The Pittsburgh Technology Council recently hosted its annual Cyburgh, PA Initiative, an event that brings together cybersecurity leaders, professionals, and executives to explore Pittsburgh’s expanding role in the cybersecurity space.
As regular attendees, we always look forward to this event. It’s a great opportunity to hear directly from cybersecurity experts, from boardrooms to front-line practitioners, about the latest trends and challenges shaping the field today. Here are a few key takeaways from the day:
1. Tabletop Exercises are Surging, But Leaving Ransomware Behind
One of the encouraging takeaways from the day was the growing number of organizations conducting tabletop exercises (TTXs). These exercises help assess, test, and validate emergency response plans, policies, and procedures, providing a clearer picture of an organization’s security maturity.
However, a noticeable trend has emerged: while TTXs are on the rise, ransomware scenarios are showing up less frequently. Why leave out one of the most well-known cyber threats? According to several speakers, it’s because many organizations believe they already know enough about ransomware to deprioritize it.
But knowing is only half the battle. Ransomware remains a major threat and should still have a seat at the table. Make sure to include it in your annual TTXs.
2. Smarter Tech, Smarter Threats: How Cybercriminals are Using AI to Phish You
Hackers are all too familiar with modern email systems. Add this familiarity with their growing list of AI knowledge, and you get a recipe for hard-to-detect phishing campaigns. Although the common telltale signs you’ve received a phishing email still apply, such as bad grammar and a tone of urgency, AI enables threat actors to slide under the radar and sound more humanlike with better grammar.
AI also helps bad actors shift away from directing users to click on malicious links. Instead, their messaging can direct you to act outside of your email inbox and disclose information in different and potentially more detrimental ways.
Overall, the velocity of AI-enabled attacks is increasing, and malicious intent is getting harder to detect now that AI is on the scene, so we must monitor our inboxes with a keener eye.
3. Collaboration and Communication Power Cyber Resiliency
In today’s cyber landscape, it’s not a question of if your organization will be targeted – but when. A strong cyber resiliency strategy must be in place before something goes wrong. And a strong cyber resiliency strategy isn’t built overnight.
Active collaboration and communication between cybersecurity and business leaders help foster a strong resiliency strategy by answering the hard-hitting questions, such as,
- What are our most critical services?
- What does the business need to keep the lights on in the face of a disruption?
- From a technical standpoint, how can our incident response planning best align with business goals and priorities?
When cybersecurity maintains an ongoing and collaborative partnership with the business, they can work together to identify upstream and downstream dependencies in the supply chain, take part in scenario planning and help reinforce a strong cyber culture and resiliency best practices.
4. Data-driven Perspectives on Passwords and Privacy
With Cyburgh coinciding with World Password Day, it was fitting to include a session on password security, and it delivered some eye-opening, data-driven insights. The presentation tackled the age-old question: why are passwords so easy to crack?
While familiar issues like shoulder surfing and data breaches were discussed, the session emphasized a simple truth: people are predictable. For example, “monkey” remains a top password choice not because it’s secure, but because people like monkeys and tend to include things they like in their passwords. The presentation also challenged the idea that something “unique to you” is automatically secure. Think your dog’s name, Captain, makes a strong password? Chances are that thousands of others are using the same one.
The session went on to question some common beliefs around password practices. Passphrases and required password changes aren’t as effective as many assume, since people often reuse words, add predictable numbers, or substitute letters with symbols. Even keystroke patterns may not be as strong as they seem. For example, “thelastkiss” is 900 times more secure than “1qaz2wsx3edc”, just take a look at how you would type the latter password on your keyboard.
The key takeaway was clear: Predictable human behavior remains one of the biggest vulnerabilities, so use a password manager and vary your credentials.
Events like these are why we are so proud to be members of and support the Pittsburgh Technology Council – thank you to all of the staff who made the event possible.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
