CyberSecurity PodCast - Issues in the industry - With Daniel Ellebæk

00:00

all right so it's been a while and I I

00:03

want to talk about you know this video

00:05

is going to be more like a talk I want

00:07

to talk about the hacking devices and

00:09

and this and that you know I've been

00:12

doing quite a videos a bunch of videos

00:15

about different kind of Hardware hacking

00:18

devices and stuff you can get and these

00:21

days there are in the security industry

00:24

we're going to talk about what to do and

00:27

how do we recommend people to

00:30

be more secure in the industry what do

00:32

they do how do they manage it and why

00:36

are hackers still successful

00:39

now the actual problem isn't that much

00:43

of the server for example of the the

00:46

office you know most system

00:47

administrators are quite good and Keen

00:50

to listen to the advice that's are given

00:52

you know right that are given to them so

00:55

if you just you know take up to an

00:57

office go to an office and say oh this

00:59

is a flip

01:00

Ser yeah that's great but you cannot

01:03

really do

01:04

anything potentially dangerous with the

01:07

flipper Ser itself you need to you need

01:10

to have a potentially bad Wi-Fi network

01:17

or some Wireless mice for example this

01:20

one right here which is a lock Tech uh

01:25

m85 wireless mouse you have those you

01:27

know throw out your window it's horrible

01:31

it's uh it's susceptible to a mouse

01:35

jacking attack Al created videos about

01:37

it how easy it is so there are many

01:39

problems you know the actual issue with

01:43

you know Industries these days is that

01:46

they sometimes Implement new devices to

01:50

their

01:51

infrastructure and that could be stuff

01:54

like you know just a brand new Wi-Fi

01:56

router that isn't configured correctly

01:59

it could also be human errors you know

02:01

so we if we are minimizing the the

02:03

issues to some human error or some newly

02:07

implemented Hardware device it could be

02:10

many different kind of things understand

02:12

that but we need to understand that the

02:16

the actual implementation of a hardware

02:20

device can

02:22

be quite tedious for many people because

02:25

they just want it done and that is a

02:28

problem in the Society these days if we

02:31

see um newly educated people you know

02:35

just you know plaing around you know

02:38

with the nose really you know ahead want

02:41

to get high salaries and titles and you

02:45

know all these kind of things that come

02:47

with

02:48

that um instead of actually doing a good

02:53

job I I see that tendency even on my own

02:58

educational faculty y that you know

03:02

young people they tend to aim for Higher

03:05

Goals that they actually can do and they

03:08

feel like a failure if they cannot

03:11

fulfill that goal which is very sad um

03:15

so what really happens Down The Bard

03:17

there is that if you if you give

03:20

Hardware devices could be basically

03:22

anything as as again as I mentioned

03:24

could be a Wi-Fi router could be just be

03:26

router it could be many things

03:29

be a new you know thing you put on the

03:32

internet some new iot device you

03:35

implement it could be you know you buy

03:38

new laptops you forgot forget about some

03:41

updates you

03:43

know you hire new people forget about

03:46

you know back to human erors again the

03:48

the the Casual you know how to be secure

03:52

in the in the company intro calls you

03:55

know um there so many different kind of

03:58

things in that area and I I just still

04:01

fail to

04:02

see uh Industries taking it seriously

04:05

because they think about money they

04:07

think about how they can save money how

04:09

they can use less money and still get

04:12

the job done what is the fastest route

04:15

from a to c that is what I

04:18

see it isn't so much about how we can

04:21

securely do it or how we can do it in

04:23

the best way so we are secure no no it's

04:26

just the fastest way you know with nose

04:29

ahead and just full Full Throttle you

04:33

know and and and that is probably the

04:36

the the baddest way of doing it the most

04:39

horrible idea I I I would love to

04:44

see I would just love to see more people

04:48

you know really believing in in in let's

04:51

spend money and security and this

04:54

is this is where we can use small

04:58

devices such as the the M5 stick that I

05:02

talked about before we can get the the

05:06

larger devices of the M5 the larger

05:09

devices that are also clickable with

05:11

with color screens and we can

05:13

get other kind of things but when we get

05:15

