Vector
Vector

Choose your topics

Blogs
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Blogs
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Blogs
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Vector-1
Cyber Security

Preparing your own security for a security conference – DefCon

Preparing your own security for a security conference – DefCon
Written by

Soni

Published on

20 Jul 2016

Preparing your own security for a security conference – DefCon

 
 

It’s that time of the year again when the information security professionals, hackers and media convene in Las Vegas for the DefCon and Blackhat events. This is a chance for everyone to share research, participate in various events, discover new vulnerabilities, learn new attack techniques and generally collaborate as a community.

With less than a week until it all kicks off, there are a few key precautions that the security team here at SureCloud is taking, which we recommend you also follow. With such a collection of skills in one location, the risk of becoming a target or falling victim is heavily increased.

Equally, this advice can be expanded to wider precautions that you should take when travelling to similar events or in general.

  • RFID Attacks – the RFID chip in your passport and credit/debit cards can be read from metres away. As demonstrated at previous events, by simply having these items on you, you are opening yourself to attacks. Although carrying cash presents its own risks, cloning of your credit card and identity could have a much wider impact on your security. Therefore, one key recommendation is to leave anything you don’t physically need inside your hotel room.  When carrying items around ensure they are inside an RFID shield / wallet to prevent them from being read.
  • Public/Open Wi-Fi – using public/open networks is risky at the best of times but especially at a security conference, using open networks is a very bad idea. Avoid them at all costs whilst at the event. A much generally safer option would be to use a cellular network, but ensuring you’re tunnelling your traffic, for example via VPN. If you are using a laptop or any other device, and you require internet –  ensure you have a firewall setup to deny all inbound access and tether via USB for outbound access. Also, please ensure to turn off Wi-Fi and Bluetooth on the device and ensure that the services you are accessing via VPN are over encrypted protocols (HTTPS/SSH etc).
  • Cellular Attacks – at previous events, attacks on cellular networks have been clearly demonstrated – be very mindful of these and ensure as per the above recommendations that you are not discussing or communicating anything sensitive without protecting yourself via VPN and additional encryption even within the tunnel itself.
  • Update your devices and software – ensure that any device and all software on your device is fully updated before you step foot on the plane, train, car, boat or bike to travel to the event. This should include all third party software, anti-virus, applications and web browsers. Whilst at the conference, do not accept updates for software that pop-up or prompt unless you are absolutely certain of its origin. Many attacks target update mechanisms used by common software. Best practice –  should you need to update whilst at the event, visit the vendor’s website directly, ensuring they are implementing HTTPS to assure validity of whom you are connecting to.
  • Beware of malicious cash machines – as seen previously at DefCon, fake cash machines were put in place purposely designed to steal card details. Be very cautious of using machines during the event, particularly in or around Paris/Bally.
  • Bring burner devices – do not travel with any data that you don’t want to risk losing. Consider taking a new built laptop and phone that can be formatted and reconfigured post the event. This is especially important if you are planning to use them in any of the labs/training workshops.

The most important and overall recommendation is to have fun and enjoy the event. SureCloud’s security team will be attending DefCon and we are very much looking forward to catching up with the community.

See you there!