacking attacks, and why does the speaker warn about them?
-Mouse jacking attacks exploit vulnerabilities in wireless mice, allowing hackers to inject keystrokes or commands into the connected device. The speaker warns about them because devices like the Logitech M85 are highly susceptible to these attacks.
How does the speaker view the current state of security awareness in companies?
-The speaker believes that many companies do not take security awareness seriously. Employees often dismiss security recommendations, and companies may invest in ineffective security training programs that do little to improve the overall security posture.
What is the speaker's stance on external security consultants and programs?
-The speaker is critical of external security consultants and educational programs that rely on gamified or simplified training modules, arguing that these methods are ineffective. They suggest that companies should focus on more practical and in-depth security education.
Why does the speaker think it's important to invest more in security?
-The speaker believes that companies should invest more in security because without proper protection, they risk exposing their business to attacks such as ransomware. Investing in security is crucial for protecting the core operations of the business.
What solution does the speaker offer for improving security practices in companies?
-The speaker suggests that companies should allocate more resources to internal security experts and allow them to take a more active role in educating employees and securing the infrastructure. They also mention the importance of using proper tools like the Flipper Zero or CrazyRadio for testing vulnerabilities.
Outlines
💻 Hardware Hacking and Security Concerns
The speaker begins by discussing the topic of hardware hacking and the various devices that can be exploited. They mention their previous videos on the subject and emphasize the importance of security in the industry. The speaker points out that while system administrators are often competent, the real issues arise from new devices being improperly implemented and human error. They give an example of a vulnerable wireless mouse and discuss how such devices can be exploited. The speaker also touches on societal issues, such as the lack of attention to detail and the desire for quick results over secure practices, which can lead to security vulnerabilities.
📢 The Neglect of Security in Companies
In the second paragraph, the speaker shares their personal experiences working in a company where security concerns are often overlooked. They express frustration that their advice is not taken seriously, and that同事们 often dismiss the potential threats. The speaker recounts a ransomware attack on a school and how having a backup infrastructure saved them. They stress the importance of security being an integral part of business operations and the need for companies to prioritize it in their budgets. The speaker also criticizes the use of ineffective security training programs and suggests that companies should instead invest in proper education and awareness. They conclude by encouraging viewers to engage in a dialogue about security and to subscribe to the channel for more content.
Mindmap
Keywords
💡Hacking
💡Hardware hacking
💡Security industry
💡Mouse jacking
💡Wi-Fi router
💡Human error
💡IoT device
💡Ransomware
💡Security guy
💡Budget
💡Education
Highlights
The video discusses hacking devices and the security industry.
System administrators are often good at following security advice.
Devices like the Flipper Zero can't be dangerous on their own without additional vulnerabilities.
Wireless mice can be susceptible to mouse jacking attacks.
New devices or human errors can pose significant security risks.
People often prioritize getting things done quickly over security.
There's a tendency among younger generations to aim for high salaries and titles over doing a good job.
Security is often overlooked in favor of faster, cheaper solutions.
The importance of spending money on security is emphasized.
Testing for vulnerabilities requires specialized devices like the Flipper Zero.
People often don't listen to security advice, even from experts.
Ransomware attacks are a real threat, and not listening to security advice can be costly.
Education on security should be taken more seriously in business plans.
Security is essential for the foundation of any business.
Budgeting for security is a challenge that needs to be addressed.
External consultants or educational programs are sometimes ineffective.
The speaker offers to take on security education within his company but is declined.
The video aims to raise awareness about security issues in the industry.
The speaker invites viewers to engage with the content and share their thoughts.
A call to action for viewers to subscribe to the channel.
