After virtually attending the recent conferences relating to hackers, I am confident in saying that this will be the year of the attacker. The conferences provided little to no advice on how organizations can better protect themselves. It was a giant dud. Here are the four reasons as to why I felt that these virtual conferences missed the mark.
Lack of Community Discussion - Connecting with people at conferences is arguably more beneficial than the conference speakers themselves. Any topic that you see on the agenda illustrates that the topic has been selected and approved by a committee of experts or marketing people. While these topics are often very educational, the conservations that you will have with other attendees is what really gives you the insights into real-world challenges. You lose the ability to help others and to be helped by the lack of community discussion within these conferences. The whole connection apparatus is removed and you cannot repeat this in a virtual environment.
Lack of Access to Vendor Solutions - A great conference will not only demonstrate the risks clients face, but also provide a path to remediation and/or mitigation. A conference that only demonstrates the risk, leaves the attendees more at risk because now the risk has been made public! So a mitigation technique is necessary as part of the demonstration. Or at the very least a vendor option to mitigate the issue. This year the conferences offered an option to virtually connect with vendors, but there is not a direct way to know which ones will help since you have to seek each one out. This was a big miss.
Lack of Focus and Dedication - There is something special about the power of dedication. When you dedicate time to a specific task or event you gain far more knowledge than you ever would have otherwise. Just like multitasking while on a treadmill, you end up not giving it your all. Last week while I tried to attend the session I was mired in interruptions. Because people saw me at work, they wanted some of my time. My wife also wanted me home on time for dinner and my son needed to be picked up from football…You get the point. This never would have happened if I was away focused on the conference. Dedicating a week to something gains you far more knowledge. Sure, you may pick up a nugget or two here and there. But nothing equals to what you could learn in 2-5 days of focused content.
No Access to Expert Speakers - Some of the expert speakers have tremendous insight into the industry. And when you met them and get the opportunity to chat you will gain far more information than when you watch a video online. Sure, you can ask them questions. But that is not the same. Questions require me knowing what I need to ask to begin with. I don’t know what I don’t know. So, I need to talk to people generally to find where and what I need to ask. Never underestimate the power of an in-person meeting.
Organizations need to constantly modify their tactics in order to remain vigilant and diligent in their security practice. All organizations need to rely heavily on the advice of knowledge gained from experts if they are going to maintain a version of security. This will be the year of hackers for many reasons. One is because remote workforces are already not paying the same level of attention to networks. This will lead to an increase in attacks; paired with lack of solutions. There is only one possible outcome and it is not god, unless an organization changes course.
So what can you do? Test your network today and repeatedly. Increase your log review and controls. Hire security experts. Invest in security technologies. And educate your users, over and over.
Manage your business and stay security strong. Don’t let the year of the attacker affect your organization.