MINNEAPOLIS, MN. – FEBRUARY 8, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading series of Virtual Summits, arriving in the Upper Midwest this week.

The 2021 Minneapolis and Des Moines Virtual Cybersecurity Summit will take place on Wednesday, February 10, and is slated to allow the local community of cybersecurity professionals to gain insights and education regarding the latest updates and challenges in the industry, despite the continued effects of the COVID-19 crisis.

Headlining this summit is a long-time expert in the world of data privacy, Jay Cline, U.S. Privacy Leader for PricewaterhouseCoopers. Cline has spent three decades advising executives on the nuances of data privacy, with his specialty focus on privacy risk management. His keynote session is titled, “Navigating a Tripolar Data Privacy World.”

“This year could see record levels of privacy regulation and enforcement worldwide with over half of the world’s population covered by basic privacy rights and data-breach notification for the first time in history,” Cline said. “Companies can get ahead of this wave by building privacy defaults into the digital code of their business for every new change they push into production.”

The Summit will also feature industry expert presenters and virtual exhibits from cybersecurity solution providers, as well as live, topical expert panel discussions fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around the SolarWinds hack, the future of cybersecurity, and user-centered security, and the key trends on which Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) should most concern themselves in 2021 in panel discussions. 

Data Connectors, which has conducted physical conferences since 1999, rapidly responded to the COVID-19 crisis, moving its full schedule of planned events online. The cybersecurity community has in turn responded to the opportunity: more than twice as many people have signed up for the virtual regional events than had registered to attend the previously scheduled in-person meetings.

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs and CIOs from organizations throughout the Upper Midwest. This week’s panelists include:

• Matt Ireland, Chief Information Security Officer – NTT Research
• Patrick Joyce, VP – Global Information Technology & CISO – Medtronic
• Tony Taylor, CISO – Land O’Lakes, Inc.
• William Scandrett, CISO – Allina Health
• Milinda Rambel Stone, Vice President & CISO – Provation Medical

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Ordr, Proofpoint, and many more.

The Summit will take place on Wednesday, February 10 at 8:00 a.m. CT. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

Data Connectors Virtual Summits continue to focus on the local and regional requirements for cities and regions across North America, with upcoming Summits taking place for Ohio, Boston, and Southern California, New York City, Texas and more.

More information can be found at dataconnectors.com/attend.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Data Protection and Privacy Tops Agenda at …

Press Releases Posted by Jen Greco on Feb 8, 2021

RCMP, Toronto Police C3 Look Toward 2021 Cybersecurity Trends, Alongside Expert Panels Covering AI, Defense-In-Depth, and the Current Threat Landscape 

TORONTO, ONTARIO, CANADA – JANUARY 18, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading series of Virtual Summits, as the first major cybersecurity event in Canada for 2021.

The 2021 Canada-East Virtual Cybersecurity Summit will take place on Wednesday and Thursday, January 20-21, and is slated to allow the local community of cybersecurity professionals to gain insights and education regarding the latest updates and challenges in the industry, despite the continued effects of the COVID-19 crisis.

Headlining this two-day summit are three keynotes, from the heart of the nation’s cybersecurity law enforcement operation. Detective Constable Kenrick Bagnall of the Toronto Police Service’s Coordinated Cyber Centre, Director General Chris Lynam of the Royal Canadian Mounted Police’s National Cyber Crime Coordination (C3) Unit, and guest keynote Victoria Granova , President of the (ISC)² Toronto Chapter Board.

“It’s already a particularly interesting year, especially when you look at the SolarWinds supply chain compromise that’s having an impact on organizations around the world, but particularly in North America,” Bagnall said. “Our goal is to provide the support that our local community will need in order to stay secure and thrive in the given environment.”

The Summit will also feature industry expert presenters and virtual exhibits from cybersecurity solution providers, as well as live, topical expert panel discussions fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around identity and access management amid the rush to work from home in 2020, and the key trends on which Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) should most concern themselves in 2021 in panel discussions. 

Data Connectors, which has conducted physical conferences since 1999, rapidly responded to the COVID-19 crisis, moving its full schedule of planned events online. The cybersecurity community has in turn responded to the opportunity: more than twice as many people have signed up for the virtual regional events than had registered to attend the previously scheduled in-person meetings.

