Professional Documents
Culture Documents
TEAM:
Editor-in-Chief:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
Editors:
Marta Sienicka
sienicka.marta@hakin9.com
Marta Strzelec
marta.strzelec@eforensicsmag.com
Marta Ziemianowicz
marta.ziemianowicz@eforensicamag.com
Senior Consultant/Publisher:
Pawe Marciniak
CEO:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
Marketing Director:
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
DTP:
Marta Strzelec
marta.strzelec@eforensicsmag.com
Cover design:
Marta Sienicka
sienicka.marta@hakin9.org
Art used on the cover by Jack Moreh
Publisher
Software Press Sp. z o.o.
02-676 Warszawa
ul. Postpu 17D
Phone: 1 917 338 3631
www.eforensicsmag.com
www.hakin9.org
All trademarks, trade names, or logos
mentioned or used are the property of
their respective owners.
The techniques described in our articles
may only be used in private, local networks. The editors hold no responsibility
for misuse of the presented techniques or
consequent data loss.
able of contents
Page
Section
Questions
What were the most important things that happened this year?
14
Recruitment
29
Training
40
Threats
What threats that emerged in 2015 will remain relevant in the next year?
Which threat group will see the biggest growth in 2016?
Can you see any old and forgotten threat coming back in the next year?
Will threat landscape be affected by international efforts to combat terrorism?
Will cyber security in healthcare remain a relevant topic?
Will security in automotive industry keep on causing trouble?
63
Mobile
year?
What risks will mobile industry face in 2016?
76
Internet of Things
to wait?
91
www.hakin9.org
www.eforensicsmag.com
able of contents
Page
Section
100
Areas of security
Questions
What are your predictions for network security in 2016?
What are your predictions for software security in 2016?
What are your predictions for hardware security in 2016?
What are your predictions for cloud security in 2016?
109
Industry
Will the cyber community influence the level of cyber security awareness?
How can we work towards improving cyber security awareness in 2016?
What obstacle in awareness will remain unsolved?
What role will awareness play in corporate cyber security?
133
Miscellaneous
140
Advice
What advice would you give to fellow cybersecurity professionals going into 2016?
143
Contributing companies
www.hakin9.org
www.eforensicsmag.com
YBERSECURITY
2015 TOP EVENTS
Wade Johansen, CouriTech LLC: C&C Botnets go public - DorkBot and the like have become a business model; they cost only $50 to buy in The Anthem and EBay hacks - along with Target, Home Depot, JP Morgan,
etc. The implementation of private peer-to-peer social networking clouds with unbreakable encryption
TOR has 5% or more of the exit nodes hacked and infiltrated by the NSA VTechs hack - stealing childrens
identities. C`mon ? This will have consequences we cant even measure yet.
Amit Serper, Cybereason: Weve been seeing massive data breaches pretty consistently for the past few
years, so really, 2015 was just more of the same. However, if I had to pick specific breaches that stand out,
the ones that come to mind are, first and foremost, the Hacking Team breach Aside from the irony of a
surveillance company getting hacked (and learning how lax their own internal security was), the fact that
State-of-the-Art hacking tools and several Zero Day attacks were released into the wild have and will continue to have long term consequences. One of the Zero Days effectively killed Flash, and of course, having
all these resources available for consumption lowered the (technical) skills bar for potential cyber criminals
to enter into the game Next comes the Ashley Madison hack - aside from it being one of the highest profile ransomware attacks, it shows the impact that a data breach can have on people's lives - suicides occurred, jobs were lost, families and reputations were ruined. Most companies approach cyber security
from a cost-benefit perspective - is it cheaper to fix the security problem or deal with the fallout from it? In
this case, how do you quantify the damage done to Ashley Madison customers? Is that something you can
even attach a number to?
Mark Bennet, Blustor: The U.S. Office of Personnel Management (OPM) lost nearly 5.6 million fingerprint
records in a cyber security attack in 2015. While this event went largely unnoticed by the general public, it
highlighted the tremendous risks associated with biometric security when an individuals biometric templates are not properly protected. For the unfortunate employees impacted by this incident, they can never replace their fingerprints Just recently reaching the awareness of the mainstream media, hospitals and
medical device manufacturers are being shown to be woefully unprepared. A recent article in Bloomberg
Business, entitled Its Way Too Easy to Hack the Hospital, is one of many articles emerging in recent
months that tells a rather bleak and frightening story related to the vulnerability of medical devices to remote hacking. It is clear that there is a high potential for catastrophic incidences that are likely to result in
serious injury as well as large scale identity theft.
Paul Shomo, Guidance Software: RATs Ran Rampant: (Remote Access Trojans) evolved and proliferated to
the point that they were seen in forensic investigations of some of the most high-profile hacks of the year,
including the Office of Personnel Management (OPM).
www.hakin9.org
www.eforensicsmag.com
-6-
YBERSECURITY
2015 TOP EVENTS
Leon Kuperman, Zenedge: 2015 RSA Conference where we introduced ZENEDGE to the world
www.newbingobilly.ag - longest running DDOS campaign that we are aware of, lasting for almost one year;
the attacker has failed at bringing down the site but continues to try on almost a daily basis ZENEDGE introduces RapidBGP, which allows for sub 60-second DDOS mitigation in the cloud for network protection
ZENEDGE launches Toronto Mitigation center, the first large scale mitigation center in Canada for customer
adoption Complex multi-vector attack by Armada Collective, hitting many companies with DDoS for ransom Bitcoin. Our customer was hit with seven attacks in a one day period in Q4, key shopping season including: Chargen, UDP Flood, SSDP Amplification, NTP Amplification and Layer 7 application attacks. We
have now seen Armada Collective on five separate occasions.
Shay Zandani, Cytegic: The OPM breach because of the consequences to its management and the fact
that it was a direct and public hit on a government entity Anthem Breach (alongside Premera and BlueCross Blue-Shield) because of the scale of the attack and how it emphasized the forecasted trend of PII
and medical data theft Ashley Madison Breach because it is perhaps the most significant internal
breach since Snowden it emphasized the importance of the internal threat The Cyber-War between
Iran and Saudi-Arabia over Yemen because it showed very clearly the correlation between physical wars
and cyber wars, and the mobilization of hackers to support their governments The US Military Kills the
ISIS Hacker and Recruiter that Attacked Them because it emphasized the fact that cyber-warriors are valid targets for physical attacks and that they are an integral part of the war.
Mitchell Bezzina, Guidance Software: The Human Perimeter Remained Too Permeable: Human error opens
more doors to hackers than technical shortcomings. Whether clicking on a phishing email, failing to install
security patches on a regular basis, or leaving a laptop with patient healthcare records in a place where it
can be easily stolen, humans regularly hand over the keys to the data kingdomor leave them lying
around where they can be readily obtained Following suit is Australia, releasing a draft of the Privacy
Amendment (Notification of Serious Data Breaches) Bill 2015 in December that affects any domestic or foreign organization that deals directly with Australian consumers
Richard De Vere, The AntiSocial Engineer: The TalkTalk Breach! (and discovering it) helped place cyber security on the radar for the average person. Infosec left the boardrooms and had free reign of the TV Old
issues making a comeback - Crossdomain Abuse, SQLi BSIDES in London was my favourite event/con
Software - The release of Kali 2.0 hasnt changed the world but its nice to see the GUI updates SETOOLKIT - Mr Robot Edition (In fact, Mr Robot was the highlight of my year).
www.hakin9.org
www.eforensicsmag.com
-7-
YBERSECURITY
2015 TOP EVENTS
David Clarke, VCiso: Talk Talk Breach Ransomware School Breaches Mobile Vulnerabilities Mobile Security.
www.hakin9.org
www.eforensicsmag.com
-8-
YBERSECURITY
2015 TOP EVENTS
Roberto Langdon, Nicolas Orlandini, KPMG: As part of our Security Services to customers, we were dealing
with networks with unappropriated protection, the Internet of Things is leaving really black holes in the
information management and information gathering, people working so far from the existing standards
such as ISO 27001 and ISO 27002 mainly, and the lack of security awareness implemented as a continuous
process inside the organizations. Most of them are still reactive instead of being preventive. And most of
them know nothing about ISO 270037 Technology considerably helped the business and mainly the users
interacting with it, and as one of the key issues is privacy, it is almost more frequent to find ethics codes
violation and frauds carried out by people who understand that the digital equipment that they use can
protect them against these types of investigations. Neither workstations nor smartphones are outside
the scope of investigations, and they have key valuable information. Increase in amount and depth of
data breaches Dark web, Mobile forensic, data encryption and IoT as challenges for forensic teams
Cloud data collections Black-Hat 2015 Las Vegas Lack of Cyber Security/Cyber Forensic Investigators
personnel.
Craig McDonald, MailGuard: Anthem. In March, this health insurance company suffered an attack that
compromised 78.8 million customers records from December 2014 onwards. Data affected: names, dates
of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information, including income data. The data was not encrypted, according to reports Although
smaller than the Anthem attack, the attack on 21.5 million records in the database of the US Office of Personnel Management (OPM) is significant because of the type of data accessed personal information,
background checks, names and addresses and a million fingerprints of US Government employees. It is believed that Chinese hackers were responsible UK telecom company, TalkTalk, suffered an attack that compromised four million records, estimated to be the seventh largest attack (to September 2015), apparently
through a third party call centre in India Australian Bureau of Meteorology breach reported publicly in
December this year. There is no clear picture yet how much the breach will cost to fix or how long it will
take but insiders estimate years and hundreds of millions of dollars. And the critical nature of the bureau's services means its systems cannot be switched off for repair.
Michael A. Goedeker, Auxilium Cyber Security: OPM Breach DEASH (ISIL-whatever) using social media for
targeting soldiers Ukraine Hacks (our story on the Fire Sale hack) The fight for balancing surveillance
and privacy The Beginning of IoT as mainstream (and additional security holes and lack of it) Increasing
vulnerabilities and attacks on global and national critical infrastructure
www.hakin9.org
www.eforensicsmag.com
-9-
YBERSECURITY
2015 TOP EVENTS
Rick Blaisdell: Kaspersky Lab revealed in June that it had discovered an infiltration in several of its internal
systems. The attack, also named Duqu 2.0, was believed to be a nation-state-sponsored attack, whose other victims included events and venues with links to world power meetings, including negotiations for an
Iran nuclear deal. The Moscow-based security vendor said the compromise included information on the
company's newest technologies, such as Kasperskys Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network and Anti-APT solutions and services LastPass got hacked - LastPass is a
very well known provider of cloud-based single sign-on and password manager. Enterprise administrators
around the globe use it to manage and secure passwords across their infrastructure. However, in June,
LastPass CEO Joe Siegrist admitted in a blog post that a network compromise resulted in the theft of customer email addresses and password reminders. Even though the passwords were encrypted, and there
was no evidence of customer data being exposed, LastPass required all customers to change their master
passwords the next time they logged in Pentagon failed to offer small firms cyber security resources - The
US Department of Defense (DOD)s Office of Small Business Programs (OSBP) has failed to offer cyber security options to protect the companies it does business with, according to a report from the US Government
Accountability Office (GAO). Small businesses, including those that conduct business with DOD, are vulnerable to cyber threats and may have fewer resources, such as robust cyber security systems, than larger
businesses to counter cyber threats The breach at Harvard University, following in the footsteps of eight
other education breaches this year, highlighted growing security concerns around the higher-education
market. The breach affected as many as eight schools and administrative offices, though it remains unclear
what information was accessed by the hackers When it comes to the health-care industry, health insurer
Anthem revealed a breach in February that exposed an astonishing 80 million patient and employee records. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have
exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email
addresses, employment information, income data and more. It said it did not believe banking information
was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by
hackers.
