Supply chain attacks, third-party software vulnerabilities, product factory default passwords, and cloud service data leaks. In the face of unpredictable attack techniques, how can companies ensure their defense measures meet expectations from c-levels. Companies often reduce risks by strengthening the "shortcomings" in the Cannikin Law, while struggling with how to single out the vulnerabilities or assess the threat level that it brought to the organizations, which led to the challenges of measuring the effectiveness of the mitigation mechanism and was only able to invest resources in preventing the most popular or common attack patterns. However, are these common attacks really the critical problems that companies urgently need to solve? DEVCORE will reveal the survey result of corporate cybersecurity demand in 2020. Meanwhile, DEVCORE will share the observations on the problems that companies never discovered and how attackers circumvent the corporate defense system based on the three-year experience of Red Team service. The session will point out the gap between the companies’ own information security needs and the real-world situation. Wishing for the companies to rethink their information security risk assessment mechanism from a broader perspective, further improve the effectiveness of information security resources investment.
Allen Own is the Executive Director of Hacker in Taiwan Association and CEO of DEVCORE. Allen is not only experienced in hacker technique research and penetration testing but also serves as a full-time lecturer and consultant for academic and government organizations. He is keen on community management and sharing. Allen specializes in website application security, penetration testing, professional education, and training in the cybersecurity field.