Secunia attended the e-Crime Mid Year Meeting 2010, London on October 06, and Stefan Frei, Secunia Research Analyst Director, presented the topic: “Why cybercriminals do not need to target Microsoft”.
His presentation was very well received. Attendees obtained key insights regarding the fundamental failings of end-point security due to vulnerabilities in 3rd party programs, and learned more about the strategies needed to ensure that all the programs are patched and up-to-date.
The main topics covered by the other speakers in the conference were along the lines of increasing challenges for risk management, the complexity of threats, all aspects of cloud computing, and deperimeterization. A key learning from these topics is that the security landscape is ever changing and dynamic, and that there is no use for static approaches in dealing with today's threats at any level of management or operations.
In addition to the talks about the cloud computing environment such Software as a Service (SaaS), the speakers also covered further emerging paradigms, such as, Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
A few other key learning points:
- Data from Verizon's Jelle Niemantsverdriets makes it clear that the external attacks significantly predominate over internal attacks. He further suggests to add the category "partners" to classify the origin of attacks, besides the common distinctions of "internal" and "external".
- More than one presentation confirmed that the compromise of login credentials continues to be the most common and most critical attack vector. Jason Hart from CryptoCard illustrated this point vividly with live demonstrations by using commonly available tools and techniques.
- Michael Paisley from Santander warned of the "working trap", when the process becomes more important than the objective itself.
Overall, it was worth while for Secunia to attend the conference, our sessions were well attended, and considered an eye opener by many participants.