The AUSEC19 Cyber Security conference in Melbourne was very well run and I thought the value from the speakers I saw was good. It reaffirmed some of what I learnt when working with PC Guardian in 1999, but I will cover that in the tips. As a speaker at the conference I was fairly astounded at how little the delegates knew about DMARC and it's positive effect on SPOOF Phishing emails.
Top Cyber Security Tip #1
The was a brief but very jam packed presentation by a gentleman from Talos Intelligence which combined a lot of Spy and traditional counter intelligence information with his over riding cyber tip and that was:
Identify your most important digital assets and protect them as best you can, anyother information you should consider compromised
What he meant was that cyber security is expensive and even the best protection may let you down, so concentrate on what you need to secure and whilst not openly publishing the other intellectual property take the mindset that if a government wants to get into it they will no matter what.
Top Cyber Security Tip #2
I have beaten up the bank we use (The National Australia Bank) for not having implemented DMARC p=reject and I am pleased to have met 3 people from their Cyber Security team. Where I was most surprise was finding that nab.com.au is compliant for DMARC and therefore protecting their staff and customers from SPOOF attack To my great delight all staff are trained on Phishing attacks within the bank. Well done.
There is no point having Cyber Security if the staff are not aware and trained on key elements
Now they just need to correct the Phishing information in their Cyber Threat Training as well as placing an Anti-SPOOF and Phishing policy on their site. They could also include tools like Email Sender Check, or the Trusted Sender program for clients and suppliers.
Top Cyber Security Tip #3
The final top Cyber Security tip that I took away is really from the old school but with a new twist.
People are still the biggest threat for an organization
Whether it be an email phishing scam that a staff member falls for or something more sinister, people issue instructions and think for themselves and are still a huge point of weakness when it comes to Cyber Security.
Next Speaking Engagement
My next speaking engagement is just around the corner, details in the image. I will be giving much deeper insights into threats from email and how to run a DMARC project to close off SPOOF attacks.