Category: security culture

With business and technology becoming increasingly intertwined, organizations are being forced to rethink how they look at digital security. Once overlooked or viewed as a mere afterthought, today it has become a business-critical necessity. As a result, organizations across industry lines are racing to improve their security postures. Chief Information Security Officers (CISOs) are at […]… Read More

The post The ClubCISO report reveals a fundamental shift in security culture appeared first on The State of Security.

KB4Con 2022 ended on a high point as it involved an individual many of the attendees had been excited to hear from – someone who is widely considered to have coined the term hacking. It was none other than computing security consultant, author, “one-time world-most wanted hacker” and Chief Hacking Officer at KnowBe4, Kevin Mitnick.

Kevin, who attend virtually via Zoom, was joined on stage by Colin Murphy, Chief Information Officer at KnowBe4. The talk was in the form of a Q&A with Colin asking Kevin questions that varied from his early hacking experiences, recommendations for today’s hybrid workforce as well as his thoughts on vigilante hackers from America that want to provide support to Ukraine. 

Kevin’s interest in hacking came from his love of magic. He was fascinated by the tricks that could be played on the mind and individual which eventually evolved into pranking friends and family. He then applied what he learned to computing which was a new and unexplored world. However, he was met with an obstacle. As someone who didn’t study the required subjects to enter a computing class, he was initially turned down by his teacher. Disgruntled but determined not to give up, Kevin wrote a phishing program that stole the credentials of 80% of the staff and students in the 1970s – the first piece of code he had ever written. Astonished, the teacher allowed Kevin to study in the class (and unknowingly gave birth one of the world’s most formidable hackers).  

Fast forward to present day and Kevin has a long list of achievements, warrants, items hacked, and media appearances. Yet, he is still a security professional that wants to help the many and parted with helpful advice to those in the audience who were hanging onto his every word.  

For example, when Colin asked, “What are your recommendations for today’s hybrid workforce?” Kevin stated that organisations must assume a breach on the network has already occurred, with all devices connected to the network continuously scanned and secured using Endpoint Detection & Response (EDR). He continued explaining the importance of MFA (multi-factor authentication) and education to help train users, and the wider workforce, about popular cyberattack methods like phishing. Enabling the individual at home to be more secure must be a priority for every business that has a remote workforce was his message.   

Kevin also noted the importance of prevention to the security of an organisaton, especially given the tactics adopted by modern day ransomware groups are not too dissimilar to those witnessed when he first started hacking himself. The objective, put plainly, is to keep all sensitive credentials safe and to transform the organisation’s security culture and reduce human risk at every level. 

The talk also included a live demonstration of a vishing attack that Kevin had created to obtain mobile numbers using the automated voice attendant at AT&T – a familiar voice to those in the US.  

It was a fascinating talk and closed an incredible 3 days of KB4Con 2022, where positive connections were made to help us make smarter security decisions for the future.   

The post KB4Con 2022 – The Latest in Hacking Techniques with the World’s Most Famous Hacker appeared first on IT Security Guru.

Humanity has always embraced technology and, today, we are seeing increased IoT integration, cloud adoption and vast wave of remote workers who are connecting to more online infrastructures. However, this is leading many to question the cyber resiliency of organisations, particularly at a time when cyber-attacks are at an all-time high. In fact, according to respected engineer and technology author Peter Diamandis, “over the next ten years, we are going to see roughly 100 years of technological change.”

This was how Dr. Lydia Kostopoulos, SVP Emerging Tech Insights, and James McQuiggan, Security Awareness Advocate at KnowBe4, opened their KB4Con 2022 talk Implementing Cyber Resilience Utilization for the Fourth Industrial Revolution.  

The discussion first delved into our past interactions with technology; because if you don’t know where you’ve come from, you don’t know where you’re going. And this famous quote held significance in this discussion as Lydia and James stated we had entered the fourth industrial revolution.  

However, to understand this, the audience were walked through the previous three industrial revolutions (from the 1800s to present day) to see how each brought about changes that moulded society, from our technological innovations to our education habits which would define the generations that came after. 

Lydia and James then explained how the fourth revolution has given birth to IoT, Automation, Machine Learning, Quantum, the Metaverse and cyber-physical systems. Human interaction with these technologies is growing because most things have become electrified or digitised.  

These systems are even being found in our homes in the form of Siri, Alexa and Google Home. While they are designed to aid us when called upon, there are instances where such AI IoT devices are being creepily invasive by listening to our conversations.  

Yes, there are issues to iron out but the convergence of technology, like AI, has benefited society in many ways, from healthcare to transportation.  Furthermore, the use of IoT devices is well documented within SCADA and Industrial environments as they help connect individuals to enterprises. The critical point though is human intervention will always be required to oversee these systems as the lack of security is becoming more apparent.  

The talk then moved onto quantum technology, cryptocurrency and blockchain. Quantum computing is a hot topic with many nations and enterprises claiming to have reached quantum supremacy. However, both commented the fear that Quantum will have the ability to break encryption (using Qubits) and so building quantum resistant encryption must be a priority.  

Furthermore, Lydia noted the rise in blockchain, cryptocurrency and NFT attacks. She stated that banks “are not as targeted and so threat actors are turning their attention to cryptocurrency because of the lack of security.” Indeed, in 2022 alone, a report found that users had lost crypto-assets worth over $700m in security breaches at exchanges and storage providers. This didn’t deter approximately 70% of the talk’s audience who raised their hands in stating they owned some form of cryptocurrency.  

With the creation of these new technologies, building cyber resilient cultures will be the lynchpin in organisational and societal growth and security. Lydia explained how organisations needed to achieve cyber resiliency built through effective, open and clear technology communication channels. This includes adopting a mindset that allows the workforce to understand what malicious attackers think, and therefore build a culture, so it becomes second nature – akin to a red-teaming mindset. Have education be the foundation by following a security culture playbook which embeds security into the organisation’s culture, from top to bottom – this is the next evolution that must be taken as we enter the fourth technological revolution.  

The post KB4Con 2022 – Cyber Resilience and the Fourth Industrial Revolution appeared first on IT Security Guru.