Michael A. Goedeker, Auxilium Cyber Se-curity: A big one. Awareness pays many dividends to any company that invests in them. There are neutral statistics that prove that awareness campaign training decreases successful password hacking and social engineering attacks (two of the most difficult attack vectors to secure be-cause of human nature vulnerabilities).
Andrew Bagrin, My Digital Shield: More training and testing of social engineering.
Elizabeth Houser, Praesidio: The lack of user awareness and inattentiveness will continue to pose a threat to corporate cybersecurity infrastructure.
Julie Herold, Kenny Herold, Odin’s Eye:
We think there will have to be tighter con-trols given the BYOD policies many com-panies and organizations are implemen-ting and deploying within their organiza-tions to protect the end users from them-selves.
Ondrej Krehel, LIFARS: It helps but you really need a professional. No one says to a secprof you should be accounting aware so we don’t need accountants, so why the other way?
Kenneth C. Citarella, Guidepost Solutions:
Security awareness is the key to our secu-rity, ultimately. This is true for individu-als, as well as businesses and governmen-tal agencies of all sizes. We must know our weaknesses, understand what the attackers do and remove practices that create vulnerabilities.
Wade Johansen, CouriTech LLC: Realiza-tion of the threat landscape which evolves daily is a technical cyber security challen-ge and often a nightmare. True awareness requires many things, including social me-dia integration, which often is blocked on most corporate networks - accurate re-porting from real-time systems which often display false positives - and knowledge by the technical staff to be able to interpret the data when anomalies are encountered. Target is an example of a breach where the systems were pointing to an event in progress, and it was repea-tedly ignored as an anomaly that wasn’t a danger.
Richard De Vere, The AntiSocial Engineer:
Awareness and a good understanding of the nefarious people that we can all enco-unter online is the main objective. You can’t expect people to care about their digital security if they don’t have the per-ception of what's out there today.
Paul Hoffman, Logical Operations: It will play the biggest role. No software or har-dware can make up for an unaware em-ployee clicking, or not changing a pas-sword, or any number of things that leave the cyber door wide open.
BroadTech Security Team: In many star-tups, there are no firewalls and the lap-tops are connected directly to internet through WiFi. In such cases, end point security is of prime importance and users should be made aware. In most corpora-tes, awareness training is given, I suppose, and their focus should be on making peo-ple compliant to the security instructions.
Nick Prescot, ZeroDayLab: Users are beco-ming more aware and this will be a con-stant education exercise.
Wade Lovell, Simpatic: Maybe, just may-be 2016 is the year cymay-ber security may- beco-mes a Board issue rather than an IT issue.
Anthony Di Bello, Guidance Software: A large role, many organizations already have some form of cyber awareness pro-gram. If nothing else it will help minimize the risk of social engineering attacks, which are leveraged extensively in the first phase of most compromises.
Gerald Peng, Mocato: Awareness will po-sitively impact corporate cyber security by facilitating support and investment in cy-ber security protocols and tools.
Stephan Conradin: Crucial, employees must understand that cyber security if not a black box like a firewall, it is a conti-nuous process and they are involved.
David Clarke, VCiso: The awareness is the-re, it’s the incentive to implement that isn’t.
David Coallier, Barricade: This is going to be immense. For corporate awareness to kick in, security needs to be implemented bottom-up as a cycle rather than top-down as a mandate.
Dennis Chow, Millar, Inc: Eventually, it will become standard as part of other po-licies and procedures signed like an AUP.
Mayur Agnihotri: Organization’s people have a key role to play in effective cyber security.
C YBER SECURITY AWARENESS
What role will awareness play in corporate cyber security?
W HO IS
WHO
Nicolas Orlandini KMPG
Director Forensic Services
He is a Director of KPMG’s Cyber practice and a member of the Forensic Technology team, spe-cializing in digital response servi-ces and cyber investigations. He is specialized in identification, preservation and collection of electronic stored information (ESI ), data leak prevention and detection, information protection and incident respon-se, and information security audits. He also has a strong background across the electronic evidence acquisition protocols and chain of custody regarding eDiscovery matters or internal investigations. He deve-loped and leaded the Forensic Technology Lab in KPMG Buenos Aires – Argentina office for many years, provi-ding evidence collection, processing and hosting to companies and law firms located across Latin America, including clients located in Argentina, Brazil, Chile, Uru-guay, ParaUru-guay, Bolivia, Peru, Venezuela, Ecuador, Co-lombia, Panama, Curacao and Costa Rica.
Gerald Peng Mocato, Founder
Gerald Peng is the founder of Mocato Inc., a consulting firm that specializes in digital foren-sics, E-Discovery and data ana-lytics. In the last 12 years, Ge-rald has provided services in computer forensics, incident management and information security. He has worked closely with financial institu-tions, law firms and government to perform computer forensic investigations and fraud analysis. Gerald is a certified computer forensic examiner (EnCE, GCFE), Cer-tified Fraud Examiner (CFE), CerCer-tified Information Sys-tems Security Professional (CISSP), and Certified E-Discovery Specialist (CEDS). He is also a member of the High Technology Crime Investigation Association (HTCIA), and a graduate of McMaster University’s Com-puter Engineering and Management program.
Francisco Amato Infobyte, CEO
He is a researcher and computer security consultant who works in the area of vulnerability Deve-lopment, blackbox testing and reverse engineering. He is CEO of Infobyte Security Research (Infobyte LLC) www.infobytesec.com, from where he published his developments in audit tools and vulnerabilities in products from companies like Novell, IBM, Sun Microsystems, Apple, Micro-soft. His last work was evilgrade a modular framework that allows the user to take advantage of an upgrade process from different applications, compromising the system by injecting custom payloads. Founder and organizer of ekoparty south america security conference.
An uptick in all-in-one home surveillance systems. We are seeing more motion sensing/camera/
recording devices in the home that can be managed through personal devices. This type of technology will continue to expand, and with this expansion, hackers will try to exploit them or cause chaos.
A rise in the use of mobile wallet apps. Like having virtual money and an ID in one’s pocket, mobile wallet apps are at the intersection of marketing and payments. And although a mobile wallet is convenient, it is directly tied to one’s mobile phone which is a critical access vector for cyber threats.
New model of what to protect. Instead of a mandate to “protect everything on the network,” IT staffs must work more like a unit, centralizing and protecting the most critical resources. This approach moves defense-in-depth to the most critical business components of the organization.
Identity access management: The unsung hero. Companies will be investing more money and R&D reso-urces in behavior-based modeling, analytics and identity access management to track behaviors. More cu-stomers are asking about it, which will motivate the rest of the industry to follow.
The next big attack target: Education. This industry has a plethora of data that cyber criminals want - cre-dit reports, personally identifiable information (PII), donor money, tuition money. And these institutions are not doing an adequate job of securing all their systems. Add to that the myriad “customer” – namely professors, student, parents, administrators – and you have magnified the attack vectors exponentially.
Emergence of hacking for good. More organizations, like Anonymous, will be leaving the dark side and hacking for the public good. They are more motivated by the notoriety and publicity on social media than for financial gain. Teens are learning to program on their own; high schools are introducing technology and coding to get this generation aware of and more proficient in this industry. Younger generations are finding coding and programming cool. This is the next gen workforce that we hope will continue to want to posi-tively impact society.
Security is in a renaissance. Security is a hot space. And the fact that CISOs are getting a seat in the Boar-droom is another indication of the importance of this industry for all organizations, regardless of the verti-cal market. Many companies still don’t have adequate security infrastructures, awareness or training to defend themselves. There will also be consolidation. Companies will either “get it” or not, and govern-ments will start ramping up regulations.