In the early afternoon on Wednesday, at the midway point of the Consumer Electronic Show’s first-ever all-day event dedicated to cybersecurity in Las Vegas, an attendee got up and asked a group of panelists: “How paranoid should we be?”
The rest of the attendees, as well as the panelists, burst up laughing. The feelings of the man who asked that earnest question was likely shared by many of the other roughly 100 attendees, who had just gone through a sort of crash course in all the basic security threats they should be worried about, from phishing to the simple risks of not password protecting a personal device.
The goal of the event, called CyberSecurity Forum, was simple: tell the crowd of CES that it’s time to care about cybersecurity and design products with security in mind.
“You have a lot of work to do,” John Overbaugh, the president of security firm InfoSecure, looking at the attendees, said during one of the talks.
The Internet of Things, the catch-all term used to describe a future where everything is connected to the internet, was the big elephant in the room. Sure, it’s great to be able to change the temperature in your apartment with your smartphone, or checking whether you need milk when you’re already at the grocery store, but all these devices can—and are already—becoming “new targets” for hackers, according to Michael Stawasz, the Deputy Chief for Computer Crime at US Department of Justice.
Of course there's a Mr Robot banner at CES' first-ever "Cybersecurity Forum" pic.twitter.com/QrIAISz6e5
— Lorenzo Franceschi-B (@lorenzoFB) January 6, 2016
Imagine a future where criminals hack into your internet-connected fridge and infect it with ransomware, the popular type of malware with which cybercriminals lock your files or computer and demand a ransom to return everything to its original state.
“How much are you going to pay when your refrigerator starts to defrost?” Stawasz asked ironically during a panel.
“How much [ransom] are you going to pay when your refrigerator starts to defrost?”
Somewhat surprisingly, this was the first time cybersecurity had its own dedicated event at the conference (last year, also for the first time, the conference had a section of the show floor dedicated to privacy and one to security). CES is supposed to be a future-looking fest, but hacking isn’t the future, it’s a well-established reality, where no one and nothing is truly safe.
“I couldn’t believe it when they said this was the inaugural one,” John Sileo, an identity theft expert, told me after his talk in the morning.
Brian Krebs, a renowned independent journalist who covers data breaches and cybercrime, echoed that thought during his own talk, where he warned that “the vast majority” of products being displayed at CES are not designed with security in mind.
For Amjed Saffarini, the CEO of CyberVista, a new cybersecurity training company which organized the event, the key question is how much convenience consumers are willing to give up for security and vice versa.
“I’m concerned that people aren’t asking that question before making decisions,” Saffarini told me at the end of the event.
Saffarini, who said that perhaps it’s the cybersecurity industry that failed to have a bigger presence at the tech show, also said the goal wasn’t to scare people, but to “open their eyes.”At the end of his talk, Sileo, the identity theft expert, showed a slide with the seven basic things people should be worried about, including phishing, bad passwords, and social engineering. Almost immediately, dozens of people raised their phones to snap a picture of the list. It’s hard to tell if the forum opened the attendees eyes to the importance of cybersecurity, but it definitely got their attention.