Another potential weakness relevant to the conference attendees? Leaving laptops and mobile devices unattended in a hotel room during the day or somewhere on the conference floor.
Before his general session, Sileo claimed to have walked around the conference exhibit hall to test the awareness of attendees.
“It’s easy to walk amongst this crowd with nobody seeing you,” he said. “Did anyone catch me touching your devices before the session? I touched more than 30 devices with nobody seeing me in the room. People here trust automatically—we set our devices down and go get coffee. Someone like me, who is malicious, can just walk along and you’re still logged on. You have to have encryption and passwords on your laptops.”
Also, beware of smart phones, said Sileo.
“Your smart phone is both a massive productivity tool and also a back door into your network and your clients’ entire wealth if not secured properly,” Sileo said while demonstrating how to hack into an attendee's iPhone in a few short, easy steps. “The key is to respect both faces of technology. ... Build data defense into every aspect of your information offense—the good way you use information—and then to control everything you can about them. I never want you to get into the narrative that security is beyond your control."
Sileo emphasized that he was not alone in having his identity breached and stolen, claiming that 90 percent of the conference audience already had an illicit personal profile on the dark web being traded and pored over by cybercriminals.
“That doesn’t mean it’s too late. It means it’s time to do something about it,” said Sileo.