Kenneth C. Citarella, Guidepost Solutions: In no particular order, we cite these as the most significant cyber
security events in 2015: The Office of Personnel Management intrusion Cyber security talks between the
U.S. and China, including Chinas arrest of several men alleged to have intruded into U.S.-based systems at
the request of the U.S. government The Third Circuit Court of Appeals upholding the authority of the Federal Trade Commission to sue over cyber security failures under its consumer protection powers. A company may be engaged in an unfair trade practice if it does not live up to its cyber security promises The beginning of regulatory efforts to mandate cyber security standards in certain industries Known weaknesses
and poor security habits continue to be major attack vectors.
www.hakin9.org
www.eforensicsmag.com
- 10 -
YBERSECURITY
2015 TOP EVENTS
Anthony Di Bello, Guidance Software: Breaches Abounded: Almost 90 million healthcare records were
breached causing $272 million worth of losses to leading United States healthcare organizations. The lesson learned is that healthcare records are extremely valuable to cybercriminals Emergence of Endpoint
Detection and Response (EDR) security technology category while technologies focused on providing
security visibility and incident response capabilities for endpoint have existed for some time, 2015 marked
a critical mass in both the need for and emergence of several start-up technologies focused on these capabilities. These vendors span established EDR players, such as Guidance Software, legacy security vendors
coming into the space through acquisition, such as Palo Alto, and start up technologies, such as Cylance.
These offerings fill a critical gap at the endpoint left by older technologies, such as anti-virus and hostbased IPS Data Notification Requirements The US Government began the first steps in creating one Federal breach notification law with the Data Security and Breach Notification Act of 2015 which received both
public backing and some initial opposition. The US is not alone, the EU Council found common ground with
Members of the European Parliament and put an end to fragmented requirements for minimum security
measures and breach notification requirements across critical service organizations in resources, transport,
finance, and health. This comes after the heavily publicized advancements in the EU General Data Protection Regulation to enhance data protection rights of EU consumers for any organization, worldwide, storing
personal data.
David Coallier, Barricade: VTech's data leak Ashley Madison's data leak The iCloud leak The rise of the
internet of things and the internet of vulnerabilities Ransomware and boot kits.
There were plenty more very important leaks, during this last year. What we find interesting is most of the
attacks fall into common categories, such as people still using insecure passwords and executives that do
not understand the current technological landscape.
The rise of ransomware and their exponential growth is interesting as it allows us to witness the evolution
of computer viruses and criminal groups in near real-time. A new player in town, the boot kit, is promising
an interesting turn of events for 2016 Meanwhile, the Internet of Things is left very vulnerable because
efficiency and simplicity of use took priority over security, leaving a lot of early and late majority of the tech
adopters at risk. The so-called advanced persistent threat is still the industry's poster child and as statesponsored attacks and cyber-espionage grows, we'll probably keep hearing a lot about APT in the next year
alongside it's lack of security workforce.
www.hakin9.org
www.eforensicsmag.com
- 11 -
YBERSECURITY
2015 TOP EVENTS
Wade Lovell, Simpatic: Revenge Porn Hunter Moore who operated the Internets best-known revenge
porn website was sentenced to 30 months in federal prison for hiring another man to hack into e-mail accounts to steal nude photos that were later posted on his website. This seems a little like sentencing Al
Capone on tax evasion charges, satisfying but incomplete link Angler is an extremely capable and readily
available exploit kit used by criminals to run choice cuts of the latest Flash, Java, and browser exploits targeting un-patched users. Hackers add exploit kit to article asking 'Is cyber crime out of control? Hackers
have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the
machines of exposed readers. The attack firmly answers the article's headline, positing the question 'is cybercrime out of control', based on arguments in a book by one Misha Glenny. link VTech Breach accounts of 2.9 million kids hacked. This is the type of hack no one seems to talk about because it doesnt
directly involve credit card and social security numbers Georgias Secretary of State released confidential
information to a dozen entities on 6 million Georgia voters, including drivers license information, Social
Security numbers and dates of birth, and didnt notify anyone, according to a lawsuit. The Georgia Secretary of State, Brian Kemps office is being sued by two Georgia women who claim that the Secretary's office
released personal information that involves 6 million Georgia voters. Mr. Kemps office has communicated
that due to what they are calling a "clerical" error, individual voters personal information was included in
these files According to the lawsuit, Mr. Kemps office never notified individuals regarding the breach,
nor did they contact the consumer reporting agencies. link Organized Criminal Hackers stealing $1 billion
directly from banks. a gang of international hackers have stolen as much as $1 billion from 100 banks
across 30 countries by installing malware that allowed them to take control of the banks' internal operations link.
Gerald Peng, Mocato: Anonymous taking down ISIS social media profiles, November - December 2015
Ashley Madison hack, July - August 2015 In June 2015, US Office of Personnel Management (OPM) discovered that the background investigation records of current, former, and prospective Federal employees and
contractors had been stolen. OPM and the interagency incident response team have concluded with high
confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases Stagefright Bug (all versions) for Android
phones, July 2015 International Conference on Cybersecurity, January 5 - 8, 2015, New York City, NY,
United States.
www.hakin9.org
www.eforensicsmag.com
- 12 -
HO IS
WHO
Amit Serper
Cybereason Lead Mac OS X security
researcher
Michael A. Goedeker
Auxilium Cyber Security
CEO and Founder
Irfan Shakeel
EH Academy
CEO and Founder
The founder & CEO of ehacking
group. An engineer, penetration
tester and a security researcher.
He specializes in Network, VoIP
Penetration testing and digital forensics. With more than 7 years of
professional work experience, he is
creating new Infosec ventures and
businesses around the globe.
Richard De Vere
The AntiSocial Engineer Ltd,
Principal Consultant
Richard is the Principal Consultant for The AntiSocial
Engineer Ltd, has an extensive background in penetration testing and social engineering, including
red team exercises and information gathering assessments.
www.eforensicsmag.com
www.hakin9.org
- 13 -
ECRUITMENT
What will change in the talent pool?
Michael A. Goedeker, Auxilium Cyber Security: Skills needed and the way we look
for people for cyber security space. Cyber security is dynamic, so we are looking
for people that can think outside the box
and make complex things simple.
Elizabeth Houser, Praesidio: As more people become aware of the ongoing trends
in cybersecurity and the increasing
opportunities the industry offers, well see
an uptick in people desiring a career shift.
This will especially become noticeable as
expansion of the IoT requires input from
experts in other fields.
Wade Johansen, CouriTech LLC: Virtualization skills and multitasking abilities are
(and will continue to be) a must-have
talent. The days of specialization in one
service domain alone seem to be rapidly
coming to an end. Mobile device management and maintenance is also a skill every
tech should start getting familiar with.
www.eforensicsmag.com
www.hakin9.org
- 14 -
ECRUITMENT
What will change in the talent pool?
www.eforensicsmag.com
www.hakin9.org
- 15 -
ECRUITMENT
What will change in the talent pool?
Paul Hoffman, Logical Operations: As breaches get more serious, companies will
start to pay more for skilled people.
Wade Lovell, Simpatic: Some undergraduate programs have picked up the baton
and are offering an emphasis in cyber security. As students matriculate from these
programs, the talent pool will increase at
a pace slightly ahead of the churn rate.
Dotan Bar Noy, Re-Sec Technologies: Cybersecurity workforce shortage is expected to reach 1.5 million by 2019 according
to Michael Brown, Symantec CEO. While
the growth in the need for talented
experts in all sectors will drive an increase
in professionals in the long run, we are
still going to struggle in the next few years.
David Clarke, VCiso: Audit will take a higher priority as more and more cyber services are outsourced.
www.eforensicsmag.com
www.hakin9.org
- 16 -
ECRUITMENT
What will change in the talent pool?
Stephan Conradin: Security becomes more complex because business and technologies change very fast, so real talent pool
will become shorter.
www.eforensicsmag.com
www.hakin9.org
- 17 -
ECRUITMENT
Will talent shortage in the industry
continue to grow?
Michael A. Goedeker, Auxilium Cyber Security: I dont see a talent shortage, just
prices being ruined by big companies that
overcharge for bad work. This does not
allow smaller companies to earn enough
to attract good people because for some
illogical reason, customers trust big names without verifying them (bad for security in general).
Wade Johansen, CouriTech LLC : Yes! Recruitment is starting early because there
arent enough coders to go around, so
schools that offer it are seeing benefits for
their students.Unfortunately, there is a
shortage of strong teachers, so this is causing a shortage of classes, and students.
This is the case with a lot of technology
fields and not just coding.
www.eforensicsmag.com
www.hakin9.org
- 18 -
ECRUITMENT
Will talent shortage in the industry
continue to grow?
www.eforensicsmag.com
www.hakin9.org
- 19 -
ECRUITMENT
Will talent shortage in the industry
continue to grow?
Stephan Conradin: Of course. More complexity, more needs, fewer people with
wide knowledge.
At the same time, according to a 451 Research recent study, based on responses
from more than 1,000 IT professionals,
primarily in North America and EMEA,
security managers reported significant
obstacles in implementing desired security projects due to lack of staff expertise
(34.5%) and inadequate staffing (26.4%).
Given this challenge, only 24% of enterprises have 247 monitoring in place using
internal resources.
www.eforensicsmag.com
www.hakin9.org
- 20 -
ECRUITMENT
Will talent shortage in the industry
continue to grow?
Wade Lovell, Simpatic: Yes, while the talent pool is expanding slightly ahead of
the churn rate, the demand continues to
grow.
www.eforensicsmag.com
www.hakin9.org
- 21 -
ECRUITMENT
What new challenges will recruiters
have to face in 2016?
www.eforensicsmag.com
www.hakin9.org
- 22 -
ECRUITMENT
What new challenges will recruiters
have to face in 2016?
Paul Hoffman, Logical Operations: Differentiating between actually skilled workers and ones with puffed-up resumes,
but they may not care as anyone willing to
fight cyber attackers is better than no one.
Rajeev Chauhan: The vanishing line between ethical and unethical behavior in
the infosec community will be a matter of
growing concern.
Wade Lovell, Simpatic: A growing percentage of entrants into the security talent
pool will have absolutely no relevant job
experience.
www.eforensicsmag.com
www.hakin9.org
- 23 -
ECRUITMENT
What new challenges will recruiters
have to face in 2016?
Mitchell Bezzina, Guidance Software: Those looking to place experienced cyber security specialists will find it difficult moving an individual into a new organization
with career development or ancillary benefits being part of the decision process.
It may well be easier to relocate teams
who have an understanding of each other
and efficient workflows. When looking to
place candidates transitioning into cybersecurity as a solution to talent shortage, a
more rigorous culling process will need to
be defined to ensure there is a great
rapport between manager and the new
candidate, this ensures a faster, more successful transition.
David Clarke, VCiso: Recruitment is a vulnerable 3rd party and they will need to
apply cyber standards, as well as find the
appropriate resources.
