Blog

At Packetlabs, we’re committed to the greater good—and that includes your right to security and privacy. Our exceptionally trained team aims to identify critical gaps that may have been missed in your last pentest and deliver 100% tester-driven assessments that exceed industry standards. Whether you're looking to test your network, web application, or cloud infrastructure, our ethical hackers are here to ensure your systems are truly secure.

That's why we were thrilled to be a part of this year's SecTor. Now in its 18th year, SecTor 2024 takes place at the Metro Toronto Convention Centre (MTCC) in downtown Toronto, becoming a hub for thought leaders to connect about the future of cybersecurity.

Here is this year's event recap:

About SecTor

First founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. Grown from a single annual conference to the most respected information security event series internationally, these multi-day events provide the security community with the latest cutting-edge research, developments, and trends.

Black Hat Briefings and Trainings are driven by the needs of the global security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers and leaders in the public and private sectors.

Today, Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia, providing premier venues for elite security researchers and trainers to find their audience. SecTor is a part of this series and is held annually in Toronto.

The Illusion of Security: Why Cloud Audits Fail to Capture Real-World Threats

At this year's SecTor, we shone a spotlight on the topic of cloud security.

Presented by one of our cloud security experts, Arman Aryanpour, our presentation focused on how, for both modern and growing companies, cloud-based infrastructure is essential to providing reliable and scalable services. The risks and impacts associated with this unavoidable threat vector are often masked through cloud compliance checks and configuration audits. In this talk, we explored examples of compliant cloud environments that are considered secure by audit metrics and configuration standards but, through an assumed breach penetration test, are proven to be vulnerable...leading to devastating consequences.

Over at our booth, we furthered discussions regarding security posture, the importance of cloud security, and the growing need for cyber insurance. With 33 billion records estimated to be stolen by the end of 2024 alone, organizations need quality cyber insurance to protect their businesses against the liability of cybersecurity risks and data breaches.

Cybersecurity insurance works to help restore breached employee or customer identities, recover compromised data, and repair damaged business-related devices. Across North America, this type of business liability insurance generally covers IT forensic investigation, credit monitoring for security-breached individuals, regulatory fines, class action lawsuits that may result from the breach, and more.

With an avalanche of businesses continuing to move to entirely remote working after the COVID-19 pandemic, companies are more at risk of system breaches than ever before… and that risk level will only continue to increase over time. On top of opening yourselves up to potentially significant financial losses, those without cybersecurity insurance also risk losses in public trust and damaged brand authority.

To be eligible for cyber insurance, organizations must fulfill certain cybersecurity requirements. These requirements include, but may not be limited to:

• Multi-Factor Authentication (MFA): Multi-factor authentication across all insured resources is required to mitigate the risk of stolen credentials

• Ongoing Testing of Your Systems: To ensure that security is in place, insurers will need to see that you have periodically and continuously had all systems tested

• Cybersecurity Awareness Training: Cybersecurity awareness training is crucial, as it acts as the first line of defence against common cybercrime tactics like phishing and social engineering

• Data Backups: Backups of your data will need to be proven to show that you can recover from a ransomware attack without needing to pay said ransom

• VPNs (Virtual Private Networks): VPNs need to be installed on all remote desktop services, which guarantees that your IT infrastructure is encrypted

• Third-Party Vendor Audits: Audits of third-party vendors are required to determine the level of access they may have to your systems, data, and general business-related assets

• Endpoint Detection and Response (EDR) Antivirus Software: EDR antivirus software is a requirement and needs to be installed on all connected business devices

Key Takeaways From SecTor 2024

The SecTor Summit programs provide specialized learnings and networking and the opportunity for attendees to hear directly from industry experts on specific and relevant topics from the cybersecurity industry, including potential risks, developments, forecasted threats, and more.

This year’s Summits took place on Tuesday, October 22nd. Attendees ranked the following as the most impactful:

• The ninth annual SecTor Executive Summit: This Summit offered CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy

• The inaugural AI Summit at SecTor: This Summit underscored the importance of artificial intelligence (AI) as an organization’s newest weapon within the ever-evolving cybersecurity landscape

• The ninth annual Cloud Security Summit at SecTor: This Summit is Canada’s leading cloud security event featuring keynote speakers and panel discussions

Conclusion

Thank you to everyone who made this year's SecTor such an overwhelming success.

What were your highlights from SecTor 2024?