https:\/\/youtu.be\/lQuldLZFNp8?t3529 Cyber threats are a living, breathing phenomenon and defending against them requires both technological ingenuity and educating the humans using that technology. As befitting a tech-focused summit, the recently held CoinGeek Conference in Zurich didn\u2019t shy away from the threats posed by digital bad actors. Bryan Daugherty, Technical Outreach Manager (North America) at Bitcoin Association, assembled a panel comprised of Seth Halloran, Senior Network Engineer, Prime Technology Services; Aaron Jervis, General Manager, ReefIT; Dean Little, Co-Founder & Lead Developer, Bitping; and Danny Pehar, CEO, Web Safe Inc. to help illustrate the dark side of the digital revolution. Pehar began by noting the evolution of malware from essentially digital vandalism\u2014hackers showing off their coding skills by randomly targeting systems with viruses simply for the pleasure of seeing things break\u2014to a business model with targets selected for the sensitivity of their data and\/or the company\u2019s capacity to pay great sums to regain control. This evolution from vandalism to commerce\u2014and publicity surrounding the steep ransoms that companies have proven willing to pay \u2013 means the threat isn\u2019t going away. Moreover, the \u2018vulnerability environments\u2019 spawned by the growing number of devices on which network data is stored are providing bad actors with an ever-widening range of potential entry points. Pehar cited the infamous incident reported by Darktrace a few years ago of an unspecified casino that had its network compromised after attackers breached an internet-connected thermometer in an aquarium in the casino\u2019s lobby. Once inside, the hackers were able to access more valuable targets, including the casino\u2019s database of high-rolling gamblers. ReefIT\u2019s Jervis noted that as recently as five years ago, it was rare for a small-to-medium sized business (SMB) to be attacked this way. Nowadays it\u2019s constant, in part because SMBs are likely to have less protection than large enterprises. SMBs with more valuable data, such as medical clinics that might have thousands of detailed patient records, are particularly vulnerable. Pehar added that the costs associated with ransomware attacks aren\u2019t just counted in terms of the ransom paid. There are also legal fees, the loss of trust in a brand \u2026 in many cases, the ransom may turn out to be the smaller cost. Bitping\u2019s Little agreed, noting that the average cost of a Distributed Denial of Service (DDoS) attack on an SMB in 2018 was $78,000, rising to $2.3 million for enterprises. Little noted that there was a major asymmetry between monitoring and preventing such attacks and the cost of reacting to them once they\u2019re underway. White hats v black hats Little said his customers include cryptocurrency exchanges, streaming platforms, gaming platforms and other entities for which being forced offline for an extended period represents very high stakes. Bitping allows its customers to stress test their services ahead of time to fully understand their vulnerability. Bitping does this through what Little calls \u201ca commercial, honest, law-abiding version\u201d of the botnets that hackers use to attack their prey. Bitping works through a distributed network of real user nodes in 70-odd countries who\u2019ve downloaded Bitping\u2019s software and run it on their computers. These users allow Bitping to run tests of its customers\u2019 sites in exchange for micropayments in BSV on a per-use basis. Major players such as Amazon and Google offer their own testing services but Little says Bitping is optimized for false positives rather than false negatives. If Google tries to hit your website and it says you\u2019re offline, you\u2019re probably offline. But if they say you\u2019re online, that may not reflect reality, because Google lies at the center of the network, while most attacks occur on the fringes. Little believes Bitping\u2019s network of nodes can offer customers a far more granular and distributed version of data that\u2019s more representative of a company\u2019s end user experience. Little says this can include asking whether \u201ca user in this country with this internet service provider in this location on this device on this OS on this browser can perform this task.\u201d Little says Bitping wants to ramp up its ability to simulate DDoS attacks to allow for greater testing ahead of time. Bitping is also working on ways to allow customer networks to redirect traffic to other servers to minimize downtime while under attack. Currently, Little says in most cases the server under attack is the very thing making the redirect decision, effectively melting down while trying to mitigate the meltdown. Not good. Logging on to BSV RouterSV was announced as a project prototype last November and Daugherty asked Prime Technology\u2019s Halloran about its capacity to help families detect breaches of their home networks by storing router logs on the BSV blockchain. Halloran said attackers generally prefer to clear logs to cover their tracks, allowing them to remain in the network as long as possible while masking what they\u2019ve done and how they did it. Putting these logs on an immutable blockchain ensures the preservation of these records, allowing easier and earlier detection of an unauthorized intrusion. BSV can also ensure that an enterprise\u2019s IT department isn\u2019t contributing to their vulnerabilities through either sloppy workmanship or more deliberate hijinks. Having an extra level of check-and-balance allows you to determine what changes were made to a network, when they were made and who made them.\u00a0 Humans suck Daugherty asked the panel how to strengthen the weakest part of any network\u2019s defenses, namely, people clicking email links without knowing where that link might take them. Pehar agreed that education is often overlooked in favor of technological fixes, and while society mostly gets the impact of cybercrime, people neglect to recognize the probability of being a victim of cybercrime, aka the \u2018not going to happen to me\u2019 syndrome. Pehar cited four key educational planks: 1) What\u2019s the valuable thing you have that bad guys want? If you don\u2019t know that you need to protect your driver\u2019s license number, you probably won\u2019t. 2) What types of attacks are out there and how are the bad guys winning? 3) Where are you most vulnerable to these types of attacks? 4) What to do after an attack. But when humans fail, Bitping\u2019s Little said early detection was key. Nearly half of DDoS attacks aren\u2019t detected by companies (large or small) within the first hour. Little believes that Bitping\u2019s model of incentivizing its nodes through low-fee BSV micropayments could accelerate discovery of attacks and thus minimize downtime. Referencing the Fastly internet outage that made headlines last week, Little said that if Bitping\u2019s systems had been in place, the outage would have been detected early enough to prevent half the internet going down. Little said the outage should encourage discussion of how BSV\u2019s data-handling capacity might allow information to become more accessible and the internet\u2019s structure more secure. ReefIT\u2019s Jervis said he gets depressed when he comes into a situation in which a company has been compromised and he sees that the basics of defenses weren\u2019t in place. Properly securing a network isn\u2019t rocket science anymore, yet inattention to these defenses could mean a business is closed for good within a week. Jervis added that insurance companies are increasingly asking what digital defenses a company had in place when considering how to settle damage claims. Evidence of a half-hearted approach to defending one\u2019s network can lead to claims being rejected, so even if the attack wasn\u2019t fatal to a company\u2019s fortunes, the damage to its bottom line will linger.