The CyberWire Daily Briefing 02.12.15
A ceasefire in Ukraine and continued ISIS trumpeting of atrocities brings "hybrid warfare" to the forefront of analysts' minds. Hybrid warfare prominently employs non-state fighters and hakctivists, and what its kinetic and non-kinetic features share is deniability. Analysts expect to see a lot more of it.
The Chinese hack that turned Forbes' "Thought of the Day" into a watering hole seems to have been both technically clever and crafted with clear targets in mind.
Spoof PayPal phishing sites are taken down — many of them were very well crafted, another sign that the crooks have upped their design game.
Ransomware — in this case Simplocker — continues to appear in enhanced, increasingly dangerous forms. There are fresh expectations that we'll soon see a major outbreak among mobile devices.
More dodgy apps are found in Google Play.
The Anthem hack draws attention to the attack surface employees inevitably present. Some companies respond with social engineering drills.
NIST has released its draft guidance for industrial control system security.
The cryptocurrency community takes a stab a developing its own sector standards.
Assured Information Security demonstrates a cryptographic approach to making software (inter alia malware) tougher to reverse engineer.
In the US, the White House proceeds with plans for the CTIIC, intended to connect private sector cyber threat intelligence with the classified world's. Industry reaction is broadly skeptical: Didn't the NCCIC have that mission? Who's going to bear the cost of all that threat reporting? What about privacy? So the Administration still has some explaining to do.
A note to our readers: the CyberWire staff will take a break on Presidents' Day, this coming Monday. We'll resume regular publication on Tuesday, February 17.
Today's issue includes events affecting China, Iraq, Malaysia, Netherlands, Russia, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Newsweek Twitter hack is a sign of the times (IDG via CSO) The Twitter accounts of two more companies — Newsweek and the International Business Times — were compromised on Tuesday, showing Twitter's attractiveness to hackers despite its cybersecurity features
How the Islamic State Makes Sure You Pay Attention to It (War on the Rocks) The Islamic State (IS) has played us. It's been playing us for a long time now
Report Warns Russia's 'Hybrid Warfare' In Ukraine Could Inspire Others (Radio Free Europe | Radio Liberty) In a new report, a top defense think tank warns that Russia's destabilizing actions in Ukraine, including "sophisticated combinations of conventional and unconventional means of warfare," could inspire NATO's potential state and non-state adversaries elsewhere in the world
Host Hit in Cyber Attack Rips Government Inaction (Netherlands Times) Despite heavy complaints from within the Dutch government about Tuesday's cyber attack which took out several government websites, the managing director of the host hardest hit in the incident blames years of government inaction for the outage. The attack was clearly directed at the government, and any other websites that went down as a result were "collateral damage," said hosting firm Prolocation's managing director Raymond Dijkxhoorn
Pwned in 7 seconds: Hackers use Flash and IE to target Forbes visitors (Ars Technica) Hacked Forbes site fed 0days to defense contractor and financial services workers
Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days (ThreatPost) A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe's Flash Player and one against Microsoft's Internet Explorer 9, to compromise a popular news site late last year
Chinese hackers attack blue-chip groups including banks (FT/OTCEER via STARR FM) Chinese hackers hijacked the Forbes website and used it to target thousands of computers linked to blue-chip companies, including US defence contractors and banks, in one of the most brazen cyber espionage campaigns apparently launched by Beijing-linked groups so far
Many PayPal lookalike phishing websites taken offline (CSO) Some were nearly identical copies of PayPal's website, OpenDNS said
Simplocker ransom Trojan returns with more dangerous encryption (CSO) The Simplocker ransom malware that infected thousands of Android devices last summer has dramatically boosted the power of its encryption design in a new version, security firm Avast as discovered
Ransomware could lock you out of your smartphones (Emirates 24/7) Warning is significant as it takes threat to totally different level
Google Play flaw opens Android devices to silent malware installation (Help Net Security) Android users are in danger of getting malicious apps silently installed on their devices by attackers, warns Rapid7's Tod Beardsley, technical lead for the Metasploit Framework
US Publishers Are Responsible for Most Malicious and Risky Apps, Putting Everyone with a Smartphone at Risk (Marble Labs) It's a common misconception that the risk of using mobile devices is limited to jailbroken or rooted devices in Asia, and apps that are downloaded from fly-by-night app stores other than the Apple App Store or Google Play. Nothing can be further from the truth
