I'll start with the positives... We, as security pros, now have a way to explain to our non-technical associates and managers about the dangers of the internet. Granted the material in the TV and Movie versions of our daily lives is a bit inaccurate (I'm being nice), it is still being put out there. Sure we can go back to great movies like WarGames and Sneakers, but they are a bit dated (Sneakers is still my favorite). Swordfish was a good flick as far as action goes and well Halle Berry made it even more tolerable, but know one out there is going to hack the NSA in 60 seconds at gun point and... well you saw the movie. Oh wait I was supposed to be positive here. So yeah it gets the concepts in front of the civilians. They now know there is a danger out there in the digital landscape. Information is not as private as we once thought and anyone with motive and ability will do their best to get at it. This will certainly help those of us who struggle with securing budget to improve our current environment. That larger budget will help us bring in additional staff, train our current employees and install that SEIM we've been wanting all these years. Now when the CIO questions your budget you just need to say "Because Blackhat!". OK, you will need to do more than that but it will certainly help sway their opinion on your needs. Also I say "CIO" because there are still big corps out there that have not yet gone the route of having an official CISO to handle InfoSec. Also no reason you Sys Admins can't use the same argument.
OK so the negatives were mixed in with the positives a bit. Something that I think these Hollywood interpretations of hacking may do is set an unrealistic expectation on our current security teams. I mean, companies are going to expect their IR teams to be able to handle themselves in a firefight, or decrypt anything with a power cable attached to it, and maybe even go toe-to-toe with trained assassins while getting root on the Unix server. Sounds exciting huh? Believe me there are days where we wished it was a little more exciting. The reality of it is that our jobs, on the outside, do not look all that awesome to the non-tech folks. I mean if they tried to make a movie about what most of us due but still include action, this would be the result:
Well, ranted enough for the day. I'll have more here in the coming weeks I imagine. For now you can also head over to Nutmeg Infosec and keep up with some stories there!
Post a Comment