Rick Blaisdell: The need for more cyberworkers also explains why info security is
considered one of the best jobs out there
- for the next seven years. U.S. News and
World Report ranked a career in information security analysis eighth on its list of
the 100 best jobs for 2015. They state the
profession is growing at a rate of 36.5 percent through 2022.
www.eforensicsmag.com
www.hakin9.org
- 24 -
ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
Anthony Di Bello, Guidance Software: Certainly not a lack of competition in the job
market.
www.eforensicsmag.com
www.hakin9.org
- 25 -
ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
www.eforensicsmag.com
www.hakin9.org
- 26 -
ECRUITMENT
What new challenges will people looking
for work in cyber security have to face?
Mitchell Bezzina, Guidance Software: Proving their skillset can easily transition into
cybersecurity would be the main challenge. For those in developing careers, there
will be a steep learning curve which may
involve odd hours and be prepared to
roll up the sleeves, as with growing industries, managers rarely manage people
but must also take on work tasks and assist in day-to-day activities.
David Clarke, VCiso: A Cyber Role is a journey and the role has to match where the
client is their cyber maturity and position
it no longer a finger in the leaking dyke.
Dennis Chow, Millar, Inc Short: The problem of finding well-paying local security
positions as opposed to ones that require
relocation to high cost of living areas.
Wade Johansen, CouriTech LLC: Employers who look for talent often dont understand just how talented an individual really is from a resume. Because every resume is filtered through an HR dept, often
by keyword - great prospects are skipped
over. Keyword resume searching has become the norm, often when you do get an
HR person who calls, they dont understand the technical abilities of the prospective employee, and so they are often
overlooked when in reality they may be a
perfect fit. This is a challenge because IT
techs often are the worst at describing
what they know and do on a daily basis.
www.eforensicsmag.com
www.hakin9.org
- 27 -
HO IS
WHO
Kris Rides
TiroSec, CEO and Founder
Elizabeth Houser
Preasidio Security
Engineer
Kris believes that there is no substitute for building long term relationships with clients and you do
that by providing them a great service. This is his 16th year in the
recruitment industry and he has
built and managed both permanent and contract teams over multiple disciplines in both the UK and
all over the USA. Kris is passionate
about recruitment and still keeps in
touch with both people he placed
when he first started his career and
clients he worked with. He has
spent almost all of his working career in Tech recruitment and he
understands his candidates needs
as well as the difficulties clients
have in some of these niche areas.
Roberto Langdon
KPMG Sr Manager,
Forensic Technology
Services Risk Consulting
He has a wide experience in the
Information Security market, as
well as in the Forensic Practices
and Technology. He has 35 years
of experience previous to his position at KPMG, within
national and multinational companies, from IT & Telecomm sector, and 15 years of experience in Information
Security, Physical Security and Urban Security specialization.
Einaras Gravrock
Cujo, CEO
12 years digital commerce experience. Founded / built Modnique.com to $50M in annual sales. Named one of Goldman Sacs
100 most intriguing entrepreneurs
in 2014.
www.eforensicsmag.com
www.hakin9.org
- 28 -
RAINING
What role will formal education play in 2016?
Irfan Shakeel, EH Academy: Formal education should play an effective role and we
need to make little tweaks in the formal
education. But, the formal education without the required amendments will not
play any notable role.
Chase Cunningham, Cynja: The more education that cyber operations personnel
can attain before they go looking for
work, the higher initial salary they can
garner. Thanks to increased specialized
training in the military and intelligence
communities, the need for actual degrees
is not completely necessary. However,
surveys show that the gap in starting pay
for those with advanced degrees is much
greater, by up to 40%, compared to those
with similar cyber skills but no formal education. In shortit pays to go to school.
Elizabeth Houser, Praesidio: Formal education will continue to be sought after but
the availability of online (especially free)
training resources will increasingly augment the education of individuals at all
skill levels.
www.eforensicsmag.com
www.hakin9.org
- 29 -
RAINING
What role will formal education play in 2016?
Stephan Conradin: Crucial, more education for more ability to work with complexity.
Rajeev Chauhan: There can be no substitute for formal education, the formal
education provides the base for future.
However, exceptions can not be ruled out.
Ondrej Krehel, LIFARS: Itll be more important, as curriculums are getting better, but
still not where it should be.
www.eforensicsmag.com
www.hakin9.org
- 30 -
RAINING
What role will formal education play in 2016?
Andrew Bagrin, My Digital Shield: Just adding head count in the industry. The security industry requires experience and
knowledge about hacking, networking and
coding.
www.eforensicsmag.com
www.hakin9.org
- 31 -
RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Michael A. Goedeker, Auxilium Cyber Security: They are important but experience
is more important. Certs dont guarantee
success but combined with experience
through using taught concepts in projects
is an indicator.
Dennis Chow, Millar, Inc: Yes, certifications will complement and evolve to help
maintain the attestation of a certain level
of skill. However, we will see more interviews and other candidate requirements
to prove hands-on experience through
practical assignments.
Dotan Bar Noy, Re-Sec Technologies: Certification plays an important role ensuring
your team is up to speed with new solutions and encounters other professional
to share ideas and feedbacks on the different solutions.
Rajeev Chauhan: To some extent, certifications are benchmarks for judging capabilities, but there is no substitution for
hands on skills.
www.eforensicsmag.com
www.hakin9.org
- 32 -
RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Paul Hoffman, Logical Operations: Certification will continue to play the primary
role in confirming expertise.
Ondrej Krehel, LIFARS: I think work experience is the real key, certs are more of a
minimum knowledge.
www.eforensicsmag.com
www.hakin9.org
- 33 -
RAINING
Will certification keep its role as the main
tool to confirm skill and expertise?
Chase Cunningham, Cynja: New certifications, like those from ISACAs CSX program, will start to slowly replace some of the cookie-cutter certifications that have typically garnered more interest. Recruiters are
hiring personnel and senior managers with active performance based certifications at a higher rate than
before. The old paradigm of studying for a certification and passing it will start to go away. If one cant actually conduct the task then they wont get certified. Another way to put it, people prefer doctors who have
practiced their medical skills on patients rather than simply reading books and passing exams. The same is
true in cybersecurity.
Julie Herold, Kenny Herold, Odins Eye: Weve always been jaded with regards to an acronym that states
you can memorize information so we feel that any answer would be biased. Your work experience and end
product should be the proof of your level of expertise as well as your ability to convince your client that A.)
You know what you are talking about and B.) You can execute at that level. For clients that rely on the certifications as a compass to navigate through the many vendors with these types of services, they do have
their place.
www.eforensicsmag.com
www.hakin9.org
- 34 -
RAINING
Will we see a more unified
standardization of education and skills?
Michael A. Goedeker, Auxilium Cyber Security: I hope so, everyone has their
own standard and it's very hard to judge
one cert from another. However Cyber
and security, in general, are very dynamic
which makes standardization extremely
hard to achieve.
Stephan Conradin: Not sure. Standardization doesnt mean quality. We need big
certifications, like those of ISACA or (ISC)2
but we need to use very specific certifications very close to technologies.
www.eforensicsmag.com
www.hakin9.org
- 35 -
RAINING
Will we see a more unified
standardization of education and skills?
www.eforensicsmag.com
www.hakin9.org
- 36 -
RAINING
Will online courses influence the level of
education in security field?
Michael A. Goedeker, Auxilium Cyber Security: Online courses will grow in importance as we see companies limit travel
expenses. Online training will also let people learn at their own pace.
Stephan Conradin: Online course are more adapted to time of life, it is easier to
find time to learn online. But presential
courses are important to share with other
professionals.
Wade Johansen, CouriTech LLC: They already are. Most students I know are already
taking online courses. It opens up a world
of opportunity. You can now also get an
accredited degree completely online and
the adoption rate of this model is growing
quickly.
www.eforensicsmag.com
www.hakin9.org
- 37 -
RAINING
Will online courses influence the level of
education in security field?
www.eforensicsmag.com
www.hakin9.org
- 38 -
HO IS
WHO
Wade Johansen
CouriTech LL, CEO and Founder
Andrew Bagrin
My Digital Shield (MDS)
Founder and CEO
Chase Cunningham
Cynja, CTO
Chase Cunningham serves as CTO
and fights bad guys in cyberspace.
He began his Cynja training serving
in the U.S. Navy, where he worked
as an analyst in the Department of
Defenses network exploitation
program. He lives in Texas with his
two young cyber warriors Callie
and Caelyn. He earned a B.S. from
the American Military University,
and an M.S. and a Ph.D. in information systems security from Colorado Tech University.
Rajeev Chauhan
C|HFI, C|EH, BSc, BTech IT & Comn, MS Cyber Law and
Cyber Security. Cybersecurity enthusiast, Independent
Researcher, trainer, consultant and blogger at Cyberoxen. Loves golden oldies.
www.eforensicsmag.com
www.hakin9.org
- 39 -
HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Leon Kuperman, Zenedge: Targeted, advanced threats focused on specific organizations (called ATPs) threat actors are
well funded, patient and utilize a combination of techniques to infiltrate an organization (including physical, social engineering and standard network and cyber
attacks) Advanced botnets, using Layer 7
DDOS attacks over HTTPS (hard to mitigate) this trend will continue in 2016 and
we will see the next iteration of weaponized zombies with near-browser like capabilities. IoT Connected devices with
OSs running on them, with vulnerabilities
exposed at an unprecedented rate.
DDOS attacks for Bitcoin.
Kris Rides, Tiro Security: As more companies move towards cloud services, the
attack surface is increasing. I think we will
see more sophisticated attacks targeting
cloud service providers. I also think the
assumption made by many companies
that moving to the cloud pushes security
issues to these services providers, alongside with companies running hybrid systems, will leave gaps in their security posture.
www.eforensicsmag.com
www.hakin9.org
- 40 -
HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
David Coallier, Barricade: Whilst ransomware will probably continue to be used (as
they are wildly successful for criminals), I
am bullish on the new threat landscape
around the Internet of Things. There are a
lot of devices which access vast amounts
of personal and private information, as
well, becoming more intrinsic to your everyday life (i.e. connected cars) and yet, the
security of most of these devices is fickle
at best.
Dotan Bar Noy, Re-Sec Technologies: Unfortunately, enterprises are still not protected from 2015 threats to worry about
2016 ones. We will still see content based
attacks containing APT, Phishing, Ransomware and many more zero-days. Threats
will continue to use sophisticated delivery
mechanisms that will allow them to perform updates and evolve over time.
www.eforensicsmag.com
www.hakin9.org
- 41 -
HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Nick Prescot, ZeroDayLab: As with the MTrends Report, the main APT groups around hacktivism, state-sponsored actors
and organised cybercrime arent going to
go away any time soon. The re-publishing
and distribution of open source hacking
tools is a lucrative market for amateur and
veteran threat actors alike, with organised
cybercrime groups utilising younger individuals as smokescreens for larger-scale, indepth attacks (i.e. Talk Talk, Oct. 2015).
Andrew Bagrin, My Digital Shield: APT didnt emerge in 2015 but they will continue
to grow and get worse, and they will start
to overlap with IoT threats as IoT grows.
www.eforensicsmag.com
www.hakin9.org
- 42 -
HREATS
What threats that emerged in 2015 will
remain relevant in the next year?
