You are currently viewing Cybersecurity professionals remember the importance of self-care – Security

Cybersecurity professionals remember the importance of self-care – Security

The 21st AusCERT Conference opened with a testimonial on how kindness shapes a better world and ended with a plea for a better understanding of how malicious actors target organizations and individuals.

Former sportswoman Kath Koschel kicked things off by explaining why she created the Kindness Factory, a global movement that has inspired more than four million people to “pay it forward”.

After having her back broken twice which made her dream of playing elite cricket cruel, she was at risk of losing her leg, she was told she would never be able to walk again and she lost the love of his life.

She overcame adversity by challenging herself and others to be kind.

“Feeling gratitude and not expressing it is like buying your best friend a birthday present, wrapping it with a bow, then throwing it in the closet and never giving it to him.

“Who are you grateful for? Did you tell them?

Koschel’s story of resilience has struck a chord with security professionals who face their own adversities and adversaries among malicious actors on a daily basis.

As part of its commitment to wellbeing, AusCERT, the University of Queensland’s non-profit online emergency response team which hosts the annual Gold Coast conference, had professionals from mental health on-site to advise delegates who may be struggling with work and life. pressures.

Behind the scenes of the Lapsus$ attack on Okta

Acknowledging the toll malicious actors have had on him and his team recently, Brett Winterford, Regional Security Manager for Okta, vivisected the recent Lapsus$ attack which initially was feared to have compromised hundreds of the provider’s customers. .

In a post-incident assessment of a brutal franchise, Winterford acknowledged that the identity and access management vendor could have been more aggressive with a help desk partner who was the attack vector.

The attack by the Lapsus$ hacker group between January 16 and 21 of this year allegedly compromised 366 Okta customers.

But upon investigation, Okta identified that the attack via a thin client device belonging to the third-party help desk partner lasted 25 minutes and affected two customers.

It is understood that the hackers exploited flaws in the third party’s infrastructure to gain limited access to Okta’s systems before technical controls blocked them.

Although Okta handled its own investigations quickly and satisfactorily, Winterford said, communications with its partner hampered informing customers sooner.

Adding to Okta’s headaches, the hackers had a habit of breaching large corporations, lending credence to claims that were later refuted.

“It was always going to be in the headlines given the role Okta plays for our customers. On a technical level, this event had almost zero impact,” Winterford said.

“But that doesn’t mean it hasn’t had a huge impact. This had a very big impact on our customers; it caused a lot of inconvenience and anxiety.

“Many of our customers were unimpressed with our response. [The] the disappointing part is that it should have been a really good story for Okta; our technological controls have greatly frustrated and inhibited this threat actor.

Closing the lid on the incident, Winterford presented a playbook on how Okta will handle, mitigate and soon respond to such attacks in the future:

  • Third Party Risk Management – “We will more actively audit and verify the security posture of our third parties.”
  • Access to customer support systems – “We will insist on support partners [such as helpdesks] take full advantage of Okta Identity Cloud and phishing resistance factors [with log access]. This means that we will probably be working with smaller entities as we cannot dictate terms to large ones.
  • Communications with customers – Okta will implement new processes to communicate security and availability issues.
  • Living up to our values ​​- “We have committed all of this to an action plan [and independent forensics report] that we sent to our customers and that we will execute in the next few weeks.

“We are going to have real-time visibility into device events. We’ll make sure we have the [system] newspapers, we have to respond,” Winterford said.

AusCERT22 is taking place this week on the Gold Coast. Brett Winterford is a former editor of iTnews.

Leave a Reply