Transcripts
all right so it's been a while and I I
want to talk about you know this video
is going to be more like a talk I want
to talk about the hacking devices and
and this and that you know I've been
doing quite a videos a bunch of videos
about different kind of Hardware hacking
devices and stuff you can get and these
days there are in the security industry
we're going to talk about what to do and
how do we recommend people to
be more secure in the industry what do
they do how do they manage it and why
are hackers still successful
now the actual problem isn't that much
of the server for example of the the
office you know most system
administrators are quite good and Keen
to listen to the advice that's are given
you know right that are given to them so
if you just you know take up to an
office go to an office and say oh this
is a flip
Ser yeah that's great but you cannot
really do
anything potentially dangerous with the
flipper Ser itself you need to you need
to have a potentially bad Wi-Fi network
or some Wireless mice for example this
one right here which is a lock Tech uh
m85 wireless mouse you have those you
know throw out your window it's horrible
it's uh it's susceptible to a mouse
jacking attack Al created videos about
it how easy it is so there are many
problems you know the actual issue with
you know Industries these days is that
they sometimes Implement new devices to
their
infrastructure and that could be stuff
like you know just a brand new Wi-Fi
router that isn't configured correctly
it could also be human errors you know
so we if we are minimizing the the
issues to some human error or some newly
implemented Hardware device it could be
many different kind of things understand
that but we need to understand that the
the actual implementation of a hardware
device can
be quite tedious for many people because
they just want it done and that is a
problem in the Society these days if we
see um newly educated people you know
just you know plaing around you know
with the nose really you know ahead want
to get high salaries and titles and you
know all these kind of things that come
with
that um instead of actually doing a good
job I I see that tendency even on my own
educational faculty y that you know
young people they tend to aim for Higher
Goals that they actually can do and they
feel like a failure if they cannot
fulfill that goal which is very sad um
so what really happens Down The Bard
there is that if you if you give
Hardware devices could be basically
anything as as again as I mentioned
could be a Wi-Fi router could be just be
router it could be many things
be a new you know thing you put on the
internet some new iot device you
implement it could be you know you buy
new laptops you forgot forget about some
updates you
know you hire new people forget about
you know back to human erors again the
the the Casual you know how to be secure
in the in the company intro calls you
know um there so many different kind of
things in that area and I I just still
fail to
see uh Industries taking it seriously
because they think about money they
think about how they can save money how
they can use less money and still get
the job done what is the fastest route
from a to c that is what I
see it isn't so much about how we can
securely do it or how we can do it in
the best way so we are secure no no it's
just the fastest way you know with nose
ahead and just full Full Throttle you
know and and and that is probably the
the the baddest way of doing it the most
horrible idea I I I would love to
see I would just love to see more people
you know really believing in in in let's
spend money and security and this
is this is where we can use small
devices such as the the M5 stick that I
talked about before we can get the the
larger devices of the M5 the larger
devices that are also clickable with
with color screens and we can
get other kind of things but when we get
to the to the part where you're going to
test for susceptible M jacking you need
a crazy radio or flip a zero for example
and and the problem there is I what I
want to mention one more time is that
people people just don't listen you know
I I I work in a company and no one
listen to what I say you know I
I I do share my knowledge and insights
but they
are a bit loopy SL jumpy about it
they're like yeah yeah but Daniel hey
who would do that here you know
that's that's how they do it and and I I
just you
know know that that is how it works in
most companies they look at the security
guy they think well you've what about a
tin foil hat right you have a tin foil
hat on it's
like really I I I don't I don't think so
because I actually worked another school
and it's not that many years ago they
were attacked by ransomware and luckily
they had the backup infrastructure great
so they saved
themsel
however not all do that and when you are
hit you know that you did listen
probably not listen enough to the
security
guy I'm as I'm of course assuming right
now someone didn't listen and of course
assuming that didn't do what was
required and I am assuming that the
security guy there hired knows what he
she is talking about and basically
recommended the right things it is of
course always possible to be hit by
something like ransomware because we
cannot really um be safe against
anything um I really hope that
educations will begin to take stuff like
you know security
more
uh see
professionally in their business plan
you know because the foundation of the
the business is the the business itself
the what what do the business do they
sell shoes for
example without any shoes in the
production line you're not having any
business and security is not really
needed right so so this the the business
will carry the security and and and and
that is the most important part security
people have to remember is that if
there's no business there no need for
security right no need to secure
anything there's no need for to have
running and and and this is this is
where we need to remember that there's
always a budget and me this is the
problem is how to budge tize budge tize
security so we have the most benefit
official amount of configurations
knowledge inhouse educated employees and
so on how we do that and that this is
the problem with security these days is
that it's it's rather difficult to uh
get everything um
because it's not possible and this this
is this is this is where people
companies they hire some external
consultant or some program not not not
not like a computer program but some
sort of you know educational program
from a company that live of creating
these horrible horrible programs where
they create some cartoon cly daily
gamification stuff like and you just sit
and think who is going to learn anything
from that you know we have in a company
that I work in and it's just horrible
horrible and I'm not going to mention
anything by name but let me just say
that I haven't seen a single person
talking about security since they
implemented that horrible program I
actually told them well why don't you
just hire me and I make it a part of my
job I'm already paid from it so why not
just give me some hours for it you know
that's really why not but they didn't do
it you know they they
they yeah I I I could talk about this
topic forever and this is just me
bringing some inside awareness to you
about you know one of the problems there
are that I see I really hope that you
you know could learn my perspective you
could s you can learn something from my
pers perspective from on this and and if
so you know please consider you know
getting back to me and some some sort
you know reply to my my um my video here
I'm going to get back to you as soon as
I can and if you're not subscribed you
know please click subscribe button would
help me a lot to grow this Channel and
stay on YouTube for a long long time see
you out there have a really nice day
[Music]
Browse More Related Video
Payatu Case Study | Automotive Security Assessment | EV Security Testing
Розділ 16: Основи мережної безпеки CCNA-1
Understanding and Getting Started with ZERO TRUST
Attacks on Mobile/Cell Phones | Organisational Security Policies in Mobile Computing Era | AKTU
ISPS
¿Cual es el SO de Movil más seguro? Android vs iOS
5.0 / 5 (0 votes)