Craig McDonald, MailGuard: Ransomware. In 2016, inexperienced cyber criminals will jump onto the ransomware-as-a-service offerings, and accelerate the growth of ransomware. Anonymizing networks and payment methods will continue to fuel ransomwares rapid growth path Cloud services. Weak or ignored
corporate security policies make cloud services easy targets for cyber criminals. The payoffs are big -- confidential business information, customer data, organizational business strategies, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data and other
data Attacks through employee systems. When organizations do improve their security, attackers shift
their focus to their employees, especially insecure home systems, to gain access to corporate networks
Warehouses of stolen data. Stolen personally identifiable information sets are linked together in big-data
warehouses; combined records are more valuable to cyber attackers. Watch the dark market for stolen personally identifiable information and usernames and passwords boom in the coming year Hardware. Attacks on all types of hardware and firmware will continue. The market for tools that make them possible will expand and grow. Virtual machines could be targeted with system firmware rootkits Wearables. Most wearable devices store a small amount of personal information, but they are desirable targets
because of the smartphones used to manage them Cars. Connected automobile systems that fail to meet
best practice security policies in areas are tempting targets. These include vehicle access system engine
control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key
systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps and smartphone access.
Julie Herold, Kenny Herold, Odins Eye:
Continued focus on previous assumptions
of lower level security in protocol stacks;
as the theoretical attacks are becoming
more and more probable and exploitable
for nation states and other organizations
with computational power exceeding the
norm. Continued focus on open source
code and taking advantage of a lack of
review on said code.
Wade Lovell, Simpatic: Ransomware, Wire Fraud, Hacking into databases and
offering customized searches on Personally Identifiable Information as one Vietnamese national did who had access to data
on 200 million U.S. Citizens.
www.eforensicsmag.com
www.hakin9.org
- 43 -
HREATS
Which threat group will see
the biggest growth in 2016?
Michael A. Goedeker, Auxilium Cyber Security: Cybercrime that works with nation
states for corp espionage and warfare
(even though it is cyber war and espionage, nations will (hide) behind cyber crime). In addition, depending on how we
resolve terrorism, we could also see Cyber
Terrorism growth as well.
Dotan Bar Noy, Re-Sec Technologies: Guessing from the past year, ransomware
and specifically cryptolocker are the ones
most of us will encounter this upcoming
year. We will see and hear more about
new targets such as cars, etc.
The dream of easy money is driving people without loyalty and moral values to
take advantage of these opportunities.
Seeing packets of 50,000 credit cards stolen information on the Dark Web on sale
for two or three thousand dollars is just
an example.
Besides that, as in some organizations, the
information gathering and storage is not
well addressed when it comes to accomplishing security policies, the rest of the
delinquent eco-system is ready to participate.
www.eforensicsmag.com
www.hakin9.org
- 44 -
HREATS
Which threat group will see
the biggest growth in 2016?
Andrew Bagrin, My Digital Shield: IOT because the industry is really growing without any defenses.
www.eforensicsmag.com
www.hakin9.org
- 45 -
HREATS
Which threat group will see
the biggest growth in 2016?
www.eforensicsmag.com
www.hakin9.org
- 46 -
HREATS
Can you see any old and forgotten
threat coming back in the next year?
Michael A. Goedeker, Auxilium Cyber Security: Always, many attacks come back
after people forget them, or they are repurposed and updated.
Craig McDonald, MailGuard: New malware but the same old tactics Social engineering and malware infection are the most
common tactics used by cyber criminals.
Survey scams on social networking sites,
phishing and spear phishing emails for
corporate employees, and fake links on
search results are successful at the moment.
Cybercriminals are constantly
morphing their malware and their social
tricks faster than victims can identify
them and protect themselves.
www.eforensicsmag.com
www.hakin9.org
- 47 -
HREATS
Can you see any old and forgotten
threat coming back in the next year?
Anthony Di Bello, Guidance Software: Certainly. There are already old and forgotten
threats still prolific throughout the world;
see Conficker. The cybersecurity industry
ebbs and flows with technology from both
the attackers and defenders, this year saw
proliferation in POS intrusions and Phishing, while these attack types remain
easy, they will continue, however, new
defense technologies of these attack types will force attackers to pivot and define
other entry types.
Wade Lovell, Simpatic: Yes, EXE injections, for example, are making a comeback and many advanced persistent threats likely remain undiscovered. Macro
malware in MS Office documents attached
to emails are also on the rise as an attack
vector.
www.eforensicsmag.com
www.hakin9.org
- 48 -
HREATS
Can you see any old and forgotten
threat coming back in the next year?
David Clarke, VCiso: Yes. Inadvertent human error, been around for ever, Enigma
was cracked because of this.
www.eforensicsmag.com
www.hakin9.org
- 49 -
HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Mark Bennet, Blustor: The debate between the need for intelligence agencies to
decrypt data being communicated between potential terrorists and the publics
right to privacy will continue to rage.
Overreaching government agencies have
abused their ability to collect data on citizens with little oversight by legislatures or
the judiciary. Restricting the transfer or
development of encryption technology
will have little impact on a terrorist organization to illegally obtain those capabilities but it will significantly restrict the ability of law abiding citizens to protect their
own privacy. The proposed backdoors
that some officials are calling for to enable
intelligence agencies to covertly access
encrypted communications will also make
those same devices vulnerable to hackers.
There is no such thing as a backdoor
that only the good guys can use.
Dotan Bar Noy, Re-Sec Technologies: Cyber terrorism becomes the new frontier
and terror organizations. The growing impact of cyber space on recruitment and
public opinion will mean that much of the
war against terrorism will take place in
the cyber space.
Stephan Conradin: I think the war is already here and due to our growing cyberdependencies, it is clear cyberterrorism is
a good weapon.
www.eforensicsmag.com
www.hakin9.org
- 50 -
HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Alina Stancu, Titania: If legislation is passed in the wake of terrorist provoked tragedies, there will be significant changes in
how future threats will be delivered. It will
probably drive the criminals underground
and there will be more channelling
through Virtual Private Networks, proxy
servers, and Tor.
Michael A. Goedeker, Auxilium Cyber Security: Yes, they will likely increase hacktivism and cyber terrorism before they
reduce them. Terrorism will show the weaknesses of How? When groups do not
work in a coordinated way, they will be
disorganized and this disorganization
could be used to hack certain countries. In
addition, we could see the dawn of a new
job title Anti-Cyber Terrorism Consultant/
Analyst. Weaknesses in the way security
people are trained will show here as we
will see a need for more hacking skills in
all computer security related jobs in the
future. Security teams can only protect
what they know will be attacked and how
it will be attacked.
BroadTech Security Team: The international effort to combat terrorism will be controlled by politics, fear, greed and national
interests. So how the landscape will change is not predictable. More than technology, the above mentioned factors will
dominate in shaping it.
www.eforensicsmag.com
www.hakin9.org
- 51 -
HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
Shay Zandani, Cytegic: Yes, the international efforts to combat terrorism and cyberterrorism is equivalent to a whack-amole game with every hit, the attackers
pop back in a different location. The
efforts to control encryption and to hunt
down terrorists will demand innovation
on the terrorist and hacker side, as we see
these days.
www.eforensicsmag.com
www.hakin9.org
- 52 -
HREATS
Will threat landscape be affected
by international efforts to combat terrorism?
www.eforensicsmag.com
www.hakin9.org
- 53 -
HREATS
Will cyber security in healthcare
remain a relevant topic?
David Clarke, VCiso: Yes. Healthcare, councils and charities still top the list for
breaches.
www.eforensicsmag.com
www.hakin9.org
- 54 -
HREATS
Will cyber security in healthcare
remain a relevant topic?
Leon Kuperman, Zenedge: Yes Its a critical data asset that remains exposed,
exploitable and monetizable (from an
attackers perspective).
Wade Johansen, CouriTech LLC: Absolutely, health care is a big target since records
contain not only geographical data about
a person, it also contains medical information which can be used to exploit benefits
systems and ongoing retirement information.
Michael A. Goedeker, Auxilium Cyber Security: Yes, because of the lack of money
and enforcement.
www.eforensicsmag.com
www.hakin9.org
- 55 -
HREATS
Will cyber security in healthcare
remain a relevant topic?
Gerald Peng, Mocato: Yes. Healthcare data theft and the hacking of IP-based devices present threats to the well-being of
patients and institutions.
www.eforensicsmag.com
www.hakin9.org
- 56 -
HREATS
Will cyber security in healthcare
remain a relevant topic?
Rick Blaisdell: Unfortunately, yes. In August, the FDA and the Department of Homeland Security advised health-care facilities to stop using Hospira's Symbiq infusion pump after learning that the device,
which administers medication to a patient
over time, is vulnerable to hackers. Mick
Coady, health information privacy and
security partner at PricewaterhouseCoopers, believes that this type of cybercrime
will become more prevalent in 2016.
Stephan Conradin: Yes. First it is very sensitive for people. And with this kind of security we speak of human life, not only
cash.
www.eforensicsmag.com
www.hakin9.org
- 57 -
HREATS
Will security in automotive industry
keep on causing trouble?
Gerald Peng, Mocato: Yes. As cars become increasingly programmable, IPshareable and automated, the possibility
of hacking a vehicle will erode consumer
confidence if the auto manufacturers do
not address this issue head on.
Rick Blaisdell: As more and more cars connect to the Internet for such functions as
GPS, they become more vulnerable. Hackers can connect to a car over a cellular
network and, conceivably, turn off the
engine while the car is speeding down a
crowded highway, or cut the brakes, or
cause any number of nightmarish
circumstances.
Security researchers will continue to focus
on potential exploit scenarios for connected automobile systems that fail to meet
best practice security policies. IT security
vendors and automakers will develop guidance, standards and technical solutions
to protect attack surfaces such as vehicle
access system engine control units (ECUs),
engine and transmission ECUs, advanced
driver assistance system ECUs, remote key
systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type
apps and smartphone access.
www.eforensicsmag.com
www.hakin9.org
- 58 -
HREATS
Will security in automotive industry
keep on causing trouble?
Michael A. Goedeker, Auxilium Cyber Security: Any industry or product that does
not integrate security and doesnt see security as business critical will experience
problems.
www.eforensicsmag.com
www.hakin9.org
- 59 -
HREATS
Will security in automotive industry
keep on causing trouble?
www.eforensicsmag.com
www.hakin9.org
- 60 -
HREATS
Will security in automotive industry
keep on causing trouble?
www.eforensicsmag.com
www.hakin9.org
- 61 -
HO IS
WHO
Mitchell Bezzina
Guidance Software
Security Strategist
Anthony Di Bello
Guidance Software
Senior Director
Security Practice
Anthony Di Bello is
responsible for providing in-depth insight
into the advanced
threat landscape for
Guidance
Software
and its customers. Since joining the company in 2005, Di Bello
has been instrumental
in defining the companys suite of security
products, introducing
new products and successfully driving market adoption with Fortune 500
companies and federal government agencies. Prior to
joining Guidance Software, Di Bello spent seven years
with Towers Perrin, a global professional services firm
specializing in risk and financial management. He is a
frequent speaker and quoted regularly in security industry publications.
Paul Shomo
Guidance Software, Sr. Technical Manager
Paul Shomo has over 15 years of R&D experience, having begun his career writing firmware for IP routers and satellite networks. Paul joined Guidance Softwares new product research group in 2006, which launched the industrys
first incident response solution. Paul has managed and architected cybersecurity and forensic products for many years. He now manages integrations with
the EnCase open security platform, and in his free time works to educate the
cybersecurity industry.
www.eforensicsmag.com
www.hakin9.org
- 62 -
OBILE
Which mobile phone will be
the most secure one?
