Former NSA hacker and current Head of Cybersecurity for Morgan Stanley Wealth Management, Prashanth Challa, teaches you how to protect yourself from cyber criminals — by thinking like one.
As an ex-NSA hacker and current Head of Cybersecurity for Morgan Stanley Wealth Management, it’s my job to thwart cyber-attackers from around the world. I have the rare advantage of having worked on the offensive side, and I use my experience as a hacker to think like a criminal when I’m designing defenses. With the insights below, you can use that same mindset to protect yourself, your business, and your family:
There are some exceptions (e.g., government hackers), but most hackers are looking to cash in on their skillset. Cybercrime is a business, and hackers see infiltrating your accounts or stealing your identity as part of their job.
Like most people, hackers are looking for the most bang for their buck. If an attacker has a choice between a hard target and a soft one, they’ll usually go after the soft one to get the same reward for less effort.
Good hackers understand human behaviors and use that knowledge against their targets. In fact, some of the most successful hackers in the world have barely any technical skills, instead relying on their ability to take advantage of behavioral tendencies to convince victims to act against their best interests.
Now that we know what motivates cyber criminals, how do we defend ourselves? Well, it turns out you can deter most hackers by taking simple steps that make attacking you more trouble than it’s worth.
Your phone manufacturer (e.g., Apple, Samsung, Google) has a team monitoring the latest cybercrimes and creating defenses against new threats. When they discover new vulnerabilities, they send out an update with defenses for all those attacks. Instead of ignoring those notifications, turn on automatic updates.
Rebooting your phone is a little annoying, but remember that each time you receive a new update every hacker in the world is getting it too. Soon after, they’ll know all the latest exploits that have been discovered, and they can avoid the costs of developing new attacks by copying them. If you don’t update your devices, you become an easy target that requires no investment to compromise.
We all see a headline every month with another website getting hacked and their users’ passwords being stolen. Cyber criminals know that people repeat passwords across multiple accounts, so they try the leaked passwords from these breaches at every monetizable site across the web.
But it’s almost impossible to remember strong, unique passwords, so get a password manager that will generate and save new passwords for every account; these apps will even automatically enter them securely when you’re logging into a site. For help choosing one I recommend this guide from PC Magazine.
You go to your bank’s website, enter your username and password, and a pop-up appears asking you to enter a passcode that’s been texted to your phone. This is called multifactor authentication and it ensures fraudsters can’t log into your account with your username and password alone.
To defeat this additional security measure, a cybercriminal would have to steal the texts from your phone or reroute them as they are being sent. Neither is impossible, but they are a lot of investment for the hacker, and that’s why you should turn on multifactor authentication for every account. Furthermore, if anyone calls or messages you asking for that passcode, they are trying to manipulate you to defeat your security; break off communications.
While the most sophisticated attacks dominate headlines, when I advise clients on protecting themselves, I always start with the foundational steps above. Once they have these measures in place, we can turn to advanced topics like dealing with hostile artificial intelligence systems. No matter which stage of the cyber journey you are in, by thinking like a hacker you can help ensure you’re the last target attackers want to deal with.
Events aren’t easy, but working with WSB is. WSB works with thousands of respected influencers, thought leaders, and speakers each year and our experienced sales team is committed to the success of your event. For more cybersecurity speaker ideas, please contact us.