Pwn2Own pays out $1.1M, Improve enterprise security with ZT principles
By John Bruggeman, virtual Chief Information Security Officer
Pwn2Own Vancouver pays out $1,132,500 plus a Tesla Model 3
Pwn2Own—a cybersecurity contest held annually at several security conferences in countries around the globe—paid out over $1 million in bounties to dozens of security researchers this year.
The Pwn2Own contest (pronounced Pone-to-Own) has been around since 2007 and is currently sponsored by Trend Micro’s Zero Day Initiative (ZDI).
The name comes from a contest run at CanSecWest, the annual Canadian security conference held in Vancouver, where attendees were challenged to compromise a MacBook Pro that was connected to the conference wireless network.
If an attendee could “Pwn” the laptop, they got it as the prize—hence Pwn2Own.
This year, the top prizes went to team Synacktiv, which was able to compromise a Tesla using an integer overflow. They got to keep the car as part of their win.
Why you should care
The Zero Day Initiative runs these contests to figure out how to make software and hardware, including hardware in your car, more secure. Microsoft, Google, Apple, Tesla, and many, many other major manufacturers participate in Pwn2Own in order to make their products more secure.
What to do?
It’s an understatement to say that penetration testing is a best practice. Your business likely has vulnerabilities you don’t even know about. Do you scan your networks for software that is out of date or missing patches? If you don’t, we can help. We offer Vulnerability Scanning as a Service and Patching as a Service and we can run penetration tests to see if the patches they have applied were applied correctly.
Improve enterprise security with ZTNA principles
Good news! Even with all the advanced, persistent threats and threat actors attacking SMBs and enterprises today, there is a way to improve your company’s security.
Recommended by LinkedIn
ZTNA, or zero trust network access, is a way to reduce the blast radius of an attack.
What is zero trust? Does it mean you don’t trust anyone? That you can't trust your employees? Are you blaming other people when you say "zero trust"?
Let me be clear: zero trust is not a product or an SKU. ZTNA instead describes a more secure way to protect sensitive or private information than traditional network designs.
Zero trust is a journey that takes time, planning, skilled engineers, and technical staff to implement.
Ten years ago, people tended to trust the computers on their network and grant access because the device was in the office and was assumed to be free of malware or remote access tools.
Fast forward to today and the threat landscape has significantly changed. Any device can be compromised by malware that leads to ransomware—and it’s not going away. Ransomware is too easy to deploy and too profitable for criminals to give up. Last year, ransomware gangs extorted over $10 billion.
What to do?
Let’s talk about network security. Do you know what devices are connected to your network? Do you know what software is installed on the PCs on your network?
If you don’t know, we can help. CBTS has security consultants who can help you improve your enterprise security. We have a zero-trust readiness assessment that can find the gaps in your security posture that we can then help you address to improve your security posture and environment. Don’t be an easy target for cybercriminals!
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO
VP Operations at Riceland Healthcare
8mo"If you can't see it, you can't hack it." If you want to know more let me hear from you.
Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer
8moWell said!