Tom Conkle’s Post

This is a meaty and unconventional perspective on cybersecurity table-turning. *important to read the actual 10 page paper

"The Enterprise Strikes Back" just published! Our exciting new paper on the slightly contentious topic of industry-led "active cyber defense." Published as proceedings of the 57th Hawaii International Conference on System Sciences (HICSS), known worldwide as a prestigious and long-standing scientific conference. Highlights - and hang on - this is a Roller Coaster ride; • Fact: cyber defense can no longer be sustained with passive defensive tactics  • Shift: we propose an Industry-wide paradigm shift from passive to active forms of defense i.e. “hacking back”  • Yes, corporate self-help in cyberspace is a contentious issue • Yes, the private sector can defend networks – but not permitted to retaliate beyond perimeters •We identify how cyberattacker cognitive vulnerabilities can be targeted and exploited to disrupt cyberattacks, i.e. psychologically "hack back" •We argue that effective defensive operations can be achieved without breaching the legal threshold of cyber offensive operations   • And - we introduce our ‘HackBot’ an automated strike back innovation, specifically devised to reverse socially engineered attacks in cyber defence contexts Inspired by the #IARPA ReSCIND initiative the full title of our paper is "The Enterprise Strikes Back -Conceptualizing the HackBot - Reversing Social Engineering in the Cyber Defense Context" You can download it here 👉 https://lnkd.in/ebiV2rHF Please read it & post comments - I cannot wait to present this research at my next speaking gig - it should make for a very lively Q & A session :) Special thanks to my fellow colleagues & collaborators Michael Lundie, Ph.D. Diane M Janosek, PhD, JD Adam Amos-Binks, Ph.D. & Kira Lindke #Cybersecurity #cyberpsychology #activecyberdefense #HackBack #IARPA #ReSCIND #CyberPSYOPS Bradford Sims, PhD, FRAeS Ian McAndrew JD Dianne O'Neill Capitol Technology UniversityDavid Omand Christopher Steed Mark Maloney Edward Albrigo Mike Steed Brenda Chia Kenneth Pentimonti Alex Ledoux Geoff White Amine Mcharek Ciaran O'Boyle Barry O'Sullivan Robert Hyland Ludmila Morozova-Buss Raymond J. Hegarty Kate Coleman Emma Thorpe SKDK Daniel Fitter Maya D. Daniel B. Elise Quevedo Greg Conti Ralph Echemendia Joshua Sinai Alex Simm Dr. Marshall S. Rich Philipp Amann Dr. Paul de Souza John Defterios Eoin O'Shea

Yet another acknowledgement that the world of Cybersecurity, is a world of Human attack vectors, not machine/technology attack vectors. People, with our behavioral traits and characteristics are where it all begins. The plain and simple fact is there are three behavioral characteristics which in mathematical terms are the "head" or starting point of what becomes the attack vector. Accidental (70-80%), Negligent (10-20%), and finally Malicious (1-5%). From there, the mathematical properties of a Vector, which include magnitude and direction are recognizable through quantification and pattern analysis. Using many of the same analytic and modeling techniques used to predict and forecast known patterns like the weather, can be applied to everyday human behavior allowing you to visualize risk and take advanced action to mitigate the potential impacts. This is why at Red Vector, Inc., we believe the transformational approach away from Insider Threat, to Holistic Insider Risk is a tectonic plate shift that will have profound effects on the way we succesfully defend and in many cases eliminate the principle root cause of Cyber Incidents. The human element. #insiderriskmanagement #cybersecurity #redvector

At a high level, the top five challenges will look familiar, but take a deeper dive and you’ll see that higher education administrators are facing increasingly complex challenges across these issues. Risk, reputation, and resilience are threads throughout NACUBO’s Top 5 Higher Education Business Issues of 2024. For example, investing in essential technology requires ensuring protection against cyber threats, navigating new questions and opportunities related to AI, and building and retaining a data and technology team in a competitive workforce environment. Read more: https://lnkd.in/ebM-QPTC

🚨 New Blog Alert: Building Consistency in Cybersecurity Investigations 🚨 Discover how Elemendar’s READ application is revolutionising Cyber Threat Intelligence (CTI) with data fusion! In a ground-breaking DASA project, we partnered with Loughborough University to transform STIX outputs into an Advanced Information Model (AIM) using GraphDB. This method enhances the consistency of CTI data, making threat identification and analysis more robust and insightful. 👉 Learn how our state-of-the-art AI converts unstructured CTI into actionable intelligence. 👉 See the power of combining data from multiple sources for a unified, quarriable model. Dive into the full story and explore how data fusion is paving the way for advanced threat intelligence! #Cybersecurity #DataFusion #ThreatIntelligence #CTI #AdvancedAnalytics #Elemendar P.S. How are you leveraging data fusion in your cybersecurity strategy? Let’s discuss in the comments! 💬

