Session Abstract:
Kamil will conduct the keynote on Incident Response within IoT specifically on the critical challenges and evolving landscape of cybersecurity in the context of the Internet of Things. The topic includes an analysis of significant hacks that have exploited IoT vulnerabilities, illustrating how attackers are leveraging these devices for criminal financial gain and other malicious purposes(Botnets, etc). The discussion is based around the unique security weaknesses inherent in IoT compared to other parts of switched networks within Information and Communication Technology (ICT). Furthermore, Kamil aims at providing insights into effective strategies and practices for businesses to defend themselves against these growing threats and relating them to the capability his team is building at Intellias – highlighting the importance of robust incident response plans specifically tailored for the IoT ecosystem.
Speaker:
Kamil Fedorko, Global Cybersecurity Practice Lead, Intellias: As the Global Cybersecurity Practice Leader at Intellias, I oversee the delivery of cutting-edge cybersecurity solutions for clients across various industries and regions. I have more than five years of experience in cybersecurity, DevSecOps, network security, and cloud-native architecture, with a proven track record of leading successful engagements and projects. I hold an Honours Bachelor in Computing Networks and Cloud Infrastructure from Atlantic Technological University, where I developed strong skills in cloud computing, networking, and telecommunications. Prior to joining Intellias, I was the DevSecOps Lead / Security Lead at Sim Local, where I implemented security best practices and standards for the company’s cloud platforms and applications. I also worked as a Cybersecurity Manager at KPMG Ireland, where I led teams of security consultants and analysts in conducting purple team, incident response, digital forensics, vulnerability assessment, penetration testing, web application, and infrastructure security audits for various clients. I am passionate about staying on top of the latest trends and innovations in cybersecurity and leveraging them to help my clients achieve their business goals and protect their assets. I am also committed to fostering a culture of collaboration, learning, and excellence within my team and the broader cybersecurity community. I am always looking for new opportunities and challenges to grow my skills and knowledge, and to contribute to the advancement of the cybersecurity field.
Key Takeaways:
English Hacking groups are what we call “access brokers” by hacking into businesses and then selling that access to the highest bidders. These hackers look for consistent opportunities rather than one large pay out.
Arabic Hacking communities are more of a knowledge sharing platform. They are more knowledge based with their targets exclusively being America. They are after damage! They are not interested in money but rather in bringing your system down then brag about it.
One of the biggest breaches has been StuxNet. There was a virus that essentially encompassed the whole internet for a long time but would only activate the moment it got in a nuclear reactor. They were specifically targeting the safety systems that controlled these reactors. This virus was able to go undetected for 3 years!
What can we do if my business is hit?
It is a simple exercise that I believe is essential.
-Incident response policy plan
-Training and awareness
-Risk assessment and threat modelling
-Tabletop simulations
-Will to invest or to outsource
