SureCloud returned to Infosec 2019 at London’s Olympia. The event was buzzing with stimulating conversations, keynote speeches, and training workshops; pioneered by some of the industry’s most knowledgeable figures. InfoSec is Europe’s largest and most prestigious cybersecurity event, curated to this year’s theme ‘Complexity, Risk & Resilience’, with 400 exhibitors and thousands upon thousands of visitors – spirits were running high, and our team at SureCloud were in the thick of it.
1. What We Learned…
Perhaps our most significant takeaway from Infosec was a deeper understanding of the needs in the cybersecurity industry – people’s current concerns are primarily focused around Insider Threats, Incident Response, and the Dark Web as a platform to gain access to Enterprises, as well as corporate espionage.
Some statistics to take away:
Although security awareness training is on the rise, there are still critical gaps in cybersecurity training that leave companies vulnerable to infiltration.
The statistics demonstrate that there is always room for improvement when it comes to security awareness training. The industry not only needs to improve on how to prevent a breach from happening but how to deal with the aftermath and consequences that follow.
In the realm of cybersecurity, the ultimate pitfall of any organization is human error – irrespective of how impenetrable their security may seem. As such, any gaps in training and education are detrimental to the cybersecurity of any given enterprise. Countless firms were drawing attention to this crucial yet often overlooked aspect of cybersecurity, this theme was dominating Infosec 2019.
“Defense against social engineering techniques needs to be built around stringent frameworks for gaining and maintaining trust in your colleagues, customers, and all third parties you work with.” (DocsCorp)
Read here for practical steps on how to minimize the risk of human error in your organization.
A particularly informative keynote speech at Infosec was given by Adam Banks, Chief Technology and Information Officer at Maersk. Adam reflected on the most devastating cyber attack known to date – NotPetya, 2017.
The malware attacked all types of businesses, from shipping ports to law firms. NotPetya successfully gained administrator access to machines. NotPetya successfully infected corporate networks, by gaining privileged access to unprotected machines, where the malware was able to propagate to other vulnerable systems.
Adam Banks shared his personal experiences of crisis-management and subsequent policy implementation which Maersk have kept in place to this day, underlining the key measures other organizations should implement in order not to be susceptible to such attacks.
Watch our webinar on cyber attacks, covering the most prevalent types of attacks and how they’re conducted – highlighting the importance of a penetration test.
2018 reports indicate a sizeable drop in malware and ransomware levels – however, the experts at Infosec are adamant we cannot let these statistics lead to complacency.
So, how safe are we really?
Evidently, the severity and frequency of cyber attacks are staggering, and cybersecurity cannot afford to let its guard down in light of other stats, no matter how optimistic they may seem.
SureCloud’s Senior Security Consultant, Elliott Thompson spoke at Infosecurity 2019 in the Geek Street Theatre. He found a critical vulnerability in a children’s VTech’s Storio Max device that left it fully accessible to an infiltrator. Elliott zeroes in on the methodology behind approaching unconventional devices, both their custom parts and their software.
Elliott spotted a vulnerability which could be infiltrated by a script written into the website, subsequently exposing the device to full root control by the attacker, including the webcam, microphone, and speakers. Once this vulnerability was reported back to VTech, the company took as little as 30 days to release a patch. In Elliott’s words, the key takeaway is that “it’s important that all internet connected devices are updated as well as computers, especially if they are used by kids”.
The story, featured on BBC, is highly topical from a security standpoint and is tailored to audiences from various technical backgrounds, with plenty of contextual information and lines of code to illustrate the intricacy of the process.
We urge you to watch Elliot’s speech here.
Catch us at Infosec’s 25th anniversary in June 2020. We anticipate gaining more key insights on the trajectory of the cybersecurity industry, continually delivering innovative solutions for companies risk and security needs – And, as always, we hope to see you there!