Security Stories

A presentation at Beltech 2022 in April 2022 in Belfast, UK by Simon Whittaker

Slide 1

Slide 1

Security stories Simon Whittaker

Slide 2

Slide 2

Me CEO & co founder Chair of NI Cyber

Slide 3

Slide 3

@gwenking Unsplash

Slide 4

Slide 4

Way back when • ftp • HTTPS? • databases

Slide 5

Slide 5

Securing the outside • Firewall to protect outside • Software running internally • No way anyone could get in! Mary Evans Picture Library • In house support

Slide 6

Slide 6

The past Development • A million passwords • Write everything yourself, each time • Username and passwords in the database.

Slide 7

Slide 7

Bad actors Unsplash @vademann

Slide 8

Slide 8

Change in motives • Rise in cybercrime Unsplash Art Rachen

Slide 9

Slide 9

Transition Security testing with tooling

Slide 10

Slide 10

Engagement

Slide 11

Slide 11

Welcome! Cyber security is born Cybersecurity is born Cyber Security is ……

Slide 12

Slide 12

Risk transfer Unsplash @tingeyinjurylawfirm

Slide 13

Slide 13

Risk transfer Karolina Larusdottir UnsplashClay Banks

Slide 14

Slide 14

Reliance on packages

Slide 15

Slide 15

Other impacts Unsplash engin akyurt

Slide 16

Slide 16

Reliance on third parties

Slide 17

Slide 17

The power of a devious person The actor has been observed then joining the organization’s crisis communication calls and internal discussion boards (Slack, Teams, conference calls, and others) to understand the incident response workflow and their corresponding response. It is assessed this provides DEV-0537 insight into the victim’s state of mind, their knowledge of the intrusion, and a venue to initiate extortion demands. Notably, DEV-0537 has been observed joining incident response bridges within targeted organizations responding to destructive actions.

Slide 18

Slide 18

Lapsus$ new kids on the block

Slide 19

Slide 19

The rise of Lapsus$

Slide 20

Slide 20

Timeline of OKTA

Slide 21

Slide 21

OKTA’s Response In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel. In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.

Slide 22

Slide 22

Technology

Slide 23

Slide 23

Knowledge & Power Unsplash @pete_nuij

Slide 24

Slide 24

Integrated security Unsplash engin akyurt

Slide 25

Slide 25

Thank You [email protected]