Disrupted — Cybersecurity
By guest contributor, Amanda Emms
Tech Manitoba dove into the dark world of cybersecurity this spring for the May 20th Disrupted conference. Powered by RBC, the second Disrupted of Tech Manitoba’s three-part virtual series cracked open some of the most prevalent threats within our digital world.
Disrupted’s keynote speakers and fellow industry experts stacked the compelling half-day conference. And it turns out cybersecurity doesn’t have to be so ominous — although the horror stories can be fun. Because the most important preventive measures boil down to awareness — both in your professional and personal life. So let’s dig into these highlights and takeaways.
A great host and a hacker
The Tech Manitoba team recently welcomed Kelly Fournel as CEO. So it was a wonderful way to get to know her as she hosted this Disrupted. During one segment, Kelly’s image flickered into a haze of black and white bars. The audio turned into that fuzzy garble synonymous with an old TV set before a heavily dubbed voice and animated face flooded the screen.
Disrupted was once again hosted on the online event platform Remo, and the concerned audience flooded the chat with comments about the ominous hacker. It quickly became clear that this cyberattack was a spoof planned by Tech Manitoba. With everyone in on the joke, it was one of those unexpected moments that makes being part of an audience — even a virtual one so satisfying.
Defending our rights and data in disruptive times
Opening keynote Ben Wizner has championed civil liberties and national security for nearly fifteen years. He’s also been NSA whistleblower Edward Snowden’s lawyer since 2013. Kathy Knight, Executive Director of the Cyber Security Centre of Excellence at the Manitoba Institute of Trades and Technology (MITT) led the Q&A and it’s always a treat to see the former Tech Manitoba CEO.
Ben pointed to the last year and said we could all agree that it would have been more painful without technology. As someone who lives alone and puzzled alongside friends on Zoom all winter, I for one do. He then expanded on what this means for today’s society.
“Not all that long ago we used to live our life in practical obscurity. We now live in a world of near universal tracking. What was once fairly private is now widely shared, exposed, tracked, recorded and vulnerable in new ways. Our societies and particularly our laws are just starting to come to grips with these changes.”
He largely attributed this to cellphones. Most of us carry around these tiny powerful computers which link to our emails, location, texts, photos, internet browsing history and more. This access to intimate and sensitive data is relatively new and governments, law enforcement and corporations are very interested. And it’s coupled with the fact that storing large amounts of data has become infinitely cheaper. Although these governing bodies say this is one big leap for public safety, Ben disagrees.
“We don’t say this often enough. We live in the safest and most secure societies in the history of the world. We should be wary of any political rhetoric that leaves little room for other core values.”
He says this has created enormous challenges for the tech community. It’s much harder to secure a world engineered for surveillance and a world engineered for security is much harder to surveil. But it’s when the tech community gets a little adversarial against these organizations that all of our rights get protected.
Cybersecurity Horror Stories w/ Q+A
Panel host Chetan Raithatha explored outside threats, internal vulnerabilities and people and the role they play in cybersecurity with industry experts Darcy Wilson, Archana Yasas and Ashley Esau. Each panelist shared their own terrifying experience and shared what they learned with attendees.
Darcy Wilson — Ransomware
- Know what data you own and where it’s located (for example: company server vs. personal laptop)
- Get familiar with attack factors. Email is still number one but there are many others like phishing attacks and social media
- There is an entire global economy around ransomware and data being held hostage. It’s expected to be a 6-billion-dollar industry this year alone. Know what data you have and know that your data does have value.
Archana Yasas — Software supply chain attacks
- Engage with third party software vendors and audit their security policies. Be aware that open source software may have bugs.
- Conduct regular penetration tests in your environment to uncover vulnerabilities before the bad guys do.
- Ensure that an Endpoint Detection and Response (EDR) tool has been deployed across your entire network. This will be a huge contributor in identifying malicious activity and infection vectors.
Ashley Esau — Social engineering
- We rely so much on tools to stay protected but it really starts with people. Empower your people to recognize attacks. Empower them to challenge and ask questions when things don’t seem right. That is the power of the human firewall.
- Trust but verify. Follow up on questionable activity and report anything suspicious.
- Slow down. Read emails carefully. Don’t click links.
Disrupted participants got to network and mingle during the Interactive Playground segments. Tech Manitoba welcomed an incredible group of exhibitors who represented the many different facets of our community. Whether you were interested in post-secondary education, online health solutions or portal bots — this group had you covered.
Closing Keynote with Cat Coode
Cat Coode closed Disrupted with an incredibly energetic and useful keynote. The data privacy consultant and founder of Binary Tattoo is backed by two decades of experience, and poured out pages of noteworthy advice for attendees. Here are the highlights for anyone that might have gotten a hand cramp.
- We are taking too many applications and sharing little bits of data on each of them — and they all paint a bigger picture of us. We need to be careful about selecting applications that we actual use and that we understand the trade-off.
Passwords are like underwear!
Keep them private
Don’t Share them
Make them long enough to cover your butt
- Take something very complicated that you only have to memorize once. One unique complicated password is safer than having you and your staff change that password every 90 days.
- Whenever you see software updates — do them immediately. They are often masked as security updates.
- The increase in home offices has caused all sorts of issues with cybersecurity. Keep your work email separate from personal accounts. Make sure your router is password protected.
Privacy Settings — take the time to go through every privacy setting you have. Focus on things like location services, microphones and anything that turns your camera on. Find out which apps are using which pieces of hardware in your phones and devices. Make sure that the apps that are accessing your contacts are the ones that actually need to be.
- Set an alert on your business and as a person. Set it on your own name, your children, partners and parents so that you’re fully aware of the information that’s out there.