Thursday, November 16, 2017

10 Key takeaways from the SecTor

This week I was lucky enough to attend the SecTor conference.

 

It was interesting to network with a group of people whose job it was to find weaknesses in computer programs and defend against them. Not to mention, the lunch was pretty good as well.


The whole conference had lots of interesting sessions and tracks.

Here are my 10 Key takeaways from the conference on IT security:

1. Phishing is the no.1 way to get control of a laptop (so be aware of the emails that you click on). Once you get some control over a laptop, then you can use it to gain access on other networks. We saw how you can use a Git repo to execute malicious programs without leaving a trail.

2. Keep backups offsite and disconnected from the web.

3. If it's not in the budget it's not getting done. If you want to increase security for your site/business/developers etc. make sure it's in the budget.

4. Cheap "smart" devices (especially from China) are easiest to hack into as they have numerous vulnerabilities. We learned in one session how to get control of a smart lock, a smart fridge, a smart thermostat etc. One of the smart coffee machines used to broadcast the wifi credentials of the house in plaintext as part of its programming! Once you have that, you can gain access using packet sniffing and detection of other devices in the house. The presenter showed us how he was opening someone's garage door who had installed a cheap remote garage opener, bought online from China. So buy devices from reputable companies who do patches and upgrades all the time.

5. Security often remains an afterthought. For example, most ATMs run on Windows XP, an old operating system that is now no longer supported.


6.To my surprise, there are a lot of women who work in IT security. This is an anomaly compared to rest of IT sector, especially developers, where there's 1 woman for 10 men.

7.You need to prepare a playbook and drill for incident breaches and have policies in place on what to do.

8.You have to have a "baseline" of activities of what is considered "normal". Any deviation from that is when you should be suspicious. Most breaches are detected on average 6-12 days after when they occur.


9. The simplest common sense measures often thwart costly breaches. For example a difficult password policy, or employees sharing credentials because creating accesses for new users takes too much time, is often how security breaks down.

10. You are more vulnerable common failures and innocent mistakes, and rarely due to malicious activity. Such as not patching regularly, or sharing credentials. Once you tackle those, then the serious criminals can be your focus.


It's a two day conference in Toronto, and it's returning next year in October. If you are in IT, this is a worthwhile conference.

3 comments:

Yawar Amin said...

Great summary Mezba bhai. For me probably the biggest improvement in my security habits was when I started using a password manager. Now it's been many years since then and it really is a huge help. Funny story: I was encouraged to start using a password manager by Bruce Schneier, who blogged about it--I think he created one of the first, if not the first, password manager! I saw that he was at the conference, hope you got to meet him!

Salma Dinani said...

This was an interesting read, especially as a blogger

nadia said...

Very good points, Mezba. When I read, "most ATMs run on Windows XP, an old operating system that is now no longer supported" I now want to go out there and check what our nearest ATM is running on.