Security Straight Shooters: An Informal Event with a Serious Intent

Area 1 and CybeReady recently brought together a panel of seasoned CISOs to share their remote security strategies in the Covid-19 world. The panel and attendees were encouraged to grab their drink of choice and join the “Security Straight Shooters Happy Hour,” a clear-headed and candid exchange about the challenges today’s security professionals face. 

If you couldn’t make the live event (now available on-demand here), here’s a taste of the freewheeling panel discussion, featuring:

  • Jason Truppi, former Cyber Special Agent for the FBI and Co-Founder of ShiftState Security, who moderated
  • Kevin Wilson, Global Information Security Officer, Guess? Corporation
  • Troy Wilkinson, Director of Cybersecurity Operations, IPG
  • Omer Taran, Co-Founder and CTO, CybeReady
  • Blake Darché, Co-Founder and Chief Security Officer, Area 1 Security

A Toast to Transformation

In a metaphorical nod to the event’s theme, each panelist identifies their drink of choice and its relevance to security. Jason Truppi, for example, prefers “bourbon, because like cybersecurity, it’s consistent, takes time to perfect, and in the end it’s uncompromising.”

On the flip side, as Blake Darché says, “Cybersecurity is like tequila. You never know what you’re going to get.”

And no question — 2020 has opened up unprecedented pitfalls into every organization’s planning, and demanding CISOs find novel approaches to thwart bad actors.

Like you, this panel faces the double threat of opportunistic cybercrime amid a fierce global pandemic. They share which remote security directions are working well, when to change course, and which technologies are ideal for cloud security.

  • Top nation-state threats (Hint: Russia)
  • Essentials for securing your remote work force
  • Timeframe for the next wave of phishing attacks
  • Biggest operational challenges for CISOs

Founded by NSA professionals, Area 1 focuses keenly on anti-phishing strategies. Now, with Covid-19 opening the door, criminals and nation-states are seeking fresh plunder by attacking the remote workforce.

Practical Advice for Remote Workforce Security

The panel gets right down to business with the major concern on everybody’s mind: How do you secure remote workers?

“We have to get away from the concept of the perimeter and four walls,” says Troy Wilkinson. “The consequence of moving the business home is that the attack surface is moving home as well. That means lots of attack possibilities.”

Some are better prepared than others for this rapid transition, having implemented remote labor already amid a gig and contractor economy. But right now, everyone is on their own and has to make their own decisions.

For example, panelists’ priorities included:

  • The nuts and bolts of SOC automation
  • Using split tunneling, handling at the endpoint, or with a cloud access broker
  • How systems can support more users with limited network bandwidth, and
  • Automating end-user cybersecurity training to meet new challenges.

IT transformation has been coming for a long time, “but now,” says Wilkinson, “a wrecking ball has hit us, and we have been fast-tracked to that change. So there’s a lot more endpoint detection and response, coupled with cloud detection and response.”

  • Get practical with policies This is a good time to revise policies and, if you don’t have them already, to enact them. Make sure your employees and use cases are up-to-date on non-employee-owned equipment. And ensure your employee handbook and acceptable use policies are current; get consent for deploying those tools.
  • The expanding nation-state threat Why it’s critical to act globally and isolate machines quickly. Over the last 30-60 days, increased threats from Russian attackers have surfaced—most prominently where many travelers are using their phones.
  • Defuse the phishing attack explosion There’s been a 667 percent increase in phishing attackssince Covid-19 emerged, and as hackers stay in and craft their own work, we have to be ready to train our users well.
  • Quickly block known criminals from your IP domains and hashes Get that low-hanging fruit. Bad guys are really good at VPN’ing into countries where they want to be and they always look like they’re coming from the U.S.
  • Build alerting capability with remote, work-focused tools Most likely, your security automation and orchestration have been focused on network and corporate resources. Make sure you are now more focused on remote workers.

Want to know more? Bring happy hour on with Jason, Kevin, Troy, Omer and Blake at your convenience! Register here to view the full webcast and more tips on:

  • Best practices for optimal Covid-19 cybersecurity
  • Analysis of new strategic directions in remote security
  • Insights on cloud security when corporate devices are slow in arriving

Cheers!


To learn more about preventing Covid-19 phishing attacks, click here.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!

 

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.