In today’s tech-soaked environment, it’s nearly impossible to run a small business without having at least one foot in the digital world. From communicating with staff to filing payroll, retailing products and keeping track of accounts, companies across Western North Carolina rely on high-tech help to manage daily tasks.
But these indispensable tools also open a window to hackers seeking to steal financial information, break into databases, and lure consumers and retailers into bogus transactions. Often, however, businesses don’t understand the risks.
Enter the fourth annual Bsides Asheville cybersecurity conference, slated for Friday and Saturday, July 28-29, at RISC Networks in downtown Asheville. The event will feature presentations on emerging information technology risks and how best to confront them, with an eye toward protecting local businesses from cyberattacks and helping Asheville become a regional IT hub.
Bringing IT all back home
Founded in 2014, Bsides Asheville is part of a network of conferences around the globe. “It’s really a worldwide phenomenon,” says John Bumgarner, the group’s community outreach coordinator. A Marine and Army veteran, Bumgarner has worked in cybersecurity for decades, with the military and in the private sector. “These conferences are about bringing stuff to the table locally, but they’re also about tying into national and international discussions.”
The conference aims to make information on cybersecurity understandable and affordable for small-business owners and IT professionals alike. “This is kind of a grassroots effort to impart knowledge at the lowest cost possible,” he explains. “We felt there was a need for cybersecurity education in Western North Carolina and more collaboration among people who live in the region and beyond.”
Having grown each year since its inception, Bsides Asheville is partnering with RISC Networks, a local IT analytics firm, to access a larger space this year. “Most of the conference is funded by sponsorship,” notes Bumgarner. “If it wasn’t for companies like RISC Networks, Cisco Systems, Dell SecureWorks and Immedion, this conference wouldn’t exist at the level it does today.” Being in a prime tourist destination like Asheville doesn’t hurt either, he adds.
Securing your system
Both the scope and sophistication of cyberattacks are evolving rapidly. On June 27, The New York Times reported on a new wave of WannaCry cyberattacks — driven by ransomware that infects a computer network and freezes operations until a fee is paid — that targeted several American companies. This comes on the heels of a massive international cyberattack in May, when hackers went after thousands of companies across the globe using a WannaCry cryptoworm stolen from the National Security Agency.
In recent years, local attacks have ranged from compromised credit card readers in restaurants, ATMs and gas pumps to a thwarted 2015 effort to hack Mission Hospital’s confidential database. (See “Scamming, Skimming and Financial Fraud in WNC,” June 20, 2016, Xpress.)
Businesses that manage their own cyberpresence are under constant threat. Bumgarner cites last year’s concerted attacks against the popular WordPress website platform as one example. “We’re talking hundreds and hundreds of thousands of WordPress sites around the world,” he says. “People who run a standard version of WordPress and didn’t have it properly secured experienced multiple attacks trying to break in and get access.”
Knowing how to identify and safeguard against such attacks is crucial for companies like Immedion, which provides cloud storage and data support.
“Our customers, partners and vendors rely on us to know and share best practices in terms of cybersecurity,” says General Manager Steve Newman of the company’s Asheville branch. “The best strategy for any cybersecurity measures is continuing education about the latest threats and vulnerabilities. This isn’t a set-it-and-forget-it type of technology: It evolves daily, if not hourly.”
Take it from the experts
This year’s Bsides Asheville conference will bring in experts from across the IT spectrum to address emerging issues and trends. Intel’s Brian Richardson will deliver a lecture on the vulnerabilities inherent in firmware, low-level software that provides basic controls for electronics ranging from computers to traffic lights, watches and mobile phones.
Husband-and-wife team Nancy and Phoenix Snoke will give a presentation on hacking techniques aimed at the digital components of everyday items (aka the internet of things) using a simple baby monitor as a case study. “You can buy all kinds of devices, from Philips Hue lightbulbs to thermostats, toothbrushes and speaker systems, which all connect via the internet and via applications,” says Bumgarner. “There are potential vulnerabilities all through these things.”
Cisco’s Roger Seagle will speak about security testing in the rapidly changing world of development operations, while Jason Gillam of Secure Ideas will provide a guide to securing and testing applications in the ever-evolving Agile software development field. “The security of DevOps and software life cycle development is a big topic now, because you need to be able to write secure code, verify that your code is secure and really look at it,” Bumgarner explains. “If something’s vulnerable on your cellphone, whether it’s an Android or Apple, some criminal element or some other person is peering into that stuff.”
While some might feel these concepts are beyond the scope of their small business, cyber vulnerability can have serious consequences, notes Newman. “Small businesses need to maintain two priorities: making money and keeping information secure. They are intricately entwined. Without the investment in security, you’ll end up out of business. You can’t fight what you don’t know, and attending a cybersecurity conference is going to help you learn something.”
Cybersecurity isn’t just about financial safety, however: It can also have ramifications for privacy, national security and social interactions. Former Asheville resident Justin Troutman, who’s now with the Freedom of the Press Foundation, will be the conference’s keynote speaker.
“He’s a cryptospecialist, and he’s going to be talking about how to empower journalists and others to communicate more freely around the world,” Bumgarner explains. In addition, Ernest Wong of the Army Cyber Institute will speak about cyberwarfare and national security, and communications expert Bryan Austin will offer a presentation on IT’s role in social engineering and developing effective communication strategies.
The conference will also feature several workshops. Participants in a capture-the-flag event will try to identify as many of a fictitious company’s vulnerabilities as possible within a set time period. And at the “lock-picking village,” people can learn how to disable a variety of locks and compete in timed trials.
For local entrepreneurs looking to beef up their company’s security protocols, Bsides Asheville will offer networking opportunities such as an after-party at Aloft Asheville and a downtown pub crawl. “It’s a chance to come together, hear from these experts and make connections,” says Bumgarner.
Bumgarner hopes the conference will help foster Asheville’s nascent IT scene. “The high-tech community here will definitely grow,” he predicts.
To capitalize on that potential, however, the city, county and community at large must continue to support and expand educational offerings, incentives for local IT startups and efforts to attract established companies to the area, Bumgarner maintains.
“Education’s huge. If you go to Silicon Valley, you can get your Ph.D., master’s or whatever in some subject: artificial intelligence, computer sciences,” he notes. “But in Asheville, in-depth degrees in some of those subjects don’t really exist.”
Recent initiatives like The Collider — a climate-oriented networking facility where companies and organizations can share expertise and collaborate on projects — coupled with investments by local firms like AvL Technologies and BorgWarner, are steps in the right direction, says Bumgarner, but economic development officials must continue to boost Asheville’s appeal for IT companies. “Some type of tax breaks or investment by the city or county could help things,” he believes. “They’ve got to figure out a way to offer incentives for people to bring businesses here.”
On July 1, Bumgarner and his partners officially launched Actionoble, a cybersecurity business that they hope will help them tap into Asheville’s budding IT market. “We’ve been talking to people about potentially coming to work for us once we get it off the ground,” he reports, “and we’ve already started talking to customers in Asheville.”
In an increasingly digital world, says Newman, conferences like Bsides Asheville can help ensure the city’s future economic viability. “Having Bsides in Asheville and, more importantly, having Ashevilleans attend can help our local businesses stay safe and secure,” he notes. “In Asheville’s attempt to become recognized as a technology and entrepreneurial center, taking cybersecurity seriously is laying a foundation for future development.”
The fourth annual Bsides Asheville cybersecurity conference will happen Friday and Saturday, July 28-29, at RISC Networks (81 Broadway in downtown Asheville). To view the schedule or purchase tickets ($16), visit bsidesasheville.com. For more information, email firstname.lastname@example.org.