The New Windows 10 Release is Attracting the Attention of Criminals — and Not Why You Might Expect (Cyveillance) Among many interesting tidbits in Microsoft's recent Windows 10 announcement was that it would include two Internet browsers: the classic Internet Explorer, and a new one called Spartan. Although it's not that big of news per se, criminals are taking advantage of the media attention that has accompanied the Spartan announcement — not to exploit potential security flaws, although we're sure that will come soon — but to register domain names associated with it
Anthem hack: Employee access, not encryption, the problem (FierceHealthIT) As the investigations and lawsuits roll in over the breach of health insurance company Anthem, the industry is taking a closer look at the company's security practices
Anthem hack opens multiple inroads to healthcare fraud (FierceHealthPayer: Antifraud) Data captured by hackers could lead to false billing and medical identity theft, fueling black market for years to come
For local cybersecurity experts, Anthem breach 'hits close to home' (Technical.ly Baltimore) Local cybersecurity experts say the health insurer has been transparent about its major data breach, which may have compromised the personal data of up to 80 million customers
Experts warn 2015 could be 'Year of the Healthcare Hack' (Reuters) Security experts are warning healthcare and insurance companies that 2015 will be the "Year of the Healthcare Hack," as cybercriminals are increasingly attracted to troves of personal information held by U.S. insurers and hospitals that command high prices on the underground market
Jobs's revenge: Flash piles up the zero-day exploits (Network World) Three zero-days in six weeks make Steve Jobs look even more prescient about the state of Flash
Gh0st RAT: Complete Malware Analysis — Part 1 (Infosec Institute) In this article series, we will learn about one of the most predominant malware, named Gh0st RAT, whose source code is dated back to 2001 but it is still relevant today. In this article series, we will learn what exactly is Gh0st RAT, all its variants, how it works, its characteristics, etc.
How one man could have deleted every photo on Facebook (Naked Security) Facebook is probably the biggest database of photographs ever compiled
How one bad line of code shut down UK air traffic for an hour (ZDNet) Shortly before the Christmas vacation break got under way, a single line of bad code at the UK's national air traffic control center left thousands of people grounded for days
Security Patches, Mitigations, and Software Updates
Microsoft's Patch Tuesday release leaves one big vulnerability unpatched (ZDNet) This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. A recently disclosed XSS vulnerability remains unpatched, however, and one Windows Server 2003 bug won't be fixed
Report: Microsoft packing more patches into fewer bulletins (CSO) Microsoft is packing more common vulnerability exposures into its critical bulletins
Cybersecurity needs to be "a team sport": Homeland Security official (Plant Services) All employees need to take ownership of mitigating cyber risks, DHS cybersecurity expert tells ARC forum audience
Your likelihood to be hacked is greatest if you're located… (FierceCION) With fears over cyberattacks at perhaps their highest levels ever, businesses in Delaware have been warned that they may be at the highest risk of all
As Cyber Threats Soar, So Do CISO Salaries (Wall Street Journal) The search for chief information security officers has become a seller's market as companies rush to hire security experts in the wake of several high-profile cyberattacks. High demand, coupled with a shortage of talent, is leading to compensation that is "zooming up on an almost daily basis," said Peter Metzger, vice chairman at executive recruiter CTPartners
Which Cybersecurity Skills Are Hot? (eSecurity Planet) Big data breaches are inspiring employers to pay more for cybersecurity certifications, some experts say
FireEye: A Next-Generation Cyber Security Play (Seeking Alpha) Businesses and governments will further need cyber security companies like FireEye. FireEye's excellent revenue in previous years and expansive R&D team will continue to excel. FireEye's acquisition of competitor Mandiant further establishes the company as the leader in the industry
New BlackBerry CSO calls security 'War of good vs. evil' (CSO) BlackBerry's new CSO David Kleidermacher has 23 years of IT experience and expertise in IoT technology, and he will presumably play a key role in the company's future IoT security strategy
Cyber-threat startup Digital Shadows secures $8 million investment round (Finextra) Digital ShadowsCyber intelligence company Digital Shadows has today announced it has secured US$8 million of investment in a new funding round
WhiteHat Security Named a Leader in Application Security by Independent Research Firm (PRNewswire) WhiteHat Security, the Web security company, today announced it has been ranked a Leader in "The Forrester Wave™: Application Security, Q4 2014
ThreatMetrix Honored as Coolest Cloud Computing Vendor by CRN (PRWeb) ThreatMetrix analyzes and protects more Than 850 million monthly transactions with its innovative TrustDefender™ cybercrime protection platform
