Posted by on | Featured

Protect your organisation | Reduce cyber risk | Develop security resilience

Securetour 2023 Conference Highlights

SecureTour is back by popular demand!

This year’s virtual conference brought together globally recognised security partners to discuss the latest Cyber Security and technology trends. With keynote speakers from Microsoft, Sophos, Cisco, and Forcepoint, as well as a panel discussion on ‘Security 101: What you actually need to get security right,’ a guest speaker session by John Noble on ‘The Director’s Handbook to Cyber Security,’ and several workshops, including the CxO Forum on building a cyber resilient business, the CFO Forum on the cost of security, and the Tech Forum on creating a security strategy, delegates had the opportunity to learn from a wide range of experts and topics.

In this blog post, we’ll highlight the key takeaways from each keynote, the panel discussion, the guest speaker session, and the live hack that demonstrated the importance of cybersecurity in real-world scenarios. We’ll also share our top tips and best practices for identifying gaps, remediating weaknesses, optimising technology, building a resilient organisation, preparing for attacks, and recovering from breaches quickly. Whether you attended the conference or not, this blog post is a must-read for anyone who wants to stay up-to-date with the latest developments in cyber security.

Keynote Speakers

SecureTour brought together industry experts to discuss the latest Cyber Security trends and technologies. During the conference, attendees gained valuable insights into topics such as situational awareness of cyber security, security testing, security resilience, risk management, and more. Here are some key takeaways from the keynote sessions:

LogPoint demonstrated how their solution connects to a thousand data sources and normalises data, offering organisations the benefits of situational awareness of cyber security in their environments. They also highlighted the challenges that come with it and how their solution solves them.

Microsoft presented new security features integrated into their E5 licenses to help organisations protect against data breaches and decrease insider risk. They focused on building security into systems from the start, establishing a trust fabric with secure access, managing securely across platforms and clouds, and protecting at machine speed.

Sophos discussed the advantages of partnering with cybersecurity experts to stop ransomware and advanced human-led attacks with their cyber security as a service offering. They highlighted their 24/7 team of threat response experts, ability to maximise ROI of existing cybersecurity technologies, and 24/7 monitoring and endpoint detection and response capabilities to improve cyber insurance coverage eligibility.

Armadillo Sec discussed the difference between vulnerability assessments and penetration testing and emphasised the importance of both types of testing. They explained the stages of pen testing and the common vulnerabilities found during such tests. 

Cisco highlighted the importance of pervasive defence with an open platform across user devices, networks, and applications. They showed how hackers could use billions of signals across the infrastructure to anticipate changes, prioritise actions, and close gaps for better security resilience.

Forcepoint addressed the issue of complex security configurations by simplifying security for hybrid workers with their solution. They discussed how organisations could gain visibility and control of interactions with data in web, cloud, and private apps, prevent misuse of sensitive data accessed from managed or unmanaged devices, control access to high-risk web content, and provide remote, fast, secure access to business resources and private apps without the complexity of VPNs.

Rapid7 discussed the resource gap in the security talent market and how organisations can manage risk with continuous cloud security and compliance. They emphasised the need to automate cloud compliance, detect threats in real time, prioritise risk everywhere, and perform dynamic application security testing.

The SecureTour virtual conference provided attendees valuable insights and best practices for protecting their organisations and data from cyber threats. By streamlining services, conducting thorough security testing, building resilient defences, simplifying security configurations, and managing risk with automation, organisations can better protect themselves in today’s complex cyber landscape.

John Noble: The Director's Handbook to Cyber Security

John Noble is a highly respected figure in the world of cyber security, having retired as the Director of Incident Management at the National Cyber Security Centre (NCSC) in 2018 after 40 years of government service. With a wealth of experience in operational delivery and strategic business change, Noble has been recognised for his work in creating effective partnerships in the lead-up to the London Olympics, for which he was made a Commander of the British Empire (CBE) in 2012. As a non-executive Director at NHS Digital and Director at the NCSC from 2016 to 2018, Noble has played a vital role in shaping the UK’s cyber security policy and strategy. John Noble’s keynote speech addressed the evolving threat landscape of cybercrime, emphasising the industrialisation of ransomware and how it has grown due to the increase in the number of countries and sectors that are now being targeted. He discussed the new ecosystem in which cybercriminal groups work together to develop and carry out ransomware attacks. He also highlighted the challenges organisations face in managing cyber risks, such as getting the basics right, including patching, software updates, and credential management. Noble highlighted the challenges of managing cyber threats in the healthcare sector and the need to balance usability, security, and cost in defending the NHS. Noble also discussed the mistakes that boards make regarding cybersecurity, including needing to understand that it is a board-level responsibility and setting clear risk tolerances. He outlined what a board needs to know and do, such as understanding who is responsible for cybersecurity and promoting a positive workforce security culture. He also discussed some tools that can help with board engagement, such as regular updates, third-party assessments, and the NCSC board toolkit. In conclusion, Noble stressed the pressing need for strong cybersecurity leadership, clarity around who is responsible for what, and clear standards of cybersecurity governance. His speech provided valuable insights into organisations’ challenges in managing cyber risks and the importance of effective board engagement in addressing these challenges.

Live Hack with Armadillo

The live hack presented during the conference showcased the vulnerabilities that exist in everyday environments. The hackers set up a virtual environment to represent a victim of a cyber attack to demonstrate the various ways in which attackers can exploit vulnerabilities.

The first attack attempted by the hackers involved exploiting a vulnerability based on a series of misconfigurations on a certificate. The first misconfiguration enabled auto-enrolment or allowed enrolment, the second disabled management approval, the third required misconfiguration of the template was an EKU that enabled authentication, and the fourth required the template to allow requesters to specify the subject alternative name in the CSR. Basic reconnaissance was sufficient enough to identify these misconfigurations. Exploiting these misconfigurations enabled the hackers to gain access to the domain. Once inside, they developed a way to retrieve a “golden ticket” that provided them with permanent access to the domain.

The second attack vector attempted by the hackers also resulted in the same outcome but used a different approach. The hackers leveraged misconfigurations within the ADS auto enrolment endpoint to coerce authentication attempts from the server. This allowed them to convert the information retrieved into a PFX file, which in turn, enabled them to authenticate themselves.

Both live hack demonstrations were successful and highlighted the vulnerabilities in common environments. The speaker identified how to patch the vulnerability and urged organisations to take the necessary steps to secure their systems.

Conclusion

Securetour 2023 was an informative and engaging event that brought together experts from various sectors to share their insights and experiences in managing cyber risks. The keynote speakers addressed some of the pressing issues facing organisations today, including the evolving threat landscape of cybercrime and the need for effective board engagement in addressing cybersecurity challenges. The live hack demonstrations were also eye-opening, as they highlighted the specific vulnerabilities that exist in common environments and the importance of patching and securing systems to prevent attacks.

Overall, the conference provided valuable insights and actionable recommendations for organisations to improve their cybersecurity posture and better protect themselves against cyber threats. It is clear that cybersecurity is a critical issue that requires ongoing attention and investment to mitigate the risks and protect against the potentially devastating consequences of cyber attacks.

 

If you have any more questions or worries, please do not hesitate to get in touch and see what CyberLab can do to help you and your security posture.

Detect. Protect. Support.

Posture Assessment

Understand your security risks and how to fix them.

Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.

Start Assessment
Comments are closed.