We wrap up our coverage of SINET's annual ITSEF conference with today's issue. Among the many interesting takeaways from the conference were the importance of resilience, clarity about one's own enterprise, the relative likelihood of falling victim to a mundane threat, and the shifting regulatory landscape.
Incident response planning, exercises that teach and test those plans, and a sound understanding of an organization's mission seen as essential to achieving resilience, defined as the ability to fight through an attack and continue to do business. If that sounds military, it is: a number of industry experts thought resilience was an area where the private sector could learn much to its profit from soldiers.
Speakers emphasized that most of the damage done by attackers was accomplished not through rare, exotic, and sophisticated attacks using never-before seen zero-days, but through social engineering, credential stuffing, and attacks on unpatched systems using known exploits. Cyber hygiene was therefore much recommended.
With respect to regulation, businesses should expect to be held liable for much of what goes on in their customers' endpoints; indeed, data themselves may well be on their way to becoming "the new endpoint." The EU's GDPR and the US Federal Trade Commission are two engines driving this shift.
You'll find some detailed accounts of the conference in our event coverage.