Several Bloxstars have just wrapped up a week full of learning, connecting, and presenting at RSA 2022 in San Francisco. And what a week it was!
The conference is a favorite of ours and we took it a step further this year - we decided to throw our own event at Microsoft Reactor to kick it all off. Armoblox CONTEXT 2022 was imagined to bring together top experts and change-makers in the cybersecurity space to share their first-hand experience and insights with the community.
Speakers included leadership from Microsoft, Fidelity, Coalition Inc., Datadog, and friendly hacker, Rachel Tobac. Together they tackled topics ranging from the latest trends in social engineering to cyber insurance, from government regulation to the future of security technology.
Public-Private Partnerships to Protect Digital Communications
First up we heard from T.J Rylander, General Partner at Next47, and Michael Daniel, President & CEO at Cyber Threat Alliance and and former Cybersecurity Coordinator on the National Security Council Staff at the Whitehouse.
As an expert who lives at the intersection of cybersecurity and policy, Michael explained the importance of public-private partnerships in building a more secure cyber world and how these partnerships could redefine security standards for all businesses.
“One of the pieces that we still really lack is this idea of a standard of care. How does a company know when it’s actually got enough cybersecurity? How does it measure that? ... Because of this, there is a lack of information sharing that would be easier if we had those standards.”
— Michael Daniel, Cyber Threat Alliance
Hacking the Economics of Email Security
David Spark, host of the CISO Series podcast shared the stage with security experts and dove into the intricacies (and hacks!) surrounding the economics of cybersecurity. The panel consisted of Scott Slater, VP, Practice Management & Consulting at Fidelity, Joshua Motta, Co-Founder and CEO of Coalition, Inc, and Emilio Escobar, CISO at Datadog.
If you’ve got questions about why the FBI ranked BEC as the top attack vector accounting for over $43B in business loss, this is the session for you. The group covered the ins and outs of managing the financial impact that cybersecurity has on businesses. The discussions went deep into topics on how to select the best email security products, decrease business risk through cyber insurance, make better decisions when defining security postures, and more.
The expert panel shared their thoughts on how involved a cyber team should be in understanding the financial impact of their work, as well as how to go about assembling a team and tech stack that is cost-effective.
“As a provider of cyber insurance, we have the unfortunate need to pay the actual losses. We have paid tens of millions in losses for phishing and business email compromise (BEC)–in fact, BEC is the most frequent claim that we receive”
— Joshua Motta, Coalition, Inc.
The panel also discussed the cybersecurity insurance industry’s influence in driving more secure behaviors to tackle BEC.
“A lot of them [clients] don’t understand the nature of the risk and that they really are facing fraudulent money movement issues through BEC largely… It’s not just about BEC, it’s also about credential phishing and some of the reputational risks that firms may face because they’re going after their client’s names through senior executives.”
— Scott Slater, Fidelity
Joshua and Scott spoke to the greatest vulnerabilities of many organizations, including BEC still being the most common attack and point of entry for financial fraud.
“Email is still by far the largest attack surface for any business. It’s the most exploited attack surface.”
— Joshua Motta, Coalition, Inc.
Emilio, CISO of Datadog shared two bits of advice for fellow security professionals: 1. increase your email security controls as your interactions with third parties grow, 2. work with leadership at your organization to cultivate an atmosphere where employees feel comfortable reporting when they’ve fallen for an attack.
How We Hack: Phishing Trends in 2022
Rachel Tobac is a friendly hacker and the CEO of SocialProof Security. She’s been featured on CNN, Forbes, and NPR, among other places… and she clued us in on how she’s hacking in 2022. Using principles of persuasion such as reciprocity, social proof, authority, and urgency, she showed us exactly how she pulls off these “friendly” attacks.
She didn’t stop there. She shared an overview of the biggest phishing trends and the most common attacks that people (still) fall for, plus best practices for keeping your info out of the hands of hackers.
“There are two ways that I hack. Either I hack you by contacting you directly. Or I hack you by contacting the services you trust directly and pretending to be you.”
— Rachel Tobac, SocialProof Security
Rachel highlighted the significant increase in phishing attacks since the beginning of the pandemic, citing Google’s Transparency Report that measured a 350% increase since January 2020.
To wrap up her session she was joined by Armorblox’s CSO, Brian Johnson, to announce the grand prize winners of our Best Phish Email Contest. To learn more about the categories and winners, click here.
Hot Topics in Cybersecurity: Discussion with Phil Montgomery
Lastly, we heard from Phil Montgomery, General Manager - Security GTM at Microsoft. Phil shared insights into his current focus and personal ideologies around cyber security, what he envisions as the future of InfoSec, and his advice for CISOs.
“Ultimately we need to respond to them [security issues] with people. We need security professionals with expertise working with technology working with AI working with the software.”
— Phil Montgomery, Microsoft
His best advice for CISOs: get MFA deployed, train your employees, conduct best practices, and continually try to break into your own system to bolster the security posture.
Thanks For Joining Us
That’s a wrap on our recap of CONTEXT 2022. Catch the full live stream video below.
We’d like to thank everyone who joined us both in-person and virtually with a special thank you to our speakers and those who entered our Best Phish Email Contest.