Wade Johansen, CouriTech LLC: The iPhone will evolve to be the most secure phone I believe, but it will probably only be
because it is hacked less often than Android and Windows phones.
Rajeev Chauhan: The one with cloud storage and having active app scanner.
www.eforensicsmag.com
www.hakin9.org
- 63 -
OBILE
Which mobile phone will be
the most secure one?
www.eforensicsmag.com
www.hakin9.org
- 64 -
OBILE
Which mobile phone will be
the most secure one?
David Clarke, VCiso: Android with Customised for security are currently in the lead, there are no IOS customised versions
for security.
Dotan Bar Noy, Re-Sec Technologies: Phone will not be more secured than your
regular home computer as users are freely downloading programs, plugging the
devices and connecting to random hotspots as they travel. The PwC 2015 Information Security Breaches Study on UK
Corporations reports that 15 percent of
organizations suffered from a breach caused by use of a smartphone or tablet device, more than doubling last years figure
of 7 percent. This is a great challenge and
opportunity for the industry.
www.eforensicsmag.com
www.hakin9.org
- 65 -
OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
Michael A. Goedeker, Auxilium Cyber Security: The same ones as now. In addition,
the false sense of security that secure
phone manufacturers sell you will lead to
more hacked phones. The system is broken, no phone would change that
Mark Bennet, Blustor: As biometrics continue to grow as a mainstream security mechanism for accessing mobile devices and
related applications, consumers will see
an increase in malware that specifically
targets biometric identity theft. The unfortunate reality is that the identities of
many consumers are going to be compromised for life due to their own unawareness of how serious this issue will become
over the next few years. Once your biometrics have been compromised, they can
never be replaced short of visiting a plastic surgeon.
Wade Johansen, CouriTech LLC: GPS vulnerabilities and apps that require too
much permissions (already an issue) with
little company security knowledge about
locking apps done before publishing.
www.eforensicsmag.com
www.hakin9.org
- 66 -
OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
www.eforensicsmag.com
www.hakin9.org
- 67 -
OBILE
What kind of vulnerabilities will affect
mobile phones in 2016?
www.eforensicsmag.com
www.hakin9.org
- 68 -
OBILE
Michael A. Goedeker, Auxilium Cyber Security: Dont use a phone for secure stuff!
Limit the usage for important calls and
functions, only use apps that are tested
and proven backdoor and spyware free.
Dont trust any phone manufacturer, test
and verify your Sim card, phone hardware, OS and Apps are secure. Recognize
that the underlying communication system is flawed. Anyone and everyone can
track you down, so if you dont want that,
then limit phone use. Use a computer or
electronic device that can use encrypted
signals and never needs the SS7 based
infrastructure.
www.eforensicsmag.com
www.hakin9.org
- 69 -
OBILE
Rick Blaisdell: Knowing your vulnerabilities and making sure that you protect
them will stand you in good stead for
2016. Other precautionary steps include:
- Use strong passwords for your accounts
that include numbers, lower case and capitalized letters, and are not easy to guess, e.g. password, 12345, etc. Don't open
suspicious emails requesting that you reenter sensitive data - Destroy sensitive
documentsUse a VPN to secure your
Internet connection if you need to use
public Wi-FiKeep your antivirus software up to date.
www.eforensicsmag.com
www.hakin9.org
- 70 -
OBILE
David Clarke, VCiso: As many security software apps as you can get on your phone. I use at least four.
Wade Lovell, Simpatic: Establish a company-wide approved apps list for bring your
own devices (BYOD). Have IT set up an
internal app store so IT can determine
whether the checksums match with the
publishers source files, test updates before they are deployed, etc. Turn off wi-fi
outside the office and route everything
through cellular data except while in the
office.
Anthony Di Bello, Guidance Software: Same measures we would take with any
other device. Encryption, password protection, turn off Bluetooth/wifi/gps when
in questionable locations such as Defcon.
www.eforensicsmag.com
www.hakin9.org
- 71 -
OBILE
www.eforensicsmag.com
www.hakin9.org
- 72 -
OBILE
What risks will mobile industry face in 2016?
Michael A. Goedeker, Auxilium Cyber Security: Increased usage as a cyber war and
espionage tool. Data leakage and theft.
David Clarke, VCiso: Marketing apps maybe too invasive, exploits exposing more
personal data.
Gerald Peng, Mocato: The increasing popularity of mobile shopping and mobile
beacons will make mobile phones likelier
fraud targets. The ability to fight mobile
platform fraud will be influenced by innovations in data protection, intuitive security compliance protocols and user authentication.
www.eforensicsmag.com
www.hakin9.org
- 73 -
OBILE
What risks will mobile industry face in 2016?
www.eforensicsmag.com
www.hakin9.org
- 74 -
HO IS
WHO
Leon Kuperman
Zenedge, CTO & Co-founder
Mark W. Bennett
Blustor, COO
Leon Kuperman is a successful founder and CTO of multiple ecommerce organizations with 18+
years of experience in product management, software design and
development all the way through to
production deployment. He is an
authority on Payment Card Industry
Data Security Standard (PCI DSS), ecommerce, online marketplaces /
auctions, data center deployment,
cloud deployment and web application architecture. He is also a
holder of a patent relating to ecommerce caching systems which
he worked on while at IBM.
Mayur Agnihotri
Przemek Radzikowski
Secbro Labs
Chief Security Researcher
www.eforensicsmag.com
www.hakin9.org
- 75 -
NTERNET OF THINGS
Will IoT force the industry
to change?
Shay Zandani, Cytegic: The inherent interconnectivity of IoT already forces changes
in the security industry, and will continue
to do so. This fact demands multi-device
endpoint detection tools, cross-device
honeypots and much stricter MDM rules
and practices in the office space.
www.eforensicsmag.com
www.hakin9.org
- 76 -
NTERNET OF THINGS
Will IoT force the industry
to change?
Michael A. Goedeker, Auxilium Cyber Security: Yes, as in all new technology, we,
for some reason, always forget to integrate security right from the start. This is a
dangerous way of creating new services
and products. Since IoT connects systems
previously not connected, we will only get
to see the new hacking vectors as it becomes more mainstream.
www.eforensicsmag.com
www.hakin9.org
- 77 -
NTERNET OF THINGS
Will IoT force the industry
to change?
Amber Schroader, Paraben Corporation:
IoT has caused a lot of changes in how we
look at digital evidence and access of digital devices in our daily life. IoT will make
huge changes to where we see our information spread out to, as well as where it
can be collected from.
www.eforensicsmag.com
www.hakin9.org
- 78 -
NTERNET OF THINGS
Will IoT force the industry
to change?
Craig McDonald, MailGuard: A study presented in October 2015 by the IT research
company, Gartner, predicts a transformation in the world of cybersecurity within
the next two years, thanks to the Internet
of Things.
By the end of 2017, more than 20% of businesses will be using security services
dedicated to protecting businesses initiatives, and that use devices and services
based on the Internet of Things.
Two examples: A sensor that detects and
adjusts the temperature in a room automatically; another that adjusts the dosage
of medication for a patient in their hospital bed according to new data on their
medical records.
Threat intelligence sharing among enterprises and security vendors will grow and
mature. Legislative steps may be taken,
making it possible for companies and
governments to share threat intelligence.
The development of best practices in this
area will accelerate.
www.eforensicsmag.com
www.hakin9.org
- 79 -
NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Michael A. Goedeker, Auxilium Cyber Security: Incorporating the correct levels of
security into software, menus, commands
and integrating open source protection
into all IoT devices from the start. At
Davos, I discussed and showed how gas
heaters can be turned into bombs because the lack of firewall and security verification technology in FPGA units. This is just
one example, SCADA is also still an issue.
www.eforensicsmag.com
www.hakin9.org
- 80 -
NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Dennis Chow, Millar, Inc: Possibly weak
passwords, backdoors, and injection based attacks.
David Coallier, Barricade: For us, the challenge isn't in security as much as it is in
usability. We are a design-led security
company and we spend a lot of time thinking about how to make security more
accessible to businesses. Providers of IoT
devices face the same challenge. Keeping
a high level of convenience of use with
intrinsic, transparent and non-adversarial
security.
www.eforensicsmag.com
www.hakin9.org
- 81 -
NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Rick Blaisdell: As we become increasingly reliant on intelligent, interconnected devices in every aspect of
our lives, security is very much a central issue for the Internet of Things. Despite the opportunities of IoT,
there are many risks that must be considered. Here are five of the many risks that will be essential in an
Internet of Things world:
Understanding the complexity - Imagine Nuclear power plants and data centers using IoT devices to automate their controls and being compromised. Understanding the complexity of vulnerabilities, and how serious of a threat they pose is going to become a huge challenge. Because these devices will have hardware
platforms and software that enterprises may never have had insight into before, the types of vulnerabilities
may be unlike anything organizations have dealt with previously. This is why it's critical not to underestimate the elevated risks of many IoT devices.
Vulnerability management - Another big challenge for enterprises into an IoT environment will be learning
how to quickly patch IoT device vulnerabilities and how to prioritize them. Because most IoT devices require a firmware update in order to patch the vulnerability, the task can be hard to accomplish in real time.
Identifying security controls - In the IT world, redundancy is critical. If one product fails, another is there to
take over. The concept of layered security works similarly, but we still have to see how well enterprises can
layer security and redundancy to manage IoT risk. The challenge will be identifying where security controls
are needed for Internet-connected devices, and then implementing effective controls. Given the diversity
that will exist among these devices, organizations will need to conduct customized risk assessments, often
relying on third-party expertise, to identify what the risks are and how best to contain them.
Disruption and denial-of-service attacks - Disruptive cyber attacks, such as distributed denial-of-service
attacks, could have bad consequences for an enterprise. If thousands of IoT devices try to access a corporate website or data service feed that isn't available, a companys happy customers will become frustrated,
resulting in revenue loss, customer dissatisfaction and potentially poor reception in the market. Capabilities
for managing lost or stolen devices will also be critical for dealing with compromised IoT devices, so having
an enterprise strategy in place will help mitigate the risks of corporate data ending up in the wrong hands.
Security analytics capabilities - The variety of new devices connecting to the Internet will create a flood of
data for enterprises to collect, process and analyze. While certainly organizations will identify new business
opportunities based on this data, new risks emerge as well.
www.eforensicsmag.com
www.hakin9.org
- 82 -
NTERNET OF THINGS
What kind of challenges will
IoT face in the next year?
Wade Lovell, Simpatic: IoT designers will
have to convert to a security-centric design methodology. So far, security has mostly been an afterthought.
Gerald Peng, Mocato: The surge in IPconnected devices increase cyber threat
risks within the corporate and domestic
environments, specifically with respect to
IT infrastructure and device vulnerabilities.
Anthony Di Bello, Guidance Software: Really the challenge of mass-market adoption, convincing the market that it is security. News of hacked Barbie Dolls and baby monitors is not helping here.
www.eforensicsmag.com
www.hakin9.org
- 83 -
NTERNET OF THINGS
How will IoT influence
cyber community?
Michael A. Goedeker, Auxilium Cyber Security: We need to be faster, teach more,
work on creating security products that
protect everyday functions and people
from dedicated and nasty attacks on whatever the IoT industry brings out. It's a
new area that we need to protect fast.
Time is ticking (tick-tock).
www.eforensicsmag.com
www.hakin9.org
- 84 -
NTERNET OF THINGS
How will IoT influence
cyber community?
