Vector
Vector

Choose your topics

Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Blogs
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Blogs
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
Blogs
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Vector-1
Cyber Security

Reflecting on Infosecurity Europe 2019

Reflecting on Infosecurity Europe 2019
Written by

Isadora Gregori

Published on

20 Jun 2019

Reflecting on Infosecurity Europe 2019

 

SureCloud returned to Infosec 2019 at London’s Olympia. The event was buzzing with stimulating conversations, keynote speeches, and training workshops; pioneered by some of the industry’s most knowledgeable figures. InfoSec is Europe’s largest and most prestigious cybersecurity event, curated to this year’s theme ‘Complexity, Risk & Resilience’, with 400 exhibitors and thousands upon thousands of visitors – spirits were running high, and our team at SureCloud were in the thick of it.

InfoSec 2019 Highlights

 

1. Industry gaps and challenges

Perhaps our most significant takeaway from Infosec was a deeper understanding of the needs in the cybersecurity industry – people’s current concerns are primarily focused around Insider Threats, Incident Response, and the Dark Web as a platform to gain access to Enterprises, as well as corporate espionage.

Some statistics to take away:

  • “Nearly 100% of data breaches start with stolen credentials” (Entrust)
  • “Email is the primary delivery mechanism for data loss and malware –65% of targeted attacks use spear-phishing campaigns from Office 365.” (Symantec)

Organisations are not taking enough measures to mitigate risk…

Although security awareness training is on the rise, there are still critical gaps in cybersecurity training that leave companies vulnerable to infiltration.

  • “70% of organisations with security awareness training have had an incident caused by employee security behavior.”
  • “96 % of social attacks, from phishing to tail-gating, are not reported by employees, impeding detection.”
  • “22 % of employees on average still click on phishing emails within organisations that believe they have a good security culture.”

The statistics demonstrate that there is always room for improvement when it comes to security awareness training. The industry not only needs to improve on how to prevent a breach from happening but how to deal with the aftermath and consequences that follow.

 

2. Human Error, the Ultimate Pitfall

In the realm of cybersecurity, the ultimate pitfall of any organisation is human error – irrespective of how impenetrable their security may seem. As such, any gaps in training and education are detrimental to the cybersecurity of any given enterprise. Countless firms were drawing attention to this crucial yet often overlooked aspect of cybersecurity, this theme was dominating Infosec 2019.

“Defense against social engineering techniques needs to be built around stringent frameworks for gaining and maintaining trust in your colleagues, customers, and all third parties you work with.” (DocsCorp)

Read here for practical steps on how to minimise the risk of human error in your organisation.

 

3. Maersk: The Largest Known Cyberattack

A particularly informative keynote speech at Infosec was given by Adam Banks, Chief Technology and Information Officer at Maersk. Adam reflected on the most devastating cyberattack known to date – NotPetya, 2017.

The malware attacked all types of businesses, from shipping ports to law firms. NotPetya successfully gained administrator access to machines. NotPetya successfully infected corporate networks, by gaining privileged access to unprotected machines, where the malware was able to propagate to other vulnerable systems.

Adam Banks shared his personal experiences of crisis-management and subsequent policy implementation which Maersk has kept in place to this day, underlining the key measures other organisations should implement in order not to be susceptible to such attacks.

Watch our webinar on cyberattacks, covering the most prevalent types of attacks and how they’re conducted – highlighting the importance of a penetration test.

 

4. Cybersecurity Back on the Front Foot?

2018 reports indicate a sizeable drop in malware and ransomware levels – however, the experts at Infosec are adamant we cannot let these statistics lead to complacency.

 

So, how safe are we really?

  • Cybercrime is projected to cost organisations and businesses as much as $6 trillion annually by 2021, as per 2019 ACR from Cybersecurity Ventures.
  • 1 in every 302 emails received by public administration users is malicious, according to Symantec’s ISTR 2019 report.
  • In January 2019, a staggering 1.76 billion records were leaked.

Evidently, the severity and frequency of cyber attacks are staggering, and cybersecurity cannot afford to let its guard down in light of other stats, no matter how optimistic they may seem.

5. Infosecurity 2019 Geek Street: ‘The Inside Story Behind VTech Storio Max Vulnerability – CVE-2018-16618’

SureCloud’s Senior Security Consultant, Elliott Thompson spoke at Infosecurity 2019 in the Geek Street Theatre. He found a critical vulnerability in a children’s VTech’s Storio Max device that left it fully accessible to an infiltrator. Elliott zeroes in on the methodology behind approaching unconventional devices, both their custom parts and their software.

Elliott spotted a vulnerability which could be infiltrated by a script written into the website, subsequently exposing the device to full root control by the attacker, including the webcam, microphone, and speakers. Once this vulnerability was reported back to VTech, the company took as little as 30 days to release a patch. In Elliott’s words, the key takeaway is that “it’s important that all internet-connected devices are updated as well as computers, especially if they are used by kids”.

The story, featured on the BBC, is highly topical from a security standpoint and is tailored to audiences from various technical backgrounds, with plenty of contextual information and lines of code to illustrate the intricacy of the process.

We urge you to watch Elliot’s speech here. 

Learn about our Cyber Resilience Assessment solution here. 

The team looks forward to seeing you again at InfoSecurity Europe 2021. We anticipate gaining more key insights on the trajectory of the cybersecurity industry, continually delivering innovative solutions for companies risk and security needs – And, as always, we hope to speak to you there!