SC Media RiskSec Toronto Editorial Wrap Up
SC Media RiskSec Toronto Editorial Wrap Up

The inaugural SC Media RiskSec Toronto event held earlier this week touched upon a wide variety of cybersecurity topics, including training, working with senior management, privacy issues, cybersecurity industry pay levels to the latest on WannaCry ransomware.

The two-day event, held in downtown Toronto at the St. Andrews Club attracted hundreds of cybersecurity professional and featured in-depth discussions and demonstration on a wide variety of topics.. The event kicked off with John Glowacki's, COO of Shared Services Canada, keynote address.

The exhibit floor during RiskSec Toronto.

Here he discussed how Canadian federal agencies successfully withstood the May WannaCry ransomware campaign, showing nominal impact from the attack, due in no small part to Shared Services Canada, a department that acts as an IT and cybersecurity services provider for the Canadian government.

"There are some countries that did not fare well," said Glowacki, Jr., but in Canada, "We were able to respond extremely quickly compared to similar events around the world, similar events we've had to deal with before.”

Tom Levasseur broke down the WannaCry attack for the crowd.

There was no shortage of WannaCry-based discussions. The ransomware that garnered to much press in May was given a hard look by Tom Levasseur, CGI's vulnerability assessment and penetration specialist.

Levasseur gave attendees an in-depth look a WannaCry, putting to rest several of the initial rumors that popped up regarding how the ransomware was propagated and which operating systems were at risk, while also firming up where the hacking tools came from.

A few of the points he, along with most industry researchers, are certain of is the EternalBlue and DoublePulsar tools did originate from the National Security Agency, aka the Equation group, the ShadowBrokers are most likely a Russian intelligence organization. However, nailing down who was behind the attack is still up in the air.

Levasseur's analysis found that unlike the initial thoughts WannaCry was not spread by a phishing campaign, but was a true worm with the cybercriminals scanning the internet for an open port 445, which was then targeted for attack. He believes several thousand computers were targeted in such a manner at the outset of the attack.

“We had not seen a good internet worm in a long time, Levasseur noted, adding that the first attacks were spotted taking place in Southeast Asia.

Levasseur also pointed out that the reports fingering Windows XP as the primary OS being targeted, it was Windows 7 variants that were hit most frequently.

Angus MacDonald (l), director of sales engineering at Trend Micro Canada, and Walt Williams

Attendees also learned that some of the tried and true methods of protecting oneself or organization against ransomware, backing up files, may not be that safe.

Ransomware attacks could one day evolve to increasingly target back-up files, one of the few effective tools security professionals managers have to remediate an infection, according to a panelist at the RiskSec Toronto 2017 conference this week.

"They're probably going to trigger this so that you can't do a restore from your backups without... the encryption key," said Walt Williams, director of information security at Monotype Imaging Holdings. Williams spoke alongside fellow presenter Angus MacDonald, director of sales engineering at Trend Micro Canada, in a session focusing on how companies can effectively defend themselves against ransomware.

According to both speakers, a few basic steps – including diligent patching, installing properly configured anti-malware solutions, introducing intrusion prevention systems and strong IPS rules, and creating back-up files – can go a long way to halt or limiting the damage of most ransomware attacks.

Also on the first day David Foote, chief analyst & CRO with Foote Partners, who covered staffing issues for the industry who touched upon industry salaries.

David Foote, cyber analyst at Foote Partners LLP

The average salary of U.S. senior cybersecurity specialists in Q1 of 2017 was $118,887, according to research from David Foote, cyber analyst at Foote Partners LLP, in a presentation Monday at RiskSec Toronto 2017.

Foote, who specializes in IT salary and skills pay benchmark surveys and market intelligence, also reported that the average salary of a non-senior U.S. cybersecurity specialist in Q1 2017 was $100,279.