The shortest day of the year in the southern hemisphere marked IDG’s first ever Security Day. With over 100 delegates, IDG Global and CSO Australia, in conjunction with their event partners Sophos, Darktrace and Mimecast, created an event that covered everything from government policy to operational security, a look into the role of artificial intelligence, how people impact security and a live hacking demonstration that had many attendees questioning some of the assumptions about their own security posture.
The event, which was the first of nine similar events being hosted by IDG in Sydney, Amsterdam, Frankfurt, London, Madrid, Mumbai, Paris, Stockholm, and Washington, DC, opened with Mimecast’s Garrett O’Hara talking about cyber resilience. The big “take home” message from O’Hara was one that was reiterated later by other speakers; attacks and breaches are inevitable. The critical thing is what we do about them.
Craig Davies, the CEO of the Australian Cyber Security Network, followed, telling the audience that Australia is a technology leader in many fields and that we need to do more to retain and support local talent. Davies said Australia has the fourth most information security patents of any country and we have the world’s two foremost experts in quantum computing right on our shores.
We need to ensure this talent is recognised locally and that local businesses trust local start-ups more. We are prepared to try new restaurants when they open, said Davies. Why won’t we give local technology companies the same chance?
Attendees then broke into several small groups to discuss a number of topics pertaining to information security. Topics included building credibility with senior management, the human aspects of cyber security and managing third party risks. These Security Wave roundtables were an opportunity for peers to share challenges and ideas for overcoming those issues.
The second half of the day kicked off with PwC’s Duncan Alderson launching into a look at how to protect our businesses and hunting for hackers. It was a fascinating presentation that delivered three commandments everyone ought to follow.
Alderson said it was critical that information security professionals knew the network they were protecting, that systems were designed for failure and that visibility of what is happening in systems and across the network is vital.
While many information security events focus on technical matters, Stephen Kraemer, the head of security for New Zealand’s Port of Auckland shifted the conversation to the importance of users. When Kraemer was interviewed for his job, the company was looking for a technical person to deal with issues. But Kraemer’s approach of engaging senior management and creating frameworks and policies built support in the C-Suite which was then leveraged into engaging the entire business in safer network behaviour.
Artificial intelligence (AI) is a hot topic in information security circles. A panel discussion, that brought together Ty Miller from Threat Intelligence, Mark Beaumont from Darktrace, Jonathan Chang from Silverpond, and Kraemer discussed how AI is changing the face of infosec.
While AI is still a nascent field in security, it’s clear that attackers and defenders are exploring the opportunities it offers. All the panellists agreed AI was here to stay and that it has the capacity to reframe how we protect, detect and respond to threats.
The final presentation of the day, given by Miller, was perhaps the most chilling. Demonstrating a number of different attack vectors, Miller systematically broke through the defences of a website to launch a phishing attack that could steal passwords.
He also showed how easy it was for an attacker to inject code into a website and alter its function.
His casual use of the phrase “take over you entre company” several times and use of an online search engine to crack a stolen, hashed password brought many wry smiles to the captivated audience.
The Sydney chapter of the IDG Security Day wasn’t just the first in a series of global events all happening on 21 June 2017. It showed that Australia leads the world in many ways when it comes to cybersecurity.
Follow the conversation #idgsecurityday