Winning at cyber security feels great!
What did you do on the global Data Privacy Day, January 28th? Our Deloitte Cyber Security Team attended (and won!) the first ever Nokia HackAthon game on a day full of excitement, fun and a lot of collegial meetings. Over 70 hackers from a few companies, the Finnish Aalto University and one association were invited to what Nokia called “no-dress-code, just-code” event. Preliminary information shared was a perfect fit to the occasion. “You can access a few devices physically and also see a range of IP-addresses”. A delicious task for the teams.
Blog: Tero Mellin / Deloitte
The devices included a CCTV camera system, a couple of laptops and two different tablets, all of them more or less nicely configured with security protection settings you would expect to have. It took an hour, before the Deloitte team cracked the first target, followed by other teams. At the end, we were able to stand tall and proud as the winners of the first Nokia HackAthon!
What did we found and learn? A CCTV system that by default was authenticating to its command server with clear text credentials. Ouch! A tablet device which had company emails available was hacked by a Deloitte expert in an hour. Imagine it’s your company's C-Suite level person's lost tablet and the secrets these inboxes typically contain? Oh boy!
Laptops were configured with one well-known brand's full disk encryption. However, an attempt of a seriously well thought social engineering brought the access too close to my liking. Had there been a little more time, I'm pretty sure files would have been accessible.
• Individual devices will always be vulnerable for malicious persistent attacks.
• Take cyber security seriously and work your ways diligently, and the resilience against technical hacks will increase a lot.
• Add few buckets full of awareness and guidance to your people.
• Add well governed information security practices and you'll not be an easy prey.
• Our Deloitte team is now even more known for being able to hack and prevent hacks very efficiently.
Resilience will help you continue business even during ongoing interference.