Insights from annual cybersecurity conference DEF CON
Hackers and defenders alike recently made their annual pilgrimage to Las Vegas for DEF CON, one of the largest cybersecurity conferences in the world.
Mahalo for reading the Honolulu Star-Advertiser!
You're reading a premium story. Read the full story with our Print & Digital Subscription.
Already a subscriber? Log in now to continue reading this story.
Hackers and defenders alike recently made their annual pilgrimage to Las Vegas for DEF CON, one of the largest cybersecurity conferences in the world. Here security vendors, industry professionals and hobbyists gathered to share ideas, research and philosophy regarding all things about information security. I was fortunate to be part of the small team of Hawaiian Telcom managed services professionals who attended the event to scope out new threats, industry trends and solutions.
Big headlines and shocking claims are typical of DEF CON. This year it was discovered that children could break into mock election board websites and change their results, that voting machines used in 18 elections could be hacked in two minutes and that entire networks can be infiltrated by one malicious fax.
The amount of news and exploits can be alarming. As a conference attendee it is important to be able to distinguish between extreme situations and actual threats to your organization. Similarly, wading through the sea of security vendors and their dizzying array of services can be difficult. One must sift through the alphabet soup of buzzwords and offerings (for example, machine learning, threat simulation, user/ entity behavioral analytics) to differentiate between fluff and real solutions that your organization can benefit from.
My DEF CON takeaway in a nutshell: As the lines between the inside and outside of the network blur, traditional information security measures are not enough to keep the bad guys out of our organizations.
One solution is implementing two-factor authentication (2FA), an additional layer of security that’s not new and has proved to be effective in reducing unauthorized access to your network. 2FA requires two forms of login information such as a user name and password plus 1) something you know (for example, a PIN), 2) something you have (for example, smartphone or hardware token) or 3) something you are (for example, a biometric pattern of a fingerprint). There are free 2FA programs available, or you can consult with your trusted technology partner or managed services provider to help guide you through the aforementioned alphabet soup and implement the right solution for your individual business.
If you’re interested in cybersecurity conferences, you don’t need to travel out of state to attend one. While DEF CON is amazing, Hawaii-hosted conferences are just as fun and educational. On Oahu, Shakacon is considered the premier security conference for professionals and hobbyists, and the Information Systems Security Association Hawaii chapter also hosts a monthly luncheon and annual conference. Objective by the Sea is a newer security conference hosted on Maui which concentrates on MacOS security, and the annual Loco Moco Security Conference, started by Hawaii residents, will be hosted on Kauai in 2019.
Jaspher Respicio is a senior security engineer with Hawaiian Telcom’s managed network services team. Reach him at Jaspher.Respicio@hawaiiantel.com.