Wade Lovell, Simpatic: It may make the
community more cautious, which would
be a good thing. It certainly exposes data
on previously private acts such as making
love in a room with a SmartTV or temperature sensor.
www.eforensicsmag.com
www.hakin9.org
- 85 -
NTERNET OF THINGS
How will IoT influence
cyber community?
Wade Johansen, CouriTech LLC: A lot of white hats will go gray, but not for all the wrong reasons! The continuous evolvement of global threats to peace and prosperity are affecting so many people that many have
decided the only way to fight crime is by operating outside the framework of laws as they currently stand.
Governments tend to be behind in technical advancements, and IoT is one of the things they arent
equipped to govern yet. They are slow to tackle emerging threats, and are behind on daily advances to
technology of IoT. Gray hats, on the other hand, can easily move in and out of systems without much fear,
and remain anonymous while having quite a large impact without causing system disruptions. They expose
and report vulnerabilities without exploiting them. Its not about glory, its about getting the job done efficiently and building security around devices.
Craig McDonald, MailGuard: Information technology security experts have been warning the public about
cyber threats for years, but users seem not to pay attention to these alerts -- they either dont understand
the threats or they do not care.
The cybersecurity industry needs to get better at communicating.
One new initiative is the Open Web Application Security Projects (OWASP) Internet of Things Top 10 Project, which is attempting to educate users on the main facets of IoT security and help vendors make common appliances and gadgets network- and Internet-accessible. The project identifies the top 10 security
problems seen with IoT devices, and discusses how to prevent them on its website. Its list is as follows: Insecure Web interface; Insufficient authentication or authorization; Insecure network services; Lack of transport encryption; Privacy concerns; Insecure cloud interface; Insecure mobile interface; Insufficient security
configuration; Insecure software or firmware; Poor physical security.
The Internet of Things will redraw the lines of responsibilities for the enterprise security policies will open
to different profiles of employees and updating protocols, as happened with the introduction of BYOD
or cloud computing, but on a much larger scale, and with a far more visible impact.
Technology research company Gartner believes that securing the IoT will be so complex that CISOs will use
a blend of approaches from mobile and cloud architectures, combined with industrial control, automation
and physical security.
www.eforensicsmag.com
www.hakin9.org
- 86 -
NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
Chase Cunningham, Cynja: IoT security
isnt really even a thought right now.
What we are seeing is the emergence of
the next Internet. With new protocols,
communication mediums and applications
but no consideration for security. Sadly,
we are seeing kids become the first victims of IoT exploits. In the past few weeks,
weve learned that Barbie isnt just a plastic doll with a house of your dreams anymore. Instead, shes a vector of attack
that hits kids right in their own home. And
parents who gave their child a Kidizoom
smartwatch or a VTech InnoTab tablet
may have exposed their kids to identity
theft after VTech reported hackers stole
the personal information of more than 6
million children. Thats why I believe we
need to protect our kids in this emerging
world of IoT and build systems that allow
families to better control their familys
data, allow parents to see what data IoT
devices are collecting and alert them
when those data are stolen. What weve
learned this year is when it comes to IoT
toys, trusting a company's "reasonable
measures" isn't enough. As a dad, Im doing something about this and building
better protocols for kids digital lives. They
deserve better than what were using today.
www.eforensicsmag.com
www.hakin9.org
- 87 -
NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
Michael A. Goedeker, Auxilium Cyber Security: We have to see security for IoT. We
have answered that call by discussing existing hacks today, at Davos and any other
conference we are invited to speak at.
Waiting for security and processes, procedures to catch up to new tech is the same
issue as previously, only now we are inviting attacks into our homes and family
members. This is a totally new ball-game.
Elizabeth Houser, Praesidio: Both. Firstattempt security for the IoT will emerge
along with new IoT solutions, otherwise
manufacturers wont gain confidence and
purchases from consumers. There will, of
course, be vulnerabilities discovered and
privacy mishaps, most likely on a large
scale in some cases, and security standards will have to adapt accordingly as the
IoT expands and evolves.
Mitchell Bezzina, Guidance Software: Some vendors are already making claims to
be able to help with IoT security, but they
have the advantage of being first-tomarket and attempting to define IoT security based on what they have to offer.
While more robust tools and technologies
evolve to meet the challenge, the majority
of IoT security efforts in 2016 are likely to
revolve around testing, testing, and more
testing. Take a look at Intel/McAfee for
the current leaders in IoT security thought
-leadership.
Wade Lovell, Simpatic: Fortunately, security will emerge alongside new IoT solutions and offerings. No manufacturer
wants to be in the news as the attack vector allowing the theft of confidential information or images.
www.eforensicsmag.com
www.hakin9.org
- 88 -
NTERNET OF THINGS
Will we see the security for IoT emerging
along new IoT solutions, or will we have to wait?
David Clarke, VCiso: IoT will move from
becoming unsafe to manageable security,
the technology is there already.
The industry needs to learn from its mistakes as it builds devices that connect via
the Internet. Best practices security, such
as using secure protocols for communication or installing the latest updates, fixes
and patches, are the starting point. Innovators must consider that future security will be managed automatically by the
system instead of users, and designing
secure technology will require a new
approach and mind-set.
www.eforensicsmag.com
www.hakin9.org
- 89 -
HO IS
WHO
Amber Schroader
Paraben Corporation
CEO & Founder
Kenneth Citarella
Guidepost Solutions
Senior Managing Director
David Clarke
David has experience across Finance, Telecoms, Public Sector including developing CERT on a Financial Intranet trading $3.5 Trillion a day , Managed Security
Services with a $400 million dollar Global install base, including Leading edge
Product Selection ,implementation and architecture. In these sectors David
has built Secure operations capabilities often from scratch, developed full Cyber incident response expertise , created , maintained and improved regulatory and compliance commitments including PCI-DSS, ISO 27001.
www.eforensicsmag.com
www.hakin9.org
- 90 -
Michael A. Goedeker, Auxilium Cyber Security: They will become easier and faster
to use. There will be more emphasis on
the value a tool has to security and where
it obtains that information from.
David Coallier, Barricade: Businesses deserve security that isn't adversarial, complicated and confusing. The job of a security professional shouldn't be to stare at a
screen all day but rather promote and
encourage good security procedures and
behaviour across the organisation. Both
emerging and new tools are helping in
solving that problem.
Shay Zandani, Cytegic: The main evolvement will be in the cybersecurity management solutions field, due to the fact that
already CISOs and other security personnel are overwhelmed with the abundance
of defenses, policies and procedures, and
they must have a management system
that they can use as a vehicle to streamline and update operations and policies.
Ondrej Krehel, LIFARS: They will try to make things easier, adding more usability for
untrained staff.
www.eforensicsmag.com
www.hakin9.org
- 91 -
www.eforensicsmag.com
www.hakin9.org
- 92 -
Michael A. Goedeker, Auxilium Cyber Security: Not sure about passwords but the
way we authenticate will evolve.
Mark Bennet, Blustor: The trend to eliminate passwords will continue and will likely accelerate as more devices support biometric authentication. We will see the
emergence of new two-factor authentication solutions as they incorporate the security benefits of biometrics.
Einaras Gravrock, Cujo: Absolutely. However, expect 2016 to be the year of new
proposed solutions and not yet a solution
for what will actually be adopted.
www.eforensicsmag.com
www.hakin9.org
- 93 -
David Clarke, VCiso: Yes. Strong authentication may need to be legislated to remove passwords.
Ondrej Krehel, LIFARS: Passwords are great. We just need more factors beyond it.
www.eforensicsmag.com
www.hakin9.org
- 94 -
www.eforensicsmag.com
www.hakin9.org
- 95 -
David Clarke, VCiso: Secure mobile phones, and technologies that replace password technology.
www.eforensicsmag.com
www.hakin9.org
- 96 -
Michael A. Goedeker, Auxilium Cyber Security: Its doing its job! There are many
companies that have feeds but the question is always about value. Fancy maps
are nice but what good does the information in that map do really? How is the data collection any different than using a
RasberryPi2 with Snort, etc? We build our
own network of sensors (Pi2s, DMZ sensors, etc) and use this information to find
differences and turn that information into
actionable intel. But we also use other
areas of data collection (all legal!). OSINT
is something surprisingly missing in all
threat intelligence feeds so we created
our own system that also includes that.
Dennis Chow, Millar, Inc: Possibly the inclusion of other threat vectors for true intelligence such as physical, signaling, and
other disciplines that can be combined
into cyber.
www.eforensicsmag.com
www.hakin9.org
- 97 -
www.eforensicsmag.com
www.hakin9.org
- 98 -
HO IS
WHO
Shay Zandani
Cytegic, Co-founder and
CEO
Rick Blaisdell
Wade Lovell
Simpatic, CEO
Wade Lovell has founded
eight companies with $200+
million in stakeholder returns. Wade began his career at Goldman Sachs and
Arthur Andersen. He has an
MBA from Columbia Business School and is a financial services expert. He is a
CPA, former CFE, EA, and has held Series 3, 7, 63 & 24
designations.
www.eforensicsmag.com
www.hakin9.org
- 99 -
REAS OF SECURITY
What are your predictions
for network security in 2016?
Michael A. Goedeker, Auxilium Cyber Security: The push for more automation will
eventually happen. We have started this
process by being the first company to introduce our copyrighted concept of the
Self Protecting Network.
www.eforensicsmag.com
www.hakin9.org
- 100 -
REAS OF SECURITY
What are your predictions
for network security in 2016?
David Clarke, VCiso: Software defined networks, legislation and password technology replacement.
Andrew Bagrin, My Digital Shield: I predict that there will be more pre-filter, trying to deliver a prescrubbed internet service, as opposed to giving more tools to
try and scrub it themselves.
www.eforensicsmag.com
www.hakin9.org
- 101 -
REAS OF SECURITY
What are your predictions
for software security in 2016?
Stephan Conradin: Still 50 security patches per year for each software because
software have no security by design,
OWASP will continue their very good job
of explaining how to avoid SQL Injection
and well see SQL injection
www.eforensicsmag.com
www.hakin9.org
- 102 -
REAS OF SECURITY
What are your predictions
for software security in 2016?
Wade Lovell, Simpatic: Apps corporations will start controlling the approved
and therefore available apps on BYODs.
Antivirus consumer antivirus programs
will move up market in order to remain
viable. AVG, for example, is struggling under the weight of its free model and has
moved to freemium offerings and addons.
www.eforensicsmag.com
www.hakin9.org
- 103 -
REAS OF SECURITY
What are your predictions
for hardware security in 2016?
Michael A. Goedeker, Auxilium Cyber Security: We already train our partners and
customers in hardware hacking. Many
instances have shown that hardware and
the associated firmware is a valid attacking vector. We are no longer just dealing
with software viruses and malware, we
are also dealing with firmware, side channels and newer aversion techniques to
hide protocols and suspicious traffic and
activities.
Andrew Bagrin, My Digital Shield: Hardware security is fine, but it doesnt need
to be on specialized hardware. For 2016, I
dont believe there will be much change.
www.eforensicsmag.com
www.hakin9.org
- 104 -
REAS OF SECURITY
What are your predictions
for cloud security in 2016?
Ondrej Krehel, LIFARS: I hope the providers will be more secure in their deployments.
www.eforensicsmag.com
www.hakin9.org
- 105 -
REAS OF SECURITY
What are your predictions
for cloud security in 2016?
Stephan Conradin: With cloud we delegate our security without strong controls.