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs and CIOs from organizations throughout the provinces of Eastern Canada. This week’s panelists include:

• Andrew Vezina – Vice President and Chief Information Security Officer for Equitable Bank
• Tony English – VP IT Risk, Butterfield Group
• Michael Ball – Chairman Of The Board for the International Association of Virtual CISOs
• Robert L. Godbout -CDO/CIO of Canada School of Public Service
• Rachel Guinto – AVP of Global Information Security Risk Management, Manulife

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Attivo Networks, Ordr, Proofpoint, and many more.

The Summit will take place over two days, on Wednesday and Thursday, January 20-21, 2021 at 8:00 a.m. ET. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

Data Connectors Virtual Summits continue to focus on the local and regional requirements for cities and regions across North America, with upcoming Summits taking place for Detroit and Indianapolis, Minneapolis and Des Moines, Ohio, Boston, and Southern California, and more.

More information can be found at dataconnectors.com/attend.

Canada’s Top Cyber Cops Help Business …

Press Releases Posted by Jen Greco on Jan 18, 2021

Department of Homeland Security, Industry Experts Comment on 2021 Trends, Directions, Continued Revelations on Government and Private Network Breaches Stemming from Russian Cyberattack

DENVER, CO. – JANUARY 6, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading series of Virtual Summits, with over 15 past annual gatherings in the Salt Lake City and Denver areas.

The 2021 Salt Lake City and Denver Virtual Cybersecurity Summit will take place on Wednesday, January 13, and is slated to allow the local community of cybersecurity professionals to gain insights and education regarding the latest updates and challenges in the industry, despite the continued effects of the COVID-19 crisis.

Headlining this summit is Region VIII Cybersecurity Advisor David Sonheim from the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA). He will provide an overview of the active exploitation of the SolarWinds Orion software and how those events resulted in the establishment of a Cyber Unified Coordination Group (UCG) as a Government response. As well, he will discuss its extensive and lasting impact on both private industry and government agencies.

Sonheim, a Colorado native, will deliver his remarks, “Overview of the SolarWinds Supply Chain Compromise,” during the Summit’s main keynote on Wednesday.

“The key now is to build on our public and private partnerships by sharing information to assist the community in understanding their risk exposure while taking steps to identify and mitigate any further compromise,” Sonheim said. “For the keynote we’re going to step back and take a look at previous supply chain compromises, and review the timeline of the response efforts leading to the activation of the UCG as part of the National Cyber Incident Response Plan. By understanding the risk factors that drove these chain of events we can better work together across industry and Government to find a collaborative path forward as we respond to future events. So much of our nation’s critical infrastructure is in the hands of private industry partners which is why a collective approach is vital to its protection. CISA stands ready to help and provide advice to organizations, in partnership with numerous government agencies,” he added.

The Summit will also feature industry expert presenters and virtual exhibits from cybersecurity solution providers, as well as live, topical expert panel discussions fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around identity and access management amid the rush to work from home in 2020, and the key trends on which Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) should most concern themselves in 2021 in panel discussions. 

Data Connectors, which has conducted physical conferences since 1999, rapidly responded to the COVID-19 crisis, moving its full schedule of planned events online. The cybersecurity community has in turn responded to the opportunity: more than twice as many people have signed up for the virtual regional events than had registered to attend the previously scheduled in-person meetings.

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs and CIOs from organizations throughout the Rocky Mountain region. This week’s panelists include:

• Dan Anderson, CISO and Privacy Officer, Lifescan
• Eric Sorenson, Chief Information Security Officer, doTERRA
• Steve Winterfeld, Advisory CISO, Akamai Technologies
• Dr. Ken Knapton, Senior Vice President & Chief Information Officer, Merrick Bank
• Niel Nickolaisen, Chief Information Officer, OC Tanner
• Navpreet Jatana, Deputy CISO, Zions Bancorporation
• Nathaniel “Peter” Walton, Chief Information Officer / Director of Communications, 76th Operational Response Command (OR)

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Attivo Networks, Cloudflare, Avanan, Capsule 8 and more.

The Summit will take place on Wednesday, January 13, 2021 at 8:00 a.m. MT. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

Data Connectors Virtual Summits continue to focus on the local and regional requirements for cities and regions across North America, with upcoming Summits taking place for Eastern Canada, Detroit and Indianapolis, Minneapolis and Des Moines, Ohio, Boston, and more.

