On Wednesday 21 August 2019 the Connect Mobile team attended the MyBroadband Cyber Security Conference, where the focus was placed on strengthening network infrastructures, identifying security flaws and weaknesses in your network, and exposing just how simple it still is in 2019 to steal critical data from personal devices as well as large corporate infrastructures.
The first keynote speaker was Dominic White, CTO of Sensepost. White discussed some very pertinent issues with regards to how long some security vulnerabilities have been around and how unpatched and outdated legacy software is one of the biggest security issues plaguing companies today. He also spoke about how a company’s infrastructure can be penetrated at the most trivial point, and lateral movement from this point can expose an institution’s most valuable data.
Continuing from White’s talk, HP Technology Consultant Maurizio Bazan highlighted how only 22% of companies secure their printers. While initially securing a printer seems like a paranoid response to endpoint security, he went on to explain how some printers have the same hardware capabilities of a small laptop and should, therefore, be treated like any other exploitable user-based network endpoint.
The highlight of the conference came with the second keynote speaker of the day – Head of Cyber Security for Internet Solutions Kenya, Dr. Bright Gameli Mawudor. Dr. Mawudor placed emphasis on how easily exploitable end-user devices such as smartphones and laptops are. After a few simple steps using free, open-source software, Dr. Mawudor was able to expose login credentials and home addresses, as well as exploit Google Search to scrape pages of private information on unknowing victims, from publicly available documents. Dr. Mawudor also demonstrated that if you have ever joined a free, public Wi-Fi, there is a good possibility that your data, or even your company’s private data, has also been exposed.
Next on the agenda was Senior Information Security Consultant at MWR InfoSecurity, Ion Todd as well as Redstor Country Manager for Africa Regions, Shaun Searle. They created interesting discussions surrounding the proper steps to take in the Cyber Security workflow as well as how important of a role disaster recovery played in this workflow, respectively.
The conference was rounded off with an interesting demonstration from Crimson Wall founder, Renico Koen, on how the familiar USB device is not as secure as you once thought it was. With a small budget and limited technical know-how, one can easily build their own device that can be used to control a device remotely. A similar keylogger device which can be conspicuously disguised as a storage or peripheral device was also shown. It’ll make you think twice before borrowing a USB flash drive or keyboard.
Overall the eye-opening conference brought light to the never-ending list of ways hackers and social engineers work to pry data out of your every-day, seemingly safe devices on both a personal and corporate level. More focus needs to be placed on integrating security into the absolute foundation of our technology practices. At Connect Mobile we pride ourselves in not only ensuring that a high level of security is forced onto our own systems but also those of client-facing software. From an access-controlled office park to Google Suite work profiles that can be wiped and deleted in an instant, security is no longer optional in any event.