Alex Stamos is a cybersecurity expert. Before joining Stanford, he served as the Chief Security Officer of Facebook and Yahoo 

Yogi SchulzProfessor Alex Stamos, the Director of the Stanford Internet Observatory, began a Collision conference with a question-and-answer session on developments in cybersecurity.

Alex Stamos is a cybersecurity expert, business leader and entrepreneur. He’s working to improve the security and safety of the Internet through his teaching and research at Stanford University. Before joining Stanford, Alex served as the Chief Security Officer of Facebook and Yahoo.

Here are his answers to questions on:

Private hacking groups

Sophisticated private hacking groups formed recently when key hackers learned they could earn tens of millions of dollars with ransomware and other attacks. The groups started as side gigs. They quickly realized that hacking opportunities have exploded far beyond large companies and government departments. Every organization is now a hacking target.

Cyber attack alex stamos cybersecurity
Related Stories
(Data) backup lessons from TV’s Sex and the City

Cybersecurity requires urgent action

9 habits that lead to successful cyber security

Current and former employees of Russian and Chinese government-sponsored hacking organizations founded most of these private hacking organizations. That’s how these groups acquired the same advanced hacking skills that government-sponsored hacking organizations accumulated over the past decade.

Private hacking groups are forcing us all to improve our cybersecurity.

Solar Winds hack

The Solar Winds hack is the primary product of Russian state-sponsored espionage that began years ago. The Russians inserted brilliantly designed, custom-built malware into the software package build process. Solar Winds distribution gave the Russians about 18,000 targets, including large corporations and government agencies.

Unfortunately, we don’t have enough qualified security personnel to fix the problems caused by this Russian hack. Identifying and removing all the malware the Russians installed will take quite a while. No one should think that the discovery of the Solar Winds hack means it’s almost history.

Security of IoT (Internet of Things) devices

Many IoT devices are easy targets for hacking. Consumers should quit buying IoT crap. Too many IoT devices will never be patched because they can’t be patched or their owners are not managing them at all.

Many enterprises are starting to insist on security features in the IoT devices they buy. Unfortunately, consumers are not paying attention to the security of their IoT devices. As a result of this divergence of attention, IoT devices will remain easy hacking targets for many years.

Managing our personal security risks

We all need to quit reusing passwords for multiple accounts. These recurring passwords are an invitation to identity theft. To achieve this goal, we all need to use a password manager.

We should all implement OpenDNS, NextDNS or any of their competitors in our homes to raise the level of security.

Secure login certification

We can’t tell how well or poorly any company manages our login credentials. Apple and Google are moving toward federated login identities. I hope that, in the future, we will identify ourselves strongly to one or two identity providers. Our chosen provider will then certify who we are to all other participating organizations.

Face ID offers the considerable advantage that nothing leaves our personal device. There’s nothing for hackers to steal. Impersonation is almost impossible.

Non-fungible token (NFT)

I’m amazed that some people are paying millions for these tokens. NFTs are a scam. There is no legal framework around NFTs that regulates how they work and how transactions are protected. There’s no blockchain involved to protect the parties. Sellers may be violating securities laws because the issuers of NFTs are not selling something of value.

Yogi Schulz has over 40 years of information technology experience in various industries. Yogi works extensively in the petroleum industry. He manages projects that arise from changes in business requirements, the need to leverage technology opportunities, and mergers. His specialties include IT strategy, web strategy and project management.

For interview requests, click here.

The opinions expressed by our columnists and contributors are theirs alone and do not inherently or expressly reflect the views of our publication.

© Troy Media
Troy Media is an editorial content provider to media outlets and its own hosted community news outlets across Canada.