The 26th DEF CON Hacking Conference took place earlier this month, and has provided researchers and cybersecurity enthusiasts with some valuable insights on current practices and trends. This year’s theme, “1983: The View From Dystopia’s Edge,” explores a counter-future where people use technology for empowerment and connections rather than pervasive surveillance and control. If there is any takeaway from this year’s event, it’s that massive corporations and government agencies still lack basic security protocols. Here are the key points brought up:

Cybersecurity Threats Have Become More Sophisticated

The National Security Agency’s (NSA) Senior Advisor for Cybersecurity Strategy was one of the key speakers at DEF CON 26. During his presentation, Rob Joyce pointed out that cyber threat activity is evolving around the world, while the required level of expertise for hacking is decreasing. This is because hackers now have online tools that come with user-friendly features.

Joyce then likened cybersecurity to a team sport, in which government agencies and private enterprises must share information on cases of cyber breaches. This is so that both sides can work on a stronger solution against attackers. Considering his advice, businesses should be actively attending conventions or events like DEF CON in order to gain valuable advice from industry experts on online security.

US House of Representatives Candidates are Vulnerable Targets

It was revealed at this year’s DEF CON that 3 out of every 10 candidates running for the House of Representatives in the upcoming midterm election have websites that lack basic security protocols. Through testing programs, researchers found numerous security issues with these websites, including problems with digital certificates.

Organizations must realize that basic security features can save them from devastating attacks. If your business has a website, make sure that it uses HTTPS, as it provides additional security to the HTTP protocol. It adds another layer of encryption, especially when data goes in and out of the website. If there is no encryption, hackers will be able to intercept or manipulate any kind of private information the website database holds.

Many Companies Still Use Outdated Software

Another speaker at the event was Robert Karas, Cybersecurity Director of the National Cybersecurity Assessments and Technical Services (NCATS). In his speech, he mentioned that one of the most prevalent security risks among companies is the fact that most use outdated software.

Some businesses keep using older versions simply because software updates can come at an added cost. However, the reason why you should keep software updated is because the upgrades usually come with better security features to guard against newer threats. Therefore, it’s important to make sure every software your company uses is up-to-date. After all, Information Age notes that financial losses due to data breaches are just the beginning. Companies that suffer from an attack typically also have to contend with litigation costs, database impairment, and most importantly, damage to their reputation. When viewed in this light, the added cost of software updates to help prevent data breaches is well worth it.

Voting Machines Can Easily be Breached

A Quartz report on DEF CON detailed how an 11-year-old boy was able to easily hack a replica of the Florida Secretary of State website and change the results of the elections — all within 10 minutes. The activity was part of one of the conference’s workshops, where participants were allowed to manipulate key information on mock websites. In truth, government systems seem to be a common target for hackers, not just in the US. Computer Options previously covered a report on a massive breach that occurred in Singapore. Hackers were able to access 1.5 million patient records, including the prime minister’s.

Since the boy technically breached a fake website, he may have a future in offensive cybersecurity. This is a more proactive approach to data protection, and it usually seeks out holes in your organization’s cybersecurity plan to be able to patch them up. Maryville University’s page on their cybersecurity degree indicates that a combination of offensive and defensive tracks can strengthen an enterprise’s overall protection. You can have reactive measures in place, which includes executing digital forensics and putting up defenses (as well as updating them), while a more offensive security approach will involve ethical hackers that can test those defenses. The latter focuses on thinking like a hacker to keep potential threats from becoming full-on attacks. With this in mind, companies should look for talent or services that have expertise in both tracks.

Feature exclusively written for

By Jeannette Lorizio