Level: Security Leadership / Strategy

Abstract:

Many smaller organizations make the mistake of focusing solely on technology to solve their security problems, neglecting crucial aspects like people and processes. This talk will emphasize the importance of a holistic approach to cybersecurity, sharing strategies that larger companies have learned over decades. By understanding and implementing these strategies, SMBs can avoid common pitfalls and effectively raise their security standards. Attendees will leave with actionable tips on improving their cybersecurity practices within a limited budget, ultimately enhancing their overall defense capabilities.

Bio:

Robert Wagner is an Advisory CISO and has been a highly respected security practitioner, advisor and strategist for over 20 years. His security experience ranges from defending everything from Fortune 500 companies to government agencies, major universities, and financial institutions. He has presented and taught at Information Security and Hacker conferences ranging from DefCon, APIsecure, Bsides Tel Aviv, GrrCon, Dawn or Doom, WCISC, and more. He is a co-founder of the not-for-profit organization Hak4Kidz, serves on the board of the Chicago ISSA chapter, and regularly volunteers for various hacker cons including Bsides312, BlueTeamCon, and others.

Level: Low Tech

Abstract:

In this talk, we delve into the world of Digital Forensics and Incident Response (DFIR). We will cover the basics, such as the process and terminology, and examine four distinct incidents. For each incident, I will explain the ‘what’ and ‘how’ of the attack, the lessons learned, and the often overlooked human aspect of incident response.

Business Email Compromise (BEC) Incident: We’ll explore a case where an adversary exploited a user and maintained persistence for a month to extract money.

Ransomware Incident: We’ll examine a company’s third ransomware incident, all of which happened within a span of 2 years, where the victim attempted to pay the ransom. We’ll discuss what went wrong during the recovery process.

Wiper Incident: We’ll delve into a rare hacktivism attack where 95% of the victim’s infrastructure and data, including backups and logs, were deleted.

Failed Attempt: Sometimes, attackers have bad days too. We’ll look at an incident where the attackers gained access to the company’s infrastructure but failed to deploy or exfiltrate anything.

By sharing my experiences, I hope to help attendees with the knowledge to stay proactive against cyber attacks and, in the event of an incident, respond more effectively.

Bio:

Dénes Fodor – with over ten years of experience in cybersecurity and systems engineering, I work as a CSIRT Manager and IT Security Researcher at White Hat IT Security. In my free time, I always try to learn something new, fight with RE/PWN CTF challenges, and keep up with the latest cyber threats.