Sooner or later, there will be a serious
incident.
Dennis Chow, Millar, Inc: Many more vendors and startups coming to complement
access controls and data discovery/data
control.
Mitchell Bezzina, Guidance Software: Large Cloud Vendors will be forced to make
virtual machines of computer systems
available to security teams for incident
response investigations in response to
new data breach notification regulations.
Without access to full machines, response
teams are limited in their ability to acquire all data quickly, this may also affect
SaaS providers and will likely lead to instrumental case between a breached organization and its cloud provider.
www.eforensicsmag.com
www.hakin9.org
- 106 -
REAS OF SECURITY
What are your predictions
for cloud security in 2016?
www.eforensicsmag.com
www.hakin9.org
- 107 -
HO IS
WHO
Ondrej Krehel
Lifars, CEO and Founder
Julie Herold
Odins Eye
Senior Security Consultant
Kenny Herold
Odins Eye
Principal Security Consultant
4 years of experience as a service
lead for anti-spam/anti-malware/
anti-virus working for a Fortune 10
company at a global scale as well
as 2 years of general application
security background and 5 years of
penetration testing in aforementioned company and an additional 2 years of penetration
testing for Odins Eye, LLC.
Alina Stancu
Titania Marketing Coordinator
She is Marketing Coordinator at
Titania and has spent the past two
years, learning, talking and writing
about information security. She is
also a contributor to The Analogies
Project.
www.eforensicsmag.com
www.hakin9.org
- 108 -
HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Irfan Shakeel, EH Academy: 2016 will belong to the start-ups of the infosec companies. Startups will focus on vulnerability
research, threat intelligence & monitoring
tools. The infosec service sector will likely
to grow, as more organizations are looking for services.
Michael A. Goedeker, Auxilium Cyber Security: Hard to say really. Start-ups will
happen, the question is if big cyber corps
will start to get more pressure to think
dynamically like start-ups do.
www.eforensicsmag.com
www.hakin9.org
- 109 -
HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Craig McDonald, MailGuard: The big security players are at risk of being disrupted by agile emerging competitors.
Their challenge is to start delivering the
next generation of security solutions for
the cloud, where they lag behind. Expect
to see the big players courting and buying
small vendors unless they can finally
achieve some innovation in their current
product offerings. As Microsofts Azure and AWS compete for business, they
will focus on new and improved security
features, in particular, helping customers
to have greater control and visibility into their cloud. As they reach feature parity in the IaaS (Infrastructure-as-a-Service)
space, rich security capabilities will become their differentiators, either through
additional platform features or third-party
offerings.
www.eforensicsmag.com
www.hakin9.org
- 110 -
HE INDUSTRY
Will 2016 belong to start-ups or big cyber security
corporations?
Nick Prescot, ZeroDayLab: Clients are looking for the right company to do the right
job, the benefits won't change.
www.eforensicsmag.com
www.hakin9.org
- 111 -
HE INDUSTRY
Michael A. Goedeker, Auxilium Cyber Security: Its getting to the point where the
investment for attending and the value
are starting to be questioned for some
conferences. In my opinion, events like
Bsides are becoming more important and
attended by more people due to the lower costs involved with attending. I am by
no means saying Blackhat is not valuable
but people are starting to feel real pain
when paying thousands of dollars or euros to attend a conference in the US. There has to be a balance and not a we are
talking all the money from all sides just
so you attend our show. Security lives
from teaching and not being so egotistical
with conferences.
www.eforensicsmag.com
www.hakin9.org
- 112 -
HE INDUSTRY
Wade Johansen, CouriTech LLC: Yes, unfortunately they still will not be a target of
many companies for sending their cyber
employees, as its still seen by too many
as a non-essential training experience.
Anthony Di Bello, Guidance Software: Certainly. They should (and are) be leveraged
as recruitment events. In addition I think
we will see more involvement by industry
in collegiate cyber security events such as
www.nationalccdc.org and niche security
events such as guidancesoftware.com/
enfuse, bringing together like specialist
communities to a common cause.
www.eforensicsmag.com
www.hakin9.org
- 113 -
HE INDUSTRY
Will we see more state-level cooperation in 2016?
Rick Blaisdell: 2016 will be a very significant year for both sides of the cybercrime
equation. Governments and enterprises
will begin to see the benefit of cybersecurity foresight, with changes in legislation
and the increasing addition of cybersecurity officers within enterprises. In addition, as users become more aware of online threats, attackers will react by developing sophisticated, personalized schemes
to target individuals and corporations alike.
Dennis Chow, Millar, Inc: We will see more attempts at information sharing and
incident response assistance.
Michael A. Goedeker, Auxilium Cyber Security: Certainly and this is a good thing!
We need to discuss privacy, protecting
people, critical infrastructure.
www.eforensicsmag.com
www.hakin9.org
- 114 -
HE INDUSTRY
Will we see more state-level cooperation in 2016?
Stephan Conradin: I hope. We are in cyberwar and some aliens are always welcome.
David Clarke, VCiso: Yes already happening, and needs to be at a business level.
www.eforensicsmag.com
www.hakin9.org
- 115 -
HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
www.eforensicsmag.com
www.hakin9.org
- 116 -
HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
Dotan Bar Noy, Re-Sec Technologies: According to the Banking & Financial Services Cybersecurity: U.S. Market 2015-2020
Report, by Homeland Security Research
Corp. (HSRC), the 2015 U.S. financial services cybersecurity market will reach $9.5
billion, making it the largest nongovernment cybersecurity market. In addition, the report concludes that this market will be the fastest growing nongovernment cybersecurity market, exceeding $77 billion in cumulative 2015-2020
revenues. This is driven by an increase in
regulation and the demand for zero breaches, shutdown time and information leak
systems.
Paul Hoffman, Logical Operations: Healthcare, they are so far behind. It will take
years to get them off this list.
www.eforensicsmag.com
www.hakin9.org
- 117 -
HE INDUSTRY
In which industry will we observe the biggest
demand for cyber security services?
www.eforensicsmag.com
www.hakin9.org
- 118 -
HE INDUSTRY
What do you think will change in the cyber
security market in your country?
Michael A. Goedeker, Auxilium Cyber Security, Germany: I hope that there will be
better rates for experienced security people. Right now many big customers pay
little for much, this is unbalanced and really unfair as cyber security experts do a
lot of learning and gain experience that is
not paid. This experience SHOULD be
paid but currently isnt. At some point, we
will refuse to be undersold and not work
for minimal wages comparable to low paid jobs that do not require special training, certifications or degrees in addition
to real world experience.
Andrew Bagrin, My Digital Shield, US: More complexity and higher process.
Dotan Bar Noy, Re-Sec Technologies, Israel: The latest data from Israels National
Cyber Bureau indicates cyber exports increased from $3 billion (USD) in 2013 to
$6 billion in 2014, that constitutes about
10 percent of the global cyber market.
Israel is second only to the United States
as the largest exporter of cyber products.
This is made possible by the increasing
amount of highly skilled professionals.
Israels unique security needs created a
focus on cyber security education in
schools, army service, and dedicated collages. Hopefully, we will see additional
Israeli vendors take their place as world
leaders, such as Check Point, CyberArk,
etc.
www.eforensicsmag.com
www.hakin9.org
- 119 -
HE INDUSTRY
What do you think will change in the cyber
security market in your country?
www.eforensicsmag.com
www.hakin9.org
- 120 -
HO IS
WHO
Craig McDonald
David Coallier
Barricade, CEO
David Coallier is the chief executive
officer of Barricade. David is a technologist, an avid learner, and a serial entrepreneur with a passion for
artificial intelligence.
Nick Prescot
ZeroDayLab
Senior Information
Security Manager
As Head of GRC and incident response , I am responsible for the
development and delivery of these
services to our clients. Whether
you need an assessment, review, audit and/or a consultation with your people,policies, procedures and processes ZeroDayLab's award winning consulting services
can ensure that you are protected with the very best
advice; if you are unfortunate to be at the receiving
end of a breach, you can be assured that the very best
people in the business are there to keep the hackers at
Stephan Conradin
I am an independant consultant with more than 30 years of activities in information security as well as information systems. I have hold CISSP, CISM, CRISC, ISO
27001, COBIT and ITIL certifications and a Master in
Information Security.
www.eforensicsmag.com
www.hakin9.org
- 121 -
YBER SECURITY
AWARENESS
Chase Cunningham, Cynja: How can we work towards improving cyber security awareness in 2016? Cyberspace isnt the Magic Kingdom. Its the Wild Westonly worse, as its a place where its really difficult to
observe people as they make choices and experience the consequences. So corporate social responsibility
programs try to drive a consciousness-raising dialogue among young people to fill the void. Sadly, what
they deliver is often hopelessly lame and condescending. They miss that creating cybersecurity awareness,
especially among kids, takes serious effortand that in the case of our digital lives today, one that has to
be backed by the creative vision necessary to set out and define this new frontier. This is something new
something we never experienced before.
Instead, many large companies who have the revenues to do this simply dont. They justify their limited
efforts by claiming to only have a limited budget for guiding kids on how to protect their future. Some
corporations just want to tick a box to show that they are helping the children and move on. And so kids
are shown silly dogs, flying saucers, or the occasional cyber kittyaccompanied by bullet point guidance
more suitable for corporate PowerPoint presentations. Seriously, how are we as an industry going to inspire kids to want to make smart choices online with PowerPoint and clip art?
Our kids and our childrens children are going to be the ones who will see new technologies and methods
of compromise we havent even considered. As an industry, we must take this responsibility seriously rather than treat it like an optional line item to be squeezed by our finance departments. We need to educate and train kids to be cyber smart and involve more kids in our industry. Today, too many companies focus
on the now, rather than the later. That behavior simply means our industry is shorting an entire generation
of childrens digital future. Its very sad to watch.
Mark Bennet, Blustor: The cyber community can have a tremendous influence on
public awareness by evangelizing and
working with the media to bring serious
issues to surface. This requires a level and
style of communication that mere mortals can understand and using examples
that clearly show the potential consequences. As a community, we need to encourage and support cyber security experts
to share their stories, concerns, and potential solutions with the rest of the
world.
www.eforensicsmag.com
www.hakin9.org
- 122 -
YBER SECURITY
AWARENESS
www.eforensicsmag.com
www.hakin9.org
- 123 -
YBER SECURITY
AWARENESS
Anthony Di Bello, Guidance Software: Certainly, and already are doing so through
things like national cyber security awareness month (October).
www.eforensicsmag.com
www.hakin9.org
- 124 -
YBER SECURITY
AWARENESS
Michael A. Goedeker, Auxilium Cyber Security: Talk, present at Bsides and other
security conventions, boycott the selling
of speaker slots (for money) by sales companies.
Dennis Chow, Millar, Inc: Add gamification theory to the community which will
encourage active participation in improving security awareness as a whole.
Amit Serper, Cybereason: Start cyber security education and awareness training in
elementary school.
Elizabeth Houser, Praesidio: Fund and make mandatory cybersecurity training for
users.
www.eforensicsmag.com
www.hakin9.org
- 125 -
YBER SECURITY
AWARENESS
www.eforensicsmag.com
www.hakin9.org
- 126 -
YBER SECURITY
AWARENESS
Andrew Bagrin, My Digital Shield: We need to separate myth and reality. The reason awareness is taken with a grain of salt
is because something is always trying to
be sold.
www.eforensicsmag.com
www.hakin9.org
- 127 -
YBER SECURITY
AWARENESS
Leon Kuperman, Zenedge: The fundamental miscommunication and misunderstanding of how technology works and what is
vulnerable.
