WCOA 2018 Keren Elazari - WCOA Sydney 2018 | The Best Accounting Conference

International Convention Centre, Sydney Australia  |  5-8 November 2018

A hacker’s guide to improving cyber security

Keren Elazari wants the business world to wake up to the true risk of cyber attack, writes Alexandra Turner-Cohen.

WCOA 2018 Keren Elazari

Cyber crime is on the rise, according to former hacker turned cyber security expert Keren Elazari. Further, accountants are often targeted by these cyber criminals as they hold the key to their customers’ finances.

In a morning session at WCOA, Elazari gave accountants the practical tools to defend their businesses and themselves from future cyber attacks.

“Data breaches are going to become an absolute reality,” she said. “It’s not a question of maybe, or if, but when. Criminals only need to get it right once. Defenders need to get it right 100 per cent of the time.”

She offered five steps to help stop cyber crime:

  1. Common sense:

“Common sense is one of our greatest assets when it comes to cyber security,” Elazari said.

“We make hundreds of everyday security decisions, whether that’s logging onto free Wi-Fi without any protection or reusing the same password or perhaps clicking on a link or installing some piece of software that we shouldn’t.”

This lack of common sense can open up computers to the three most common types of cyber attacks – phishing, ransomware and wipers. The best known is phishing, which mines information from users, usually passwords and credit card details. Ransomware encrypts your computer and demands a “ransom” so that you can re-access your content. Wipers destroy all the data in a computer, leaving no traces.

“We’re now connected more than ever before in new and terrifying ways,” Elazari said, citing a time where one mistake in the port city of Odessa spread a wiper virus across the world.

The virus, known as NotPetya, attacked the prominent shipping company Maersk in June 2017.

“The infection spread throughout their network and within a few hours, many of the global shipping terminals were absolutely halted. It’s been called the code that crashed the world.

“What we are often told in the security industry that the person at the end of the line on the computer is a weak link. I think it’s time to change that equation. It’s time to start treating the person behind the keyboard, which might be you or me, not as the weakest link in the chain, but rather as the first responder.”

  1. Secure passwords

“Today the most popular form of recycling on the planet is, unfortunately, password recycling,” Elazari said.

People use on average between 40-50 passwords a day, so most have the same password or something similar, which makes a hacker’s job much easier.

Elazari explained how password recommendations have not been updated since 2003. Whenever a site encourages users to include numbers, symbols, or capital letters in their password, this advice is 15 years old. She encourages people to have longer passwords and even use whole phrases to combat modern cyber crime.

“I ask you kindly: stop reusing your password. Wherever possible use biometric authentication instead, whether it’s with your fingerprints or your voice.”

  1. Up-to-date software

“Criminals prey on the weak,” Elazari said. “They focus on old software. Updates [are] so simple, so free, and yet we don’t do it.

“Making sure that you have an up-to-date operating system is just like being vaccinated against the flu or other diseases because not only do you keep yourself safe, you also prevent spreading the infection further. Updated software is just like an immune system.”

  1. Appoint a chief privacy officer

A chief privacy officer (CPO) is a new executive position now necessary because of cyber crime, Elazari said.

“The CPO is a new type of professional designation, and many organisations are looking where they can find these privacy professionals.”

She estimated the world needs a million more security professionals. “Privacy professionals don’t have to come from a computer science background. In fact, many of them are lawyers, accountants and other risk-management professionals.”

  1. Stay with the times: evolve along with changing technology

“Attackers evolve,” Elazari said. That means security systems must evolve, too.

“As criminals move ahead, they look towards what’s new. They look to new technologies, and they quickly learn how they can use them for their benefit.”

She cited the example of a “fascinating new virus”. “They don’t care about credit card numbers or your customers’ details,” she said. “All they care about is mining for cryptocurrency.”

This year, cyber criminals have stolen over $760 million worth of cryptocurrency around the globe.

“So should we sleep safely in our beds at night? Keep doing the same things we did a year ago or five years ago?” Elazari asked. “I don’t think we can. I don’t think we can keep calm and carry on in light of these new threats. I think it’s time to do things differently for the future.”

She emphasised the importance of “friendly hackers”, a community she belongs to. Essentially, these hackers find vulnerabilities in companies’ cyber networks, and report them to the companies rather than exploit them themselves.

Companies across the world, including Google and Tesla, put out “bug bounties”, where they financially reward hackers for finding the most serious and sophisticated breaches in their computer systems.

The US Pentagon encouraged “friendly hackers” to find vulnerabilities in its system in 2016. It took just 13 minutes before a hacker got through their cyber security.

“Now, this might be funny but what about the hours, weeks, months, years where that vulnerability was up there, to spies, terrorists and criminals who did not require an invitation, who would not report their findings back to the Pentagon?”

Elazari herself has been a hacker since she was eight years old. She this as an untapped resource in the world of cyber security.

“We can learn from the hackers out there,” she said.

Latest News