Posted on Monday, February 26, 2018 in CybersecurityBlog written by Rob Swenson
There’s a 16-minute video available on YouTube that’s more compelling than most TV dramas.
The real-life video shows a team of hired hackers breaking into a power cooperative’s facilities somewhere in the Midwest to test and help improve the company’s security’s practices. (Spoiler alert: Without causing any serious damage, team members rather easily broke into multiple facilities over three days and achieved full access to - and potential control of - the company’s electrical grid.)
The team of ethical hackers was from Redteam Security, a company in St. Paul, Minn., that provides services to test the security of networks, applications, people, and facilities. The video by Tech Insider that documents one of the Redteam’s exploits has been viewed more than 5.4 million times in less than two years.
One of the stars of the video, Ryan Manship, will be a featured speaker at a high-level, regional cybersecurity conference on March 27 at the Holiday Inn City Centre in Sioux Falls. Manship will give the afternoon keynote.
Another featured expert at the Sioux Falls Cybersecurity Conference also will bring unique and fascinating national experience to the event. FBI Supervisory Special Agent Jay Patel will give the morning keynote.
The U.S. Chamber of Commerce and the Sioux Falls Area Chamber of Commerce are cohosting the conference, which is designed to help businesses in a multistate area improve their online security.
The business-focused gathering is scheduled for 7:30 a.m. to 1:30 p.m. The cost for general attendees is $75. A limited number of student tickets are available for $40. To register, use the button below.
Topics that will get attention at the conference include the role of federal and state agencies in cybersecurity, and practical steps that businesses can take if they get hacked.
SDN Communications is the event’s top sponsor. The telecommunications company is a regional leader in providing broadband connectivity and cybersecurity services to businesses and other organizations.
Malicious hacking has become so pervasive that no business is completely safe – not even companies that seem to do everything right, said Vernon Brown, vice president of marketing and community relations at SDN. So companies that have been victims of cyber intrusions should not be reluctant to step forward and seek help, he said.
“We have to get over this sense of shame for being hit because any business can be hit,” Brown said.
Emerging threats and the need for businesses of all sizes to be vigilant and have a protection plan will be among the points discussed by Patel, according to the Chambers.
Manship said during a phone interview that companies often have assumptions about their level of security but don’t test them, and their expectations often prove to be inaccurate.
Statistically, people are the weakest link in most businesses’ security strategies, he said. In nearly every one of the Redteam’s test intrusions, crew members were able to talk a target company employee into doing something that he or she shouldn’t do, such as provide access to a building or network.
“Social engineering is nearly always successful, to some degree,” Manship said.
The most encouraging moment in the YouTube video comes when a suspicious co-op supervisor denies building access to members of the hacker team. They had presented themselves to the receptionist as tech workers wanting to test the company’s internet speed.
However, obstacles such as barbed-wire fences, locked doors, surveillance equipment, and computer rooms posed little challenge.
Redteam Security, founded in 2008, is a small, flexible business with nine employees.
The company’s flagship service, called “red teaming,” simulates an attack to help the client identify security vulnerabilities. Manship will recount some company experiences in his presentation at the Sioux Falls Cybersecurity Conference.
In the meantime, if you haven’t seen the video about Redteam, check it out. You’re likely to conclude, as Tech Insider did in making and posting the video, that companies definitely need to step up their game in the fight against cyber attackers.