Dan Cannon
Daniel Cannon is a seasoned cybersecurity professional with over a decade of experience specializing in penetration testing and technical assurance. Throughout his career, Dan has collaborated with diverse public and private sector entities, providing invaluable security assessments and strategic advice.
Session
Achieving domain admin status may showcase l33t hacking skills, but does it resonate with clients? This presentation challenges the traditional focus on system compromise by shedding light on the often-overlooked consequence: the compromise of client and user trust. While penetration testers traditionally strive for system vulnerability identification, threat actors are evolving to exploit novel ways to impact victims.
In a notable incident from November 2023, the ransomware group Alphv/BlackCat filed a complaint with the US Securities and Exchange Commission (SEC) against a victim who failed to disclose the data breach they caused. This incident may signal a potential shift towards hacking groups leveraging laws and regulations to pressure victims into making payments, adding a new layer to cyber threats.
Exploring the European landscape, where the protection of Personally Identifiable Information (PII) is paramount, is it possible for penetration testers to leverage regulatory frameworks. By highlighting the business and regulatory impacts that clients may suffer due to lax security practices, we aim to encourage better security adoption. Can we turn regulatory compliance into a powerful tool for enhancing cybersecurity and fostering client trust?