SureCloud returned to Infosec 2019 at London’s Olympia. The event was buzzing with stimulating conversations, keynote speeches, and training workshops; pioneered by some of the industry’s most knowledgeable figures. InfoSec is Europe’s largest and most prestigious cybersecurity event, curated to this year’s theme ‘Complexity, Risk & Resilience’, with 400 exhibitors and thousands upon thousands of visitors – spirits were running high, and our team at SureCloud were in the thick of it.
InfoSec 2019 Highlights
1. Industry gaps and challenges
Perhaps our most significant takeaway from Infosec was a deeper understanding of the needs in the cybersecurity industry – people’s current concerns are primarily focused around Insider Threats, Incident Response, and the Dark Web as a platform to gain access to Enterprises, as well as corporate espionage.
Some statistics to take away:
- “Nearly 100% of data breaches start with stolen credentials” (Entrust)
- “Email is the primary delivery mechanism for data loss and malware –65% of targeted attacks use spear-phishing campaigns from Office 365.” (Symantec)
Organisations are not taking enough measures to mitigate risk…
Although security awareness training is on the rise, there are still critical gaps in cybersecurity training that leave companies vulnerable to infiltration.
- “70% of organisations with security awareness training have had an incident caused by employee security behavior.”
- “96 % of social attacks, from phishing to tail-gating, are not reported by employees, impeding detection.”
- “22 % of employees on average still click on phishing emails within organisations that believe they have a good security culture.”
The statistics demonstrate that there is always room for improvement when it comes to security awareness training. The industry not only needs to improve on how to prevent a breach from happening but how to deal with the aftermath and consequences that follow.
2. Human Error, the Ultimate Pitfall
In the realm of cybersecurity, the ultimate pitfall of any organisation is human error – irrespective of how impenetrable their security may seem. As such, any gaps in training and education are detrimental to the cybersecurity of any given enterprise. Countless firms were drawing attention to this crucial yet often overlooked aspect of cybersecurity, this theme was dominating Infosec 2019.
“Defense against social engineering techniques needs to be built around stringent frameworks for gaining and maintaining trust in your colleagues, customers, and all third parties you work with.” (DocsCorp)
Read here for practical steps on how to minimise the risk of human error in your organisation.
3. Maersk: The Largest Known Cyberattack
A particularly informative keynote speech at Infosec was given by Adam Banks, Chief Technology and Information Officer at Maersk. Adam reflected on the most devastating cyberattack known to date – NotPetya, 2017.
The malware attacked all types of businesses, from shipping ports to law firms. NotPetya successfully gained administrator access to machines. NotPetya successfully infected corporate networks, by gaining privileged access to unprotected machines, where the malware was able to propagate to other vulnerable systems.
Adam Banks shared his personal experiences of crisis-management and subsequent policy implementation which Maersk has kept in place to this day, underlining the key measures other organisations should implement in order not to be susceptible to such attacks.
Watch our webinar on cyberattacks, covering the most prevalent types of attacks and how they’re conducted – highlighting the importance of a penetration test.
4. Cybersecurity Back on the Front Foot?
2018 reports indicate a sizeable drop in malware and ransomware levels – however, the experts at Infosec are adamant we cannot let these statistics lead to complacency.
So, how safe are we really?
- Cybercrime is projected to cost organisations and businesses as much as $6 trillion annually by 2021, as per 2019 ACR from Cybersecurity Ventures.
- 1 in every 302 emails received by public administration users is malicious, according to Symantec’s ISTR 2019 report.
- In January 2019, a staggering 1.76 billion records were leaked.
Evidently, the severity and frequency of cyber attacks are staggering, and cybersecurity cannot afford to let its guard down in light of other stats, no matter how optimistic they may seem.
5. Infosecurity 2019 Geek Street: ‘The Inside Story Behind VTech Storio Max Vulnerability – CVE-2018-16618’
SureCloud’s Senior Security Consultant, Elliott Thompson spoke at Infosecurity 2019 in the Geek Street Theatre. He found a critical vulnerability in a children’s VTech’s Storio Max device that left it fully accessible to an infiltrator. Elliott zeroes in on the methodology behind approaching unconventional devices, both their custom parts and their software.
Elliott spotted a vulnerability which could be infiltrated by a script written into the website, subsequently exposing the device to full root control by the attacker, including the webcam, microphone, and speakers. Once this vulnerability was reported back to VTech, the company took as little as 30 days to release a patch. In Elliott’s words, the key takeaway is that “it’s important that all internet-connected devices are updated as well as computers, especially if they are used by kids”.
The story, featured on the BBC, is highly topical from a security standpoint and is tailored to audiences from various technical backgrounds, with plenty of contextual information and lines of code to illustrate the intricacy of the process.
We urge you to watch Elliot’s speech here.
Learn about our Cyber Resilience Assessment solution here.
The team looks forward to seeing you again at InfoSecurity Europe 2021. We anticipate gaining more key insights on the trajectory of the cybersecurity industry, continually delivering innovative solutions for companies risk and security needs – And, as always, we hope to speak to you there!