Please join me at the Cyber Security session in the Seattle Biz-Tech Summit this Saturday, 10/24/15, from 11:00am – 12:30pm, in Room A at the Hyatt Regency Bellevue.
Session Description
We are constantly reminded of the critical importance that Cyber Security plays in our personal and professional lives. From stolen credit card numbers and hacked automobiles to industrial espionage, the motives and opportunities for internet based attacks are so varied that the threats sometimes seem overwhelming. And yet, from the front lines of the war against cyber criminals, the situation isn’t hopeless. Applying information technology best practices, and common sense as a consumer, can help keep your organization out of the spotlight, and your personal data out of the hands of thieves. But the cost of ignorance increases every day. Come learn more about the latest cyber security opportunities from our distinguished panel of experts.
Agenda
- Opening remarks by Moderator (~2 minutes)
- 5 minute slide deck from each panelist (~45 minutes)
- Moderated panel discussion
- Audience Q&A
Panelists
- Stan Bounev, COO, AppBugs
- Alexander Gounares, CEO, Polyverse Corporation
- Lynn Kasel, CEO, SignalSense
- Lawrence I Lerner, President, LERNER Consulting
- Yale Li, CTO Chief Scientist of Cyber Security, Huawei
- Sean Malone, Director, FusionX
- Bob Zollo, President, Avante Technology
Recent Cyber News
Our moderated discussion will connect recent security research, front page news, cutting-edge technology, and best practices for business decision makers and consumers alike.
Security Research
Verizon and Microsoft security reports highlight unpatched systems as a major vector for malware infection and subsequent data compromise. Patching should be easy. Why isn’t it being enforced? How can this low-hanging fruit get addressed?
This report says that users have an average of 26 online accounts protected by just five distinct passwords. What privacy and data risks does password reuse present to consumers and enterprise IT security personnel? What can be done?
- http://intelreport.mandiant.com/
- http://www.wsj.com/articles/the-hacked-data-broker-be-very-afraid-1441684860
Internet of Things
While there is much hype, the reality of IOT security is that lots of devices are being connected using software that wasn’t designed with the current internet threat landscape in mind. What are the privacy, data protection, and personal safety considerations?
- http://blogs.wsj.com/riskandcompliance/2015/09/30/where-cybercrime-threatens-the-internet-of-things/
- http://www.wsj.com/articles/dialog-semiconductor-to-buy-atmel-for-4-6-billion-1442755960
- http://www.wsj.com/articles/cyber-risk-isnt-always-in-the-computer-1443125108
International and Government Incidents
What should be the government response to overseas hacking?
Front page news has focused recently on China as the origin of cyber-attacks (see also the Mandiant APT1 report) targeting a variety of private and public sector entities in the US. However, looking beyond the front page, security researchers also point to, for example:
- North Korea attacking Sony
- Iran attacking US online banking
- Eastern Europe organized crime attacking western ATMs (card skimming, etc.)
- Sophisticated attack tools developed in Russia
- NSA/Snowden revelations
How should Intellectual Property-intensive firms, particularly in globally competitive sectors such as manufacturing, be responding to these threats?
Seattle is also a software and tech hub – should the risk of international attack be a priority, even for small and medium-sized firms? Finally, what do consumers need to know about international card skimming and identity theft syndicates?
Multiple online accounts belonging to CIA Director John Brennan’s were compromised by hackers that pretexted Verizon and AOL. This report also indicates that Brennan forwarded work email to a personal account. What does and Brennan case, as well as the Hillary Clinton email server hack, tell us about the role of user behavior in data security, including when the stakes are high?
Corporate Attacks
Relating to the recent Uber/Lyft corporate espionage news, what role do Non-Disclosure Agreements, user onboarding and off-boarding systems, and corporate training play in achieving a meaningful reduction in opportunistic insider attacks and corporate espionage?
- Samsung and LoopPay hacking
- T-Mobile attack
- Compromised apps in Apple’s Chinese App Store
- Dow Jones hack
- http://www.wsj.com/articles/cyberwar-ignites-a-new-arms-race-1444611128
Tim Cook believes that Apple must protect its customers by providing data encryption without a backdoor for law enforcement. Do users even care? Is the national security counter-argument, such as the viewpoint of the FBI, credible?
Audience-Focused Questions
- Who in the audience has a device in your pocket that has access to your company’s most valuable assets?
- Who in the audience believes that security can be improved if we could only get the user to be more security aware?
- How do I know that my system is safe from attack?
- Can checklists really help block attackers?
- How do I know what assets I have that attackers want to steal?
- After an attack is started, what do I do to contain the damage without shutting down the business?