This week we asked more of our speakers, “If you presented today instead of several weeks ago, what would you change/add/do differently?” Here’s a look at what the presenters of this week’s Top 5 RSA Conference Resources had to say:

1. Forensic Techniques against Hackers Evading the Hook

   “Hackers do not sleep, especially when you work from home,” said Paula Januszkiewicz, CEO and Cybersecurity Expert at CQURE Inc. “It’s important to know how to react and gather the evidence. Working remotely creates more challenges for cybersecurity, with personal devices connected to a company’s network. The global approach to remote work is low hanging fruit for hackers, depending on various solutions used by companies, and the probability of an attack is now higher than ever. We need to know how to respond.”

    

2. Prioritizing the Top 20 on a Shoestring

   “The assets are in new environments, but knowing those assets sets the basis for everything else,” said William Bailey, VP Information Security at Police and Fire FCU. “When people need to react to a new situation, the spirit of the policy should be followed, even if it’s not 100%. For example, a policy or procedure may not be followed when workers take assets home. As long as there is still the audit trail, you can catch up once remote workers are up and running.”

   Bailey added, “There are vendors offering special pandemic solutions. If they make sense, and if they address risks the organization faces, that’s great. Just because there’s a pandemic doesn’t change whether the security shiny tool is necessary for every organization, or necessary long-term.”

    

3. MITRE ATT&CK: The Sequel

   Freddy Dezeure, CEO of Freddy Dezeure BVBA said, “I think indeed that there is interest and scope for beating the drum and helping even more people to understand the benefit of the framework and the tools. My gut feeling is that it should be complementary to more detailed and practical material that is already available on MITRE's website.”

    

4. What Is a Synthetic Identity and How Do They Work?

   “As financial institutions are working to help consumers, and the amount of government aid increases, the general public’s guard is down. Businesses are focused on paying rent and their employees while individuals are looking to make ends meet. Bad guys take advantage when people are distracted. The banks will be open to more risk and fraud since there is a chance that their goodwill is backed by government funds,” said Steve Lenderman, Global Security Organization at ADP. “The bad guys know this too, and it would not surprise me if they start to take advantage of the banking system when it is overwhelmed. I’ve seen a significant increase in the synthetic entities being used to apply for SBA loans and the Paycheck Protection Program. Given the volume of genuine needs, there will be bad guys that sneak through fraudulent transactions as well.”

    

5. How Smart Cities Become Wise

“Cities, colleges and hospitals are still the targets of cybercriminals, which comes at a bad time as resources are being diverted to manage the impact of this virus on citizens, students and patients,” said Gary Hayslip, Director of IT Security and CISO at SoftBank Investment Advisers. “Imagine the risk these organizations are taking as they move staff to working-from-home and connect technologies to their networks that may not be ready for some of the new cloud services or collaborations tools their teams need to be working remotely. As we take care of our people, we must not forget the networks that are vital for us to communicate and manage our response to COVID-19.”