HexCon21 day 3 highlights: All good things must come to an end

HexCon21 has officially come to a close. Day 3 was just as incredible as the past two days. We got to listen to many speakers use their expertise to share ideas on everything businesses need to know to keep their employees, devices and networks safe and secure. If you have missed catching up on what went on in Day 3, here are the highlights:

Hacking the security industry for fun and profit – Why is it important to hack yourself

We normally stay away from anything to do with hacking, but David Jacoby, who works as a Deputy Director for a Global and Analysis team in Kaspersky brought in a whole new meaning to hacking that takes away its long stigmatised negative connotation.

Organizations normally hire an external pen tester to detect all the vulnerabilities within their networks and most often would have to pay a hefty price for it too. Security is crucial for all companies and most SMEs cannot afford to hire an external pen tester on a periodic basis to check the health of their networks and assets.

So, what is the best solution for companies that cannot afford to do so? Organizations can stimulate various scenarios in which they can hack themselves and spot vulnerabilities on their own without paying an external pen tester to do so. The benefits?

The session came to a close with David Jacoby stressing on the importance of not reusing passwords, no matter how complex they are. He shared tips on how to create personal passwords that are easy to remember and difficult to crack.

Being a true champion

What does it mean to be the best version of ourselves? Mike Robbins helps answer that question by giving a deeply insightful session on being a true champion. All it takes is to have a proper growth mindset, be your most authentic self and be appreciative of the people around you.

He talked about how people often get overwhelmed when they come face to face with challenges. Instead of being crippled by a stressful situation, he laid emphasis on how important it is for people to develop the mindset to take a good look at the situation and try to see it as an opportunity to learn and grow.

The session ended with Mike Robbins citing the clear difference between recognition and appreciation and how the latter can help people overcome various biases and other dividends that drifts people apart.

Game theory in cybersecurity

We have a multitude of tools to improve cybersecurity. But have you ever wondered how these tools work the way they do? Vanessa Redman, a Lead Cyber Threat Intel Analyst working in the financial sector explains this with the help of game theory.

In order to understand how gamification ties in with cybersecurity, Vanessa Redman first walked us through the basics of game theory by talking a bit about its history.

We next got to hear about two of the most popular games that are often used to strengthen the gamer’s position – Prisoner’s Dilemma and FlipIt. Its applicability can help organizations know their strengths and do an ongoing monitoring of their adversary a.k.a the cybercriminals. Once they have that solid foundation to stand on, organizations can proceed to the next step – threat monitoring to find out the latest threats and vulnerabilities within the industry.

Cybersecurity within the aviation industry

Patrick Mana, working for Eurocontrol gave an enlightening session on cybersecurity within the aviation industry. We got to see some statistics on ransomware attacks and some of the top reasons that stops businesses within the industry to adapt cybersecurity from the beginning, these include:

Despite the digitalization of the aviation industry, Patrick Mana aired some worries on how this could lead to the increased rise of threats and other vulnerabilities. We next got to see different cyberattacks that happened in the industry within the past couple of years, the majority being data theft.

He then talked about the ill effects of using weak passwords and shared the results of a phishing awareness campaign. The session closed with Patrick Mana highlighting the key reasons as to why organizations within aviation need to implement cybersecurity.

Designing cybersecurity – a user’s perspective

When it comes to implementing cybersecurity, it is important to understand the human element of it. What is the purpose of implementing complex security measures within the office if people always find workarounds to easily remember them?

Nazima Ahmad, a User Experience Designer in HP rightly sums up our generation as a data generation. We create and consume a massive amount of data on a daily basis. This stresses the importance of cybersecurity more than ever.

Cybersecurity should be designed to be people friendly. This is the only way people can easily remember the safety measures they need to take to keep their data safe. The three things organizations can do to provide a more user centric approach is to:

Nazima Ahmad explained the benefits of each of these key areas in detail with examples.

The future of digital ads

Advertising has been around for a long time. They are old as the human civilization itself. In order to really drive home the point of how advertising helped shaped society, Thiago Bolognez, Director of Business Development, MobileXtra, one of Hexnode’s partners from Canada took us down a memory lane filled with glimpses of advertising through the modern, pre-modern and technological era.

With everything going digital these days, we got to see how the internet and social media plays an integral role in providing a more personalized advertising. We got to see some trends in the future of digital marketing, such as 3D billboards, interactive ads and augmented reality. Some of the takeaways from the session included:

Impact of emerging technology on cybersecurity

Chuck Brooks, President of Brooks Consulting International and a cybersecurity expert gave a detailed session on some of the emerging technology on cybersecurity. The internet was initially not built with security in mind, but seeing the important role they played in the daily functioning of society, various security measures were quickly incorporated, giving rise to cybersecurity.

