Keep Your Enterprise ‘Lights’ On: Cyber Security Exchange Day 1 Roundup
Add bookmarkFrom “quick fire” presentations on phishing and third party vendor risk, to dedicated masterclasses in security awareness training and privileged access attack routes, day one of the Cyber Security Exchange in Amelia Island, Fla., remained both informative and interactive throughout.
Both solution providers and IT security budget holders gathered at the exchange to discuss innovative tactics, pain points, recurring themes throughout the space, anecdotal evidence and best-practice insight – all in an effort to shore up networks, protect data and streamline the general IT security process.
Following a midday orientation, Chief Information Security Officer at CareFirst BlueCross BlueShield, Donald Horn, delivered the event’s opening remarks, followed by a keynote address from two Lennar representatives: Juan Gomez-Sanchez, chief security officer, and Margarita Santiago, senior director, risk and compliance.
The eventful day pressed on with a plenary session on money-grabbing war stories – that is, an event called “Ransomware Stories from the Front Lines.” The discussion zeroed in on both incident response and bullet points on safer cyber activity – including email security, bolstering business continuity plans and mitigating threats.
In a “quick fire” session, RevBits Chief Technology Officer Mucteba Celik spoke about phishing campaigns – including history and direction. Another quick-fire session spearheaded by MindPoint Group outlined the pros and cons of third party vendors and the concept of outsourcing IT duties to an independent company. Like many cases within the IT sphere, managed service providers (MSP) can be a wonderful asset or a risk. Despite this ambiguity, with proper tools, the third party may allow for a more streamlined workflow (with proper vetting).
See related: Forward Thinking: 5 Ways To Improve Your SMB Security
In a masterclass on “securing the privileged pathway,” CyberArk Software, Inc. National Director, Barak Feldman, discussed PAM, or privileged access management, and how “basic hygiene” measures can be implemented to avoid having hackers tap into domain controllers.
As Feldman said, most attacks start at the endpoint – and can still be instigated by “insider” access. Gaining local admin access to a PC could lead to malicious software installation – and subsequently, “lateral” movement within a network as the hackers look to continue their assault.
Access to the domain controllers, “can turn the lights off in an organization,” Feldman said, before continuing on the many access points on a network.
Feldman said possible attacks could even start with hackers Googling default passwords on printers. IoT devices, laptops, and other devices still stand to be “entry points” or “terminals” to more sensitive data on a network. A hacker’s goal, Feldman said, is typically to “start going higher up.” This applies to nation-state actors and other sophisticated hackers as well.
An enterprise’s security goal, he suggested, should be in identifying potential hackers and if breached, containing them so they cannot access mainframes, personal health information (PHI) systems or domain controllers.
In remedying the PAM issue, Feldman suggested a number of “best practices,” including focusing on critical assets and then the rest of the infrastructure.
See related: Cyber Security Talent, App Hack Tops November News
In what he called a 30-day “sprint,” Feldman suggested network security professionals monitor built-in backdoor admin access, control and monitor direct access to domain controllers and utilize vendor-to-vendor integrations for high-value accounts.
One method of particular note includes password “vaulting,” and regularly adjusting network passwords.
Furthermore, in another masterclass, security awareness advocate Erich Kron, of KnowBe4, spoke about best practices and the future direction of security and awareness training.
Touching on the perils of phishing attacks, Kron said that 91% of data breaches begin with some form of phishing. What’s more, Kron acknowledged other startling statistics and trends, suggesting that W-2 scams, where attackers get users to relay their financial information, will be prevalent in Q1.
KnowBe4 research also suggests that 55% of people click on phishing campaigns in the first hour of hitting their inbox.
In prefacing the larger training narrative, Kron said that – according to Carbon Black – hackers pay an average of $10.50 to get into the arena, a numbingly low figure that could suggest even more of an uptick in ransomware attempts.
Kron's "best practices" in security training include: having explicit goals, deciding which behaviors you'd like to "shape," treating your program like a marketing campaign, phishing frequently (random simulated phishing attacks) and avoiding the alienation of relevant people in the room.
The day concluded with roundtable discussions on security education awareness, implementing and innovating true cloud security, developing and sustaining a cyber security risk framework, and opportunities and threats within digital transformations at the enterprise level.
The 2017 Cyber Security Exchange is a three-day industry event organized by IQPC, held at the Omni Amelia Island Plantation Resort, Fernandina Beach, Fla.