Welcome!

@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Post

Part 2: What ‘Mr. Robot’ Can Teach Us About Incident Response | @CloudExpo #IoT #Cloud #Security

It is not often that movies and television shows give viewers the opportunity to explore the world of hacking & digital security

We continue with the second part of our two-part series. If you missed the first part, we are discussing what security professionals can learn from the hit series, "Mr. Robot." The series explores the world of organized hacking as well as the security measures being used to stop the hackers.

Vulnerabilities Abound in the Internet of Things
During the two seasons that the show has aired, viewers have seen examples of how hackers can exploit connected devices. One of the most extreme examples was when hackers took over the attorney's smart home, generating a nightmare of constantly changing sounds and lights and leading the attorney to run from her own home. Another example touching on IoT security was Dominique's use of a digital assistant to discuss topics of an intimate nature. Should a hacker manage to gain access to the records, the possibilities for blackmail or additional attacks seem likely.

Mobile Devices Require Protection
In the series, several people with Android phones were victimized and, interestingly enough, real vulnerabilities in the Android such as Stagefright were allegedly exploited by the hackers. They also used a malicious femtocell to intercept FBI communications and gather information without the agents even noticing. In this age of BYOD, how can you be sure that users install the latest patches and updates? Are mobile users introducing malware into the network? What is your plan to ensure a safe, effective mobile policy is implemented and maintained?

CDs and Flash Drives Are Potential Sources of Attacks
Despite warnings that they should never insert a stick or disc with an unknown source, employees seem to forget all about the risks on a much-too-frequent basis. On the series, a malware-infected CD was given to an employee by a hacker who claimed that he was an aspiring performer and that it was a demo. The employee loaded the CD, allowing the hacker to assume control of his computer for nefarious purposes. In another episode, the disc contained a data file that was used as incriminating evidence against the corporation's CTO.

Hackers Are Seldom Lone Wolves
As depicted on the show, large-scale hacking is done by organized groups, state-sponsored departments or crime syndicates, which is a much more realistic portrayal of how hacking is handled in today's world. The image of the loner huddled in his mother's basement and hacking into government agencies, major corporations and international banks does not compute. It has been a popular image for Hollywood to depict, but today, you are up against well-funded, well-trained, skilled, talented, organized teams of hackers. They may spend weeks or even months to research, analyze, execute and cover up a hack. Counteract their patience through proactive hunting on your own network.

With a DDoS Attack, Response Time Is Critical
In the show's first episode, the DDoS attack has been praised as one of the best portrayals of a hack. When the hacktivists launched a DDoS attack against E Corp, the fictional corporation's critical applications were effectively crippled. Even with a private jet to transport Elliot and the team directly to the data center, it took several hours to end the attack. This may sound like a relatively short period, but the results of a 2015 survey revealed that critical application failure costs hundreds of thousands of dollars every hour, so immediate response is important. If your organization has a well-prepared response plan and a well-trained response team, the recovery time depicted in the show is actually realistic.

Encryption Works Wonders
Too many users still believe that encryption is too complex and is not really necessary. However, encryption is a good practice that can protect data even if the situation is quite complex. In an episode of "Mr. Robot," the hackers "liberate" an attorney's devices, which they then examine to gather information that they can use to blackmail her into silence. If the attorney had encrypted her files, the hackers' plan would have failed.

More Stories By Rishi Bhargava

Rishi Bhargava is Co-founder and VP, Marketing for Demisto, a cyber security startup with the mission to make security operations - “faster, leaner and smarter.” Prior to founding Demisto, he was Vice President and General Manager of the Software Defined Datacenter Group at Intel Security. A visionary and technology enthusiast, he was responsible for delivering Intel integrated Security Solutions for datacenters.

Before Intel, he was Vice President of Product Management for Datacenter and Server security products at McAfee, now part of Intel Security. As an intrapreneur at McAfee, he launched multiple products to establish McAfee leadership in risk & compliance, virtualization, and cloud security. He joined McAfee by way of acquisition in 2009 (Solidcore, Enterprise Security Startup). At Solidcore, he was responsible for Product Management and Strategy. As one of the early employees and member of the leadership team, he was instrumental in defining the company's product strategy and growing the business.

Rishi has over a dozen patents in the area of Computer Security. He holds a BS in Computer Science from Indian Institute of Technology, New Delhi and a Masters in Computer Science from University of Southern California, Los Angeles. He is passionate about new technologies and industry trends and serves as an active advisor to multiple startups in silicon valley and India.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 Cloud Computing Blogger for IT Integrators" by CRN (2015). Mr. Jackson's professional career includes service in the US Navy Space Systems Command, Vice President J.P. Morgan Chase, Worldwide Sales Executive for IBM and NJVC Vice President, Cloud Services. He is currently part of a team responsible for onboarding mission applications to the US Intelligence Community cloud computing environment (IC ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight and has been quoted or published in Time, CIO, Computerworld, USA Today and Forbes.
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the massive amount of information associated with these devices. Ed presented sought out sessions at CloudEXPO Silicon Valley 2017 and CloudEXPO New York 2017. He is a regular contributor to Cloud Computing Journal.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on organizations of all sizes and in every line of business. Fintech is a constant battleground for this technology expanding trend and the lessons learned here can be applied anywhere. Digital transformation isn't going to go away and the need for greater understanding and skills around managing, guiding, and understanding the greater landscape of change is required for effective transformations.