weather icon Overcast

Expert: You’ve been hacked and you probably don’t even know it

There is no such thing as a computer network that has not been hacked or compromised, a leading expert said on Nevada Newsmakers.

“The experts today say there are only two types of computer networks,” said Ira Victor, digital forensic analyst for DiscoveryTechnician.com. “Those are networks that have been compromised and the owners of those networks know where they have been compromised, how far and what data; and networks that have been compromised and the owners don’t know where the compromises are and how far they have gone in and what data.

“We are at that point and with the experts, that is pretty much the consensus on that opinion,” Victor said Monday. “All networks are compromised and it’s just how much you know about it and how much you don’t.”

Businesses and other entities with computer networks may not be aware of the hack but can still be compromised, Victor added.

“They do other types of techniques that are exploiting the networks but they keep a low profile so that the people that are running the business or working the business have no idea,” he said.

Firewalls and other computer security services are not security blankets for computer systems, Victor said.

“So anti-virus (programs) and firewalls, you want to have them but they only offer very minimal protection,” he said. “They do not keep the bad guys out of your network.”

Victor, who has testified about cybersecurity at the Nevada Legislature, said the state of Nevada (and many businesses) can’t afford to secure every bit of information in their systems. So those entities should concentrate on what is the most important data that needs protection.

“The first thing I would suggest for the state (of Nevada) is that the state needs to have an inventory of what information they have and rank it in terms of the most valuable information and start concentrating their resources on protecting the most valuable information,” Victor said. “Guess what? That is a recommendation I have for all businesses and all organizations.

“If the bad guys are in your network — and they are — and if they are there persistently — and many times they are — then it is often not cost-effective to protect everything, every little shred of information and every single communication in your network. So we need to rank them and say, ‘What is our most valuable asset? What are our crown jewels? And then, concentrate our resources on protecting our most valuable assets.”

Business and government don’t earmark a lot of money toward cybersecurity, Victor said.

“We’re not going to get a lot of money for information security,” he said. “Let’s just be realistic about this. It is the same as in business. So you’ve got to concentrate your energy on the crown jewels — the most valuable information — and acknowledge that is what you are going to do.”

Security, risks

“Information Technology,” or IT, is not the same as information security, Victor said.

Culturally, the people in IT are taught to deliver services on time and on budget.

“The cyber criminals are breaking into networks with such frequency and such ease that they don’t always exploit that network right away,” Victor said. “So if we have less than $10,000 to spend, we figure out a way … so we’ve got to ‘stand up’ those systems, as we like to say, and deploy them and do the best we can with the $10,000 we have over the next three years. That is the culture of IT.

“In information security, we look at risk, our culture is about risk,” he said. “What is the data we have? What are the risks? How do we mitigate those risks?

“And then we go to our decision-makers and say, ‘Here are the risks. Here are the liabilities. If you want (to) protect that data, here are the steps that need to be taken.’”

When government agencies or businesses try to protect all their cyber information, that is a good thing for the “bad guys,” Victor said.

“There is a laundry list of valuable information that organizations have,” Victor said. “And they are not doing enough to protect it. Now some of it has to do with economics. It’s expensive. That is why we’ve got to concentrate our efforts and say, ‘Hey, these are our most valuable information assets and we’re going to protect them and really do a strong effort to do so. And we are not going to stop the cyber criminals until we do that. I mean, bad guys are having a field day because we’re saying, ‘Well, all of our information is valuable, and then none of it gets well protected, or not enough of it gets well protected.”

Ray Hagar is a journalist for the “Nevada Newsmakers.” More information on the public affairs broadcast program, podcast and website is available nevadanewsmakers.com

Don't miss the big stories. Like us on Facebook.
Tonopah health care provider expands services

Central Nevada Regional Care, a new health care provider in Tonopah, began operations in March and offers walk-in urgent and primary care services seven days a week.

Nevada Health Response releases Phase 2 guidance

Nevada Health Response issued specific guidelines for 16 categories of industries to use as they enter Phase 2 of Gov. Steve Sisolak’s roadmap for reopening the state.

Unemployment claims fall for 4th straight week

Finalized data from the Nevada Department of Employment, Training and Rehabilitation show initial claims for unemployment insurance totaled 15,607 for the week ending May 23, down 2,230 claims, or 12.5 percent, compared to last week’s total of 17,837. This is the fourth consecutive week of declines in regular initial claims. Through the week ending May 23, there have been 495,840 initial claims filed in 2020, 474,488 of which have come in the last 11 weeks.

STEVE SEBELIUS: Masks really shouldn’t be political

Although most people agree with the idea of wearing masks in public, they have still become a political symbol in a divided nation.

Nevada Health Response adds testing locator map

As Nevada moves into Phase 2 of its reopening of businesses and social activities statewide, testing for COVID-19 is an important tool for health officials and professionals who are working hard to ensure that anyone who needs a test can get one.

Nye County reopens office, one masked visitor at a time

Nye County announced Monday on its Facebook page that it is, with restrictions, reopening the Planning Department and Building and Safety Division.

Supreme Court rejects California church’s challenge

Chief Justice John Roberts again was the deciding vote Friday when the U.S. Supreme Court rejected a California church’s attempt to overturn the state’s coronavirus restrictions on in-person religious services.

U.S. 95 closing for repairs in Nye, Esmeralda counties

The Nevada Department of Transportation is temporarily closing U.S. Highway 95 between the U.S. Route 6 and State Route 360 junctions from 6 a.m. June 3, through 4 p.m. June 17 in Esmeralda and Mineral counties, a closure needed for $2.43 million in federally funded emergency repairs.

Golden announces Pahrump properties will reopen June 4

Golden Entertainment, Inc., announced Friday that Pahrump Nugget Hotel &Casino, Gold Town Casino and Lakeside Casino &RV Park will reopen at 12:01 a.m. on Thursday, June 4.

Administration considers resuming nuclear testing

The Trump administration has discussed whether to conduct the first U.S. nuclear test explosion since 1992 in a move that would have far-reaching consequences for relations with other nuclear powers and reverse a decades-long moratorium on such actions, the Washington Post reported Thursday.