I went to the BBJ’s Cybersecurity Expo, And Here’s What I Learned
Feb 03, 2020 Christian Rodriguez
For cybersecurity organizations (and the PR agencies that work with them), preparing for RSAC is an ongoing effort much like maintaining a good security posture. Plans need to be robust and detailed, strategies need to be fluid and adjustable to immediate needs, and once the event is over that only means it’s time to start thinking about the next one. Under such a stringent set of requirements, achieving all objectives we’re tasked with can prove a daunting challenge.
But whether you’re working in PR or cybersecurity, one of the best ways to gain an edge in a challenging situation is to equip yourself with knowledge relevant to your goals, and here at InkHouse our goal is always to secure interest for our clients through relevant, well-informed outreach. So in preparation for RSAC, I headed down to the Cybersecurity Summit & Expo hosted by the Boston Business Journal at the Ritz Carlton in Boston last week to learn the latest about the threats that organizations are currently facing and what cybersecurity experts are doing about them.
Hacking Objectives and the Source of Breaches
The first presentation at the BBJ event came from Matt Wagenknecht, a “white hat” hacker whose job is to attempt to penetrate a target organization’s security using any means at his disposal. He took attendees through a number of penetration techniques, both remote and physical, that a sophisticated hacker could employ in order to gain unauthorized access to a network.
For Matt, any hacker has three main goals: breaking into and hiding within a network to track activity, stealing money, or gaining internal network access. The three activities are closely related, as one often helps open the door for another. For example, an attacker that has infiltrated and hidden his or her self within a network can secretly monitor the process around wire transfers to the point where they learn enough to send through a fraudulent transfer request that follows all proper protocols and is eventually completed.
Unsurprisingly, the vast majority of breaches (91% to be exact according to Citrin Cooperman’s data) still come from phishing attacks. Training and awareness remain the best defenses against these attacks, but increasing sophistication around the delivery of malicious links and the gaining of privileges on a target device continue to make proper defense more difficult. Specifically, Matt cited the recently discovered vulnerability allowing attackers to spoof legitimate Windows certificates as a prime example of the convincing methods hackers can use to disguise their attacks.
The Federal Perspective on Cybercrime
The next presentation came from Joseph R. Bonavolonta, Special Agent in Charge of the FBI Boston Division, on how the Federal Government is approaching threats. Agent Bonavolonta described the agency’s approach to cybercrime as being separated into two main buckets: nation-state actors and cybercriminals.
In the realm of nation-states, China, Russia, and Iran are the highest priority. The special agent described China’s goal as surpassing the United States as a global power, noting how their cyberattacks were a key part of their strategy as they attempt to infiltrate organizations to steal intellectual property that will help them close the gap of technological advancement that currently separates our two countries. The Russians, however, are more interested in dragging other countries down to their level, meaning their cyberattacks are more often destructive in nature, seeking to do damage rather than surreptitiously steal information.
For cybercriminals not affiliated with any nation-state, Agent Bonavolonta told us that the FBI is focused on what they are calling “crime-as-a-service” operations. What defines such operations is the level of sophistication they display in terms of offerings around malware development and delivery, infrastructure services, comms platforms (forums and marketplaces), and financial services for processing payments and illicitly sourced funds.
In either case, Agent Bonavolonta stressed that increasing the amount of coordination and communication with the private sector is a key agency priority in the fight against cybercrime as a nation. Citing a lack of visibility into key areas such as critical infrastructure, he advocated for a two-way street of information sharing, and urged private organizations to open a line of communication with the federal government to prevent future breaches.
Takeaways Heading into RSAC
Based on my experience working with a number of our cybersecurity clients within InkHouse’s security practice, I’ve come to understand that the “always on” nature of cybersecurity permeates every aspect of the space. Hackers are always on the prowl, searching for new attack vectors, victims, and weak networks that might be vulnerable to intrusions, while defenders are constantly advancing their technologies and tactics in order to protect the organizations they serve.
This year at RSAC we expect to hear more about the sophisticated threats that organizations are seeing and what solutions are available to combat them. While the noise around the event can rise to a crescendo so loud it almost becomes static, we should all be sure to pay close attention. With top-tier speakers from federal agencies such as the NSA and DOD and top brands like VMware, as well as attendees from all over the world, it’s no doubt that this year’s show will have a big spotlight on security in the private and public sector and the risks we should be aware of in our personal and work lives. Stay tuned for more RSAC-related content from InkHouse’s security practice leading up to the show!