Join Ciaran Martin and I in Oxford on 1-3 May Blavatnik School of Government, University of Oxford for the first edition of The Cyberspace: Statecraft and Policy Programme, which explores the impact of technology on public policy, emphasising the growing importance of cybersecurity in national strategies. The course is designed for mid-senior policymakers in tech-related roles or seeking comprehensive #cyberspace insight, the course blends theory with practical exercises, and looks at how #cybersecurity, #worldpolitics, and the #digitalworld connect, and how governments handle #security issues in our fast-changing tech world. https://lnkd.in/ezyu3yKc  

Via UNIDIR — UN Institute for Disarmament Research "A global network of academic organisations and training frameworks that can offer regular courses focused on cyber capacity building needs in the context of international peace and security could be envisaged. Such a network could provide the flexible and adaptable educational opportunities needed to meet the changing demands of policy negotiations and discussions." #cybersecurity #cybersecurityeducation #cybertalentgap https://lnkd.in/gW3B9x7i Academia is certainly a piece of the puzzle, but a framework that will overcome decades of shortfalls in cyber capacity building is an all hands on deck proposition. It needs governments at all levels, academia (including everyone from PhD to trades apprentice), industry, NFPs and NGOs to coordinate their efforts. It also needs to happen regionally, nationally and internationally. There are too many rabbit holes for these siloed interests to disappear down as it is. Canadian Cybersecurity Network

Cybersecurity in 2040 For those of you that may have missed it, the World Economic Forum (WEF) published a great white paper at the backend of last year that explored how digital security could evolve over the next 5 to 7 years The foresight🔭 focused research initiative was a collaboration between University of California, Berkeley Center for Long-Term Cybersecurity, the World Economic Forum Centre for Cybersecurity and CNA Corporation’s Institute for Public Research As a lot of our research has explored how to build trust quickly, it will be no surprise that our favourite overarching observation was ultimately about trust😃 The report identified that digital security is being reframed as the ability of societies to match the speed of trust with the speed of innovation. Ultimately, humans need assurance that truth is attainable if they look 🔍in the right places. To do this, organisations need a digitally literate workforce that is also media savvy and inoculated against misinformation, disinformation and malinformation, if they wish to succeed in an environment of continued deep fakes and other technology-based methods of degrading trust. The report is written in an easy-to-read format and is only 10 pages long so can easily be digested while having a ☕️ After having a read, we would be interested to know what is your favourite takeaway? A link to the report can be found here👇 https://lnkd.in/ecHDG_Mp Dawn Thomas Akshay Joshi CI-ISAC Australia Scott Flower PhD Hendy Ongkodjojo Samir Jain Fazley Rabbi Lachlan Pope MBA

Are you ready to elevate your role as a first responder? Transform the challenges of today's tech-centric emergencies into opportunities by mastering digital forensics. Our latest course is specifically designed for the brave men and women at the front lines, equipping you with cutting-edge skills to uncover critical digital evidence and make a significant impact in your field. Stay ahead of the curve, embrace innovation, and join a network of first responders who are not just reacting to crises but are proactively prepared for them. Whether it’s retrieving data from electronic devices or navigating complex cyber incidents, this course will empower you with the expertise necessary for success in an increasingly digital world. Enroll now and take a step forward in your career. Your commitment to public safety is admirable; let's enhance it with essential digital forensics knowledge that can turn every challenge into a conquered mission. Learn More: https://lnkd.in/gP5hnNsQ

Research Spotlight Our professors Prof. Raghu Raman, Dr. Aditya Kumar Sahu, Dr. Vinith Kumar Nair, and Dr. Prema Nedungadi have published a research paper in the Q1 journal Multimedia Tools and Applications! "Opposing Agents Evolve the Research: A Decade of Digital Forensics" explores the critical role of digital forensics in combating cybersecurity threats and misinformation, especially during the COVID-19 era. Key findings include: > Significant growth in DF research and open access publications. > Increased international collaborations, though a gender gap remains. > Identification of key clusters: computer forensics, multimedia forensics, and cloud network forensics. > DF research's contribution to SDGs, particularly SDG 16 (Peace, Justice, and Strong Institutions). This study highlights the importance of DF in creating secure, resilient societies and infrastructures. Read more about their impactful work here: https://lnkd.in/gpZpgucS #DigitalForensics #Cybersecurity #SDGs #UniversityResearch #ProudMoment #amritavishwavidyapeetham #amritaschoolofcomputing