Tuesday, March 14th, 2023
Zero Day Con 2023 – Key Highlights
The eighth edition of Zero Day Con took place in Dublin’s Convention Centre on March 9th. The conference featured an impressive line up of more than 20 speakers from across the globe, with each expert offering valuable insights into various aspects of cybersecurity. Featuring the theme of ‘Connect’, the event featured various presentations from emerging geopolitical tensions to the challenge of connecting users. Attendees were treated to discussions on the latest security technologies, industry insights, and key priorities for organisations in the current landscape.
Zero Day Con
Raluca Saceanu, Smarttech247 CEO opened Zero Day Con speaking about the current cybersecurity landscape and the risk posed by the potentially disruptive cyber operations creating a ‘polycrisis’. Raluca spoke about geopolitical instability and the expanding cyberkinetic war, which is expected to take many different forms, including attacks on critical infrastructure. There are currently 3.5 million job vacancies in cybersecurity, making it difficult for organisations to defend against threat actors, leading to more outsourcing of cyber defence.
Security leaders need to prioritize maintaining visibility and governance over their data, assets, and third parties. Companies need to use threat intelligence to form strategic initiatives to fight the cyber enemy, and resilience is key to better prevent, respond to, and recover from disruptive cyber events. A big takeaway was that the consequences of this cyber war show that we are deeply connected at a global level, and we need to recognise the connection’s vulnerability.
“Being the Second Slowest Gazelle – Beyond Best Practice”
The first speaker of the day was Group CIO and CISO of Aryzta, Dietmar Bettio. Dietmar’s presentation “Being the Second Slowest Gazelle – Beyond Best Practice” addressed cybersecurity strategies and challenges. He questioned the reliability of the best practice benchmark, the effectiveness of common practices, and the funding of cybersecurity efforts. The presentation offered interim solutions, including the importance of transparency, multi-factor identification, and user awareness, and the development of a holistic security roadmap. Dietmar suggested making cybersecurity tangible for non-technical staff and adopting a proactive and feedback-oriented approach to security. He ended with the idea of becoming a challenging target by prioritising specific, proactive, and transparent security strategies.
‘’Cybersecurity – Compliance v Readiness’’
Next up was Deputy Director of Operations for NCIS, Christopher McMahon with his presentation of ‘’Cybersecurity – Compliance v Readiness’’. He emphasised that the best tool for cybersecurity is people and that cybersecurity is not just about ones and zeros, it’s about people. He suggested the readiness mindset is about looking beyond the cyber in cybersecurity and to enable the readiness mindset in organisations by supporting quick intuitive decision making, building trust-based teams, and encouraging and supporting effective communication.
Panel 1 – Connecting The Dots: How To Build Effective Security Programs – Lessons From Global Organisations
Our first panel discussion for Zero Day Con featured four panellists – Eoin Fleming from Carne Group, Sarah Drew from Salesforce, Paul Garvey from Checkpoint, and Dietmar Bettio from Aryzta. During the panel discussion, speakers addressed various topics related to cybersecurity management. They discussed the role of the board in managing cybersecurity risks and highlighted the new threats and risks that organisations may face in the future. There was also a discussion on whether current cybersecurity programs are sufficient to address the ever-changing cyber threat landscape and what key risk indicators can be used to ensure effective risk management. Additionally, achieving a balance between people, processes, and technologies was emphasised as a key factor in building effective security programs. Lastly, the panel talked about executive and board expectations of a Chief Information Security Officer (CISO) and the importance of providing a conform answer from the CIO/CISO perspective and experience.
‘’Evolution of Enterprise Security Operations’’
From mid-morning, we had Michael Clark, Director of Enterprise Cyber Defense with Aptiv. Michael’s presentation ‘’Evolution of Enterprise Security Operations’’ highlighted how security operations have developed and have become more reliant on automation and proactive security measures such as machine learning. Additionally, cybersecurity has become an integral part of the DevOps process, with security controls and processes being built into the development pipeline. He acknowledged that there are significant challenges in cybersecurity operations, including the constantly evolving nature of cyber threats and a shortage of skilled cybersecurity professionals. Michael emphasised the importance of implementing solutions that link devices to their owners or owner groups with contact information and escalation procedures to deliver a formal approach towards delivering a service to many customers. He concluded that manual processes increase security operations workload, reduce service quality, and should be eliminated as much as possible.
Panel 2 – It’s 2AM, You Data is Gone. How Did You Get Here? Building in Better Cyber Resilience
Michael Clark then joined the second panel of the day which also included, Jenni Parry from Aon, Andrew Noonan, Forescout and Jonathan Monk with the institute of Cancer Research. The panel discussed ways to improve an organisation’s cyber resilience and prevent cyberattacks from disrupting business operations. They highlighted the importance of a data-centric approach to cyber resilience, including data classification and value risk assessments, effective backup methodologies, and incident response retainers. The scope of secure access was discussed, including the need for efficient asset management and discovery capabilities, privileged access management, and MFA. The panel also discussed the need to limit the blast radius and manage restoration procedures in the event of an attack. The role of technology in improving cyber resilience and the importance of employee training on cybersecurity best practices were also discussed.
