This week BOHH Labs CTO, Ken Hawkins, attended the 2017 Atlanta Fraud & Breach Prevention Summit. Below he offers insight on the event.
Who Was the Most Interesting Speaker You Heard?
One of the most interesting talks was given by Bryce Austin, the former Program Manager and Technology Lead for Target during the infamous November 2013 breach. He offered more insight surrounding the attack that compromised millions of its customers’ credit card and debit card accounts. Due to the volume of people affected, you would have thought it was a highly-sophisticated attack. In fact, all it took was changing one line to the source code in the payment processing system and voilĂ . It is quite eye opening that all it takes for 70 million people to have their credentials stolen is the result of a single code tweak and weak network security.
What Was your Main Take Away on the Event?
The main takeaway for me is two-fold.
1. Cyberattacks when they happen are still often related to malicious code that has more than likely been on a system for some time. That said, any updates to network traffic monitoring more than likely will never see the attack coming no matter how often those systems or services are updated. The Target breach is a prime example because when it happened it was a flood of traffic that Target was unprepared to stop once it started.
2. We still have a long way to go in the industry before making progress in tackling cybersecurity attacks. So much of the conversation is focused on early detection and bracing for and minimizing the impact of the next imminent attack.
The metaphor of an M&M is used to mean hardened outer shell (network access) with a soft inner center (your network). Too much emphasis today is still being put on detecting network traffic and not dealing with hardening the systems internally. Moving forward there needs to be more focus on securing data, access to said data from within as well as outside access and looking at securing the actual tools inside the network and not just monitoring for unusual activity.
To learn more about the 2017 Atlanta Fraud & Breach Prevention Summit or to hear more on all of the speakers click here.
No comments:
Post a Comment