More information can be found at dataconnectors.com/attend.

About Data Connectors

Since 1999, Data Connectors (dataconnectors.com) has facilitated the collaboration between cybersecurity professionals and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners. Members enjoy informative education from industry luminaries, innovative solution providers and government agencies such as the FBI, InfraGard, US Secret Service and the Department of Homeland Security. Data Connectors brings live conferences to cities across North America each year, and also provides interactions with the community via Virtual Summits, Web Briefings, and regular communications.

SolarWinds Hack, Ransomware, Regulations Fi …

Industry News Posted by Jen Greco on Jan 6, 2021

Several members of the Data Connectors community, including companies like Security Scorecard, Rapid7 and Cybereason, are teaming up with industry leaders across government, academia, non-profit organizations and other private-sector organizations to form a Ransomware Task Force.

This group was organized by the Institute for Security and Technology (IST), who plans to convene the task force and begin work in January 2021. At that point, the organization will launch a website highlighting the leadership roles and complete list of members.

IST convened this group with the understanding that one organization or industry can’t face the ever-growing threat of ransomware attacks happening throughout the world. Such a task requires collaboration between public and private sectors, plus legal and academic scholars, insurance professionals and international organizations. 

“Ransomware incidents have been growing unchecked, and this economically destructive cybercrime has increasingly led to dangerous, physical consequences. Hospitals, school districts, city governments, and others have found their networks held hostage by malicious actors seeking payouts,” IST wrote in its blog, which announced the task force. “This crime transcends sectors and requires bringing all affected stakeholders to the table to synthesize a clear framework of actionable solutions, which is why IST and our coalition of partners are launching this Task Force for a two-to-three month sprint.”

The Institute cited its list of founding members to include the following:

Aspen Digital
Citrix
The Cyber Threat Alliance
Cybereason
The CyberPeace Institute
The Cybersecurity Coalition
The Global Cyber Alliance
McAfee
Microsoft
Rapid7
Resilience
SecurityScorecard
Shadowserver Foundation
Stratigos Security
Team Cymru
Third Way
UT Austin Strauss Center

Concerns surrounding ransomware are nothing new, but the threat has grown in the last year. The incidence and prevalence of ransomware attacks prompted the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to publish a new set of guidelines in September 2020. 

You can meet with any of our ransomware subject matter experts during one of the 2021 virtual summits. Click on the button below to join us for an upcoming summit.

Data Connectors Partners Join Multi-Sector …

Hot Topics in Cybersecurity Posted by Jen Greco on Jan 1, 2021

Regardless of your political take on those $600 stimulus checks (that may already be in some people’s accounts, per Treasury Secretary Steve Mnuchin), there’s one thing everyone can agree on: hackers will stop at nothing to get their hands on that cash.

Fraud-finding firm Bolster issued a report back in spring that found nearly 61,000 fake banking websites popped up following the promise of stimulus checks. Pair that with the 145,000 newly registered domains carrying some version of the phrase “stimulus check,” and you have an extremely unfortunate number of people getting drained of a much-needed lifeline. 

Check Point Software Technologies, a vital member of the Data Connectors community, also did some research on the topic. They published some examples of the phishing scams that were tricking unsuspecting people our of their stimulus and relief checks, and to grab their bank account information via phishing.

The research team with Check Point highlighted in their April 20th blog post on the topic:

These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links.  Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.

They found that there were 3.5 times more domains registered after Congress announced the first stimulus. So, how can you keep yourself safe from these scams?

One important thing to note is that the Treasury Department has made it clear that any communication about this pay-out will call it an Economic Impact Payment — the term “stimulus” or anything like it would not be used in any official capacity. 

Another tip: the IRS will never (ever, ever, ever) email, call or text you. Your check will be issued via direct deposit, or by the U.S. Post Office. That said, if you do get a random check in the mail with a suspicious amount (as well as instructions to call a number to get the money), don’t fall for it. Per the current bill, the checks include $600 payments for each individual that was claimed on your most recent tax return. Certain income brackets will receive different payments, but it’s very unlikely that these checks will contain cents.

What are some of the craziest scams you’ve heard of regarding the economic relief payments? Let us know in the comments below.