Businesswoman fighting back after cyber attack forces closure of firms (Express and Star) A businesswoman has been forced to close her estate agents and property consultancy firms in Staffordshire after coming under attack from cyber criminals, causing her to lose tens of thousands of pounds and lay off staff
Two Executives Earn Prestigious Smart CEO Award (ZeroFOX) ZeroFOX Chief Operating Officer, Evan Blair, and Chief People Officer, Hillary Herlehy, were both honored with SmartCEO?s executive management award
Lou Von Thaer, Leidos Nat'l Security Sector President, Chosen to Wash100 for Cyber and ISR Leadership (GovConExec) Executive Mosaic is honored to unveil Lou Von Thaer, president of the national security sector at Leidos, as the newest inductee into the Wash100 — a group of influential leaders in the government contracting arena
ThreatTrack Security taps new president (Washington Technology) ThreatTrack Security has named John Lyons president, where he will lead worldwide and government operations
vArmour Names Marc Woolward as Chief Technology Officer, EMEA (MarketWired) Former Goldman Sachs Networking CTO and Technology Fellow to drive vArmour vision and execution to deliver unprecedented security to the data center
Products, Services, and Solutions
Facebook Unveils Tool For Sharing Data On Malicious Botnets (Wired) Facebook noticed the attack first. But Mark Hammell and his team couldn't stop it without help from Tumblr, Pinterest, and others
How Secure is Your Android? Mobile Antivirus Apps Tested (PC Magazine) Most of us will never see our Android antivirus apps spit out a warning because most of us will never encounter malware on our phones. So how can you tell if your Android antivirus is actually protecting your phone against the malware that sometimes sneaks onto Google Play or is installed by an overbearing spouse?
Proofpoint Accelerates Email Archiving Migration, Speeds Path to Industry-Leading Cloud Archive (MarketWatch) Industry Leaders DTI Global, Nuix, QUADROtech and Trusted Data Solutions attest to faster, simplified email migration
First Ubuntu phone goes on sale on Wednesday (PCPro) Spanish mobile manufacturer to sell first handset via a series of online flash sales
Technologies, Techniques, and Standards
NIST Releases Update of Industrial Control Systems Security Guide for Final Public Review (NIST) The National Institute of Standards and Technology (NIST) has issued proposed updates to its Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82) for final public review and comment
NIST Special Publication 800-82 Revision 2 Final Public Draft: Guide to Industrial Control Systems (ICS) Security (NIST) Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)
Introducing the CryptoCurrency Security Standard (CCSS) (CryptoConsortium) The C4 mission statement is to develop and maintain standards that will benefit the cryptocurrency ecosystem. We accomplish this mission with the collaboration of the brightest minds in our space and have met success with each of our prior projects. Today, after months of working with extremely knowledgeable partners on this critical project, BitGo and C4 are proud to jointly announce the release of the draft CryptoCurrency Security Standard (CCSS) for public discussion
A Winning Strategy: Must Patch, Should Patch, Can't Patch (Dark Reading) The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities
Are you a hack waiting to happen? Your boss wants to know (Washington Times) The next phishing email you get could be from your boss
The Why and How of DNS Data Analysis (CircleID) A network traffic analyzer can tell you what's happening in your network, while a Domain Name System (DNS) analyzer can provide context on the "why" and "how"
Decrypting TLS Browser Traffic With Wireshark — The Easy Way! (Jim Shaver) Most IT people are somewhat familiar with Wireshark. It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more
The Big Data picture — just how anonymous are "anonymous" records (Naked Security) On Naked Security we regularly write about, or at least make mention of, something called Big Data
From Big Data to smart data for security analytics (Global Big Data Conference) Have you heard the grand promise that Big Data analytics will reveal magical insights and enable organizations to transmute lead into gold? There seems a lack of depth to the idea and no concise plan in the roadmap. Big Data security analytics has the potential to be either a very effective solution or just another buzzword thrown around at conferences
Design and Innovation
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer (Wired) Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It's also what allows those same hackers' dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder
Are password alternatives a viable option? (Prosecurity Zone) Increased biometric authentication adoption hides flaws in technology that result in reverting to insecure password usage
Facebook is telling Native Americans their names are fake (Naked Security) In October, Facebook apologised to the drag queens, drag kings, and others in the LGBT (lesbian/gay/bisexual/transgender) community, some of which it had recently locked out of their accounts because their names weren't "real"
