I had the great opportunity of attending the Infosec World conference in Orlando, Florida from April 3rd - 6th and wanted to share some of the things I learned from my experience. The annual conference is focused on the security industry and includes sessions varied for super technical to high-level CXO levels. I attended a variety of breakouts to get the full experience and included some highlights from these sessions below which I feel apply directly to the Lloyd Community.
Ransomware Is Not Going Away
Ransomware has become a familiar term for just about everyone these days and is proving to be a major problem for SMB markets. Some new variants of ransomware are going as far as to encrypt the entire workstation, making it impossible to get onto the machine if rebooted. There are a few products out there that do early detection and reduce the impact, but it was made clear during the conference that the industry is still relatively inexperienced when it comes to getting in front of these attacks. Lloyd is currently evaluating a few methods and products to help combat ransomware before it becomes a major issue on our clients’ networks.
Know What Your Cyber Insurance Covers
Do you know what your policy covers? Will it pay for a ransomware attack in bitcoin? How soon do you have to contact your insurance company after an incident is declared? If you don’t know the answers to the previous questions, you are not alone. The landscape for attacks has changed drastically in the last two years and will continue to do so in the years to come. It is important to ensure your policy is getting updated to cover new types of cyber-attacks.
We Have Been Breached. Now What?
One of the best breakouts I attended was a role play where the attendees were broken up into four different groups- CXO, IT, Legal/HR, and PR. Each group was given an envelope with specific information relating to security breaches, and we had to work together to resolve each scenario. Not only was the exercise fun and interactive, it was a great way to see how well we are prepared to handle a situation when we become a victim of a cyber-crime. The key takeaway was how important communication is between the internal and external parties, and how vital it is to have a plan of action in place before events like these occur. Completing a roleplay of your own is a great way to test your incident response plan.
The Security Frameworks
Security frameworks are documented processes that define procedures for implementing and managing security controls in an IT environment. Lloyd has been looking into several security frameworks to help our clients increase their security posture and follow industry standard best practices. The two frameworks we have been looking into are the National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS) frameworks, and it was clear from the conference that these are the two framework’s that are most applicable to Lloyd and our community.
Security frameworks were a focus of conversation during this year as well, and Lloyd is planning on introducing the concept to our clients in the near future as we move forward with our security initiatives.
Bill’s “Most Interesting Product” Award Goes To…
The vendor pavilion at the conference was filled with endpoint protection, encryption, vulnerability software and rights management software, but the new trends and most interesting for me were definitely centered on artificial intelligence and cyber hunting.
- Artificial Intelligence: The artificial intelligence products focused on scanning your network, baselining the activity by users and machines, and then alerting on things that deviated from the baseline. For example, if Mary from accounting tries to access files from the HR folder (something she doesn't normally do), it would trigger an event. If new applications are found on the network that are going to an address that no other applications go to, an alert would be triggered. A great thing about these products is that they aren't signature based - everything is done by machine learning.
- Cyber Hunting: cyber hunting is sort of like identity theft detection for your company. Identity theft monitors will look at your personal details, habits, etc., and notify you when something seems out of whack - you've been purchasing groceries and day to day items in New York, so what's with the credit card charge in Utah, or the sudden request for new legal documents? Cyber hunting products proactively go out and search the “dark web" (the World Wide Web content that exists on networks which use the public Internet but require specific authorization to access) for your company’s domain or other company details in order to report back on potential threats to your network that evade normal automatic tools.
Overall, InfoSec World was a great conference filled with a ton of cybersecurity ideas and initiatives. I learned a lot, and I am excited to share that knowledge with our community. If you have any questions or want to discuss any of these topics, please feel free to reach out.