Keren Elazari, CISSP, Security Analyst, Researcher, and Public Speaker, kicked off GSX+’s fourth day with a keynote address on the future of cybersecurity. Elazari, a former hacker turned cybersecurity expert, is an internationally celebrated speaker, researcher, and author on all matters of cybersecurity. Her 2014 TED talk, viewed by millions, helped shape the global conversation about the role of hackers and the evolution of cybersecurity in the information age.
While hackers are typically thought of and depicted in media as breaking into a network from a remote location, the reality is often quite different. Many network breaches begin with a physical breach. Using social engineering, picking a lock, or otherwise breaking into a facility can be the fastest and easiest way for a cybercriminal to get easy access to a network. Once inside, they can steal a laptop or other device, or slip into a server room and simply plug in. It takes only the slightest crack in the cyber armor to enable a devastating attack. Every citizen, consumer, and business owner has a responsibility to ensure that correct protocols are in place at all times. Are you thinking about how you can protect your assets?
In her address, Elazari walked us through the world of cybersecurity, from a hacker’s perspective. She grew up as a curious girl, and accidentally became a ‘friendly hacker’ as she would bypass barriers to get to the information she wanted. She says her life changed after she watched the 1995 film “Hackers” where Angelina Jolie and other ‘friendly hackers’ help take down bad guys.
“This was the kind of friendly hacker I wanted to become, and I dedicated my life to become that kind of hacker,” Elazari said in her speech. “I really see hackers as the element that can push things forward.”
Knowing that hackers can be instrumental in identifying vulnerabilities and solving tech problems, she has worked with leading Israeli security firms, government organizations, big 4 and fortune 500 companies—covering emerging security technologies as an independent strategic analyst and advisor.
In her keynote, she emphasized the increased threat bad hackers have posed since the start of the COVID-19 pandemic. Unlike the rest of us, criminals don’t take days off — they don’t waste an opportunity to take our digital assets.
“Attackers have evolved, and we must evolve as well, otherwise we don’t stand a chance,” Elazari said.
She then discussed cyber hygiene, and other methods security professionals should deploy to keep information secure.
“This could be daunting — as security professionals, it may be tempting to sit back and relax until things go back to normal, but that’s not going to happen,” Elazari said. “Instead, it might be time to reevaluate our oldest security assumptions, such as the idea that all hackers are bad. Friendly hackers can help.”
Tune in to the following sessions today:
10:15 am - 11:05 am: COVID-19 Related Lawsuits and Liability Issues. The new normal of COVID-19 is revealing new legal and insurance issues that we need to be prepared for. Attend this session to hear three perspectives from legal and security leaders as they deliberate current and future trends. Discuss how insurance companies have responded to COVID-19 claims so far. Learn about the new liability protection bill and how it differs from existing liability protection statutes. Hear how this bill relates to non-medical technologies being used to control the pandemic. Examine insurance protection claims that have arisen out of re-opening of businesses. Evaluate what types of insurance coverage will be available to cover future pandemics.
10:15 am - 11:05 am: Insider Risk: A Self-Assessment Tool. All organizations--regardless of their size, industry, or region--must recognize the scale of harm they might experience from an insider attack. In 2019, the petroleum industry in Norway established a project to identify best practices for insider risk mitigation. As a result, a report and self-assessment tool was developed based on international best practices. Explore how the self-assessment can be used, review 50 recommended security measures, and address some of the challenges the industry faced when implementing the measures.
10:15 am - 11:05 am: The New NIST Privacy Framework. This year, NIST released a Privacy Framework, a voluntary tool to help organizations identify and manage privacy risk in a way that maintains individuals' privacy while strengthening the enterprise. This approach addresses privacy events as risks arising from the organization's digital and non-digital data-related operations. The NIST's Privacy Framework and its Cybersecurity Framework share a similar structure, including a core, implementation Tters, and profiles. Discuss the components of the NIST Privacy Framework and leanr how organizations can adopt it on its own or in correlation with other models such as the NIST Cybersecurity Framework or ESRM. Participate in an interactive discussion and a gallery walk.
11:20 am - 12:10 pm: How Unmanned Robotics are Revolutionizing Traditional Approaches to Security. Panel-based discussion with leaders from pre-eminent unmanned robotics companies to learn more about how ground-based robots and drones are revolutionizing traditional approaches to security. Questions to be answered: Are there advantages of offloading dirty, dull, and dangerous tasks to a robot ... is Terminator a reality ... will robots displace traditional security professionals ... is this technology ready for primetime. Case studies discussed to include how this technology has been successfully deployed in a Covid-19 environment?
12:25 pm - 1:15 pm: How to Implement an Intelligence Function in a GSOC. Adding a data-driven intelligence function to a corporate global security operations center (GSOC) is challenging. Many crucial decisions related to personnel, processes, and technology will have long-lasting effects, usually requiring a significant investment. The growing list of corporate security responsibilities, such as business continuity and resiliency, further complicate the issue. Fortunately, there are proven methods for assessing and implementing the processes, people, and technologies needed not only to support the intelligence function, but also to provide value to the overall organization. Focus on tested, real-world strategies from seasoned corporate security executives, explaining how to take a strategic, measurable, and future-proof approach to building a GSOC intelligence function.
1:30 pm - 1:55 pm. Identify Malicious Cyber Activity By Leveraging Data Within the Deep and Dark Web. An immense volume and variety of data is concealed in the deep and dark webs. Companies find it increasingly difficult to monitor and mitigate threats, paving the way for malicious actors to perform undetected nefarious activity. Whether it be the sale of bank routing numbers, email addresses, or counterfeit drugs, many illicit activities hide in plain sight and can be identified using publicly available information. Learn how to tap into the nearly infinite data available in the public domain, including deep and dark web data, to enhance security strategies, inform decision making, deter threats, and ultimately protect businesses and customers alike.
2:35 pm - 3:25 pm: Quantitative Measures of Business Continuity Preparedness. To date, security professionals have been unable to measure whether an organization is prepared to recover from a disaster. While practitioners have been counting numbers of plans, deliverables, and exercises for more than two decades, they have lacked an approach that would allow for an actual measurement. Consider a new easy-to-use but theoretically sound model to measure preparedness and recoverability. Through a combination of lecture, demonstration, and interaction, learn how the model works, why it works, and how it can be put into practice immediately.
The day will culminate with the President’s Reception, taking place at 3:30pm, where Marco Vega, ASIS Member and Senior Regional Vice President, will be joined by Jon Taffer, business management expert and host of “Bar Rescue,” to swap business management stories and share a special drink recipe!
To sign in to GSX+ sessions or to see recorded sessions you may have missed, visit www.gsx.org.