2022-06-18, 16:00–16:45, Track 1 (UC Conference Rm A)
In this talk, we’ll explore the steps an attacker might use to mask their identity, hide their tracks, and we’ll examine some real-world scenarios from over the past year where full compromise had been accomplished through human error, seemingly harmless configurations, and vulnerable products. We’ll then explore avenues for engaging employees and management through gamification and we’ll outline several cost-effective measures to create a more hardened environment.
In 2021, nearly 50% of all cyberattacks targeted businesses of 1000 employees or less. Why do attackers target small businesses? Because these organizations lack the resources and the security expertise – they are the proverbial low-hanging fruit.
In this talk, we’ll explore the steps an attacker might use to mask their identity, hide their tracks, and we’ll examine some real-world scenarios from over the past year where full compromise had been accomplished through human error, seemingly harmless configurations, and vulnerable products. We’ll then explore avenues for engaging employees and management through gamification and we’ll outline several cost-effective measures to create a more hardened environment.
Vincent Matteo is a security researcher and a senior penetration tester at Seven Layers where he focuses on securing small to medium-sized businesses. Vincent is an Air Force veteran as well as a veteran of the technology world with over 30 years of experience -- 20 years of which spent running Seven Layers. Vincent is an author, a previous speaker at Grrcon, BSides, and Snowtalks security conferences, and a recreational bug bounty hunter with 17 CVEs. In his spare time, Vincent drinks copious amounts of coffee, he enjoys petting his two dogs, and when he’s not in front of a computer, he’s out running hundred-mile ultramarathons.