On this episode of the InfoSec Institute's CyberSpeak podcast, Stan Engelbrecht, director of cyber security practice for D3 Security, discusses a scary topic that we’ve been hearing a lot about on the news: the practice of ATM fraud and the implications for other swipe- and chip-based technologies.
In the podcast, Engelbrecht and host Chris Sienko discuss:
How did you get started in computers and security? (1:00)
When did the recent ATM attacks that the U.S. Secret Service has been warning financial institutions about begin? (4:00)
What warnings signs should ATM users be looking for to ensure they’re not putting their account information at risk? (7:20)
If you suspect an ATM is compromised, who do you report it to? (10:10)
Is the technique known as shimming, which uses paper-thin shims containing embedded microchips and flash storage to compromise payment cards, on the rise? (11:40)
Are there any tips for consumers who will be making additional transactions during the busy holiday season? (15:25)
Are tap-to-pay systems more or less safe than more traditional methods? (17:50)
What are the impediments to universal implementation of safer cards? (19:35)
Are newer ATMs better more secure? (20:55)
Are their any legislative incentives that could be implemented to make these devices more secure? (24:10)
Are there any new technologies or methods that can help secure these devices? (25:10)
Is the firmware/software side of the AMT issue being properly addressed? (28:50)
Can you tell us a little bit about your company, D3 Security? (31:25)
Tune in for this engaging, and timely, discussion of ATM and payment fraud.
ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist and Founder of BlueLava.
Here are a few highlights from our conversation with Laz:
- Laz provides three tips for CISOs as their role changes:
1/ Start learning how to present your information in business terms to your executive leadership team and/or board. Present in terms they will understand.
2/ Share & collaborate with other CISOs because threats are leapfrogging each other.
3/ Attend conferences and read up on different programs & strategies. Stay current with articles and subscriptions. Take a step back and block out time for yourself.
- Be more engaged & build relationships within your company. Partner with legal or the board. Try creating a security committee.
- Organizations need to understand that security education is an investment that is going last a long time.
- As an adjunct professor at Pepperdine University, Laz is coaching and mentoring the next generation of business leaders. He helps them understand IT, security, data analytics and enterprise architecture, not in technical terms but understanding why they should build this as a part of their business or framework.
Join us for a look at Pivotal Cloud Foundry 1.12. This latest version includes many features to help enterprise InfoSec teams to run their modern applications more securely.
We will also discuss small footprint ERT, more tools for Windows operators and Steeltoe.
Thank you in advance for joining us.
The Pivotal Team
As organizations move to an agile DevOps model, they are confronted with one major question: How can they manage existing information-security processes to ensure data privacy?
Since data breaches are not going to go away, organizations really need to focus on how to make breaches irrelevant so that in the event of a breach the data either will not be accessed, or if it is it won’t be in usable form.
In this webinar, created for application developers and data security resources, CSPi will not only review best practices but also present a software framework to show how organizations can achieve uncompromised enterprise-wide security. Created for application developers and data-security resources, this webinar will also show you how this new approach complements established InfoSec security requirements and maintains the agile benefits of DevOps – all while providing the automated protection of critical data under any use.
Don’t miss this webinar! Register today.
Join us for this valuable webinar to learn how you can:
1.Uniformly and automatically apply security policies across the enterprise, including containers and VMs as they spawn.
2.Offload core-intensive security functions while improving application performance.
3.Secure critical assets in all cases – in motion, at rest, and in use.
We all know that security gaps are widening due to technology shifts and advanced threats. Whether you are in finance, energy, tech, or manufacturing, the infosec challenges are much the same.
Chart Industries — a global manufacturer with 5,000 employees and 45 locations — was facing a huge volume of malicious activity every day resulting in excessive break-fix work for their small security team. They had thousands of unmanaged mobile and guest devices connecting to their networks. And neither web proxies nor endpoint security could fully protect them. They needed a new layer of malware and breach protection. But it also had to be a painless deployment and it needed to be a transparent experience for their employees and guests.
Hear directly from Jack Nichelson, Chart’s Director of IT Infrastructure and Security to learn:
-Why they use a layered approach to security and how OpenDNS complements their security stack
-How long it took to deploy OpenDNS Umbrella globally
-How his security analyst, Kevin Merolla, quickly responds to incidents or false positives using OpenDNS Investigate
InfoSec 2016 - What is risk-based security?Read more >
Interview with FortyCloud during InfoSec 2014, the interview talks about the main challenges of IT security in 2014 and where are the best places to start dealing with those challenges.Read more >
A growing use of the terms ‘AI’ and ‘Machine Learning’ being used in the descriptions of vendors’ products and capabilities can cause some confusion. With all the buzz around these latest trends, security professionals are left with some important questions: What can these technologies do in Infosec? How they can be implemented to improve everyday security processes? Where can’t AI and ML improve security tools? In this Splunk webinar, a machine learning expert will;
•Demystify what machine learning is as well as what it can and cannot do in InfoSec
•Walk through three of the most common use cases of where these technologies can be implemented
•Explore the latest innovations in ML & AI, and where this will take cybersecurity professionals next
Companies going through digital transformation initiatives need their IT organizations to support an increased business tempo. While DevOps practices have helped IT increase their pace to keep up with market dynamics, security teams still need to follow suit.
InfoSec practitioners must modernize their practices to realize efficiencies in some of their most burdensome processes, like patching, credential management, and compliance.
By embracing a ‘secure by default’ posture security teams can position themselves as enabling innovation rather than hindering it.