‘’How They Got Hacked?’’
In one of the most exciting presentations of the day Edward Skraba, CTO of Pentesting and Threat Intelligence Hub at Smarttech247 discussed ‘’How They Got Hacked?’’. In the presentation he took the audience through how he and his team successfully infiltrated 3 global organisations. Edi discussed the tactics they used and the steps the organisations could have taken to try and prevent it. Additionally, he did a live demonstration of hacking, demonstrating how easily the code of any nearby electronic device could be copied and used. The presentation highlighted the importance of having strong cybersecurity measures in place and continuously improving them to prevent successful attacks.
Panel 3 – Inside The Mind of an Attacker: Learning How to Better Anticipate The Threat
Just before lunch a panel consisting of Bob Kruse of Revelstoke, Jennifer Cox of Tenable, Deryck Mitchelson with Check Point and Anthony Lyons of GetVisibility sat down together. The panel discussed ways to anticipate and prepare for cyber threats by improving incident response and crisis management capabilities, testing and refining plans, and understanding the motivations of threat actors. They also discussed the importance of diversity in cybersecurity teams and the need for innovative and imaginative approaches to address emerging threats. Collaboration and information sharing were highlighted as key factors in improving an organisation’s ability to anticipate and prepare for threats. The importance of data classification in securing an organisation and the current profile of insider threat actors were also discussed.
‘’Global Alliances – How International Partnerships Secure Our Digital World’’
Kicking off the afternoon sessions was Eric Smithmier and Jensen Penalosa, Assistant Legal Attaches with the FBI with their presentation ‘’Global Alliances – How International Partnerships Secure Our Digital World’’. Their presentation focused on the importance of international partnerships in securing our digital world. They highlighted the multitude of embassies and officers they had around the world specifically dedicated to cyber investigations and partnership building. Emphasising the need for collaboration between US intelligence agencies and foreign law enforcement partners, they also stressed the importance of intelligence sharing between other stakeholders in the private sector, non-profit and critical infrastructure industries. Finishing up they shared data on the infrastructure sectors that have been most victimised by ransomware as well as the top ransomware variants in 2022.
Panel 4 – From Data to Critical Infrastructure: Improving Our Defence Against The Invisible Threat
Next we welcomed a panel that saw the return of FBI representatives Eric Smithmier and Jensen Penalosa as well as NCIS DDOP Christopher McMahon on stage, and were also joined by Head of Cybersecurity at Irish Water, Katie McCarthy. This panel discussion focused on improving the defense against the invisible threat of cyber attacks on critical infrastructure and data. The topics discussed included budget constraints for CISOs, the role of international norms and regulations in improving security, government and policing efforts to tackle cyber threats, resilience and quick recovery of systems and infrastructure, collaboration and information sharing among stakeholders, securing IoT devices, and balancing security and business needs. The panellists provided insights and best practices on how organisations can stay ahead of evolving threats and attacks, while ensuring the integrity and confidentiality of their data.
Panel 5 – The Big Debate: Is Ireland Ready For The Next Cyber Attack? Lessons From The HSE Attack
The final panel of the day consisted of David Wall from Tallaght University Hospital, Anne Coleman of St Michaels Hospital, John Ward of the HSE and Ronan Murphy of Smarttech247. During the panel discussion, the speakers discussed the readiness of Ireland for the next cyber attack, with a focus on the lessons learned from the recent HSE attack. The importance of maintaining operations during an attack was highlighted and questions arose on what issues still need to be addressed.
They also discussed the importance of incident response plans and securing data in the future. Vulnerabilities in Ireland’s healthcare sector were also identified. We heard insights on the HSE attack and discussed the current security posture of the healthcare system. The impact of the attack on patients and staff was also discussed, along with the changes made since then. Finally, the recommendations in the report were discussed, with a question on whether they have been implemented.
Cybersecurity Leader of the Year Award
Head of Cybersecurity at Irish Water Katie McCarthy was named Cybersecurity Leader of the Year. Katie received the award as she demonstrated exceptional innovation and excellence in the field of cybersecurity. Katie played a role in leading and defining the cybersecurity direction of Irish Water provides an example to others to develop and implement security measures that protect against cyber threats.
As Zero Day Con 2023 drew to a close, attendees were left with a wealth of insights from some of the brightest minds in cybersecurity. The conference featured representatives from many of the world’s leading organisations and highlighted the major challenges the sector will face in the future. The discussions also delved into how past events and attacks have shaped the cybersecurity landscape, providing a better understanding of the road ahead.We extend our thanks to all who participated and supported Zero Day Con 2023, and we are excited to see what Zero Day Con will have in store when it returns in 2024.