Hackers Want Your Stimulus Check. Here̵ …

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 30, 2020

Finally — 2020 is almost over. But before you breathe that sigh of relief, ask yourself: Am I prepared for the impending changes to privacy compliance laws? Whether you’re a PI-pro, or wishing we were talking pie instead — stick around. Our team has a huge pile of resources for you to ring in the New Year with a stress-free compliance plan.

Let’s take a quick dive into the world of the complex world of California consumer protection laws.

Basics, Please. What are these acronyms?

CCPA is the California Consumer Privacy Act. CPRA is the California Privacy Rights Act.

Good start. What is CCPA?
CPRA was adopted in 2018, and chances are, you’re already compliant within your organization (particularly if you do a lot of business in California). But for the uninitiated, and per the Golden State’s Department of Justice, CCPA includes:

• The right to know about the personal information a business collects about them and how it is used and shared;
• The right to delete personal information collected from them (with some exceptions);
• The right to opt-out of the sale of their personal information; and
• The right to non-discrimination for exercising their CCPA rights.

Fair enough. So what’s the deal with CPRA?
The citizens of California voted for CPRA via a ballot measure on Nov. 3, 2020. It takes CCPA and, basically, bolsters it quite a bit. For you, this means taking a look at your current compliance in terms of protecting your clients’ privacy. CPRA is way more specific. 

Does CPRA replace CCPA?
Nope. It serves more to augment the initial law, rather than replace it. What’s the best way to break down the differences? Attend our upcoming Web Briefing — here’s a sneak preview of this session. Hear a conversation between Data Connectors Chief Strategy Officer Michael Hiskey and Spirion’s Scott Giordano from the Atlanta Virtual Cybersecurity Summit in the video below:

There are 49 other states aside from California, and I’m in one of them. Does this apply to me?

You have to meet one of three standards to fall under the law. 

1. Your business pulls at least half of your annual revenue from sharing or selling the personal information of California customers.
2. Your business has a gross revenue greater than $25 million
3. Your business buys/sells/shares the personal information of greater than 100,000 California customers or households. 

Remember — all you need is ONE of those three. That makes this legislation fairly far-reaching, much like many of the state’s consumer protection laws. 

For instance, anyone who has ever manufactured and sold a product to anyone in the U.S. knows that California laws strong-arm the entire industry into posting CA Prop. 65 warnings on, well, basically everything (we’re talking aloe vera, parking garages, and coffee). That means that even if you roast your coffee beans in Oregon, but sell it over state lines, you need to carry a Prop. 65 warning on your packaging. 

So, if you meet the criteria, welcome to the wild West Coast. You’re expected to comply with CPRA as well as its predecessor, CCPA. And, if your goal is customer happiness and good business practice, then it makes sense to adhere to these guidelines — even if you have a very small number of customers or clients from California.

The challenge is in preparing your business for CPRA compliance — and, in a hurry. The measure that passed in November is going into law on January 1, 2021. 

This is bigger than me. How do I learn more?
Fortunately, you don’t need a degree from a prestigious California law school to navigate these laws, because Spirion’s Scott Giordano already did that for you. Hop onto our Web Briefing on Dec. 17th at 2PM ET, and hear from Scott and a full panel of CISOs on how to help your business handle these changes and protect your customers’ data.

CCPA and CPRA 2.0: Navigate the California …

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 8, 2020

Since COVID19 took over the national conversation in March, the world has changed in unprecedented ways. But what does life look like after the pandemic is behind us? What are our current and future threats? We talked to Cybersecurity expert EJ Hilbert and got his thoughts on the future of our country, as well as our industry.

For Hilbert, who has been a staple on the Data Connectors’ virtual summit circuit, the threats that exist stem from our lack of a “common enemy” — combined with a general lack of trust in the data presented by media and the government.

“Common enemies allow governments to join together and point in one direction while hiding the things they are doing that might equal criticism and impact their livelihood,” Hilbert said.

You might be saying to yourself, “What about the pandemic? What about global warming?” It’s not fair to describe those as a common enemy — they’re intangibles. We can’t put COVID-19 on trial, we can’t attribute any human qualities to global warming. It’s possible that our most recent global common enemy was Al Qaeda — collectively hated by the United States, Russia, China, and all their respective enemies. 

