This year marked the 26th annual DefCon, the annual hacker conference attended by thousands of people ranging from high school students to well-known security researchers and infamous personalities in the industry. The presentations and workshops covered everything from updates on the state of cyber security, nation state cyber security activity and global legal trends to detailed technical analysis of industrial control systems, “biohacking” medical devices and some of the latest developments in the technical security world.
While no headline hacks were unveiled this year, the conference reinforced the message that both the black hats and the white hats are identifying new vulnerabilities every day and we need to stay on our toes to address them as identified.
Our biggest takeaway from the conference is to maintain vigilance, keep training your staff and regularly reassess your environment. Keep in mind these key elements of a cyber security program:
- Governance and Policies – at least cover the basics and establish the responsibility and authority for enforcing cyber security controls
- Assessments – regular risk, new solutions, vulnerability management and compliance
- Protection – protect access to the networks, systems, applications and people
- Detection – ongoing threat, attack, incident and breach detection
- Training – security awareness, phishing assessments, compliance requirements, technical and executive level training
- Monitoring – looking at all available resources to identify changes in behavior, anomalies or malicious activities
- Response & Recovery – when, not if, you have a security incident, how will you respond and recover from the event
- Independent Assessments – regularly seek assistance from qualified, independent, professionals
- Cyber Security Insurance – as part of the risk assessments, review coverage and determine if additional or expanded coverage is needed
There is no silver bullet, but addressing the key elements listed will significantly reduce the likelihood and the cost of a breach. If you have questions or need assistance, please contact one of RubinBrown's Cyber Security professionals.
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.