Day two of #infosec16 was packed full of goodies, highlights below..
William Hague took the stage at #infosec16 for the keynote this morning and a follow up article appeared in infosec magazine here. Particularly interesting was his response with regards to finding a balance between national security and individual’s privacy – People also want to know if the balance is being struck correctly. It’s not appreciated that this goes to the top of government agenda and senior members of government spend a lot of time on that issue, he explained.
“That does need explaining more, because we have a strong system of safeguards in this country and it’s getting stronger with the new legislation before parliament, which would be of some reassurance to people.”
Cisco technical lead, security research Martin Lee, explained to the #infosec16 crowd that today’s hackers are manipulating age-old theft models and improving them for modern-day cybercrime, with the evolution and widespread use of ransomware a key example.
“Ransomware itself is not particularly old. The very first example dates from the tail end of the 1980s,” he said. “Hackers will try to find out the maximum price for your data; ultimately they don’t care, but they know you care about your data so you will most likely pay up”, he said.
However, Lee argued that ransomware is, in fact, fairly easy to defend against, if you are regularly using workable backups; although it is important these are carried out from a holistic viewpoint that takes into consideration factors like delivery, exploitation, installation and recovery. “If you can block ransomware early on, then it cannot get the key, and the malware cannot activate”, he said.
Lastly, in a briefing with #infosec16, execs from Gigamon, Fidelis Cybersecurity and Logrhythm, agreed that vendors must cooperator and collaborate sharing security information.
“We are dealing with an information security skills shortage and we have seen dozens of vendors not talking and doing their own thing and defending their own stance and it has made it difficult for our customers, but we are working together to have conversations and exchange data so we reduce the time to detect and resolve.”
Justin Harvey, CSO at Fidelis Cyber security said with regards to the European General Data Protection Regulation (GDPR) – “But regulations do not stop attacks such as ransomware, crimeware, espionage,” he said. “What does stop attackers is full visibility and full endpoint visibility and being able to see it in a concise manner. We couldn’t agree more!
More Here [blog.infosec]