Insights from annual cybersecurity conference DEF CON

Hackers and defenders alike recently made their annual pilgrimage to Las Vegas for DEF CON, one of the largest cybersecurity conferences in the world. Here, security vendors, industry professionals and hobbyists gathered to share ideas, research, and philosophy regarding all things information security. I was fortunate to be part of the small team of Hawaiian Telcom Managed Services professionals who attended the event to scope out new threats, industry trends and solutions.

Big headlines and shocking claims are typical of DEF CON. This year, it was discovered that children could break into mock election board websites and change their results, that voting machines used in 18 elections could be hacked in two minutes, and that entire networks can be infiltrated by one malicious fax.

The amount of news and exploits can be alarming. As a conference attendee, it is important to be able to distinguish between extreme situations and actual threats to your organization. Similarly, wading through the sea of security vendors and their dizzying array of services can be difficult. One must sift through the alphabet soup of buzzwords and offerings (e.g. Machine Learning, Threat Simulation, User/ Entity Behavioral Analytics) to differentiate between fluff and real solutions that your organization can benefit from.

My DEF CON take-away in a nutshell-- as the lines between the inside and outside of the network blur, traditional information security measures are not enough to keep the bad guys out of our organizations.

One solution is implementing Two-Factor Authentication (2FA), an additional layer of security that’s not new and has proven to be effective in reducing unauthorized access to your network. 2FA requires two forms of login information such as a username and password plus 1) something you know (e.g. PIN), 2) something you have (e.g. smartphone or hardware token) or 3) something you are (e.g. biometric pattern of a fingerprint). There are free 2FA programs available or you can consult with your trusted technology partner or Managed Services Provider to help guide you through the aforementioned alphabet soup and implement the right solution for your individual business.

If you’re interested in cybersecurity conferences, you don’t need to travel out of state to attend one. While DEF CON is amazing, Hawai‘i-hosted conferences are just as fun and educational. On O‘ahu, Shakacon is considered the premier security conference for professionals and hobbyists, and the Information Systems Security Association (ISSA) Hawai‘i chapter also hosts a monthly luncheon and annual conference. Objective by the Sea is a newer security conference hosted on Maui that concentrates on MacOS security and the annual Loco Moco Security Conference started by Hawai‘i residents will be hosted on Kaua‘i in 2019.

Services Team. Reach him at Jaspher.Respicio@hawaiiantel.com.

Visit this article in the Star-Advertiser