When the Walls Fell: Barbarians in the Throne Room
Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can best protect their digital assets by first understanding the sheer magnitude that a data breach can have on an enterprise. Yahoo is a prime example of how the balance has changed for defenders from that of an annoyance regarding a data breach to an issue with potentially severe financial penalties. They have publicly confirmed 2 major data breaches and the most recent disclosure concerns 1 billion records. In this talk I review my findings after analyzing hundreds of data breach disclosures as it pertains to what went wrong.
Presented at Security Fest 2017.
Speaker: Dave LewisAbout Dave Lewis
Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is a Global Advisory CISO for Cisco. He is the founder of the security site Liquidmatrix Security Digest & podcast as well as the host of DuoTV and the Plaintext podcast. He is currently a member of the board of directors for BSides Las Vegas. Previously he served on the board of directors for (ISC)2 as well as being a founder of BSides Toronto conference. Dave has been a DEF CON speaker operations goon for over 10 years. Lewis also serves on the advisory board for the Black Hat Sector Security Conference and the CFP review board for 44CON. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig, and others. For fun, he is a curator of small mammals (his kids) plays bass guitar, grills, and is part owner of a whisky distillery as well as a soccer team.
