What Can DerbyCon Teach You About Social Engineering?

Recently I had the opportunity to attend DerbyCon 2018 in Louisville, Kentucky. As a new member of the Information Services Advisory Team (ISAT) at Twinstate Technologies, this was a new experience, and one that was unique, to say the least.

Before joining Twinstate, I managed IT for many small businesses, kept up on certs and new technology, but did not have the extra time to attend conferences of this nature, let alone dive into the cybersecurity sector.

DerbyCon 2018

DerbyCon is a conference that concentrates on one facet of IT, cybersecurity. As an attendee, we had training sessions to learn and work with tools hands-on, as well as the opportunity to discuss issues we are facing with other IT professionals. Keynote speakers from the US and around the world discussed the latest threats, projects they have been involved with, and how we can implement defenses for our clients.

Social Engineering

The training I attended was on Social Engineering. The training concentrated on using specific tools to gather data and see how prolific someone’s information is on the internet, which many times they are unaware of. A quick search on just an email address can provide astounding results showing tweets sent within a geographic location, every website a person logs into not only social networks but banks and other institutions that we need to be secured too.

This information is available to anyone looking, including hackers that use this against people in varying ways. We all know of scams via phishing emails, phone calls from someone claiming they are from our bank asking for personal information (vishing), and all too frequently the fake threat calls from the IRS.

All these methods are commonplace in the news and costing citizens every day. The slightest amount of data like someone’s SSN gives these hackers further knowledge to sound credible or gain access to areas we want to remain protected. This information is used against organizations to infiltrate systems to infect and hold for ransom or even destroy data.

From our perspective, knowing the threats that organizations are exposed to, we can work on closing this down by changes to infrastructure & security protocols, but a key component is training client staff to reduce this risk profile and help them be diligent in this fight.

Why You Should Attend DerbyCon

There are many smaller IT management vendors that do not have the bandwidth to attend conferences like DerbyCon. As I mentioned earlier, before my current position at Twinstate, I was in a similar situation. I can attest that anyone with IT Management responsibilities, from the smallest MSSP all the way to internal IT staff for corporations, you should attend.

I am now able to leverage a cohesive team to provide a higher level of services to all of our clients at a level which I was not able to before. We attend different conferences and training sessions throughout the year allowing us to keep up to date of the latest defenses, methodology, and tools to incorporate and provide a higher level of service.

New cyber threats are appearing regularly, and there is no end in sight. Technology is becoming smaller, and more “smart” devices get connected every day, and so the surface area for attacks is broadening. These challenges are more than one person, or one small team, can handle on their own. That’s where a Managed Service Provider steps in.

MSPs are constantly training their specialists on the latest threats, giving them the most up to date and diverse knowledge base to supplement your existing IT departments efforts. Leveraging an MSP can enhance the overall functioning of your organization while easing the burden of your likely overwhelmed IT staff.

Today’s threat landscape is one of continuous evolution of assessing new threats as they surface and being prepared to work together with our clients to minimize exposure whether online or internally.

Read More: