Cybersecurity breaches and regulatory compliance are this year’s themes. Marriott was sued and fined $124 million for their data breach back in 2014, according to The Wall Street Journal. Capital One leaked 100 million credit applications including Social Security Numbers. Both LabCorp and Quest Diagnostics exposed millions of patients’ medical records.

With the General Data Protection Regulation (GDPR) now fully active and the California Consumer Privacy Act (CCPA) on the horizon, there are hefty monetary consequences for mishandling consumer’s data. It’s no longer a slap on the wrist and some bad press coverage for negligent cybersecurity practices. More than ever before, it’s critical for organizations to safeguard sensitive data to maintain the trust of consumers and avoid steep fines.

This begs the question: what’s the best way that organizations can protect themselves against these consequences of a data breach?

I will be presenting research on this very question at BSidesLV and DEFCON this year. In my speaker sessions, I’ll share the lessons I’ve learned from securing organizations around the world for the past 14 years. My talks are set to cover topics on incident response & threat hunting using protocol analyzers, research around modern phishing attacks resulting in Business Email Compromise (BEC) and Network Security Monitoring (NSM) best practices.

From responding to hundreds of incidents in the financial and media & entertainment industries, there are simple things organizations could be doing to prevent themselves from becoming the next Marriott. Much of the information I will share comes from a solid foundation of knowing your own environment well enough to identify digital threats.

My favorite cybersecurity quote comes from Sun Tzu’s The Art of War:

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but (Read more...)