Check out a full recap of Armorblox CONTEXT 2023 - RSAC Edition event that happened on April 24, 2023, at the Children's Creativity Museum in San Francisco. The event brought together top cybersecurity experts from the FBI, CISA, Albertsons Companies, and SentinelOne, among others, to share their insights and have impactful discussions about topics such as AI, supply chain attacks, financial fraud, and more.
Several Bloxstars have just concluded a busy and thrilling week of learning and connecting with fellow security professionals at the annual RSAC 2023 conference in San Francisco. The conference is known for gathering the most brilliant minds in the cybersecurity industry to discuss latest developments and trends.
To kick off the week with a bang, Armorblox hosted our 2nd annual CONTEXT 2023 event on Monday, April 24th at the Children’s Creativity Museum, directly next to the Moscone Center.
The afternoon event aims to bring together cybersecurity experts and change-makers into an intimate space to share their first-hand experiences and insights with the community. This year, the event centered around the topic of ChatGPT, Financial Fraud, and Supply Chain Attacks: CISO Perspectives.
The event boasted an impressive lineup of panelists, including leadership from SentinelOne, the FBI, CISA, Albertsons Companies, Starr Companies, ChargePoint, Southern Methodist University, and more. Our panelists shared insights into the AI arms race and its implications for email security, provided a behind-the-scenes look at the biggest cyber crimes, and discussed the new supply chain risks that will shape the future of email security.
With such a wealth of expertise and knowledge shared, you won’t want to miss the highlights and videos of the sessions below.
Let’s Chat About GPT: The AI Arms Race
First up we heard from DJ Sampath, Co-founder and CEO of Armorblox who spoke with our guests, Jack Hamm, VP of Security Engineering & Architecture at Albertsons Companies, alongside Milad Aslaner, Senior Director and Global Field CISO at SentinelOne.
As AI technology continues to advance, the competition between companies to develop the most sophisticated algorithms and intelligent systems is heating up. In the realm of language models, ChatGPT is a prime example of how AI is pushing the boundaries of what's possible.
However, this same technology in the hands of threat actors can have serious implications for the security of both end-users and their organizations. This brings us to the idea of AI vs. AI, and how AI will need to be leveraged by security practitioners to stay ahead of AI-generated threats. The conversation dove into topics such as deep fakes, malicious use of AI, reconnaissance, policy on use of AI, and more.
Just by virtue of how these models work, they can make mistakes. There’s a concept of hallucination in AI, where they think they’re doing the right thing and they’re not.
- Jack Hamm, Albertsons Companies
If you think about it, there’s so many aspects of it that can be abused or used for cybercrime. It can write very convincing phishing email templates. But I think it goes beyond that. I mean, think about applying what GPT is putting out, layering a deep fake on top of it, and then run a call center with it. Super scary.
- Milad Aslaner, SentinelOne
Behind The Scenes of The Biggest Cyber Crimes: Don’t Be a Victim
Armorblox Co-founder and Chief Product Officer, Anand Raghavan, spoke with Dr. Rick Hays, Cybersecurity State Coordinator from CISA, Elvis Chan, Asst. Special Agent in Charge of the Cyber Branch of the San Francisco Division of the FBI, and Crane Hassold, Former FBI BAU Analyst & Social Engineering Expert.
They spoke about the biggest cyber crimes of today and tomorrow, and how organizations can avoid falling prey, hitting on topics such as nation-state actors, AI, ransomware, and trends they are seeing in the email threat landscape.
Elvis Chan, FBI, opened the conversation by discussing the recent findings of the FBI’s IC3 Report for 2022, which reports over $2.8 billion lost to Business Email Compromise (BEC) scams.
A lot of people think of cyber attacks as these really technically sophisticated things, when in reality, BEC is nothing more than just words in an email, pretending to be someone else. It’s clear that has become really lucrative for threat actors.
- Crane Hassold, Former FBI
They also discussed how tools such as ChatGPT are being used by threat actors to make their attacks more efficient and convincing.
Social engineering works already. ChatGPT is going to make grammar better and it’s already working. I have seen some companies come to us and say I’ve been the target of a phishing campaign that is just a cut above. The grammar is better and it actually sounds like our CEO.
- Elvis Chan, FBI
Dr. Rick Hays also discussed how CISA works with organizations for free to assess their risks, pinpoint ways to improve their incident response readiness, educate their employees, and answer questions regarding cyber security insurance.
2023 Trends: New Cyber Supply Chain Risks
For our third and final session of CONTEXT 2023, Preet Kumar, VP of Growth and Customer Experience at Armorblox spoke with several CISOs, including George Finney, Chief Security Officer at Southern Methodist University, Teza Mukkavilli, Chief Security Officer at ChargePoint Inc., and John Harte, Chief Information Security Officer at Starr Insurance Companies. The panelists discussed the challenges that many organizations face regarding protecting their supply chains and avoiding Vendor Email Compromise and Vendor Impersonation Fraud. This type of attack is driven by advanced social engineering techniques and is now super-charged by AI-generated large language model technology.
This puts enterprises and their supply chains at increased risk for financial fraud, data theft or loss, and malware attacks. These new types of supply chain attacks are becoming the most costly - and the most difficult to catch - because they play on human communications and trust.
We try to include things in contracts [with vendors] that require encryption, two factor-authentication, and that they have to be willing to pay the costs for victim notification. We want them to have some skin in the game so there are some actual damages that require them to have good security.
- George Finney, Southern Methodist University
The panelists spoke about how they decide which vendors are safe to work with, cyber insurance costs, security practices and processes for working with vendors, assessing supply chain risks, and more.
We find that sentiment analysis and language models are super useful for a number of different use cases, cyber being one of them. From a technology point of view, that's been super effective.
- John Harte, Starr Insurance Companies
The panelists also spoke about the importance of cross-functional collaboration regarding managing vendor relationships and the associated risks.
I want to change that core mindset around bringing security in. Bring us in as soon as possible so we make it easier on you and you make it easier on us…Security is looked at as ‘security does not help us move forward.’ Start with the ten people who have the most influence across those teams. It’s those people in those key roles who can affect change for you.
- Teza Mukkavilli, ChargePoint
Watch the video to learn the challenges that CISOs in highly targeted sectors are facing and how they are building effective security controls to manage all types of cyber supply chain risks, including the hundreds to thousands of vendors they do business with.
Thanks For Joining Us
That’s a wrap on our recap of CONTEXT 2023. We’d like to thank everyone who joined us for the in-person event, plus a special thank you to our panelists. Catch the entire event from start to finish, below.