Lizzie
Warren

HexCon22 Day 3 highlights: Ending on a high note!

Lizzie Warren

Sep 23, 2022

16 min read

HexCon22 has officially concluded. As much as it aches to see the event end, we are glad to be a part of HexCon22.
We’ve got some fantastic highlights coming up for you, including talks on cybersecurity, incident response, data protection, and more. Many of our speakers used their experience to give insights on what organizations need to know about keeping their people, devices, and networks safe and secure.
Here’s a short rundown of what happened on the final day of HexCon 22:

Cybersecurity and “Just Culture”

Lesley Kipling, Chief Cybersecurity Advisor at Microsoft, talked about cybersecurity and introduced us to a concept called “Just Culture” at HexCon 2022. She explained just culture as a supportive and encouraging culture where employees report issues without the fear of losing their job.

She believes that rewarding those who report is preferable to punishing those who do not. It contributes to the organization’s “Just Culture.” Moreover, she feels that identity protection is critical, and that attitude lies at the foundation of the zero-trust strategy. She urged everyone to utilize authentication rather than passwords, as it makes life more difficult for attackers. Sadly, after an incident, most people play the blame game. She highlighted her dissatisfaction with the way security is blamed when a breach happens, as if IT is the only department that suffers when a breach or hack occurs. The session was concluded by recommending corporations to see security as a business risk.

How to protect your identity in a post pandemic world

“Work is something you DO, not a LOCATION”.

Bil Harmer, Operating Partner of Security, Craft Ventures started the session with this statement. Technology is no longer the sole domain of technologists. He additionally mentioned that it is due to BYOD and the present work environment.

Bil also discussed the Snowden effect. When Snowden disclosed massive passive surveillance, the world witnessed a major demand for data encryption.

“Snowden-effect”
Bil Harmer explaining Snowden effect
 

Bil also brought the listener attention to the pros and cons of SSL/TLS which are as follows:

Pros:

  • Confidentiality
  • Integrity
  • Authentication

Cons:

  • Malware
  • Compromise
  • Exfiltration

It is also critical to be aware of Business Email Compromise (BEC). The FBI currently ranks BEC as the top crime. It was further revealed that over $43 billion in losses had been recorded. Malware as a service is rapidly expanding these days. The platform offers criminals tips on how to personalize ransomware demands as well as the possibility of translating the malware into several languages.

Zero Trust Security: Panel Session

Jaye Tillson and John Spiegel, Directors of Strategy and Network Transformation at Axis Security, used the HexCon22 platform to explain down the notion of ‘Zero Trust’ for all of us. They discussed the Security ServiceEdge forum, its objective, and its purpose. To understand more about zero-trust, they interviewed its founders. They discovered that zero-trust is a concept, not a technique, and advised us to never trust and always verify.

Both of them feel that, even if the world has changed, zero-trust is still as crucial as it was before. They discovered the importance of knowing your business. It’s not only about technology; it’s about people as well.

Fighting cyber-attacks is a difficult struggle that everyone agreed on. As a result, we must educate everyone on it, not just the IT crew. They further claim that the inventors of zero-trust were the first to notice that IT had a major security problem. The discussion concludes with the realization that the existing solutions will no longer work in the future.

The Nature and Scale of Cyber Crime – Why the Focus has shifted from Security to Resilience?

As global connection and cloud service usage grow, so does the danger of cybercrime. Traditional data security procedures may no longer be sufficient. Simon Newman, Interim CEO of the Cyber Resilience Center for London, spoke about cybercrime and security resilience in his session.

He commented about:

  • The increasing application of technology in business
  • Utilizing technology to reach out to new customers, develop, and expand
  • How does expansion raise the danger of breaches and cyber-attacks?
  • What do cyber dangers and statistics reveal?
  • Law enforcement committees’ challenges and potential solutions
  • The risks of the future and how to deal with them

 

According to him, cybercrime is on the rise and is likely the fastest-growing crime. Businesses are less capable of detecting breaches than they were five years ago, which concerns Simon. Globally, conviction rates for reported attacks are exceedingly low. This presents a hurdle to law enforcement. Simon closes the session with some simple precautions to take to keep safe, such as:
  • Authentication using many factors
  • Using updated software
  • Increasing staff awareness and many more.

Mitigating cybersecurity incidents with artificial intelligence

Have you ever seen an AI digital twin of a speaker deliver a session? That’s exactly what happened here! As AI algorithms have access to more data, replacing old methodologies with AI can improve threat detection and reduce cybersecurity issues. Igor van Gemert, CEO of Learnmetaverse.today, who is well-known for his revolutionary technological proposals, simplified it for us.

“Mitigating-cybersecurity-incidents-with-AI”
AI digital twin of Igor van Gemert delivering the session
 

The entire session was divided into two parts. Initially, he discussed reducing cyber dangers and events. Later, the operational technology in the industry area was explored. The explanation by him for threat hunting was also shocking. The future of threat hunting lies where machine learning automates analysis and model building using algorithms that enable organizations to proactively search for advanced threats through big data.

Igor also demonstrated supervised and unsupervised machine learning, as well as their outcomes, using basic examples. Thousands of employees operate across the world at several global secure operating centers to reduce digital hazards for us. He concludes by describing how AI is used in cybersecurity applications.

How can compliance frameworks help you win the war with cybersecurity?

Kimberly Simon, VP of Marketing & Strategic Partnerships at ControlCase, discussed cybersecurity methods and how compliance may assist. She began by outlining who is the target of all cybercriminals. If we are ignoring cyber security, we are costing the company.

The speaker also identified phishing and compromised credentials as the top two first attack routes. She indicated that most of the work was spent identifying and containing stolen or compromised credentials.

Kimberly distinguished between two sorts of compliance: security compliance and privacy compliance. She also talked about many key facts, including:

  • how we equip the firm to defend our customers.
  • recommended firms to develop a compliance program that is intended for continual compliance.

The speaker concludes the session by addressing the three basic requirements for success as follows:

      • continuous, accurate information and a successful compliance program,
      • an automated compliance platform, and
      • Monitoring compliance programs that are integrated into the systems.

Smart tips to run your business remotely and keep it safe from hackers

According to recent research, it is reasonable to conclude that remote work is here to stay. Burton Kelso, a tech expert, speaks to HexCon participants on smart ways to manage enterprises remotely and safely. It is critical to ensure that when working remotely, you are taking precautions to protect yourself from cyber criminals.

Some of the most serious hazards to remote employees include:

  • Ransomware
  • Social media threats
  • Malicious websites
  • Phishing
  • Weak passwords

“Smart-tips-to-run-your-business”
Burton Kelso explaining cloud storage and cloud backup
 

More than 99% of cyber-attacks rely on human interactions. The speaker concludes by suggesting ways to be followed to keep you safe from cyber criminals. They are:

  • Back up your data and your devices
  • Protect and manage your mobile devices. It includes:
    • Use passphrases instead of passwords
    • Use password keeper
    • Use two-factor authentication
    • Use BitLocker and FileVault for Windows and Mac devices respectively
    • Use encrypted forms of emails and many more.
  • Keep an eye on the free WiFi hotspots where you connect your mobile devices.
  • Keep your devices and software up to date
  • Stop negligence and accidental risks.

The Cybersecurity Skills Gap: The Threat Is Real

The cybersecurity skills gap is a reality, and bridging it requires understanding the underlying reasons for the shortage. Codrut Anderie, a cybersecurity leader, analyzes if it may be considered an acceptable business risk. Cyber risks must be controlled and prevented since they harm not just organizations and their data, but also human rights and lives.

A very complex issue that has arisen in the current circumstances is that, while there are many positions available, the recruiting criteria are also equally high. He also feels that the requirement of extensive certifications for an entry level position makes it harder for people to enter the field. This issue puts additional strain on current cybersecurity professionals, who must handle everything in the end.

The speaker was successful in changing the listener’s perspective about cybersecurity skill gap. He closes the session by saying,

“Cybersecurity professionals help and protect society. As a result, we require them in the same way that we require doctors, engineers, teachers, and any other professions.”

Fleet Management: Are You Ready for Phishing Scams, Spyware, & More?

Dejan Draguljevic, Senior Executive VP of Business Development at Pradeo, offered realistic proposals for detecting mobile threats and improving the worldwide security of information systems. He commenced his session by discussing the latest relevant news on cyber-attacks and phishing. Hence, an extensive knowledge of the unified endpoint structure is required.

UEM (Unified Endpoint Management) helps to manage endpoints and enforce security.

EDR (Endpoint Detection Response) and MTD (Mobile Threat Defense) help to protect endpoints and investigate incidents.

SIEM (Security Information and Event Management) helps to cross-analyze data.

Our mobile devices will be linked to our IT system, from which hackers will attempt to obtain as much information as possible once compromised. The three primary areas in which the hacker attempts to attack. It includes the operating system, the network, and the applications.

“Facts
Dejan Draguljevic sharing the facts about mobile security
 

Dejan ended the session by demonstrating the smishing attack, phishing and spyware. He also highlighted how Pradeo can be integrated with Unified Endpoint Management.

Device Management: who can do what with what?

While many organizations allow employees to use personal devices, there is uncertainty within policies and awareness-raising activities. Furthermore, even with business-owned devices, there may be major gaps in whether businesses can manage their devices and whether support personnel are adequately trained. Steven Furnell, Professor of Cyber Security at the University of Nottingham, led us through an informative presentation on device management.

His session provided the following significant takeaways:

  • The variety of devices used poses a considerable security problem.
  • He addresses user uncertainty and data dilemmas when data is stored on a device that the organization cannot directly manage or set, and when personal uses are deemed undesirable.
  • He emphasizes the significance of adopting a viewpoint.
  • He covers bring your own device in depth and demonstrates two approaches of managing BYOD: informally and formally.
  • BYOD allows end users to use their own mobile devices or access company ID systems and store associated data. He claims that devices have a number of security choices, one of which is having no protection at all, which can endanger company data.
  • In addition, he discusses mobile device management, mobile application management, Enterprise Mobility management, and unified endpoint management. He goes through them in depth and demonstrates their primary roles.

“Device-Management”
More engagement and training activities must be promoted
 

Most users are unsure of what to do; they require a policy to guide them, as well as public awareness to support the policy. He concludes by stating that diversity must be skillfully handled, that technology may make a substantial contribution, but that technology alone is not the answer.

Cyber-risk: Key Factor in Enterprise Risk Management

Enterprises and organizations worldwide struggle with the handling of cyber-risk and its role in enterprise risk management. John Giannakakis, Co-founder of G+P Law Firm shares his thoughts on the inclusion of cyber-risk in enterprise risk management frameworks, stating that it should be at the forefront of consideration when setting up enterprise risk management frameworks.

Quoting ex-FBI Robert Mueller: “There are only two types of companies: those that have been hacked, and those that will be.” He went on to pinpoint a few examples of major cyber threats, as defined by the NCSC (National Cyber Security Centre) of the UK.

Mr. Giannakakis continued to dive into the realm of risk management and how cyber-risk can be mitigated by enterprises worldwide. As well as detailing some common problems faced by enterprises during cyber-risk management, he also made clear distinctions between risk impact and risk description.

From a legal standpoint, Mr. Giannakakis educated viewers on some major problems faced by companies during cyber-risk management, while providing clear definitions which should be taken note of during enterprise risk management. He concluded his session by advocating cyber-risk to be a key factor within any organization’s enterprise risk management framework.

The Essentials of Cyber-Hygiene

Promoting cyber-hygiene is the number one thing every small and medium-sized business owner must do to become more cyber-secure. The same point has been echoed by Cybersecurity Evangelist and Amazon.com bestselling author Donald Allen. Even today, there are people who underestimate the impact of being lax with cybersecurity and how it can impact personal and enterprise data. Cyber-hygiene is becoming as important as any other mundane routine in our daily lives.

“Cyber-security is not just a technological problem – it is a human problem too.”

In his session, Donald shared his 9-Step Cyber-Hygiene mantra – a set of best practices to follow for any enterprise or individual, in order to become more cyber-hygiene – a 9 Commandments for cyber-hygiene if you will.

  1. Update and Patch
  2. Train Your Employees
  3. Use MFA (Multi-Factor Authentication)
  4. Backup Regularly and Use the “1, 2, 3” Backup Rule
  5. Be Cautious with Older Systems
  6. Sometimes the Best Answer is the Cloud
  7. Know How Your Intrusion Detection and Prevention System Works
  8. Consider a Managed Security Service Provider (MSSP)
  9. Consider Insurance
  10. BONUS: Avoid Using Public Wi-Fi

Donald went on to state that cyber-hygiene is a C-Suite priority. Employees of an organization follow the example set by the C-Suite – if the leadership do not practice good hygiene, the same would pass to the rest of the organization.

