2019 ends: Infosec community views on what went well, what got breached and what we want from 2020

I personally hate the "2020 top threats" style articles but I do agree with the general sentiment of reflection and then looking forward. I decided to adapt this and bring you some insights from some of my favourite infosec people on what they loved and hated from 2019 and what their goals are for 2020.

I asked them all 4 questions:

• What was your favourite infosec event of 2019?
• What was the most memorable breach/attack of 2019 for you and why?
• In 8 words sum up an important infosec lesson from 2019?
• What is one of your goals for 2020?

Enjoy, be inspired and please let me know your thoughts! Here are their thoughts:

ZOE ROSE (@RoseSecOps)

What was your favourite infosec event of 2019?

Honestly, there were so many great things and many massive reminders on why security is vital to society. I can’t say what exactly was my favourite, but at the moment, a really impactful few events were:

• Joining Operation Safe Escape in a volunteer capacity, it’s a not-for-profit organisation that works to the core of why I work in security, and all the other persons working hard to protect vulnerable persons are inspirations.
• Speaking at a variety of conferences and private events, I am always blown away by the brilliant people I meet and the shared passions. The three that comes to ind right now, BSides K?benhavn and evening if it was their first year it was such a lovely community event, and great team. Agile Testing Days I felt I had the most fun speaking to their audience, and connecting with others at the event - it truly was lovely. Lastly, Beer Con One, who doesn’t love a remote conference that raises money for charities? Great community again.

What was the most memorable breach/attack of 2019 for you and why?

The Capital One breach stands out to me because it kind of disappointed me, on a few levels. As we migrate our systems to public cloud services, we need to invest resources into effectively securing this data - if you need examples of why this is so vital, just search online the variety of breaches caused by misconfigurations, lack of controls, or simply not being aware.

Organisations as large as Capital One, using services also as massive as AWS should be aware of this. In 2017, I received my Splunk Architect certification - because at the time, I was designing and managing a Splunk deployment. Simply put the organisation recognised the value of having someone have granular knowledge of this service and provided the resources for me to learn. Whilst I can’t say what happened directly in their decision process and configuration of the cloud service, I can say that often the reason for these mistakes is lack of top-down support to do a full review and continuous audit, along with a massive lack of diverse teams to provide a variety of knowledge and experiences.

The most disappointing piece to me was it was a bad leaver, a tech, who used their inside knowledge and greed to take advantage and ultimately affect consumers. As a technical person, I may not always know the best approach, but I do try to help - using skills to take advantage is simply disheartening.

However, whilst unrelated, there is hope - AWS Ignite this year did reveal a new tool to review configurations and attempt to provide hardening advice. I am not sure it would have assisted in the Capital One breach, as from what I read a control to limit how it was breached isn’t actually available, but its a still a positive step forward.

In 8 words sum up an important infosec lesson from 2019?

Recognise your responsibilities of data collection to consumers.

What is one of your goals for 2020?

As I enter the next decade, I am also entering a new decade of my career - the next ten years I am looking to focus on sharing knowledge, empowering communities, and building solutions with a people first point of view. What that specifically looks like, I’m not completely sure yet, but it will start with joining a brilliant team, getting a new job is my end of 2019 goal.

__________________________________________________________________________

LISA VENTURA (@CyberGeekGirl)

What was your favourite infosec event of 2019?

I was a panellist at the Cloud and Cyber Expo in March this year and it was a great event. Not only was I able to use the time I had there to arrange some long overdue meetings, but the quality of the speakers and content was fantastic. I am already looking forward to next year’s event and I will be speaking at it this time.

What was the most memorable breach/attack of 2019 for you and why?

For me, the Capital One data breach that was announced in July 2019 was one of the most memorable, as it was reported to have been done by an inside employee. This for me highlights how vulnerable organisations are when it comes to their staff. After the breach Capital One advertised for a series of cyber security positions, but it was too little, too late for the tens of thousands of customers who were affected by this breach.

In 8 words sum up an important infosec lesson from 2019

Educate your staff – they are your biggest defence.

What is one of your goals for 2020?

I have numerous goals for 2020 – to release my book “The Rise of the Cyber Women”, to fully launch the UK Cyber Security Association and to get Venture Cyber Security off the ground which will provide a range of cyber security awareness training activities aimed specifically at professional services companies including phishing email simulations, cyber escape rooms, eLearning modules and internal communications. However, all of this depends on my Dad’s health as I double up as a carer for him as he has dementia. Due to this every day is a challenge as I don’t know from one day to the next if he will need me or not – but he comes before anything I do.

