Posts tagged: cybersecurity

Why Phishing is Still a Dangerous Form of Cyberattack

Colin McMahon
 Nov 20, 2018

Stories about data breaches leaking personal data and damaging company profitability continue to make headlines. Much of the focus in these pieces includes the sophisticated forms of cyberattacks that are involved. For example, the WannaCry attack of 2017 was accomplished with a ransomware worm while the infamous Equifax breach reportedly came from software exploitation.

Incidents like these highlight just how threatening sophisticated forms of cyberattacks can be in the professional space. At the same time, however, focusing solely on software updates and worm virus protection is not enough to keep a company safe from a data breach. According to cybersecurity firm Wombat Security, 76% of companies have reportedly been victims of phishing attacks within the past year.

Read more »

Xerox Hosts Security Summit at New York Stock Exchange

Rebecca Schiffenhaus
 Jan 24, 2018

CNBC Bell Ringing

On January 23rd, 2018, Xerox hosted the Xerox Security Summit at the New York Stock Exchange. Understanding that cybersecurity has become essential for MFPs and printers as “always on end-points”, Xerox brought together thought leaders and partners in this field to join Xerox for the bell ringing and an afternoon of cybersecurity conversations. Mike Feldman, Executive VP and President, NAO, Xerox Corporation, opened the event by reflecting on the rebirth of Xerox one year ago, when Conduent became a separate company and Xerox was able to center itself.  In this past year Xerox has had many accomplishments, including a huge launch of 29 new devices, growth in ConnectKey and apps, and new devices and inks for production print.

Alissa Johnson, Chief Information Security Officer and former Deputy CIO for the White House opened the sessions by emphasizing awareness. Johnson said that breaches can usually be traced to a visible IP, an open port, or a vulnerable service. To protect these areas, Johnson had three tips, 1. Hunt- always assume there is a compromise, 2. Zero trust- whitelist instead of allowing, and 3. Cognitive security- develop advanced AI. Candace Worley, Vice President and Chief Technical Strategist for McAfee, discussed cybersecurity fears around automation. Namely, individuals fear that the system will malfunction, and they will be held accountable. Worley shared some important developments in this field, like the shift from prior work environments, with only a few operating systems and devices, to the current, complex network ecosystems with virtual desktops, countless devices, cloud services and more. Worley also discussed the anticipated labor shortage in cybersecurity, as there is a lack of talent to fill the jobs necessitated by cybersecurity. It is anticipated that by 2022 over 70% of jobs will go unfilled, and 9 out of 10 cybersecurity workers believe that they will need technology to fill that talent gap. Worley emphasized the need for more open culture, with sharing across vendors, to develop the technology to handle this.

Sergio Caltagirone, Director of Threat Intelligence and Analytics at Dragos, discussed the offensive and defensive sides of hacking. Encouraging everyone to be realistic about security, he stated that there are hunters and hunted. Caltagirone shared the Defender’s dilemma, “the adversary needs to be right once, the defender needs to be right every time,” but Caltagirone emphasized that the defender has the power, “the defender controls the space”. By shaping and controlling the environment, security experts have the upper hand so long as they maintain it. Dov Yoran, Sr. Director, Strategy and Business Development Security Group for Cisco, shocked and awed sharing this video, discussing the industrialization of cybercrime and how prevalent and intelligent it has become. Steve Hoover, CTP, Xerox, and Ersin Uzun, Vice President, Director of System Sciences Laboratory, PARC, discussed how approaching cybersecurity can emulate the way we approach parenting. Teaching security programs how to “think” by interrupting processes and asking it to explain why it made choices and having teaching moments for the next event. This leads to greater trust and faith in the program and helps preserve the human role in cybersecurity.

Over lunch, famed hacker Kevin Mitnick, showed us all how easy it was to fall victim to an intelligent cyber-scheme and made everyone feel like throwing their devices into the Hudson. He shared tips and tricks about phishing, ransomware, malware, cloning HID cards, and proved just how simple it would be to be targeted through a great number of innocuous daily business processes. During the final panel, the panelists were asked which they would prioritize: protection, detection, or prevention and the unanimous winner was detection. Detection was emphasized as necessary for expedient handling, as well as integral as a learning opportunity. To end the event, the panelists  shared what would be the one piece of advice they’d give for the day:

  • The most important things are integration and automation, this allows you to react faster and technology to work together.”- Dov Yoran
  • Patch quickly! It’s old school advice but do it. Patch rapidly because people hack rapidly.” – Candace Worley
  • Be proactive about insecurities- if your day to day is just monitoring, you’ve already lost.”- Sergio Caltagirone
  • Stay current.” – Steve Hoover
  • Educate your people about security, people are still a major source of access.”- Ersin Uzun

Xerox introduced the personified tenants of its security approach as characters of a “Super Cyber Squad”- the Protector, the Detector, the Preventer, and the Partner. It’s abundantly clear that conversations about cybersecurity are vital, and the more our industry collaborates and brings together different players, the better we will become achieving those tenants. This summit, and ongoing opportunities for sharing and learning among vendors, customers, partners, dealers, and subject matter experts, help to shape the future of cybersecurity.

 

Kevin Mitnick cloning an HID card 3 different ways in under two minutes.

Panel: Alissa Johnson, Ersin Uzun, Steve Hoover, Sergio Caltagirone, Candace Worley, and Dov Yoran 

 

 

2016 InfoTrends, Inc.

WordPress Appliance - Powered by TurnKey Linux