23 July 2020
Vanessa Jaeger Chaired an enlightening Cyber Security webinar this month – ‘THE NEW NORMAL’: Tim Vincent CEO of Observer Solutions refereed hacker Drew Perry (Tiberium) versus CISO (Benedict Olaoya) in a boxing match simulation of what happens at the front line of cyber warfare everyday. Benedict set out his defensive stall to a high standard only to be confronted by an onslaught (Advanced Persistent Threat) that saw Drew using tools designed to help defenders scan for and fix vulnerabilities so that he could identify the weakest points for entry. He then slipped through and having lifted the address lists was able to match passwords used in social media sites with those used internally – a warning to those who still use the same password for everything - it didn’t take long before his malware payload was delivered and he was able to elevate privileges then issue a ransom demand. Benedict countered with his Incident Response team and was able to limit the damage and avoided paying the ransom demand. Ultimately Drew was hailed the winner, having put the stolen data up for auction on the dark web, and the ease of compromise was the central message.
Key takeaways:
Benedict stressed that we are all responsible for Cyber Security – we humans are the weak link. The pandemic has seen the volume go up – but the music is pretty much the same! Using proven frameworks we can reduce the complexity and scale of the challenge to one we can manage effectively.
Tim emphasised that whilst there are no silver bullets we are repeatedly reminded of the importance of doing the basics well. Cyber risk is an evolving beast so as a leader if you’re not being asked for budgets a little more than your comfortable with, then it’s worth taking a closer look at the detail.
Drew was keen to point out that nothing about his moves was ‘sophisticated’ he was joining dots using off-the shelf tools – it’s easy when you know how.
What those who attended said:
“This was a fascinating seminar”.
“The speakers were passionate and knowledgeable and I've taken away a greater appreciation for the real cyber
risk that all organisations face”.
“How easy it is for hackers to infiltrate and how the setup of our systems has a large impact”.