What happens when we don’t have a common enemy? Per Hilbert, it forces our social consciousness to look inward and look at ourselves. This brings forward the bevy of social justice issues — whether real or perceived — that have been cropping up across the country, he said. 

This civil unrest has likely been goaded by outside forces. His example is that of Russian and Chinese actors running the largest sets of bots and fake accounts that are searching and publicizing social issues in the United States — essentially forcing the national government to focus on the domestic crisis and is thus unable to focus externally.

“This is all done through data manipulation. Parties collect data on people, communities, et cetera, and profile them and pander their manipulation of data to those groups to sway opinions,” he said. “They do this by appearing as legit media outlets or government agencies to make people believe them. Mainstream media picks it up with limited background, and now it must be true.”

And unfortunately, the media retractions are often buried or lost in the news cycle. This leaves a few paths for the news consumer — accept the media’s narrative, or lose trust and turn to seek like-minded people and develop a cult mentality.

“This is the threat against the US. We can’t trust because everything is being manipulated.  We have nowhere to turn for the truth because the news is now about grabbing eyeballs via click bait headlines rather than reporting facts,” Hilbert said. 

He likened the follow up of the recent shooting of Jacob Blake. While the police were called for a domestic violence incident, along with a perpetrator trying to steal a car with children inside, there was a group looking to sow discontent in the United States by leaving out the crime — simply publishing “Police Shoot Black Man in the Back” — intentionally leaving out context. 

“If you can control beliefs, you can get people to fight each other and that can all be done through data, not guns or bombs,” Hilbert said. “It is a cyber-enabled attack, meaning it is a real world attack that can be expanded via the Internet.”

This isn’t a crazy conspiracy or anything like that, either — the idea of Psy-Ops has been used in limited capacity, like Radio-Free Europe (and mentioned in a previous post in this very blog). 

“Data manipulation based attacks have been red-teamed by multiple groups in multiple nations,” Hilbert said. “If you use it on an adversary there is nothing stopping them from using it on you.  It’s almost a mutually assured destruction type scenario. The US is using it on its foes and they are using it on us in return.”

Want to hear more from EJ? Check out his brand new podcast, “My Junk,” and come hear him give our Day 1 Keynote at the Data Connectors SoCal Virtual Cybersecurity Summit on Oct. 14.

Interview: EJ Hilbert on the Post-Pandemic …

Hot Topics in Cybersecurity Posted by Jen Greco on Sep 30, 2020

Our friends at ISC^2 have competed their 2020 Cybersecurity Perception study. And if it teaches us anything, it’s that cybersecurity is a pretty darn great career path – just not one that most respondents would want to pursue themselves. 

It’s sort of the career equivalent of that rom-com trope — “I love you, but I’m not in love with you.” Generally speaking, people are happy to be “friends” with cybersecurity… but they’re just not looking for a relationship right now. Sigh.

This news actually lands somewhere between heartening and disheartening. After all, only 1% of the 2500 people surveyed described cybersecurity as a “bad” career path. Who wouldn’t want to be generally considered smart, technically skilled and as “good guys fighting cyber crime” — as the survey summary suggests? But, as great as it is on this side of the fence, 69% say that while it’s a good career path, it’s not one they’d be interested in taking on.

The study found that Generation Z (those currently younger than 24) have the most negative view on cybersecurity as a career path. This is troubling, as the job market is flooding with more “Zoomers” each year (as the Boomers make their way to the Social Security office). 

So where’s that leave us? With an ever-growing 3 million (million!!) open jobs in cybersecurity across the globe, the study is a good reminder that we need to leave the door open for younger generations to pour in.

ISC^2 agrees, a widening the appeal of cybersecurity to include non-technical components and a variety of different roles, increasing educational opportunities, and developing a more focused effort in recruiting. 

At the New Orleans & Little Rock Cybersecurity Summit on Sept. 24, Michael Osterman of Osterman Research discussed the widening skills gap in the industry. In fact, he cited that his research found that three in five organizations found that the skills shortage is either “serious” or “very bad.”

The biggest issue is in filling positions related to proactive threat hunting and threat intelligence. Staffing issues on these topics presents a major issue within organizations — nearly a third of organizations reported that the lack of professionals skilled in proactive threat hunting presented a serious or extremely serious problem.

