Foresite Training for CEN on “Your Security From An Attacker’s Perspective”

IGX Global and Foresite were invited to provide a cybersecurity training session for Connecticut Education Network  (CEN) members earlier this month.  Bill Reyor, Senior Security Consultant for Foresite, gave a presentation on “Your Security From An Attacker’s Point of View“.

Bill used his past experience as a Network Administrator to relate to the IT staff audience who struggles with common challenges, including:

  • Limited resources
  • Mixed platform environments
  • Networks that grew over time, and are not segmented

Bill asked the group “Do you think you are secure”?  There was a lot of laughter, an no one raised their hands and felt they didn’t have vulnerability to cyber threats.  Attendees were asked to consider the following questions:

  1.   Do you maintain separate privileged accounts?
  2.   How often do you scan for vulnerabilities?  What is the schedule for remediation?
  3.   Are credentials cached?
  4.   Who has outside access into your network?  Do you know every staff member and vendor who has access, and is it limited to their IP?  Are you certain of what they have access to?  Any old accounts that are still live for remote access?

Bill pointed out that attackers look for weaknesses in your infrastructure management, patching, endpoint protection, and applications…as well as staff that can be exploited through social engineering.  He then showed some real examples of how he has accessed organizations using these vulnerabilities and just how easy it can be to breach networks where cybersecurity best practices are not being followed.

This training was only open to CEN members, however you can click here to view an abridged recorded version on CEN’s YouTube Channel.


Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.