Starting from 2024, there has been a significant policy change regarding the disclosure of major cybersecurity incidents by publicly listed companies. In response to the growing concerns of external stakeholders, a company’s cybersecurity emergency response team may expand beyond just the Chief Information Security Officer (CISO) and the cybersecurity team to include senior executives such as the General Manager, Spokesperson, Chief Legal Officer, Chief Financial Officer, and Public Relations Director. However, most companies only offer general cybersecurity awareness training and do not provide customized awareness programs tailored for these senior executives and their staff.

In the U.S. cybersecurity community, agility was the key takeaway from former ISC2 CEO Clar Rosso’s opening speech at the ISC2 Annual Conference in 2023. How can agility enhance teamwork among senior executives during cyber incident response? This talk will explore the application and real-world examples of incident responses from an agile perspective, offering innovative approaches for non-technical senior executives and their staff in handling cybersecurity incidents.

Leveraging threat intelligence, EDR solutions, and incident investigation techniques is crucial for effectively managing cybersecurity incidents. Threat intelligence helps anticipate risks, while strong incident response capabilities enable timely mitigation, root cause analysis, and system recovery. This presentation will explore how to utilize threat intelligence, EDR tools, and investigative methods to address APTs, ransomware, and data breaches. Key aspects of incident handling, including root cause analysis and defense enhancement, will be discussed. Additionally, we will examine maturity benchmarks for incident response, offering insights into how organizations can assess and improve their preparedness to strengthen cybersecurity resilience.

A cloud security incident revealed that merely changing credentials and rebuilding instances after a breach was insufficient without proper Incident Response (IR). The attackers swiftly regained access through the original vulnerabilities. Only after discovering their database had been completely exfiltrated did the customer initiate a comprehensive IR, revealing backdoors planted across critical instances. How did this occur? What design principles could mitigate such risks? Furthermore, evidence of anomalous logins to privileged accounts with MFA was discovered - what strategies could enhance this security layer?

This session explores a cloud IR case study, demonstrating how to leverage logs and cloud-native security services to uncover attack patterns, reconstruct the attack timeline, and identify hidden backdoors. By examining the attacker's methodology, we'll understand the rationale behind cloud security best practices and how poor least-privilege design enabled persistent unauthorized access. We'll conclude by analyzing traces of compromised MFA on privileged accounts, common MFA bypass techniques, and propose a novel automation strategies which meat zero trust approach for strengthening your security posture.

在數位詐騙層出不窮的時代，傳統的防範機制往往難以應對迅速變化的詐騙手法。新興技術如區塊鏈和人工智慧分析，提供了全新的工具來識別並打擊詐騙行為。本次演講將帶領觀眾了解這些技術如何被應用於偵測、預測以及阻止詐騙活動，並探討未來防詐技術的發展趨勢。