Drop in smartphone thefts after kill-switch introduction (CSO) The number of thefts and robberies of smartphones, particularly iPhones, is on the fall in New York, London and San Francisco, according to data to be released Wednesday
DARPA Hones Skills of Future Cyber Officers (DoD News) After months of work with world-class experts and online challenges, 60 cadets and midshipmen from the three service academies and the Coast Guard Academy recently faced off in contests of full-spectrum offensive and defensive cyber skills
Legislation, Policy, and Regulation
'Dramatic Improvement' in US and European Intel Sharing Because of ISIS (Defense One) The FBI is tracking every ISIS member it knows in the US, but needs Congress to block companies from offering encryption
Media Freedom In 'Drastic Decline' Worldwide (Radio Free Europe | Radio Liberty) Watchdog Reporters Without Borders (RSF) said in its annual evaluation released February 12 that media freedom suffered a "drastic decline" worldwide last year in part because of extremist groups such as Islamic State and Boko Haram
Western companies slam China's Internet firewall (Washington Post) China's growing restrictions on the Internet are harming the operations of Western businesses, stifling research and development operations and discouraging executives from moving here
White House Will Unveil Cyber Executive Actions At A Summit This Week (National Law Journal) On Friday, February 13, the White House will hold its Summit on Cybersecurity and Consumer Protection at Stanford University. President Obama will be speaking at the Summit and plans to issue a new Executive Order focusing on ways to increase cybersecurity information sharing between the private sector and the U.S. Department of Homeland Security
White House Cybersecurity Event to Draw Top Tech, Wall Street Execs (Wall Street Journal) Government to call on companies to help improve information sharing as breaches get more sophisticated
Three of Tech's Top CEOs to Skip Obama Cybersecurity Summit (Bloomberg) The top executives of Google Inc., Yahoo! Inc. and Facebook Inc. won't attend President Barack Obama's cybersecurity summit on Friday, at a time when relations between the White House and Silicon Valley have frayed over privacy issues
New cyber threat center to fill gaps in information sharing (Federal News Radio) The White House's new Cyber Threat Intelligence Center is not duplicating, or stealing resources or responsibilities from other agencies in government
Cyberthreat center coming (Washington Times) The White House national security adviser for counterterrorism announced this week that the Obama administration is setting up a cyberintelligence center aimed at providing better information and coordinated responses after cyberattacks that she said are growing more diverse and dangerous
White House launches new cyber security center: Will businesses cooperate? (Christian Science Monitor) The new Cyber Threat Intelligence Integration Center will aim to coordinate the United States government's response to cyberattacks, but it will need help from businesses to be effective
Feds to private businesses: Cough up your cyber intelligence (Network World) Corporations will be asked to contribute cyber intelligence to a new federal agency tasked with analyzing threat data culled from as many public and private sources as possible in order to more quickly spot attacks and attribute them to the guilty parties
Announcement of New Government Cybersecurity Agency Met With Skepticism (Slate) On Tuesday, the Obama administration announced that it is creating a new cybersecurity agency to coordinate between existing offices and groups that deal with cyber threats. The decision is motivated by recent high-profile incidents, like the Sony hack and a White House network that was reportedly infiltrated by Russian intelligence
Unconventional Security Conventions (Tripwire: the State of Security) In the face of the current wave of cyber threats, the U.S. government announced this week in Washington DC that as part of the Homeland Security initiative the current administration is creating a new agency called the Cyber Threat Intelligence Integration Centre (CTIIP) to monitor cybersecurity threats by acquiring, pooling and analysing any captured information — AKA 'intelligence'
Sharing threat intelligence is challenging the industry, but it's the only way forward (Banking Technology) Protecting your banking infrastructure from cybercriminals is one of the toughest IT challenges in banking. It keeps getting harder, even though banks are working tirelessly to protect both customers and assets
Answering Obama’s Call, Lone Senator Introduces Cybersecurity Bill (National Journal) Sen. Thomas Carper's bill seeks to cajole the private sector into increased information-sharing with the government by offering liability protection
NGA banks on the power of transparency (FCW) There is a data explosion happening in government. According to National Geospatial-Intelligence Agency Director Robert Cardillo, geospatial data — and in turn, his agency — are on the cusp of it
ODNI General Counsel Robert Litt's As Prepared Remarks on Signals Intelligence Reform at the Brookings Institute (IC on the Record) Thanks for that nice introduction, Cam
Litigation, Investigation, and Law Enforcement
