Last week, HORNE Cyber, in partnership with Willis Towers Watson Nashville, hosted a cybersecurity seminar at the Franklin Marriott Cool Springs in Franklin, Tennessee. This seminar featured a unique series of presentations given by renowned subject matter experts. Topics included offensive security testing (ft. a live hacking demo!), incident response planning, how company culture impacts cyber risk, and today’s threat landscape.
Photo of Seminar Speakers (Left to Right): Special Agent Regis Billings, Dr. Wesley McGrew, Brad Pierce, Yenu Wodajo, Special Agent Andre Edwards, J. Brad Fuller, Mike Skinner
Special Agent Billings presented the seminar’s keynote, outlining recent data breaches and major cyber threats facing companies of all sizes including phishing emails, ransomware, and extortion.
“As Special Agent Billings noted, phishing emails, ransomware and extortion are common threats facing businesses of all sizes, including those in Middle Tennessee,” said Wesley McGrew, Ph.D., Director of Cyber Operations at HORNE Cyber. “There are a number of proactive measures companies can take to improve their security, including setting up multi-factor authentication, backing up company data—while regularly testing the recovery of data from those back-ups—and keeping operational data separate from other sources, such as email and web browsing. In addition to these measures, companies should run advanced penetration testing at least once a year as well as after any major network or systems changes.”
Our very own Dr. Wesley McGrew, Director of Cyber Operations, led a live hacking demonstration during the morning session. This demonstration exemplified how advanced penetration testing utilizes human-based tactics to leverage vulnerabilities. Specifically, Dr. McGrew showed how an attacker could compromise sensitive data from an organization’s database by exploiting a publicly known vulnerability, stealing administrative credentials, and spreading across the compromised network as a true attacker would. Unlike an automated vulnerability scan, Dr. McGrew explained, advanced penetration testing does not stop once a vulnerability has been found. Rather, the cyber operations specialists conducting the advanced penetration test take each vulnerability and attempt to determine its overall impact, if leveraged, to the organization.
Photo: Attendees watch as Dr. McGrew provides a live hacking demonstration at Wednesday's seminar.
Mike Skinner, Partner in Charge at HORNE Cyber, led a panel discussion focused on how company culture impacts cyber risk. Panelists spoke about the types of attacks that commonly target employees including social engineering (phishing emails and phone calls). Phishing emails are one of the most common attack methods used today, noted Special Agent Andre Edwards. Special Agent Edwards currently works criminal cyber intrusions at the federal level for the Memphis Division of the FBI.
Special Agent Edwards discussed how attackers can easily distribute emails to a wide audience, increasing the likelihood of a successful attempt on at least one targeted employee. Panelists also spoke to the lengths to which some threat actors will go to legitimize their phishing emails. By completing a quick google search, a threat actor can find a lot of information about a specific organization’s structure, noted the panelists. This information, like the names and emails of company leadership, can enable an attacker in creating sophisticated phishing emails that may successfully deceive an employee.
“We were thrilled to present to Nashville’s business community alongside the FBI and Willis Towers Watson about effective measures for better network security,” said Mike Skinner, partner at HORNE Cyber and an expert in cyber assurance. “No company is safe from today’s cyber threats, making offense-oriented security even more valuable and necessary.”
Photo of Panelists (Left to Right): Special Agent Andre Edwards, Yenu Wodajo, Brad Pierce
Yenu Wodajo of Willis Towers Watson highlighted that poor employee experience has proven to increase an organization’s cyber risk. In many instances, disgruntled employees have compromised or exfiltrated sensitive data prior to leaving an organization. Data breaches caused by malicious insiders may be mitigated by organizations cultivating a culture that fosters positive employee experience. Other points of discussion by the panelists included the importance of providing cybersecurity training for employees, facilitating a positive work environment, and conducting social engineering testing at least annually.
For more information regarding the topics discussed during this event or upcoming seminars, please reach out to Marketing Director Ashley M. Madison at Ashley.firstname.lastname@example.org.