The Dire Consequences of the Cybersecurity …

Hot Topics in Cybersecurity Posted by Jen Greco on Sep 23, 2020

Kenrick 3.0 is on his way.

After a long stint setting up a full-scale data security architecture at a major bank in Bermuda, followed by a few major career changes that landed him perfectly in law enforcement — Detective Constable Kenrick Bagnall of the Toronto Police Service has had his fair share of learning experiences.

His life on the island as an IT pro? That is Kenrick 1.0.

His life as a cyber crime-fighter? That’s Kenrick 2.0.

With that experience, comes some great advice. After the Data Connectors team sat down with the Detective Constable at the TPS C3 (that’s Coordinated Cyber Centre), he certainly wasn’t short on insights for everyday Canadians, business owners, and anyone looking to enter law enforcement in the future. 

FROM THE IT DEPARTMENT TO THE FRONT LINES

After coming back to Toronto after spending many years in Bermuda as the Vice President of Information Technology at a major bank, he set his goal to be a consultant — but the work just wasn’t what he’d wanted it to be.

Heading back into the private sector wasn’t a right fit either after he’d been met with the “Overqualified” label time and time again. 

It wasn’t until a family friend showed him a clear path into the Toronto Police Service — specifically the tech crime unit that was fairly new in the mid-2000s. Long story short, he took the test, got hired and was in training inside of a month. But at the start, he was on the front lines. 

“I was a 42-year-old rookie. “The Rookie” show on TV — that was me,” Bagnall said. 

After he’d had his fair share of physical altercations during arrests, chases, and more. Despite dipping his toe in tech crime, he realized it wasn’t the perfect fit after all. But with that, he took a more investigative track. That led him into fraud investigation, followed by the cyber division in 2015. 

“The rest, as they say, is history… as far as Kenrick 2.0 is concerned.”

Now, his focus is on helping the community stay informed about some of the threats that they face. 

“I truly enjoy what I do, I’m like a kid in a candy store. When I come to work, I get ‘play’ with technology, I work with smart people, and advocate for victims and bring criminals to justice.”

BECOMING INFORMED ON CURRENT ISSUES

One of the greatest challenges we all face in this age of information overload is trying to figure out who to trust, and from where to get information. Bagnall offered his thoughts on where he gets his news, plus how to ensure the truth in what you’re reading. 

The first step? Be sure to verify everything you read. 

“Triangulate your sources,” Bagnall said. “Where else is that coming from? Is anybody else saying the same thing? And if not, why?”

He said he leans heavily on his fellow law enforcement agencies for first-hand confirmation of the things he hears. 

“My first trusted source is in my own community,” he said.  “If one of my fellow law enforcement officers on the West Coast says to me, I saw this last week — that’s going to be a trusted source for me.”

There are a few organizations in the cybersecurity space where that’s their core competence. Also, use some of the law firms that use cybersecurity best practices within their agency. Also using information from trusted sources within the community — including solutions providers, litigators, and community partners. 

SUCCESS FAVORS THE PREPARED

When a breach happens, your success in overcoming it depends on how prepared you were, according to Bagnall.

Calling on his experience as an IT professional before heading into law enforcement, Bagnall sympathizes with business owners who need to manage the goals of the organization — and he said he can understand where the recommendations of law enforcement might not always work well with a business.

“We always say not to pay because it’s a form of extortion, and that’s something as an agency that you can’t support, but at the end of the day, that’s a law enforcement recommendation. It’s a business decision — do we pay?”

Good preparation includes having a cyber incident response plan. Having awareness training within their team. But, those things don’t always happen — and sometimes, the best way to react is through taking a step back when a ransomware issue comes up and doing what’s best for the organization. 

“If I were giving advice to a CEO, I’d say, forget about looking at backup and recovery, and the latest whiz-bang solution that’s going to help you recover from ransomware,” Bagnall said. “Look at your business and look at what you really need to do to continue the business in the face of something like this.”

The first thing they should do is to get some expertise. Get some boots-on-the-ground to manage this. The value of engaging a breach coach is huge, Bagnall suggested. In fact, Digital Guardian published in 2018 that on average, a company in the US that was breached is out about $8 million. A breach in Canada will run the company about $4.4 million (USD). 

