Session Highlight – Going Underground: Discovering, Exploiting, & Defending Against Covert Channels in Modern Computing
By John Moran
Hi all, Aidan Finn from MicroWarehouse blogging again! One of the things I enjoy most when teaching a class is the breaks – I really like it when the attendees get comfortable and start chatting. Very often they start talking tech and the conversation veers into areas other than Azure. And quite often, those chats are about IT security.
I’ve noticed a trend with these conversations. Attacks are on the rise (confirmed by many surveys), and the nature of attacks is very different from 10 years ago (also confirmed by surveys). IT security should more than a firewall and AV. TCP 25 allows emails in, and AV won’t stop phishing emails. Zero-day attacks are called that because they have never been seen before, and therefore there are no AV definition files for that malware.
What are attackers doing today? Ransom-ware is easy money, using zero-day threats to get some unsuspecting user to open a PDF that looks like an expected type of document. Phishing is trying to harvest passwords, which are often re-used across many personal, cloud, and company services. And a big source of threats continues to be employees who are stealing/leaking information.
We have an entire track at Cloud Camp that focuses on productivity and security, which is pretty timely considering the recent GDPR roll out. We ran a survey recently at MicroWarehouse and we found that still only 13% of firms said that cybersecurity was a main priority for them – that’s contrary to the goals (and substantial punishments) of GDPR.
So, we decided to scare people. Andy Malone, Microsoft MVP, is an IT security guru. Andy has consulted with all sorts of customers, including government & national defence, around the world. He has hack stories that you wouldn’t believe. When Andy isn’t speaking at big conferences such as Microsoft Ignite, he’s consulting or training. And that made Andy perfect to tell the audience at Cloud Camp about modern threats, to educate them that IT security is more than just putting glue in USB slots – yes, some sad people do that! Andy’s session is the perfect setup for the rest of the track which focuses on modern IT security solutions to protect data and identity … the sort of things that protect you even when data isn’t on an encrypted disk – see Eir losing 37,000 customers’ data.
Andy Malone
International Security & Technology Trainer
With a prestigious international career spanning 22 years, Andy Malone is not only a world class technology instructor and consultant. But is also a Microsoft Most Valuable Professional and veteran conference speaker at such prestigious events as Microsoft Ignite, IT Pro / Dev Connections, and the Cybercrime Security Forum.
In both his training’s and events at which he speaks, his passionate style of delivery, combined with a sense of fun has become his trademark and have won him great acclaim.
Although his primary focus is for security. Andy loves to talk about the Microsoft Azure, Office 365 and Windows Intune technologies. And with knowledge dating back to the MS-DOS 2 and Windows 2.0 era there is often an interesting story to be told. But technology never sleeps and Andy continues to work with the Microsoft product teams to create and deliver ground breaking material. Recent projects have taken him to Kuwait, Qutar, The USA and beyond for Government, Military and civilian clients. For 2018 Andy is scheduled to deliver content in Europe, the Middle East, Africa and the US to name but a few.
If you want to modernize IT security and enforce solutions that will protect you from the punishments of GDPR, then join us at Cloud Camp and attend the Productivity and Security track, featuring Andy Malone.