Security stories Simon Whittaker

Me CEO & co founder Chair of NI Cyber

@gwenking Unsplash

Way back when • ftp • HTTPS? • databases

Securing the outside • Firewall to protect outside • Software running internally • No way anyone could get in! Mary Evans Picture Library • In house support

The past Development • A million passwords • Write everything yourself, each time • Username and passwords in the database.

Bad actors Unsplash @vademann

Change in motives • Rise in cybercrime Unsplash Art Rachen

Transition Security testing with tooling

Engagement

Welcome! Cyber security is born Cybersecurity is born Cyber Security is ……

Risk transfer Unsplash @tingeyinjurylawfirm

Risk transfer Karolina Larusdottir UnsplashClay Banks

Reliance on packages

Other impacts Unsplash engin akyurt

Reliance on third parties

The power of a devious person The actor has been observed then joining the organization’s crisis communication calls and internal discussion boards (Slack, Teams, conference calls, and others) to understand the incident response workflow and their corresponding response. It is assessed this provides DEV-0537 insight into the victim’s state of mind, their knowledge of the intrusion, and a venue to initiate extortion demands. Notably, DEV-0537 has been observed joining incident response bridges within targeted organizations responding to destructive actions.

Lapsus$ new kids on the block

The rise of Lapsus$

Timeline of OKTA

OKTA’s Response In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.

Technology

Knowledge & Power Unsplash @pete_nuij

Integrated security Unsplash engin akyurt

Thank You [email protected]