10 Take-Aways from #ICRMC (International Cyber Risk Management Conference)
While there are cyber conferences that happen every day, there are a few conferences that not only offer great networking, but also offer great insights for understanding risk management and highlight the importance of privacy as well as the need for enhanced cyber skills and workforce development. All of which are of great interest to me. Here are my top take-aways from #ICMRC.
1. Companies need to take a more strategic and proactive approach to protecting their supply chain while also educating the members of their supply chain.
In other words, what tools, processes and policies are being used to ensure that risk is being managed when it comes to cybercrime or supply chain weaknesses?
2. Cybercriminals have been extremely successful with malware and ransomware. As a result this means that they will continue with this approach. In fact, they continue to innovate and develop their attacks. They now customize their ransom requests based on geography. So, the richer the country, the higher the ransom will be requested. As a result, Canada is a rich country, we are both a great target and our ransom requests will be higher.
As a result, we need to work together to better educate and inform people about the lures or tactics used to entrap people and then take advantage of the situation.
3. Cybercriminals are being increasingly strategic. For example, they are now targeting emerging sectors such as cannabis. They see this as a growing area with cash that they can harvest.
4. Ransomware is now being used as a distraction. This one was a new one for me and it is exactly what it sounds like. A cybercriminal may make it look like your system is compromised and you need to comply with the ransom while actually coming at you from another entry point. The goal is to refocus your attention on protecting the rest of your system from being held for ransom, thus resulting in your team not seeing what the real attack is.
5. According to FireEye, the average organization in North America could have been breached for 76 days before becoming aware. Imagine what could be done on your system over the period of 76 days?
6. Build and test your Business Continuity and Disaster Recovery Plan; and simultaneously challenge your red teams to use the same tactics, tools and tendencies of your adversaries, thus ensuring a more realistic attach posture.
7. Cybercriminals continue to develop their sophistication to the point where they will be operating at a similar level of a nation-state who is operating aggressively against another country or organization.
In other words, we need to enhance our own skills and focus on developing our talent pool to be better prepared for the continuing onslaught of cybercriminals. This might also bring about an interesting conversation on being defensive versus offensive, but that is for another day.
8. And fitting within my focus, we need to put people over technology. We need to really focus on developing and upskilling our people. The shortage of professionals is not decreasing. It’s quite the opposite really. This of course is the focus of CyberNB’s CyberSmart Strategy.
9. Focus on the protection of assets and not just computers. In other words, we need to think more strategically about what we are protecting. This of course covers privacy related issues pertaining to personal data as well as critical infrastructure.
10. Collectively, we need to work together to better inform consumers, business owners and workers on the risks as well as how to better protect ourselves.
These are of course areas that are of great interest to CyberNB and our ecosystem. If you would like to learn more about how you can be a part of the New Brunswick ecosystem, contact us. We would love to chat.