UPDATED 17:56 EDT / APRIL 24 2017

INFRA

White-hat hackers: Finding security gaps before the bad guys

While many developers and IT security professionals have long been likely to have something of a background in hacking, today’s deeper levels of online connectivity along with the influence and abilities of those connected systems, means white-hat hackers are getting to openly exercise their security testing with less social stigma.

“We’re tinkerers and problem-solvers, and we like to find [security gaps] before the bad guys do,” said Ted Harrington (pictured, left), executive partner at Independent Security Evaluators LLC.

Harrington spoke with Lisa Martin (@Luccazara), co-host of theCUBE, SiliconANGLE Media’s mobile live streaming studio, at the NAB Show in Las Vegas, Nevada. He addressed issues of security compliance, the range of business attitudes toward security practices and the new challenges presented by the rise of Internet of Things, among other topics. (*Disclosure below.)

“We’re the good guy hackers. Companies hire us to help them detect security flaws” and fix those flaws, Harrington explained. “The core emphasis of what a security assessment with us entails is focusing on … the deep security issues.”

Yet many of these security problems stem from a lack of an effective security protocol, Harrington said, making it vital for the executive level of businesses to recognize the importance of good security. “The companies that see security as the business [element] it is are doing tremendous things across industries,” he said.

Harrington also felt that, aside from some notable major leaks, the media and entertainment business were generally doing a good job handling security.

Secure understanding

The reason for Independent Security Evaluators to put so much emphasis on improving widespread understanding of security practices is that “security is not a priority in the development process for the majority of businesses” in IoT-connected app and device development, Harrington stated.

“This is a conversation that I don’t think is happening loudly enough in this industry,” he added. “Like any technology that’s developed by a third party, one who procures that technology can only do so much.” This limits the ability of post-sale users to enact effective security for them, he added.

Nevertheless there are some very simple practices to improve security and safety, such as changing the default password, updating regularly, deciding whether the connectivity aspects are really needed or wanted, and so on, he described.

Harrington also touched on his feelings about how laws and regulations are inefficient at addressing significant problems due to the slow enactment of their restrictions, which gives adversaries time to move away from what’s being patched. That type of regulation “lowers the minimum bar. … Industries don’t typically change on their own; they change because people make them change,” he said.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s independent editorial coverage of the NAB Show. (*Disclosure: Western Digital is sponsoring theCUBE’s coverage at the show. Neither Western Digital nor other sponsors have editorial influence on content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU