Products + Services Data Centers Resource Center About
For West Michigan-based information security professionals, GrrCON is the conference to attend. Every year the conference is a great place for CISOs, security professionals, white-hat hackers, and students to learn, grow, and network. The conference goes fast, and has a lot of good information. This is not a vendor or policy conference.
For US Signal, a multi-year supporter of GrrCON, the conference provides multiple benefits. We always want to gain the business of new customers, and we meet with many. The immediate benefits to US Signal, however, are the skills and techniques that our software development, IT, and security team members gain through attendance. The knowledge is immediately deployable, and not based on theory or books. GrrCON is also a great way to support up-and-coming security professionals.
This year, the conference featured many great topics. The underlying message was that new tools or software are not the key. Rather, focusing on fundamentals will help move security posture further. Here’s an overview of a few of the sessions I found most interesting.
Malicious emails accounted for 66% of malware deployments according to the 2017 Verizon Data Breach Investigations Report. GrrCON delivered multiple breakout sessions that discussed how easy it is to generate malicious email campaigns, the lifecycle of successful data breaches, and the need for better user awareness training. For CISOs, the lesson was clear: the only defense is better user education. The keynote address was particularly noteworthy for addressing the real-world attacker mindset that many do not think of when battling phishing schemes.
CISOs attending the multiple Internet of Things (IoT) and embedded system sessions learned that they should be putting all camera, monitoring, and HVAC support systems on their active risk register. Enterprise-grade camera management software, IP cameras, and HVAC controllers are often neglected, not being patched by the vendors, and are not something that many CISOs know are deployed. These systems are easy targets for hackers. The stats below show the number of vulnerable systems in Michigan that are not being protected by basic security measures such as firewalls. If you do not know what you have, consider a network or security assessment.
Patching was talked about in many sessions and in many ways, but the message was clear. Patching is one of the best lines of defense. Many of the ransomware attacks of 2017 were prevented because of patching. CISOs need to drive accountability for patching and make this a scorecard item for executive management to track. BitSight Technologies, a US Signal partner and vendor, provided a look at systems in Michigan that are not patched, showing how many companies are struggling with this issue.
If this is a consistent problem area, companies should look to patch management programs from companies like US Signal.
The presenters who talked about blue teams and defensive tactics were uniform in advocating for a focus on fundamentals and the use of simple solutions to help contain an attack when it occurs. The key message to all security practitioners was, “You will be breached. What you have done before the attack will set the stage for its detection, containment, and mitigation.” Here are some of the takeaways.
Many of the presentations repeatedly stressed the importance of CISOs and security professionals understanding their companies’ online presence, and how their companies look to the internet. SHODAN.io is a free or minimal cost tool that is great for looking at a company. For a deeper dive, companies like BitSight Technologies can be engaged for further data and forensics. CISOs need to know if they are bolting the front door, but leaving the back door wide open. To provide reference as to why this is a problem, there are 7,200 Microsoft remote desktop sessions available in Michigan for hackers, and 3300 VNC sessions online for hacking. This should be part of a company’s risk register and a regular part of its security operations.
This year’s conference delivered great tools and techniques to help security practitioners keep pace with the current attack environment. One of the main takeaways was that if, as a CISO, you don’t have the resources to handle the issues discussed, engage trusted partners who do. I’m looking forward to attending next year and learning about more ways US Signal can continue being that trusted partner for our customers.
See US Signal's Data Security page for more information on how we help.
If you missed US Signal’s recent presentation on Managed Detection and Response (MDR) and Managed Extended Detection and Response (MXDR), featuring our friends from White Night Labs and Littlefoot Coffee Roasters, we’ve included a quick recap in this blog. (But it’s minus Littlefoot Coffee’s Chemex brewing [...]
US Signal Announces the Arrival of SD-WAN and SASE Services in the Near Future May 4, 2023 US Signal, a leading provider of data center technologies, cloud solutions, and managed services, has announced today that it will soon offer two new services to its customers: Software-Defined Wide Area Network (SD-WAN) and [...]
Use these five best practices to create or update an IT security incident response plan.