Join Pivotal’s Justin Smith and guest speaker, Fernando Montenegro from 451 Research, in a conversation about how security can enable innovation while maintaining best security practices. They will examine best practices and cultural shifts that are required to be secure by default, as well as the role processes and platforms play in this transition.
Guest Speaker: Fernando Montenegro, Senior Analyst, Information Security, 451 Research
Justin Smith, Chief Security Officer for Product, Pivotal
Jared Ruckle, Product Marketing Manager, Pivotal
Beating Hackers at Their Own Game: Security Awareness Strategies That Work
If 2017’s explosion of cybersecurity breaches taught us anything, it’s that our workforces, more than ever, are one of our most critical defenses. But with as much as 30% of employees unable to spot a phishing email, how do you keep hackers from hijacking your data? The seemingly obvious answer is security awareness training. Unfortunately, many security education programs today fail to sufficiently change employees’ security attitudes, skills and behaviors -- providing a false sense of protection and safety. Even worse, 48% of companies do not have an employee security education program.
If your New Year’s infosec resolutions include launching a security awareness initiative, or reviving an existing one, what better way to guarantee results than to learn from pros who have been in your shoes. Join our expert panel as they share:
● Their most effective security awareness strategies to improve your organization’s security posture
● Proven methods to get employees to take security seriously (before a breach occurs)
● Security awareness program pitfalls to avoid and biggest lessons learned
● Predictions on what will cyber attacks will look like in the next couple years and what you should do in your security awareness program today to prepare
E-commerce, partner portals, customer service portals, and other cloud-enabled business services: Websites are the new front door to many businesses, and we expect to gain access whenever we want, from anywhere in the world, and from any device.
But what happens to the business when the website doesn’t perform as expected? And how do you protect your website(s) from nefarious traffic looking to harm your business by bringing it down, scraping content, changing content? Do you know whether your traffic is a human user - or is it a bot? Does the language (or a lack of communication whatsoever) between the business and the IT personnel leave you wondering what the potential issues might be?
During this expert panel discussion, we will explore the business impact of an underperforming or compromised website. You will:
- Learn more about what good website performance look likes
- Gain a deeper understanding of traffic on websites
- Understand how your website's performance affects other departments within the business
- Hear practical recommendations for business leaders on how to protect your website from compromise
Tin Zaw, Director Security Solutions, Verizon Digital Media Services
Laz, InfoSec Strategist and Professor
Edward Roberts, Director of Product Marketing, Distil Networks
Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
In Westeros - the land of dark knights, backstabbing royals, and a myriad of other characters - even the youngest ones have to learn basic self-defense to have any hope of surviving the cruel world imagined by A Game of Thrones (GOT) author, George R. R. Martin. And so too, must every CISO and security pro learn the latest information security best practices if they’re to survive today’s Internet threat landscape.
Intrigued? In this fun yet informative webinar, noble Corey Nachreiner, Director of Security Strategy and Research at WatchGuard Technologies, will explore the information security tips you could extract from the morbidly dark, yet inescapably addictive fantasy series. He’ll cover lessons such as:
· Depending on just “The Wall” for defense isn’t wise. The best defense has layers.
· Never ignore the warnings of ravens because they may contain hints of potential security breaches.
· Building a strong castle won’t prevent an attacker from tricking an untrained guard into opening your gates.
Join us. Advance your training and, much like a GOT warrior, learn how you should always stay vigilant.
As the time and complexity associated with incident investigations increase, response times become more critical. The longer detection and remediation take, the higher the cost to the business and the greater the risk of a cyberattack expanding across the organization. Organizations have to react with speed and precision. How can an organization reduce the time and effort it takes to investigate and resolve an incident successfully? Join Code42 and (ISC)2 on October 25, 2018 at 1:00PM Eastern for a roundtable discussion on why time matters when conducting an investigation, where gaps may be in the incident response process and how to get the most out of your investigation and response efforts.Read more >
For this episode of The Serverless Show, Hillel and Tal from Protego Labs were joined by John Visneski, Director of Information Security & Data Protection Officer at The Pokémon Company International. The group discussed the use of serverless at Pokémon, serverless bitcoin mining attacks, the pervasive vendor lock-in conundrum, the impact of serverless to security, and finally favorite tweets, including one in which Hillel was called out for spreading bullsh**.Read more >
Raja Mukerji is the President and co-founder of ExtraHop Networks, where he is responsible for Customer Services, Systems Engineering, and Solutions Architecture. Raja ensures customer success, leveraging his background in the financial-services industry.
Raja co-founded ExtraHop after a seven-year tenure at F5 Networks where he was a Senior Software Architect and co-inventor of the TMOS platform. He was one of the lead developers behind the BIG-IP v9 product and the major-accounts liaison for critical issues within Product Development. Prior to F5, Raja worked as a Technology Architect at Strong Capital Management.
Raja is a renowned expert in application delivery and network protocols. He was involved in the FreeBSD project and contributed several enhancements to its TCP stack. Raja holds a bachelor’s degree in Computer Engineering from the Milwaukee School of Engineering.
In Part 1, we examined what GDPR is, what the requirements are and how organizations will be impacted. In Part 2, our panel will discuss more on the potential impacts of GDPR across a typical organization (including assessments, encryption, audit & controls and the impact to each department, from finance to marketing) and what the organization should be doing to plan for GDPR. Join (ISC)² on March 27, 2018 at 1:00PM Eastern, as (ISC)² discusses these topics and answers questions from the audience about this important and looming regulation.Read more >