The landscape of cybersecurity continues to evolve. With over 430 million malware online and other cyberthreats being continually reported, it’s important to see why businesses should always be on the lookout to constantly improve their cybersecurity framework to minimize the occurrence of these threats.

An overview of some of the widely used technology in cybersecurity was given, these included automation, cloud computing, edge computing and biometrics and authentication technologies. The applicability of each was discussed in detail. The session closed with Chuck Brooks talking about the evolution of IoT, 5G, smart cities and the challenges that comes from monitoring and maintaining them.

Security controls and incident response in the pipeline to production

Merritt Baer, CISO at AWS started the session with the shared responsibility model that talks about maintaining security in the cloud and of the cloud. The former is entirely customer centric, where necessary configurations will be set by the user while the latter is managed completely by AWS. Some of the key highlights included the security layers that the AWS controls implement and the value propositions they bring to customers.

The centrepiece of the session was the various security mechanisms developers could implement within their development pipeline, these included:

Fixing Cybersecurity’s weakest link – Passwords

Passwords are pretty much integrated throughout the entire process of maintaining cybersecurity. They are often used as the first line of defense against attackers. But there have been talks about going completely passwordless. Is this a good choice? Can organizations really be secure by solely relying on biometrics?

Dovell Bonnett, Founder and CEO of Access Smart doesn’t seem to think so. His session on why passwords are secure covers in depth the benefits passwords bring in to resolve some of the challenges that comes with fully adopting biometrics.

Some companies find passwords cumbersome as they hinder the productivity of their staff. As a result, employees are always finding ways to circumvent those security measures by either creating overtly simple passwords or writing them down in full display.

The problem is not passwords, it’s the management of passwords that’s the key issue here. Once organizations learn to take care of that, they can easily reap in the benefits that comes with implementing robust password policies. We next got to hear about the advantages passwords have over PKIs and how organizations can neatly incorporate a Passwords Authentication Infrastructure (PAI).

Leadership success in a post pandemic world

One of the biggest challenges of being a leader is managing your staff. This will be a lot harder in a post pandemic workplace. Kevin Eikenberry, Chief Potential Officer at The Eikenberry Group talked about some of the leadership principles and skills managers can apply to efficiently manage their remote and hybrid work staff. The session touched on these points:

Strategic cybersecurity with unified endpoint management

Dr Tim Nedyalkov, Technology Information Security Officer at the Commonwealth Bank of Australia talked about the benefits Unified Endpoint Management (UEM) brings in strengthening cybersecurity. We got to see the differences that sets traditional and modern enterprise IT apart and how remote work are now urging companies to increase their reliance on cloud-based solutions and SaaS apps to manage their employees and remote endpoints.

The session mainly focused on the advantages UEM can bring to organizations, these included providing agility, control and compliance in a holistic way.

Neurohacking

How wide spread is phishing? How do hackers play with emotions to carry out these attacks? These are some of the questions that Jorge Mario Ochoa, Manager at Global Security Operations Center helped answer. He walked us through some real-life examples to demonstrate how gullible people can be in handing out sensitive information without a second thought.

All it takes to build a strong security strategy are these three elements:

Having the right mindset helps organizations understand the minds of the attackers and be prepared for any attacks that can happen. Skillset focusses on hiring the right personnel to create and maintain your security framework. Toolset, though not the most important of the elements, guides organizations to design critical processes and technology.

Industrial IoT and Threats

Mirko Ross, CEO of aswin talked about the challenges of maintaining security in Industrial IoT or IIoT. Most devices used within the construction, manufacturing and transportation industry are built to last a very long time. He gave us a brief overview of how difficult cybersecurity professionals might find in ensuring security and meeting customer demands on these devices.

Mirko Ross later detailed the various threats that are current within the industry and shared tips on how industries can strengthen their cybersecurity to squarely meet these threats.

HexCon21 came to an end with a closing keynote by Apu Pavithran, Founder and CEO at Hexnode. He talked about how HexCon sets the perfect stage for industry experts to share their knowledge and help customers and partners to know the product better.   

And the winner is……

Unveiling the winners was one of the most widely anticipated moments of HexCon21. We are delighted to announce that Thiago Bolognez, Robin Roy and Francois Emrond topped the leadership board and Christian Matt was crowned the winner of the selfie contest.

We have more HexCon21 blogs coming right up, be sure to stay tuned for that!