The BSides London 2014 ‘community' security conference took place yesterday, 29 April – defying the Tube strike and its bigger rival InfoSec event down the road – with keynote speaker and Rapid7 security evangelist Trey Ford calling on the white hat community to “respect criminal hackers”.
BSides, a not-for-profit and volunteer-run event, featured over 50 workshops and talks on the day, including a ‘rookie track' for new speakers.
Around 70 percent of the 750 people registered attended, despite the 48-hour London tube strike. And the event was kicked-off by Ford's rallying cry for the community to “respect criminal hackers as business professionals - they are focused and good at what they do”.
He described how cyber crime gangs now specialise – some are malware developers or bot net writers, some develop exploit kits, others focus on bulletproof hosting or act as money mules.
“The bad guys have specialised and their goal is making money,” Ford said, adding: “The criminals have clarity of vision.”
In response, Ford said security professionals have to collaborate better with "the business” and to similarly specialise in their work.
“We haven't greatly respected our management,” Ford told his audience. “We have a myopic focus on the technical, we respect technical prowess first and foremost.”
But Ford said that “as a community” security professionals have to find ways to partner better with the business.
He said “the hardest thing about security is finding ways to trust others” but added: “We're seeing more and more people who've made the jump from technical to management, many of these managers have walked in our shoes.”
Ford also said security professionals “need to find ways to specialise” to match their criminal adversaries. “How many of you guys have one clear job function?” he asked, adding: “How many of you have spent time working out how to better communicate with business colleagues? We have to instil this in our teams, to help others to do things right.”
Ford also called for more realism on the part of white hats, in the face of the criminal threat. People have to accept “100 percent defence is not possible,” he said. “This isn't about prevention.”
He said: “A determined adversary will find their way in. The question becomes: what do we do about that? Maybe we have over-emphasised prevention. I've come to believe that response is more important.”
At any point in time there is always a 0-day, he added.