by Kevin Dicciani
Individuals, businesses, and governments have a long road ahead as hacking of all sorts and sizes is going to get worse before it gets better, said technologist and cybersecurity expert Jasson Casey.
In his talk, “Hacking Politics: Expectations vs. Realties for Keeping Our Elections Safe,” delivered at Chestnut Hill College on Oct. 16, Casey said that every individual and organization can be hacked nowadays, given the world’s ever-increasing use of the internet.
“If you look out in Silicon Valley, one of the phrases they like to say right now is ‘Software is eating the world,’” said Casey, the former chief technology officer of SecurityScorecard. “And what they mean with that phrase is there's almost nothing that you can do in modern society today that's not governed by some software or technology system.”
While these technological advancements can prove beneficial, especially for businesses, Casey said they ought to be treated appropriately from a security perspective.
“Not a lot has really happened until the last couple of years in terms of, I should say, defensive security outside of the world of finance, and, of course, the military and the IC [intelligence community],” Casey said.
An industry-recognized expert, Casey recently served as vice president of engineering at IronNet CyberSecurity, a security startup founded by retired Gen. Keith Alexander, the former director of the National Security Agency. Throughout his career, he has held leadership positions in engineering and product management at numerous S&P 500 companies. He is a fellow at the Center for Strategic and International Studies and a visiting fellow at the National Security Institute at George Mason University’s Antonin Scalia Law School.
Organizations are slowly beginning to address gaps in their security systems, Casey said. One of the ways they're doing this is by installing password manager programs. This software can recognize weak and compromised passwords, and it can create new and complex ones, storing them in an encrypted database and enabling multifactor user authentication. Casey also said they can patch unpatched systems to protect against vulnerabilities.
For individuals, Casey said, they can safeguard their personal information against common cyberattacks like phishing and pharming scams by remaining vigilant. Ninety percent of the time, he said, a fake email is enough to deceive someone into giving out private information such as bank account numbers and passwords. The odds of this increase when the hacker crafts the email in a manner that inspires panic in the receiver.
“‘It's a tax deadline. I'm your accountant. I need you to sign this paperwork really quickly. Otherwise, the IRS is going to fine you $10,000,’” Casey said, giving an example of the rhetoric frequently employed by cybercriminals. “Fear is a great motivator to do stupid things.”
Despite the progress being made by individuals and organizations, Casey thinks that hacking on every level, from the private sector to the federal government, is going to “get worse before it gets better.” With everyone and everything connected to the internet today, each person and organization is akin to a link on a chain. If someone happens to be the target of a cyberattack, hackers will often breach the chain and work their way down the links until they reach their specific mark.
Casey is nevertheless optimistic about the world of cybersecurity. He believes, among other things, that regulations, both legal and financial, can help decrease the number of cyberattacks and related activities.
“There's no consequence to building products that just explode, right? We're talking about these systems that basically come with vulnerabilities that are very easy to open up — what is the actual consequence?” he said.
Regulatory pressure is, however, increasing in Europe and the U.S., which Casey said is a step in the right direction.
“At the end of the day, security is not about making things impossible — it's about making them too costly to where the reward is not worth the risk,” he said. “And that's how good security companies really spend their time, thinking about that risk-reward equation.”
“Hacking Politics: Expectations vs. Realties for Keeping Our Elections Safe” was sponsored by the College’s Center for Data & Society, and it was part of its ongoing speaker series, “Campaign 2020: From the Hill to the House.”