After holding a virtual conference in 2020, there was obvious excitement surrounding this year’s AusCERT2021 event on the Gold Coast last week.
The event focus of ‘soaring with cyber’ covered a lot of ground, with topics ranging from digital transformation strategies to Zero Trust policies and incident response ethics. Notable sessions included ‘I was promised a Jetpack’, ‘How to hack a hospital’ and ‘Vegemite: is it the solution to software supply chain risk?’ Here are a few of our key takeaways.
Ransomware is rife
2020 was rife with ransomware attacks and 2021 is looking like it will be much the same. The threat ranges from smaller local companies to large, multinational conglomerates, and covers a wide variety of industries (hospitals were used as one particularly interesting use case).
Both the reasons behind the increase in attacks (a combination of cryptocurrency proliferation and the continued success of phishing attacks are clear drivers) and how to combat this lucrative and dangerous form of cyberattack were talking points. An interesting approach presented was the notion of decoupling identity from the infrastructure and architecture of an organisation, elevating it to a constant at the top of the stack. Unsurprisingly, ransomware made its way into plenty of conversations; an obvious theme running throughout the conference.
Training and upskilling
New facilities, new platforms, new training avenues – there’s definite buzz around the need for increased training and upskilling. As such, new courses offered by leading Australian universities, security training for the entire organisation (not just the security department) and how to enable remote upskilling in a post-Covid world were talking points.
Getting the basics right
One of the most popular sessions was on the simplest of topics – ensuring the security basics were being covered and ‘best practice’ was actually being practised. The old mantra – security is only as strong as its weakest link – was front and centre as Microsoft’s Jess Dodson reminded everyone that when the simplest security tasks were overlooked, the effect could be disastrous. Using the NIST Cybersecurity Framework as a guide, Jess broke down common security blind spots many think they’ve secured but should always be double checked.
Some other notable points include…
Monitoring and detection
There was a lot of talk about real-time tracking of threats, breaches and incoming events. Cyberattacks are only going to become more prolific, so the industry is working on boosting its ability to respond in real time to incoming security traffic from around the world.
Women in cyber
There was a welcome increase in female involvement this year. From keynote speakers (like Jess Dodson and Google’s Maddie Stone) to breakout presentations and booths (like the Australian Women in Security Network), it was great to see.
To learn more about Daltrey’s cybersecurity solution, click here.