While you’re managing the breach on a professional level, don’t forget to reach out to law enforcement. 

“Historically, law enforcement isn’t the first call. But hopefully if they’re doing things the way I would like to see them fit us in there at some point,” Bagnall said.

THE STATE OF CYBER CRIME

For Bagnall, the biggest threat is ransomware and business email compromise. 

“I think the biggest hurdle is still ignorance. A lack of understanding and a lack of awareness, both individually and in organizations as to what threats are and how we can best combat them,’ he warned. “Trust no one.”

“We are not making cybercrime watercooler conversation. It should be part of the everyday vernacular. Around the watercooler. To our kids, to our parents,” he said. “I think it’s only when we start having that dialogue, we’ll start making headway.

So what’s next? Bagnall’s next project is something he’s calling “Cyber Cop 2030.” 

“It’s really what cyber investigations may look like, in my opinion, ten years from now. And what it should look to become more efficient. Because it’s not today.”

We’ll be keeping our eyes peeled for Kenrick 3.0 as he progresses this effort.

Interview: Det. Cons. Brings IT Experience …

Interviews Posted by Jen Greco on Sep 20, 2020

We’re all hunkered down in quarantine, so major trade shows have been cancelled. Virtual events will get us through this patch – but what comes next?

It is said that in times of crisis, we adapt.  We modify our behavior and we persevere.  And when the immediate crisis has subsided, we look at what worked, and often adapt much of it into our lives as we move forward.

We’re obviously in a crisis now, and among the many changes we have had to make is one that impacts our professional lives.  For years, we’ve regarded major conferences and trade shows as an integral part of our technical learning curve…and yes, as a major part of our social interaction with our industry peers.

That’s all changing before our very eyes, and the COVID crisis is only one element.  To be sure, the restrictions placed on our travel and ability to assemble have directly impacted the conference industry.  A recent article places the loss at more than a billion dollars, and that number has only increased since then.   O’Reilly’s decision to shutter its physical conference business also hit the industry like a bombshell.  But our ability to adapt and change presents us with other opportunities.  O’Reilly’s CEO acknowledged as much, saying, “With large technology vendors moving their events completely on-line, we believe the stage is set for a new normal moving forward when it comes to in-person events.”

The past few years have seen accelerated growth in smaller regional conferences, along with a greater emphasis on virtual conferences.  The shift has already begun, and we believe it will continue long after we are back to “business as usual,” which we believe will NOT be “business as usual.”

For openers, CFOs and others responsible for the bottom line will be more active in questioning the value of spending significant sums of money on a conference in Las Vegas or elsewhere, especially in lieu of the cancellation of conferences this spring.  What, they will ask, is the ROI for going to these large get-togethers? Can the money be more efficiently and effectively spent to attract and retain prospects and customers?  Are there smaller, regional alternatives that cost less and pose fewer risks?

Conference attendees ask the same: Can I spend less money and achieve similar results closer to home? Would I prefer to be among a smaller public gathering? Can I simply attend an online forum of some sort?

Regional and virtual summits will meet those needs on both counts; in fact, they have already begun doing so.  A recent Los Angeles-based physical conference that had signed up 300 participants quickly pivoted to an online Virtual Summit when the “stay at home” order was issued; in the process, the event more than doubled its registrations.  Even when things get back to normal, companies may well see regional conferences as delivering the same educational and business benefits as the large mega-conventions.  They will be treading lightly, with even less inclination than before to attend and spend at the bigger shows.

I’m not suggesting that all of the big conferences will shrivel up and fade away.  Those sponsored by major vendors, like RSA, Microsoft, Tableau and Gartner, will still be held and will still be successful.  But the COVID crisis has forced companies, big and small, to take a more focused look at the conventions they may have previously taken for granted.  (And it’s not only in the tech sector, of course; events like hardware shows, auto shows, even PizzaExpo, have been delayed or cancelled.)

Our current crisis has forced us to adapt and to alter our thinking in any number of areas.  The purpose of the conferences we attend to learn and interact with our peers are, and will be, no different than in the past.  Their physical nature, however…where and how they are held…will.  The change has already begun.

Business Conferences Amid the COVID Crisis: …

Virtual Events Posted by Michael Hiskey on Apr 10, 2020