Cybercrime Experts Hit DublinBreach Response, Fraud, Malware the Focus of IRISS Conference
Cybersecurity practitioners from Ireland and beyond are set to gather in Dublin this week for the Irish Reporting and Information Security Service's IRISSCON Cyber Crime Conference.
I'm heading to Dublin to attend the Nov. 19 event, which is organized by Ireland's computer emergency response team - IRISS - which is designed to allow organizations to report security incidents, provide a related alerting service for new and emerging threats and also promulgate best-practice guidance to help organizations in Ireland block attacks and respond in the event of a data breach.
"We have seen a lot of activity in relation to the DDoS-as-an-extortion technique being used by groups such as the Armada Collective and also DDB4C."
The day is set to launch with a presentation from information security consultant Brian Honan, who heads IRISS and who's also a cybersecurity adviser to the association of EU police agencies known as Europol. "My talk will be on the cybercrime threats we have seen in the past 12 months and their impact on Irish businesses," Honan tells me. "In particular, we have seen a lot of activity in relation to the DDoS-as-an-extortion technique being used by groups such as the Armada Collective and also DDB4C. We are also seeing a large number of companies falling victim to CEO fraud" (see Experts: DDoS, Extortion Fuel New Attacks on Banks).
The event features 12 other speakers touching on a range of cybercrime and fraud-related topics such as:
- Social engineering: Jenny Radcliffe, a.k.a "The People Hacker," will argue for the need to "wake up the workforce" to the threat posed by social engineers, preferably by using the same psychological techniques abused by hackers.
- Secure clouds: IBM's Juan Galiana will detail how to use cloud-based platform-as-a-service solutions securely.
- Breach response: Paul Keane, European operations manager for breach and identity theft monitoring services provider IDT911, will offer best practices for creating and maintaining an effective breach-response program.
- Future threats: Rik Ferguson from Trend Micro will discuss future trends in the security field and how companies can best prepare.
- User fail: Lance Spitzner from the SANS Institute's Securing the Human program will talk about how to secure what is arguably the weakest element of so many security programs: humans.
- Malware trends: Both Christopher Boyd from Malwarebytes and Robert McArdle from Trend Micro are set to detail separate research into recent malware campaigns.
- EU regulations: Attorney Linda NiChualladh will discuss the implications of the draft changes to the EU Data Protection Directive, and how organizations will have to adjust their incident-response capabilities as a result.
Cyber-Attack, Coding Challenges
Running in parallel with the scheduled speakers will be two challenges:
- The Cyber Challenge: Co-hosted by the
Irish chapter of the Honeynet Project, this is a series of challenges designed to simulate real-world attacks. "The purpose of the challenge it to provide participants with a safe and fun environment to test their cyber skills but also to demonstrate to those attending the conference the real-life consequences of how insecure or poorly managed systems can be compromised," Honan says.
- Secure Coding Challenge: Together with the Secure Code Warrior set of coding challenges, the event will also feature a secure-coding challenge "to enable participants to better learn how to ensure their application code is written in a secure manner," Honan says.
In the wake of last week's terror attacks in Paris, Honan says he also anticipates that speakers - and attendees - will touch on and debate related surveillance and crypto issues, including the online security implications of the attacks (see After Paris Attacks, Beware Rush to Weaken Crypto).
"I am sure this will be a topic of conversation," he says. "In particular, what the implications will be in relation to government moves to increase online surveillance, looking to circumvent encryption controls, and about how to better share threat intelligence."
Stay tuned later this week for updates from the conference itself.