BW Sessions: Binary Defense Systems

by TODD STOLARSKI | Dec 3, 2015

In our constantly evolving digital age, cybersecurity is something we now all need, but very few of us actually have. Digital crime can be committed from anywhere in the world, by someone you’ll never see, but the security breaches usually can be traced to a Nigerian prince, it seems. It’s not a matter of when your information will be compromised, just how deeply. Fortunately, help is out there.

David Kennedy founded Hudson OH-based Binary Defense Systems (BDS) in Sept. 2014, seeking to give security providers a much better, 24/7 service than was typically found elsewhere in the industry. Kennedy may be a familiar face to many, having become a go-to digital security expert for national news sources like CNN, FOX, and MSNBC, over the last decade.

Even more knowledgeable on the subject is Kennedy's chief information security officer at BDS, Jamie Murdock. To help us wrap our minds around this important but complex topic, BW checked in with Murdock, for a revealing chat on hacking ATMs, online safety, and the final digital frontier.

BW: What is the main idea behind BDS?

Jamie Murdock (JM):  We’re a managed security systems provider who delivers monitoring for our customer networks. This can range from something as simple as people forgetting their password all the way up to a full DDOS attack or hack into their system. We do that by hardware that we place in the customer's cyber-environment which then reports back to us. Anytime that there is any kind of odd security event, we have a 24/7 operations center that can assist our clients with running out the incident completely. We also have a Threat Intelligence team. They monitor for any kind of imminent threats to an organization. That could range from slander all the way to coordinated attacks that are being planned towards that organization. We provide full briefs based on our intelligence.

BW: How does your team keep attacks like slander, or worse, from causing real harm?

JM: When people are making slanderous accusations against an organization, nine times out of 10 (spell out single digit numbers, using numerals for greater), it’s on social media. Our threat intelligence department, has created tools of it own to monitor social media for specific types of keywords in reference to a client's customer base. We use open source intelligence, information on the ‘darknet’; that’s the more nefarious realm of the internet. We do a lot of work on that side too. At times it is he-said-she-said, but it can be full-on if someone is planning on hacking this company. It ranges from something which may seem fairly simple to some rather complex intelligence gathering.

BW: Did BDS encounter any unexpected challenges  when entering the market

JM:  Absolutely. The landscape out there changes pretty rapidly. With any new business, you’re going to encounter some hiccups you didn't quite foresee. A lot of our competitors have been in the game for a long time providing this service. We’re a small boat, so we can pivot and turn very quickly. Whereas, when you’ve established your line of service, based on something that was the right thing to do five, 10 years ago, you’ve built your ship based on that. It takes longer to turn and make the changes then.

BW: With all this change swirling in the cybersecurity industry now, how do you see the services that BDS offers being different a decade from now?

JM:  We're constantly evaluating what's going on in this space, trying to take a good look at it and be a step ahead. We have a lot of tools that we’ve written, in-house, that change the way that monitoring is done on a network. We’re in constant communication with our customers. We always ask about what they want and what they are looking for. And we base the strategic vision of our company on that.  

BW:  As the cybersecurity market draws more competitors, what makes BDS stand out?

JM: Our people. We don’t hire entry level because we don’t hire entry level people. On Monday, we just had a new analyst begin here. Our standard analyst, my newest person... I would put them up against any level 2 or level 3 (expert) at our competitors, any day of the week, and feel comfortable with it.

BW: Do you see smart devices getting safer or easier to infiltrate as we move forward?

JM: The number of smart phones has been a security concern for a number of years because you are seeing more of them in the enterprise environment. A: How do you secure them? B: After you secure them, how vulnerable are they going to be? The caveat to that is, the amount of attacks that happen to any smart device is extremely low. [But] you can’t even go a week without seeing headlines online like “There’s a vulnerability inside Apple iOS or another Android hole” . So for the past few years, your nefarious hackers haven’t targeted those devices. Of course, there are exploits for smart devices, but for right now, and the next year, it isn’t as large of a threat as people think.

BW: Ok, buzzword time. The Internet of Things is playing an increasing larger role in all of our lives. Tesla recently rolled out an autopilot mode. Other car companies are experimenting with connected and driverless vehicles, too. But there has been some fear mongering on the news about that. So, does it really take just one bad apple to take over your car now?

JM:  Whenever there is any kind of vulnerability that is found, whether it is a connected car, or smart TVs -- stuff like that --, because it is newer tech, it is a huge deal. Security researchers are going to spend months, weeks, hours, trying to get into those devices and cause mischief, just like they did when the Internet first came out. If somebody redflags an issue and mentions that that they have taken over the autopilot function on a Tesla Model-S, you have to look beyond that salacious headline. What did that person have to do to execute that hack? What is the outcome of it? Can you actually make that vehicle turn left or right? Or simply get in and view the mainframe computer? Additionally, what does it actually take to accomplish that?  There was a researcher a few years ago who found a way to hack a Diebold ATM. They gave a presentation on it at DevCon, this giant hacker conference. Huge news, right? Looking closer, this person bought an older Diebold ATM and worked for over a year on it in the basement. Your common person is not going to have access to an ATM for a year. By the time he went public with his presentation, that exploit had been fixed, for a while. [But] people look at that headline [still] and freak out and think “our ATMs aren't safe!”.  

BW: There have been a lot of high-profile hacks in the news recently. From the US government to Ashley Madison to Target. How can individuals feel truly safe in today’s digital world?

JM: There is no way to be truly safe. If something is connected to the Internet in anyway shape or form, then you should prepare yourself for a compromise. There's a pretty common saying in security that it's impossible for any chief security officer to say: “We're not gonna get hacked”. Anyone who say that does not understand how cybersecurity works. You should always plan, whether you are a Fortune 50 firm or my grandmother, that you could be compromised.

BW:  What is one tip Joe Everyman can do now to improve his digital security?

JM:  If you ever post anything on the internet ever, snapchat, anything... if it ever touched the internet, it is there forever. (So) if you have any potential concern about posting anything, do not post it.  Be aware of your surroundings. Unfortunately, losing data on your own, or because of someone else, social engineering is still the top factor to getting data of any kind. You can tie back every large breach to social engineering.  

_____________________________________________________

With over seven billion people on Earth today, and well beyond a billion websites on the Internet, there exists a seemingly endless ocean of pop-up ads informing you that your laptop is infected with a virus, only to prompt you to download their thinly veiled malicious software. If you don’t know your surroundings, the nefarious entities will seize on your naivety. David Kennedy, Jamie Murdock and everyone at BDS want to ensure  that both individuals and companies can be locked down and sufficiently guarded in this new age wild wild west. Because these days, everybody’s favorite generous African prince is the least of our worries.

To contact the author, write to todd.stolarski@builtworlds.com, or follow him on Twitter @toddstolarski.