to the to the part where you're going to

05:18

test for susceptible M jacking you need

05:20

a crazy radio or flip a zero for example

05:23

and and the problem there is I what I

05:26

want to mention one more time is that

05:29

people people just don't listen you know

05:31

I I I work in a company and no one

05:33

listen to what I say you know I

05:36

I I do share my knowledge and insights

05:40

but they

05:40

are a bit loopy SL jumpy about it

05:44

they're like yeah yeah but Daniel hey

05:46

who would do that here you know

05:50

that's that's how they do it and and I I

05:53

just you

05:54

know know that that is how it works in

05:56

most companies they look at the security

05:59

guy they think well you've what about a

06:02

tin foil hat right you have a tin foil

06:04

hat on it's

06:05

like really I I I don't I don't think so

06:08

because I actually worked another school

06:11

and it's not that many years ago they

06:12

were attacked by ransomware and luckily

06:15

they had the backup infrastructure great

06:17

so they saved

06:19

themsel

06:21

however not all do that and when you are

06:26

hit you know that you did listen

06:30

probably not listen enough to the

06:32

security

06:33

guy I'm as I'm of course assuming right

06:36

now someone didn't listen and of course

06:38

assuming that didn't do what was

06:40

required and I am assuming that the

06:42

security guy there hired knows what he

06:44

she is talking about and basically

06:46

recommended the right things it is of

06:49

course always possible to be hit by

06:51

something like ransomware because we

06:52

cannot really um be safe against

06:55

anything um I really hope that

07:00

educations will begin to take stuff like

07:05

you know security

07:08

more

07:10

uh see

07:13

professionally in their business plan

07:16

you know because the foundation of the

07:19

the business is the the business itself

07:22

the what what do the business do they

07:24

sell shoes for

07:26

example without any shoes in the

07:28

production line you're not having any

07:29

business and security is not really

07:31

needed right so so this the the business

07:34

will carry the security and and and and

07:36

that is the most important part security

07:39

people have to remember is that if

07:41

there's no business there no need for

07:42

security right no need to secure

07:44

anything there's no need for to have

07:46

running and and and this is this is

07:49

where we need to remember that there's

07:50

always a budget and me this is the

07:52

problem is how to budge tize budge tize

07:56

security so we have the most benefit

07:59

official amount of configurations

08:01

knowledge inhouse educated employees and

08:04

so on how we do that and that this is

08:06

the problem with security these days is

08:09

that it's it's rather difficult to uh

08:12

get everything um

08:15

because it's not possible and this this

08:18

is this is this is where people

08:21

companies they hire some external

08:23

consultant or some program not not not

08:27

not like a computer program but some

08:28

sort of you know educational program

08:30

from a company that live of creating

08:33

these horrible horrible programs where

08:36

they create some cartoon cly daily

08:39

gamification stuff like and you just sit

08:41

and think who is going to learn anything

08:44

from that you know we have in a company

08:46

that I work in and it's just horrible

08:49

horrible and I'm not going to mention

08:51

anything by name but let me just say

08:54

that I haven't seen a single person

08:59

talking about security since they

09:01

implemented that horrible program I

09:03

actually told them well why don't you

09:05

just hire me and I make it a part of my

09:08

job I'm already paid from it so why not

09:11

just give me some hours for it you know

09:14

that's really why not but they didn't do

09:17

it you know they they

09:19

they yeah I I I could talk about this

09:23

topic forever and this is just me

09:26

bringing some inside awareness to you

09:30

about you know one of the problems there

09:32

are that I see I really hope that you

09:35

you know could learn my perspective you

09:37

could s you can learn something from my

09:39

pers perspective from on this and and if

09:41

so you know please consider you know

09:43

getting back to me and some some sort

09:45

you know reply to my my um my video here

09:48

I'm going to get back to you as soon as

09:50

I can and if you're not subscribed you

09:52

know please click subscribe button would

09:55

help me a lot to grow this Channel and

09:57

stay on YouTube for a long long time see

10:01

you out there have a really nice day

10:04

[Music]