Europe’s biggest cybersecurity event – InfoSec 2019 – attracted thousands of IT professionals and with the who’s who of experts, vendors, researchers and professionals under one roof, it offered up the perfect opportunity to get the skinny on the cybersecurity landscape.
Talking of the skinny, here are the main talking points to come out of this year’s show.
Security Awareness Training Is Important
Well yeah, we told you about that last week.
To recap, we told you that ‘security training is about making employees more aware of the likely threats they’re going to face and more sceptical of what they’re receiving via email, messaging or social channels’.
It helps businesses protect themselves from phishing attacks as well as helping them stay compliant, ensuring that everyone in the business or organisation has a basic knowledge of cybersecurity best practice.
Cofense (previously known as PhishMe) unveiled an awareness training solution focussing on empowering users to report dodgy-looking emails, then using machine learning to automatically remove the threat from users’ inbox.
In our blog we mentioned that the training needs to be a little bit more than dumping your staff in a room and talking at them for an hour and specialist cybersecurity training firm Cybermaniacs have taken that advice one – actually about 15 – steps further by using puppets to deliver their training sessions. Whatever works, right?
Again, while cybersecurity training is important for staff in businesses and organisations of all sizes, a more sobering issue came out of one of the breakout sessions delivered by Ciaran Martin, CEO of the National Cyber Security Centre in the UK. He said that if businesses concentrate too much on security awareness training (including simulated phishing tests), they won’t be secure.
‘If it’s all a company does’, Martin said, ‘they will never get the click rate down to zero, nor should they expect to. As security experts, we all understand that, but do boards? That’s the sort of thing they need to understand.’
We said that last week too. It’s as if we all have an inkling of what we’re talking about…!
The Vicious Circle of the Dark Web
Back in April, we asked if the dark web was just drugs and data and of course it isn’t but if that’s what you’re looking for, you can find it with ease. The trouble is, every time a site is shut down or a group of cybercriminals are arrested, there’s 20 more in a line waiting to pounce. Worse, each one is more sophisticated than the last.
Cybercriminals are now targeting the biggest of big boys – FTSE 100 and Fortune 500 companies – and according to leading criminologist Dr Mike McGuire they are using the platform to network and collaborate anonymously.
As expertinsights.com says, what’s worse is that ‘he also exposed how corporations are using the dark web for insider trading, corporate espionage and employee blacklisting. His research found that 4 in 10 dark net vendors are now selling hacking services aimed at FTSE 100 and Fortune 500 businesses. These are high priced targets, with the higher profile an attack, the higher the cost involved. The research also highlighted the dangers of phishing attacks to businesses, with 27% of Dark Net listings overtly related to phishing tools to use against Enterprise.’
KeepNet Labs have software that uses scanning technologies to monitor the dark web to help identify compromised accounts and company data breaches. This helps organisations achieve more proactive cyber security and also allows for faster incident response.
SixGill presented platforms that allow organisations access to the dark web in a similar way to a search engine, allowing them to quickly and easily search for names, accounts and businesses to help them proactively stop cyber threats from being carried out.
The Biggest Threat Facing Businesses Is…?
Email attacks. Again, hardly shock of the century and it harks back to last week’s blog about training. Office365 and cloud-based email filtering promised greater security but according to Security Strategist at Symantec Sunil Choudrie, the move hasn’t been as secure as many had hoped.
Symantec’s research shown that email is the number one delivery mechanism for malware and data loss, with 65% of targeted attacks utilising spear phishing campaigns from Office365. As always, the key is for vendors to come up with new and more intelligent solutions to combat a problem that isn’t going away.
KeepNet Labs presented a solution offering incident response to allow users to report suspected phishing emails and VIPRE have an email security gateway that uses machine learning and AI.
As always, it remains to be seen how effective they are but the trouble is that whatever the good guys come up with, the bad guys will come up with something to get round it.
Third Party Fire & Theft
Another trend that came out of InfoSec was the persistent threat of insiders – (usually disgruntled) employees who have access to confidential business data and who are intent on selling to the highest bidder. The data is lifted in a number of old-school ways – saved to USB sticks, photocopying it or printing it – and a number of new ways including encryption and steganography – the practice of concealing a file, message, image, or video within another file, message, image, or video.
Perhaps the most frightening statistic came from Deep Secure, a vendor specialising in content threat removal who found that almost 50% of the British public would sell corporate data to a third party, and one in four would do so for just £1,000.
Veriato’s platform allows for admins to detect, respond and analyse threats with Cerebral, an insider threat detection tool, and real time employee monitoring that allows you to see employee desktop activity in real time. This allows businesses to go back after a breach and identify the employee who leaked the information.
So, they were the headlines from InfoSec 2019 and for the full exhibition lowdown from Infosecurity magazine, click here.
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk cloud, training, security, cutting-edge IT solutions or what’s better, cottage pie or shepherd’s pie. Whatever you want.