After months of silence from feds on flying phone surveillance, EFF sues (Ars Technica) Since WSJ report on "dirtboxes" flown by US Marshals, few details have come out
Government wonders: What's in your old emails? (McClatchy) If you've been remiss in cleaning out your email in-box, here's some incentive: The federal government can read any emails that are more than six months old without a warrant
Malaysian Police Use Twitter in Crackdown on Dissent (New York Times) The Malaysian authorities have detained a cartoonist and ordered an investigation into two prominent politicians in an intensifying crackdown on dissent after the country's highest court upheld a five-year prison sentence for the leader of the opposition, Anwar Ibrahim
The Feds Want Your Grandma to Teach You How to Be Safe on the Internet (National Journal) Instead of treating older adults as helpless victims of online fraud, the government is trying to tap into their social networks to spread the word about Internet security
Utah Cyberunit Tackles Crimes Below the FBI's Radar (StateTech Magazine) The unit steps in when cybercrimes against residents and state networks don't rise to the level of an FBI investigation
New Mexico toes the thin line between overzealous detection and legitimate fraud prevention (FierceHealthPayer) We all have that friend who sees the world through rose-tinted glasses. Every day is a gift and every glass is half full
Hacker gets 8 Years in Jail for Making Prank Death Threats (HackRead) Remote control virus was used by the hacker to penetrate into computer systems and issue death threats to users
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state
AFCEA West 2015 (San Diego, California, USA, Feb 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.
Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, Feb 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol analyzers to identify security issues and then attempt to exploit the discovered vulnerabilities. Following the hands-on activity, the workshop will conclude with a discussion about how to avoid some of the security failures that were identified. The workshop will be presented by Ryan Harvell of OPS Consulting and Marcelle Lee of Anne Arundel Community College CyberCenter
Cyber Risk Wednesday: Breaking the Cyber Information-Sharing Logjam (Washington, DC, USA, Feb 18, 2015) A moderated discussion on challenges and solutions for information-sharing, the Administration's recent proposals for better practices between the private sector and government, and goal-directed approaches to sharing. The event will be accompanied by the release of a report, supported by CISCO, which examines the challenges of information-sharing, the Administration's emerging proposals, along with solutions to breaking the current logjam
Cyber Framework and Critical Infrastructure: A Look Back at Year One (Washington, DC, USA, Feb 19, 2015) Last February, the Obama administration rolled out the nation's first cybersecurity standards to protect critical infrastructure. One year later, Dr. Phyllis Schneck, the Department of Homeland Security leader responsible for helping institutions implement the new standard, will reflect on how the nation has improved its protection of critical infrastructure over the last year. We'll discuss the effectiveness of the standard so far, whether security protections are strong enough, and if incentives are attractive enough to induce companies to take on the new standard
DEFCON | OWASP International Information Security Meet (Lucknow, India, Feb 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community
10th Annual ICS Security Summit (Orlando, Florida, USA, Feb 22 - Mar 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments
Cybersecurity for a New America: Big Ideas and New Voices (Washington, DC, USA, Feb 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military, media, academia, non-governmental and intergovernmental organizations for a series of discussion panels and first person "pop-up" style speeches on the wide range of cybersecurity issues that are affecting and infecting everything from personal devices and corporate networks to national defense and international affairs. The focus of the event will be to push past the status quo and instead explore the next generation of challenges, as well as highlight bold, new ideas to face them. CNN is the event's media partner and will provide a live-stream of the event
Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, Feb 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy
Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, Feb 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity
The Future of Cybersecurity Innovation (Washington, DC, USA, Feb 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight these battles hunkered over computers, working with strings of code — a laborious process that requires advanced engineering skills. That's why the Pentagon's advanced research arm, the Defense Advanced Research Projects Agency (DARPA), is building a system to give the military instantaneous knowledge of network attacks by displaying them in real-time with rich graphics and 3-D visualizations
NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, Feb 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)