The ConnectWise IT Nation Secure Event was an electrifying gathering of cybersecurity leaders, experts, and enthusiasts. With a focus on innovation and collaboration, the event offered deep dives into the latest trends and challenges in the industry. Here’s a closer look at some of the best sessions and moments from the event:
Keynote by Theresa Payton: The AI-Driven Cyber Threat Landscape
Theresa Payton, former White House CIO, opened the event with a riveting keynote. Drawing from her time in the White House, her talk included a striking infographic on the massive amount of internet activity every minute and its implications for AI and cybercrime. Payton highlighted the sophisticated use of AI in cracking passwords and crafting region-specific phishing emails.
She also shared a cautionary tale about a company whose chatbots were inadvertently escalating privileges and transmitting data unencrypted, emphasizing the need for thorough security testing. Finally, she showed a chilling demonstration of AI voice cloning, illustrating the ease with which criminals can use these AI tools for social engineering attacks, including to influence operations in upcoming elections.
.ai-rotate {position: relative;}
.ai-rotate-hidden {visibility: hidden;}
.ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;}
Fireside Chat with Theresa Payton: Supply Chain Vulnerabilities
In a more laid-back but no less insightful fireside chat, Payton discussed a broad range of topics from AI cyber threats to supply chain attacks, using the 2011 RSA breach as a key example of the first time we saw that major shift of attackers going after the supply chain to reach their intended targets. She stressed the critical need for governance frameworks and third-party audits to validate AI training data, given the advanced uses of AI by threat actors. Finally, Payton underscored the importance of diverse perspectives in cybersecurity to better address complex challenges we face across the industry, not just bringing women in but also a broader range of economic and regional demographics.
Humanizing Security: AI is Not Enough
Ken Fanger’s excellent session underscored the critical role of human elements in cybersecurity. He shared the success of social engineering attacks, highlighted the infamous article by Charlotte Cowles about how she lost $50k to scammers, despite being an extremely well educated and informed reporter in the financial space. Fanger emphasized the soft science and a broader range of skills needed in order to face cybersecurity threats. For example, he stressed the need for education in a broad range of topics like psychology for engineers. After all, social engineering attacks use psychology as a vector, and is one of the most devastating and effective methods of achieving a breach, and yet engineers are rarely educated in the topic.
He also discussed the culture of victim blaming that is rampant in cybersecurity circles, which only leads to greater reluctance to report a breach. One audience member shared a creative strategy as an alternative to victim blaming that encouraged reporting of phishing attempts:
entering employees who accidentally clicked a phishing awareness campaign link into a raffle if they correctly followed all the steps to reporting the incident. We love the creativity!
Trials, Traps, and Pitfalls in Implementing CIS Controls
Wes Spencer, Co-Founder of Empath, and Eric Woodard, Founder of Protek, provided an expert guide to navigating the Center for Internet Security (CIS) controls, emphasizing their importance despite their complexity. This highly technical talk gave an introduction to how MSPs can move beyond securing their own CIS controls and branch out into protecting their clients as well.
Taking Cybersecurity Culture to Main Street
Ann Westerheim, President of Ekaru LLC, delivered an inspiring presentation on the importance of fostering a cybersecurity culture within companies. She emphasized that security is everyone’s responsibility and pointed out the irony of companies complaining about the cost of security measures when they are often as affordable as a daily latte.
Westerheim highlighted the universal risk posed to all businesses, regardless of size, and reminded attendees that “What you do before the incident impacts what you do after the incident,” underscoring the importance of proactive measures. She offered strategies to convince employees and stakeholders of their role in preventing cyber attacks.
Rising from the Ashes: Managing a Mass Scale Ransomware Attack
Robert Cioffi of Progressive Computing Inc. recounted the harrowing experience of managing a ransomware attack on his MSP on July 2, 2021, when the event that would be known as the Kaseya VSA ransomware attack devastated his life and business. He described the ominous feeling that something was wrong on that Friday morning before Independence Day, when his colleague approached ashen-faced and announced that, “All of our customers have been ransomwared.”
Unfortunately, Cioffi’s stellar talk was interrupted, somewhat ironically, by the fire alarm. However, he shared a version of the talk with MSP Radio, which can be found here on YouTube. Wes Spencer of Empath called this talk, “Required listening for every MSP.” So with that endorsement in mind, I highly recommend you check it out for yourself!
Other Highlights
The event also featured my own presentation on Seceon’s rich offering of products. as well as various networking events, including a dinner with teammates and friends, a Monday night reception, a Tuesday night pub crawl followed by a spy-themed party, and the highly anticipated Rock and Roll party on Wednesday night.
Over the past three days, Seceon Inc. had an exhilarating time connecting with MSPs and delving into their security services journeys. We exchanged invaluable insights with our peers and partners, sparking new ideas and collaborations. A heartfelt thank you to everyone who stopped by our booth, attended our sessions, and engaged in our dynamic discussions. Your enthusiasm and support fuel our drive to keep pushing the envelope in cybersecurity, making every moment at the event truly inspiring and unforgettable.
The ConnectWise IT Nation Secure Event was a tremendous success across the board, offering participants a wealth of knowledge and new connections for MSPs and MSSPs to strengthen their cybersecurity strategies. We look forward to the next event and continuing our collective efforts in advancing cybersecurity!
The post Highlights from the ConnectWise IT Nation Secure Event 2024 appeared first on Seceon.
*** This is a Security Bloggers Network syndicated blog from Seceon authored by Maggie MacAlpine. Read the original post at: https://www.seceon.com/highlights-from-the-connectwise-it-nation-secure-event-2024/
This post was originally published on the 3rd party site mentioned in the title of this this site