Best moments from “Hacking Malware” – Super Cyber Friday

Here is our highlights video from Super Cyber Friday “Hacking Malware: An hour of critical thinking about understanding, preventing, and dissecting malicious software.”

Watch the full video

Our guests for this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Votiro

Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.

Best Bad Idea

Congrats to Mathew Biby, CISO, Satcom Direct for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Convert ransomware to a subscription service so you can budget a lower monthly fee.” – Rich Mason, president & chief security officer, Critical Infrastructure, LLC

“Double or triple up on anti-malware solutions, the more agents running on endpoints, the better.” – Brian Colt, information security engineer, DASH Financial Technologies

“A breach is inevitable, so why waste money on malware protection? Focus only on detection and response.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“Tweet that you want all malware sent to a designated organization email address. Then simply quarantine all those emails. Problem solved.” – Mathew Biby, CISO, Satcom Direct

“Give everyone local admin so they can install their tools without bothering internal systems.” – A.J. Leece, managing director, Syntax Security Solutions Inc

“Put up a wall of shame to publicly humiliate employees whose machines have malware detections.” – Brian Colt, information security engineer, DASH Financial Technologies

10 percent better

“Let’s go to the fundamentals and REALLY inventory your stuff and stay on that. Doing that well lets you know when something is wrong.” – Jeff Reich, security and management consultant

“Set up GPO policies to prevent executables in the APPDATA folders. Why this isn’t the default, I’ll never understand.” – Duane Gran, corporate director of information security, Converge Technology Solutions Corp.

“Foster a SOC staff which is personable and approachable to facilitate ‘see something, say something.'” – Brian Colt, information security engineer, DASH Financial Technologies

“Start by knowing where/what all your assets are, including IOT devices.” – Larry Rosen, manager, security advisory, Avanade

“Setup criteria for those inbound email headers warning about opening attachments. Your email filters should be scanning for malware in attachments, and only display the warning banner for suspect senders/emails.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“Focus on asset management, so you can ensure all of your devices and environments have malware detection/response tool installed.” – Jonathan Waldrop, senior director, cyber security, Insight Global

Quotes from the chat room

“Use tools with different methodologies to prevent malware. If something consistently doesn’t work, then it’s time to think security in depth with multiple types of solutions.” – Aakash Mehta, director of sales, North America & Europe, Votiro

“Part of the product comparison needs to be effectiveness and efficiency. It may be great at detecting but if it is too hard to manage then it will be a time suck.” – Mathew Biby, CISO, Satcom Direct

“If change control is the enemy of agility, does that make agility the enemy of security and stability?” – Brian Colt, information security engineer, DASH Financial Technologies