DR RICHARD MATTHEWS (@rhematt)

What was your favourite infosec event of 2019?

Biased here, but the best event for me was the National Missing Persons Hackathon held on the 11th of October. This event was run by AustCyber in conjunction with the Australian Federal Police and was a unique opportunity to use OSINT skills for lawful good in an attempt to crack some missing persons cases. Like all Hackathons there was a competition element and for me it was the first time I took a step back a supervised a team of students directly rather than actively participated myself. My students managed to come in second place in South Australia only being beaten by the experts at SAAB who took out the national title.

What was the most memorable breach/attack of 2019 for you and why?

Tough one. Breaches are becoming so numerous and so frequent that this could almost become a per month list. I can reduce my list down to two breaches.

1. Australian Federal Government Breach

The first was detected in January by Australia’s intelligence services. The Australian Federal Parliament was subject to a cyber attack which compromised two Senators and several other members of our lower house. Non-sensitive data was accessed and presumed stolen. The breach was linked to the Emotet trojan. The best thing which happened as a result of this breach was the renewed focus on cyber hygiene of our elected representatives. One such member was quoted as saying “We need to significantly increase the sense of urgency among MP's and staff about cyber hygiene and how to protect themselves.” While Australia only attributes cyber attacks when it is in the national interest to do so, it was mused in the media that this bore the markings of a nation state actor with many attributing to someone in the new Sino-Russo plus alliance which we see forming to new strengths since the cold war.

2. Australian National University Breach

The second incident is the breach detected at the Australian National University. This comes in tied with the Parliamentary breach simply because of the response received by ANU to the incident. While this attack technically happened in 2018 it was not discovered until 2019. ANU’s Vice-Chancellor committed to publishing an open account of their investigation into an incident which saw a significant amount of data stolen from the university. The full report can be viewed here https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf…. From a careful analysis of this report we can surmise that although ANU suggests they were fully patched, the breach occurred due to the vunerability in Outlook or CVE-2018-0950. While this patch may have been deployed we don’t know from ANU if it was deployed on the machine used to gain access. It seems to have been the likely candidate. ANU still gets points for being open about their breach and that is why I can’t discriminate between this and the Parlimentary breach.

In 8 words sum up an important infosec lesson from 2019

Patch your shit. Cyber is a “whole-of-governance” responsibility.

(and I didn’t cheat with word count… https://en.wikipedia.org/wiki/Whole-of-Government_Approach…)

What is one of your goals for 2020?

I’m looking at enrolling in the University of Adelaide’s Professional Certificate in Defence Industry Leadership 2020 program as part of my MBA. All things being equal that would be completed in 2020 and I’ll be able to show further leadership in Cyber and defence to secure our interests. My biggest bug bear with our industry is military and private sector are seen as two discrete entities. In this current age of information advantage or information warfare, our connected industries are on the front lines, our CEO’s are our generals. If they are not equipped to handle the threats, expect more devastating breaches to our economy and way of life.

SEAN WRIGHT (@SeanWrightSec)

What was your favourite infosec event of 2019?

For me this had to be BSides London, sharing the stage with fellow @TheBeerFarmers members as well as Troy Hunt and Scott Helm.

What was the most memorable breach/attack of 2019 for you and why?

PDL data breach, due to the sheer size (personally I had 3 emails in it), as well as the fact I had no ties or affiliation to PDL. For me this highlighted how loosely companies treat your data.

In 8 words sum up an important infosec lesson from 2019

“We take your security and privacy very seriously”

What is one of your goals for 2020?

To speak at an international conference.

ROB MAY (@RobMay70)

What was your favourite infosec event of 2019?

Infosec (Infosecurity Europe) is always a favourite for me, it continues to deliver on many levels and draws a huge diverse audience.

What was the most memorable breach/attack of 2019 for you and why?

The Capital One data breach due to its scale - 106 million people is massive!

In 8 words sum up an important infosec lesson from 2019

Big GDPR fines are a reality see BA!

What is one of your goals for 2020?

To continue my mission to educate board executives on their cyber security responsibilities and get business in the UK to increase their infosec budgets!

JAKE MOORE (@Jake_Cyber)

What was your favourite infosec event of 2019?

Infosec

What was the most memorable breach/attack of 2019 for you and why?

Facebook because they like to think they are invincible (from their heavy privacy marketing) but interestingly, it hardly damaged them.

In 8 words sum up an important infosec lesson from 2019

You're not using a password manager? Let's discuss.

What is one of your goals for 2020?

To speak at InfoSec!

Thanks to everyone for participating and I am keen to hear your answers! What a year it has been!