Wade Johansen, CouriTech LLC: The realization of what firewalls and cryptography
can really do for protection, and the importance of retaining offline backups.
Michael A. Goedeker, Auxilium Cyber Security: That people listen and change
their habits. This can only be done by
experiencing the pain of breaches (or so it
seems).
www.eforensicsmag.com
www.hakin9.org
- 128 -
YBER SECURITY
AWARENESS
BroadTech Security Team: Rapport. People dont understand the InfoSec languages and jargon. So things have to be simplified while spreading awareness.
Wade Lovell, Simpatic: Inertia. It is a powerful force. The vis insita, or innate force of matter, is a power of resisting by
which every body, as much as in it lies,
endeavours to preserve its present state,
whether it be of rest or of moving uniformly forward in a straight line. Isaac
Newton.
www.eforensicsmag.com
www.hakin9.org
- 129 -
YBER SECURITY
AWARENESS
Wade Johansen, CouriTech LLC: Realization of the threat landscape which evolves
daily is a technical cyber security challenge and often a nightmare. True awareness
requires many things, including social media integration, which often is blocked on
most corporate networks - accurate reporting from real-time systems which
often display false positives - and
knowledge by the technical staff to be
able to interpret the data when anomalies
are encountered. Target is an example of
a breach where the systems were pointing
to an event in progress, and it was repeatedly ignored as an anomaly that wasnt a
danger.
www.eforensicsmag.com
www.hakin9.org
- 130 -
YBER SECURITY
AWARENESS
Gerald Peng, Mocato: Awareness will positively impact corporate cyber security by
facilitating support and investment in cyber security protocols and tools.
BroadTech Security Team: In many startups, there are no firewalls and the laptops are connected directly to internet
through WiFi. In such cases, end point
security is of prime importance and users
should be made aware. In most corporates, awareness training is given, I suppose,
and their focus should be on making people compliant to the security instructions.
Nick Prescot, ZeroDayLab: Users are becoming more aware and this will be a constant education exercise.
David Clarke, VCiso: The awareness is there, its the incentive to implement that
isnt.
Wade Lovell, Simpatic: Maybe, just maybe 2016 is the year cyber security becomes a Board issue rather than an IT issue.
www.eforensicsmag.com
www.hakin9.org
- 131 -
HO IS
WHO
Nicolas Orlandini
Gerald Peng
KMPG
Director Forensic Services
Mocato, Founder
Francisco Amato
Infobyte, CEO
He is a researcher and computer security consultant who works in the area of vulnerability Development, blackbox testing and reverse engineering. He is CEO of Infobyte Security Research
(Infobyte LLC) www.infobytesec.com, from where he published his developments in audit tools
and vulnerabilities in products from companies like Novell, IBM, Sun Microsystems, Apple, Microsoft. His last work was evilgrade a modular framework that allows the user to take advantage of
an upgrade process from different applications, compromising the system by injecting custom
payloads. Founder and organizer of ekoparty south america security conference.
www.eforensicsmag.com
www.hakin9.org
- 132 -
ISCELLANEOUS
LogRhythms Predictions for Cybersecurity
An uptick in all-in-one home surveillance systems. We are seeing more motion sensing/camera/
recording devices in the home that can be managed through personal devices. This type of technology will
continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.
A rise in the use of mobile wallet apps. Like having virtual money and an ID in ones pocket, mobile wallet
apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is
directly tied to ones mobile phone which is a critical access vector for cyber threats.
New model of what to protect. Instead of a mandate to protect everything on the network, IT staffs
must work more like a unit, centralizing and protecting the most critical resources. This approach moves
defense-in-depth to the most critical business components of the organization.
Identity access management: The unsung hero. Companies will be investing more money and R&D resources in behavior-based modeling, analytics and identity access management to track behaviors. More customers are asking about it, which will motivate the rest of the industry to follow.
The next big attack target: Education. This industry has a plethora of data that cyber criminals want - credit reports, personally identifiable information (PII), donor money, tuition money. And these institutions
are not doing an adequate job of securing all their systems. Add to that the myriad customer namely
professors, student, parents, administrators and you have magnified the attack vectors exponentially.
Emergence of hacking for good. More organizations, like Anonymous, will be leaving the dark side and
hacking for the public good. They are more motivated by the notoriety and publicity on social media than
for financial gain. Teens are learning to program on their own; high schools are introducing technology and
coding to get this generation aware of and more proficient in this industry. Younger generations are finding
coding and programming cool. This is the next gen workforce that we hope will continue to want to positively impact society.
Security is in a renaissance. Security is a hot space. And the fact that CISOs are getting a seat in the Boardroom is another indication of the importance of this industry for all organizations, regardless of the vertical market. Many companies still dont have adequate security infrastructures, awareness or training to
defend themselves. There will also be consolidation. Companies will either get it or not, and governments will start ramping up regulations.
www.eforensicsmag.com
www.hakin9.org
- 133 -
ISCELLANEOUS
LogRhythms Predictions for Cybersecurity
Next steps for CISA, open sharing of threat intelligence. Critical infrastructure will emerge as more companies in various sectors, such as energy, financial and healthcare, join in. The principle and the intention
behind the creation of a more collaborative community for the open sharing of threat intelligence is grand,
with two distinct sides of the political aisle. We will either see a big push or nothing happen at all.
Ransomware gaining ground. The ransomware-style of attack is powerful and expanding into Macs and
mobile devices, making it easier to target consumers. Criminals can gain big profit by locking down an entire system; victims have no choice but to pay. Although consumers are ripe for the picking, businesses are
not immune to this approach.
Vendors need to step up Despite the running list of breaches, many companies still do not have an
adequate security infrastructure to defend itself against cyber criminals. And we cannot rely on consumers
to know how to protect home systems. It is up to the security vendors to build better software, systems
and patching mechanisms, as well as offer training and services to protect people, companies and their assets.
www.eforensicsmag.com
www.hakin9.org
- 134 -
ISCELLANEOUS
IBMs Predictions for Cybersecurity
Bob Stasio, senior product manager for cyber threat analysis, i2 Safer Planet:
The market for behavioral analytics and threat detection offerings will continue unabated Large financial
organizations will continue divesting themselves of managed security services to create their own fusion
centers Big X consulting firms will offer their customers cyberintelligence-as-a-service consulting options Companies and government agencies will begin using block-chain encryption to protect against
cyberthreats Private organizations will increase their visibility into the dark web to become more proactive about cyberthreats than ever before.
Todd Rosenblum, senior executive for worldwide big data, i2 Safer Planet
Auditability and managed access of US citizens personal data will be an increasingly important requirement for US national security agencies The international community will create safe zones in Syria to
stem the mass migration to Europe, and big data analytics will play an integral role in enforcing identity
resolution and border security in those safe zones.
www.eforensicsmag.com
www.hakin9.org
- 135 -
ISCELLANEOUS
Irfan Shakeel, EH Academy: The importance of incident handling and digital forensics will increase. The community will
invest their time and resources to develop
and create the effective work-process to
solve hacking cases.
www.eforensicsmag.com
www.hakin9.org
- 136 -
ISCELLANEOUS
www.eforensicsmag.com
www.hakin9.org
- 137 -
HO IS
WHO
James Carder
LogRhythm
Greg Foss
LogRhythm
CISO & VP
Security Operations
Team Lead
He is LogRhythms Security
Operations Team Lead and
a senior researcher with
Labs, where he is tasked
with leading both offensive
and defensive aspects of
corporate security. He has just under a decade of experience in the Information Security industry with an
extensive background in Security Operations, focusing
on Penetration Testing and Web Application Security.
Greg holds multiple industry certifications including the
OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among
others. He has presented at national security conferences such as DerbyCon, AppSecUSA, BSidesLV, and is a
very active member of the Denver security community.
Dennis Chow
Millar Inc, Security Manager, Incident Response
He is a security practitioner that has over 10 years of combined IT and Information Security experience. Dennis currently leads Information Security efforts at Millar, Inc. as their Network Security Manager. In addition management and practitioner experience, Dennis has consulted for various clients
within Oil and Gas, Healthcare, Defense, and other critical infrastructure industries. Dennis also holds
several industry known certifications including the GCFA, GCIH, GCIA, GPPA, CISSP, E|CSA, C|EH, and
L|PT and is currently the Program Manager for a collaborative Cyber Threat Information Sharing
Grant by the Department of U.S. Health and Human Services.
www.eforensicsmag.com
www.hakin9.org
- 138 -
HO IS
WHO
Andrew Borene
Federal manager, i2 Safer Planet
Bob Stasio
Senior Product Manager of Cyber
Analysis at IBM i2 Safer Planet
Bob Stasio is the He brings nearly
14 years of rare expertise fighting
top tier malicious actors through
his work in the intelligence community, the U.S. Military, NSA and
commercial sector. Bob served on
the initial staff of US Cyber Command. Serving in Iraq during The
Surge, Bobs intelligence unit
supported the detainment of over
450 high-value targets.
Todd M. Rosenblum
Senior executive for worldwide big
data, i2 Safer Planet
Shahid Shah
CEO, Netspective Communications
He is an award-winning Government 2.0, Health IT, Bio IT & digital
Medical Device Inventor & CTO
with over 25 years of technology
strategy, architecture, engineering,
entrepreneurship, speaking, and
writing experience. He is the chair
of the #HealthIMPACT Forum.
www.eforensicsmag.com
www.hakin9.org
- 139 -
DVICE
Mark Bennet, Blustor: Cyber security professionals and the industry need to challenge our current paradigms that often
involve centralizing and attempting to
control every element of data flowing in
and out of the systems under our protection. We are in a leaky ship and bailing
the water out faster isnt really solving the
problem. We need to look closer at the
underlying root issues, which include
things like immutable human behavior
and the inherent weakness of outdated
security mechanisms such as usernames,
passwords, and PINs. Until we do that, at
best we are just keeping our heads above
water.
Rajeev Chauhan, Cyber Oxen: Be suspicious, but dont be paranoid about security, the best approach is having preventive
measures in place.
www.eforensicsmag.com
www.hakin9.org
- 140 -
DVICE
Alina Stancu, Titania: Keep on top of compliance, as that will remain important in
ensuring baseline security. Certification
against governmental or business accreditations will travel down the supply chain
as more suppliers demand that businesses
present some form of security assurance
of their product and services.
www.eforensicsmag.com
www.hakin9.org
- 141 -
DVICE
BroadTech Security Team: Stop hype. Learn your stuff. Know what you are talking
about. Keep yourself updated daily & share your knowledge with others. Stop using
jargon and fancy words and explain things
clearly to people. Our job is to keep things
secure and not to show off our knowledge
or expertise. One more prediction. Once
Hammer2 is feature complete, DragonFLYBSD implements single sign on and
redundancy using CARP, etc. The way of
doing cloud computing will take a new
turn.
www.eforensicsmag.com
www.hakin9.org
- 142 -
ONTRIBUTING
COMPANIES
www.eforensicsmag.com
www.hakin9.org
- 143 -
www.eforensicsmag.com
www.hakin9.org
- 144 -
www.eforensicsmag.com
www.hakin9.org
- 145 -
www.eforensicsmag.com
www.hakin9.org
- 146 -
www.eforensicsmag.com
www.hakin9.org
- 147 -