I Came in Like a Wrecking Ball

Presented at CactusCon 11 (2023), Jan. 28, 2023, 6 p.m. (60 minutes).

In 2021, businesses with fewer than 1,000 employees were the primary target of about half of all cyberattacks. Why do criminals prey on small businesses? These organizations are the proverbial low-hanging fruit since they lack the resources and security competence. In this presentation, we will cover the methods an attacker can take to conceal their identity and disguise their digital footprints, as well as real-world examples from the previous year in which full compromise was achieved through human error, seemingly harmless configurations, and insecure products. Then, we'll examine opportunities for engaging employees and management through gamification and highlight cost-effective strategies for creating a more secure environment.

Presenters:

  • iamv1nc3nt - Adversary Emulator
    Vincent is a security researcher and a senior penetration tester focusing on securing small to medium-sized businesses. Vincent is an Air Force veteran as well as a veteran of the technology world with over 30 years of experience -- 20 years of which spent running a small technology business. Vincent is an author, a previous speaker at Grrcon and BSides security conferences, and a recreational bug bounty hunter with 17 CVEs. In his spare time, Vincent drinks copious amounts of coffee, he enjoys petting his two dogs, and when he’s not in front of a computer, he’s out running hundred-mile ultramarathons.

Links: