Ralph Echemendia: Educating society is the best solution for cyber security

TechChill tech event took place on February 8-9 in Riga, Latvia. The event hosted over 2000 representatives from all over the world.

Ralph Echemendia is a world-renowned cyber security expert, known internationally by his alter ego “The Ethical Hacker.” For over 20 years, Ralph has delivered training on hacking and other security information to corporations including the U.S. Marine Corps, NASA, Google, Microsoft, Oracle, AMEX, Intel, Boeing, Symantec and IBM. He is the CEO of Seguru.

Ralph has worked with award-winning Director Oliver Stone as a technical supervisor on films such as “Savages” and “Snowden” as well as other projects such as film “Nerve” and award-winning TV series “Mr. Robot”.

Itel.am talked to Ralph Echemendia within the frames of TechChill.

2017 was a remarkable year, taking into consideration the amount of online attacks and data theft of all kinds. Do you think this happened because hackers became smarter or the defense side became weaker?

Now there are more regulatory and legal requirements that the companies have to adhere to. You wouldn’t see this much in the past, but this new culture has developed over the past few years.

On the other hand, from the point of governments, political and geopolitical situations hacking is viewed as a tool for manipulation of the masses and perceptions. You can take any message and make it real on the Internet, and this isn’t a typical intelligence act. This is a completely new tool, when they hack not a machine but perceptions. So the understanding of what is real and what is not is rather cloudy now.

What are the current trendy directions of cyber hacking?

The trendiest directions nowadays are based on web-based applications more than anything else. Recently there was news that a major leak of iOS source code happened. That’s where hackers get started. If you already have the access, then you try to find the flaws. Now we are seeing more and more proliferation in attacks towards mobile environments (iOS and Android).

Ralph Echemendia
photo © TechChill

What recommendations do you have for the governments in order to protect their systems and build a strong cyber tech system?

I would like to direct my message not only to the government, but across organizations as well. The big problem is to be able to identify major attacks on time, as very often people find the issue when it’s just too late, which means a greater adverse impact. It’s all about the time, time defines impact.

The ideal protection has more to do with detection than prevention. You can only prevent what you can detect. If there is something questionable happening, find the source and do it quickly. If a government or organization can determine the issue in 5 minutes it will be more efficient and lower risk than in 500 days.

I think the governments have an even bigger problem which is the fact that they can’t actually attract and keep people the way companies do, as the governments operate mostly on bureaucratic system. The governments need to have the ability to work with the creative minds, which is not very government-like activity.

Do you think AI is becoming the driving force of hacking in future?

No I don’t think so. I personally think AI is a fancy term but in fact nothing more than automation. It’s automating something that a human could do, but automation is still created by humans, so AI is not going to be the force for hacking, it can actually be a vulnerability.

It can have a positive impact, but it will not replace hackers, I think. It can be used as a tool. And hackers will probably find ways to speak to machines.  

We can argue that we are all artificially intelligent, as we are products of our environment. Similarly replacing something that humans could do is another product of environment. So it’s the matter of input and output, which you can manipulate, especially in AI.  

Would you recommend people to have their data on clouds?

It depends on the data. Most of the people don’t have a choice. They are using free services like Gmail, which aren’t exactly free, as they are making money on you.

Ralph Echemendia and Narine Daneghyan
photo © TechChill

People are worrying about the confidentiality of certain data, but most people don’t have knowledge base to create and operate their own private servers. The term cloud is combination of technology and virtualization. It appeared in 1960s, but it changed over time and now it’s just a marketing term. But as I said most people don’t have a choice but to use Dropbox, Gmail or other services. If you have data that you don’t want anyone to see, you shouldn’t put it on any kind of public service.

Where do you think the industry is moving in 5 years?

Everything is going so fast but we won’t see a massive change in solving this problem, if we don’t really address them at consumer level. There is no company, no government in reality, everyone is a consumer first whether they are presidents of countries or hold other positions. Country is the way we operate through but at the end of the day we are all global consumers of technology.

As we take away the fear and uncertainty that comes from cyber security world, we see a better solution. The real solution for a safer internet experience (or cyber security) is educating society. There is no patch for human stupidity, it’s very easy to take advantage of it and manipulate the people using the tech.

What will be the top 3 hacking methods of 2018?

I think we will see more of Ransomware attacks, as well as more sophisticated online social engineering or phishing attacks and a lot more scams. If we put all that together with other more popular means, it can affect the whole crypto market, stolen wallets, etc. And it’s not going to stop.

You are called “The Ethical hacker”. What’s the story behind this?

Generally, hackers have been associated with people like bank robbers. For years the hacker community has been trying to introduce the character of “a positive hacker”, but the term itself will always have a negative connotation, even if you call it “an ethical hacker”. Nonetheless, the ethical aspect is more related to the hacker, as hackers are deciding what they are going to hack. For example, you don’t hack someone’s boyfriend’s social accounts, but you can hack a company or individual, if that individual or the company authorizes in writing that you may do that. Ethics are a matter of responsibility to others. This is how I would represent the ethical part.

Ralph Echemendia
photo © TechChill

Do you know anything about Armenian tech?

Actually 2017 was the first year when I heard that much was going on in Armenian tech. I heard there is a very refreshing movement in Armenia and the whole region. It’s a buzz and it’s real, it’s a different creative and powerful buzz.

Everything is moving so fast, and in a short period of time we will see superstars coming out of this country. Speaking about Armenia, engineering is in your culture owing to Soviet heritage. And today you are now more open to creativity, we’ll see some cool things soon.

I was 14 when I was introduced to technology. I think the younger, the sooner we get a result. In US for example there are no programs that teach technology to kids from early age. They don’t even have many events like TechChill, it’s not the same. There is not this kind of buzz which is supporting the ecosystem.

We need not just to teach kids, but also listen to them and empower them. It’s great that in Armenia kids get to know coding from an early stage.

Narine Daneghyan talked to Ralph Echemendia