Top 5 Spooky-Scary Learnings from ISACA CSX

Introduction

I was lucky to represent BNBCE by being a volunteers for the CSX conference by ISACA taking place from October 15-18th this year, which gave me a strong incentive to be actively involved in various sessions, help fellow professionals find their way around (which I was still trying to do myself), introduce esteemed speakers, and share the stage with them as they spread their messages to the world.  I was also able to be the “boots-on-the-ground” representation for Bits N’ Bytes and bring home some of the most important (through our eyes) takeaways from the wonderful conference. 

I have lived in North America now for almost 30 years and was never enthusiastic about visiting Vegas, since I never saw myself as the “what-happens-in-Vegas-stays-in-Vegas” kind of guy. But when I heard that ISACA was planning their Cybersecurity CSX conference there, I could not resist jumping at the chance to attend another ISACA event. And I would recommend the CSX conference for anyone who is interested in connecting with a wealth of professionals, learning from the global perspectives, and picking up on key conversational themes that are the most pressing, and “trending” topics in the industry. Below, I have compiled my top 5 takeaways from the 3-day conference.

Opening Ceremony of ISACA CSX at The Cosmopolitan, Vegas. Picture Credits: Naganat Guru

5 Must-Know Takeaways from Vegas 2018

1. Vegas is the ‘battleground’ of choice for cyber criminals and the cyber professionals:

One of the great revelations from the trip is that one could do a lot more business than expected in Vegas, the city particularly being strong (and infamously known) for gaming and technology-based betting. Not to mention the streets full of digital entertainments and cash-circulation, Vegas itself, I learned, is a haven for cyber criminals and hackers to attack. Because of this, Las Vegas has also become an epicenter of white hat hackers stationed locally to constantly watch and protect the ecosystem. At ISACA CSX North America, I met a large contingent of cybersecurity professionals who were actually based in and around the City.

Presentation: The Future Cybersecurity ThreatScape. Picture Credit: Naganat Guru.

2. SheLeadsTech is raising to the challenge to encourage more women participation in cybersecurity: and rightfully so.

The SheLeadsTech breakfast on October 15th allowed me to meet some smart professionals in the ecosystem. From this brunch, I learned that only 11% of the cybersecurity professionals are represented by females. However, considering that there are 400,000 positions unfulfilled in cybersecurity profession in the US currently, including about 2 million globally, we must see women participation grow.

3. No one is immune from cyberattacks and cybersecurity professionals must unite.

Facebook , Google+, and even the Pentagon have been attacked in the last few months.  One of the keynote findings revealed that cybersecurity community should revolve around a common agenda to share the data and expertise, freely and strategize and find common solutions. I couldn’t agree more.

4. The ISACA/CMMI Institute Cybersecurity Culture Report is available now:

“Narrowing the Culture Gap for Better Results”, summarized that only 5% of the organizations believe that no gap exists between the current and the desired cybersecurity culture. A full third, see a significant gap. Also, a 30% of them saw their organizations’ cybersecurity culture health being fair to poor. This report is available for download free at www.isaca.org/cybersecurity-culture-study .

5. Okay, I had way too many takeaways to only share 5. Here’s a list of 8 some quick-tips of a “cyber speed-round.” After all, this blog is full of surprises.

• Humans are the weakest link and we need to fill the “imbalance of knowledge” by making it interesting for everyone to learn and participate: which is what BNBCE is doing! A Forum of experts at the conference recommended that organizations should improve their cybersecurity culture by making cybersecurity practices, for the employees to be ‘fun and engaging’ and ‘making it personal’.
• 70% of IoTs have known vulnerabilities that will necessitate us to constantly strengthen, and re-strengthen security.
• For every 5,000 common internet users, there is approximately 1 TOR user on the deep web. For example, London, UK with about 8.6 population is expected to have 1,600 TOR users.
• iPhones are one of the most popular items sold on the darknet. Phones stolen in North America find their way into Asia through this means.   
• The scary things that need to be addressed in our cybersecurity goals in the coming years are surrounding dark-web activities that threaten the life and safety of our citizens, like killers for hire, sale of guns where they don’t verify buyer’s identity, and drug sales/ terrorism. Considering that bitcoin or other digital currency is being used for trading in these platforms,  this adds a layer of complexity to the already challenging task to of combating these problems.
• Firewalls and encryption strategies are not embraced as we did with anti-virus software use, and they need to be.
• The need for encryption of data, necessity to follow security practices, and having a cyber insurance policy are all must-haves for companies.
• Privacy concerns that we all had 10 years ago still exist for most part today, and we have to treat them with even greater importance. Ransomware has grown 167 times (examples being NotPetya, Wannacry, and Locky). The problem is ever growing with an average victim losing $1,077 per attack, this year vs $294 last year. Wowzers. This is important.

The Hidden Web Session: One of the most popular breakout talks at CSX. Picture Taken: Naganat Guru

By the time the conference concluded on October 17, 2018, I had learnt so much that I left Vegas with a boot of winnings in my bag…. the wealth of cybersecurity knowledge, that is.

Check out more information about the ISACA CSX Conferences here and be sure to catch when ISACA is coming to a city near you: https://www.isaca.org/ecommerce/Pages/csx-north-america.aspx. 

Thanks for sticking with us and reading ’til the end: you get extra cyber-bonus points from the BNBCE team. As always, stay safe and secure online, folks!

Happy Halloween!

Detective Safety

This post was prepared and accomplished by Mr. Guru Naganat in his personal capacity. The opinions expressed in this article are the author’s own and do not reflect the view of any specific organization.

About the Author: Naganat Guru

Guru, as he prefers to be called, has, 25+ years of Real Estate Development experience thru’ Senior Management positions, the recent 16 years in the USA as Controller/ CFO/ COO/ Partner, of Dubin Group, a Top 50, Chicago real estate enterprise. Guru’s experience is mainly in the Multi-family arena that includes land acquisition, entitlements, development, financing and construction of more than 1200+ dwelling units in the Chicagoland Area. We are also so grateful to have him join our team as a Leading Volunteer and CFO. Oh! And he also happens to be the father of our founder, Kyla. Fun Fact: they come as a package deal.