Hacker Halted Feedback
EC Council’s Hacker Halted feedback to Wayne Bruce and I, from their official twitter account
Erdal
About Hacker Halted
Hacker Halted is EC-Council’s annual IT Security Conference and plays host to over 50 speakers delivering ground breaking presentations! Hacker Halted builds on the educational foundation of EC-Councils courses in ethical hacking, computer forensics, pen testing, and many others. Hacker Halted brings the industry’s leading researchers, practitioners, ethical hackers and other top IT Security professionals together to discuss current issues facing our industry.
Hacker Halted as been delivered globally in countries such as Egypt, Mexico, Malaysia, Hong Kong and Iceland and in the USA, in cities such as Myrtle Beach, Miami, and most recently in Atlanta!
Looking for more Cybersecurity Conferences?
EC-Council’s Global CISO Forum is an invite-only, closed-door event gathering the highest level executives from across industries and countries to discuss the most pressing issues in information security. Now in its tenth year, the 2020 Global CISO Forum promises to be the best yet with an exciting mix of industries, formats, and interactive presentations.
Creeping Cyber Threat
Like a good horror film – a talented hacker will take their time building the attack. No jump scares here – just slow and methodical. Recon, probing, reverse engineering and writing exploits – the malicious hacker builds tension and anxiety as they find a small way in, establish a presence and expand – filing your network with their malevolence
The malicious actors in the center of these webs aren’t automated tool users or button pushers. They are the 1%, the snipers, the first-round killers. The people in this tier take their time, do the hard work, and like the Black Widow – are only discovered after they bite.
Some published 2020 reports have ransomware attacks up 72% while others have them up 105% and in March and April 2020, due to companies going remote, the number of unsecured remote desktop machines rose by 40% which caused brute-force attacks to grow 400% and of course there are daily reports of many more.
These crimes can creep up on companies who have not made cybersecurity part of their regular budget and with the rise of AI and ML – speed has become relative. What is fast to you is ponderous to the massive intelligences in the cloud. And when the 1% threat actors combine their patience, dedication and skill with the computational power of the AI’s – then anything is game.
CISO Insight
Cybersecurity is not a product you buy or a project you complete — it is a continuous operational discipline. The organisations that achieve genuine security maturity embed security thinking into every business decision, invest in people and processes alongside technology, and build resilience for the inevitable day when preventive controls fail.
The Evolving Cybersecurity Landscape
The threat landscape continues to evolve at a pace that challenges even well-resourced security teams. AI-powered attacks, supply chain compromises, ransomware-as-a-service, and state-sponsored campaigns create a multi-dimensional threat environment no single technology can address. Organisations that defend most effectively take a risk-based approach — understanding which assets are most critical, which threats are most likely, and where investments will have the greatest impact. For CISOs, translating this complexity into actionable strategy requires quantifying cyber risk in business terms, prioritising based on risk reduction, and communicating in language that resonates with non-technical stakeholders.
Building a Defence-in-Depth Strategy
Effective cybersecurity requires layered defences addressing the full attack lifecycle — from reconnaissance through exfiltration. No single control is sufficient; every control can be bypassed by sufficiently motivated adversaries. The goal is creating enough layers that attackers must overcome multiple independent defences, while ensuring detection and response capabilities identify and contain breaches before catastrophic damage. The most common mistake organisations make is treating security as a technology problem rather than a business risk management discipline. The fundamentals — patch management, access control, security awareness, incident response planning — prevent more breaches than any advanced technology.
Frequently Asked Questions
What is the biggest cybersecurity mistake organisations make?
Buying security tools without coherent strategy, skipping basic hygiene in favour of advanced solutions, and failing to invest in people and processes. The fundamentals prevent more breaches than advanced technology.
How should CISOs prioritise security investments?
Start with risk assessment identifying critical assets and likely threats. Prioritise controls for highest-risk scenarios. Ensure basic hygiene is solid before investing in advanced capabilities. Use NIST CSF or CIS Controls to structure your programme and measure progress with board-friendly metrics.
Related reading: Visit our Cyber Resilience Hub or download the CISO Toolkit for governance templates.