Data Privacy and Trust: Striking a Balance Between Security and Convenience

“How
How concerned are users about online privacy
 

With more than 8 years experience in Information security and technology, Fatma Al Lawati, IT Governance, Risk Management and Compliance Assistant Manager at Oman Air, talks about the need to strike a balance between data privacy and trust, by combining security and convenience.

Fatma kicked off the session by introducing the ‘privacy paradox’ – A person’s intention to protect their online privacy, vs. how they behave online, compromising their privacy. Giving some examples from real life Fatma highlighted some of the methods by how privacy is compromised online.

  • Hacking into computer to gain access to sensitive data
  • Create consumer profiles and sell it to companies
  • Intercept private communication to commit identity theft

She also mentioned some of the common places where we tend to give up our online privacy, and pointed out some of the methods individuals can adopt to protect their privacy online:

  • Commit to sharing less online
  • Make your accounts hard to crack
  • Keep your systems secure
  • Keep your health between you and your doctor
  • Be aware of your digital footprint
  • Be conscious of all privacy settings
  • Remove unused mobile apps
  • Backup your data
  • Use VPN
  • Familiarize yourself with phishing

Steps to Take when the Cyberthreat is Heightened

With more than 20 years of experience providing Integrated Risk Management (IRM) SaaS solutions to clients in 120 countries across various industries, Mathieu Gorge, CEO and Founder of VigiTrust, talked about the steps to be taken when cyberthreat is heightened.

Mathieu began the session by highlighting some of the top short-term global risks faced by businesses and individuals.

  • Economic:
    • Debt crisis
    • Asset bubble burst
  • Environmental:
    • Extreme weather
    • Climate failure
  • Geopolitical:
    • Social cohesion erosion
    • Mental health deterioration
  • Societal:
    • Infectious diseases
  • Technological:
    • Cybersecurity failure
    • Digital inequality

He stressed how the attack surface is rapidly growing and the need for strong worldwide data protection and privacy regulations. Mathieu highlighted the global risk landscape and described the geopolitical impacts on the tensions between Russia and Ukraine.

He talked about how risk professions can talk to the key decision makers to enforce the 5 pillars of security.

  • Physical security
  • People security
  • Data security
  • Infrastructure security
  • Crisis management

“5
5 pillars of security
 

Sacrifices That Kill Your Career: Work-life balances of the modern tech professional

With 25 years of experience in the security industry, Joshua Belk, Co-Founder and Tech Psychologist at OPSEC360, explains the do’s and don’ts of work-life balance using examples from his own life.

He begins the session by highlighting how remote work and distributed teams are in the mainstream, and job security is weak. In such a scenario, Joshua outlines the steps you need to take to take care of yourself, and your career.

He asks us to contemplate on the following questions:

  • What are you missing in your current job?
  • What is it you hop to gain by changing jobs?
  • What kind of lifestyle you wanna have?
  • Different people have different focuses in life, what are the priorities in your life ?

Regardless of priorities, the one thing we have that is all equal to everyone is time.

Josuhu talks about the ways in which you can utilise this time to the best capabilities

  • Investing time in a college degree is the best decision you can make. Says Joshua.
  • A master’s degree increases your value and focus, builds your experience, and deepens your expertise
  • Learn another language. This helps build neural connections and creates patterns in your brain which make you more creative, and increases problem solving.
  • Finish what you begin. You will learn many lessons along the way.
  • Challenge yourself.
  • Find a mentor.
  • FAVOURITE: Never sacrifice your values


Doesn’t it feel like it ended too soon!! Who would have thought, the 3-day event would be over in the blink of an eye? Yet again HexCon set the perfect stage for industry experts to share their knowledge to enlighten others about cyber threats. Hexnode Co-founder and CEO, Apu Pavithran delivered the closing keynote speech to end the event officially. He thanked everyone who joined us for HexCon22 and expressed his excitement about making the event even better in the future.
Share
Lizzie Warren

A lil clumsy and a whole lot smiley, I'll bump into you with a smile...

Share your thoughts