eSummit 2 - Phishing attacks and Forensics – Where did it all go wrong?

On April 28, 2020, (ISC)2 hosted a diverse panel of cybersecurity professionals who discussed the impact the COVID-19 pandemic has had on their IT operations and cybersecurity teams. The first webcast, in this series, generated a great deal of interest, discussion and questions from the audience. We will continue the conversation on May 19, 2020 to tackle the questions and discussions that continue to be raised during this ongoing crisis. This second webcast will be devoted to the economic impact (budgets slashed with no revenue coming in) due to the shutdown caused by COVID-19. In addition, we’ll discuss what re-opening an office may look like and how the current situation affects individuals both physically and emotionally. Join the conversation to share your thoughts and gain insight into how your team can continue to handle this changing situation.

After being released in August 2018, what does TLS1.3 look like today and how many organisations are using it? There are many claims that TLS1.3 is the one-stop-shop solution to all encryption requirements; but is that the case? Join Gigamon and (ISC)2 on May 19, 2020 at 1:00PM BST for a discussion about organisations using TLS1.3, why they are using it and why in some situations it’s not a suitable fit for encryption requirements. We'll also explore what this means for visibility in terms of decryption and for the generation of Metadata, such as IPFIX (Internet Protocol Flow Information Export) and CEF (Common Event Format). We’ll also examine:

- Understand how many people are using TLS1.3 and why

- See what makes TLS1.3 different to TLS1.2 and why TLS1.3 not always the best choice

- Understand what is required to decrypt TLS1.3 in order to present decrypted traffic to Security Countermeasures

- How Metadata fits into TLS1.3

Passwords don’t have a great reputation: between user complaints of friction adhering to complex password policies and admin complaints about how frequently lost or stolen passwords pose a risk of attack, the use of passwords have few fans With these password problems and more, it raises the question: why would we still use passwords at all? Join Duo Security and (ISC)2 on May 12, 2020 at 1:00PM BST Duo Advisory CISO J. Wolfgang Goerlich provides a walkthrough of why security leaders want to move past passwords, and the challenges of a truly universal passwordless future. The session will also show how Duo Security is supporting this initiative, both championing modern authentication standards like WebAuthn and building partnerships with industry leaders including Microsoft to reduce reliance on passwords.

In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

In this session Kevin Fielder, CISO at the Just Eat will provide insight into the path he took to become a Cybersecurity Leader and how he is reinventing the role in the face of accelerating change.

The world seemingly changed overnight. Offices and business shut down. Stay-at-home orders. A remote workforce appearing out of nowhere needing equipment and support. Cybersecurity professionals are facing challenges and situations none would have dreamed about even 90 days ago. Join (ISC)2 on Tuesday, April 28, 2020 at 1:00PM Eastern for a panel discussion examining what security practitioners are experiencing during the COVID-19 health crisis. The webcast will include results from an (ISC)2 pulse survey that asked cybersecurity professionals to share how their jobs have been impacted, issues faced securing a "work from home" workforce and more. Panelists will share the challenges they face, what lessons have been learned and the “sliver-lining” they may have discovered as they and their teams jumped into the unknown and transformed their operations in response.

Many organisations are implementing remote working policies and need to quickly support an unprecedented increase in the number of remote employees. However, an expanding remote workforce can significantly increase the attack surface and has changed the threat model of organisations overnight. Many remote access options are quick to implement but are not secure and organisations are trying to navigate the challenges of quickly, but securely, operationalising their remote employees. On April 28, 2020 at 1:00PM BST, BeyondTrust and (ISC)2 will explore the risks unsecure remote access presents and discuss how the secure remote access and endpoint privilege management pillars of a PAM solution can securely and efficiently connect remote employees to corporate resources.

With recent data protection regulations and an increase in breaches, companies need to be able to not only find the Crown Jewels in their data, but also secure it. Traditional data discovery tools, however, lack the data source coverage to give organizations a way to identify and contextualize the sensitive Crown Jewels across any data store, any pipeline – in a data center or in the cloud. Join BigID and (ISC)2 on April 21, 2020 at 1:00PM GMT as we discuss how deeper data intelligence can help identify Crown Jewels and reduce liability risk across data sources. We’ll look at how to leverage next-generation classification to better enforce policy, how to reduce risk on your most valuable data, and how to implement advanced ML techniques to get more insight into your data.

The COVID-19 virus outbreak has put immense pressure on IT organizations who now need to scale remote access quickly to thousands of users working from home. Many organizations did not have a plan in place for this and are doing the best they can. Many remote workers haven’t been issued laptops or are using unmanaged devices that may not have adequate protections. Some companies are running into licensing issues for things like their VPN connections. Join ExtraHop and (ISC)2 on April 16, 2020 at 1:00PM Eastern for a timely discussion on how you can deal with performance and security implications of this shift and receive tips and best practices on how to deal with the situation we find ourselves in.

As the phishing threat landscape continues to evolve at a pace that technology is unable to keep up with, organisations are turning to phishing awareness and simulation programs to plug the gap. Is your phishing awareness program keeping up with this changing landscape?

Join Cofense as we explore the attributes of a modern phishing awareness program and see what our data, based on millions of phishing simulations, shows about awareness programs and simulation exercises.

You will learn:
-The statistical advantage of using an email reporting tool
-The important role the end user plays in active defense
-How often you need to send simulations for maximum resiliency
-The advantages of basing simulations on active threats, not random dangers
-Why ‘phish testing’ is the enemy of true phishing defense

Update 15 Apr 2020: to confirm, viewing this webinar for at least 45 minutes will earn you 1 group B CPE.

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

DNS is the last critical service on the Internet and in your organization that runs unencrypted or 'in the clear'. Competing consortiums of standards bodies, IT security associations and internet behemoths are trying to close the DNS encryption gap with varied approaches. Some advocate browser-based extensions, others opt for infrastructure and OS upgrades and others propose measures to block encrypted DNS traffic.

Even if a web session is encrypted, unencrypted DNS provides important behavioral metadata that can be used to track network activity. Used properly, encrypted DNS can close privacy and security gaps that leaves DNS queries open to surveillance data miners like Internet behemoths, law enforcement, ISPs, business competitors and advertisers. However, with zero sophistication, any user in your organization can use encrypted DNS, which is now embedded in the world’s most popular web browsers, to completely bypass IT security policies, steal data and run unauthorized applications – all undetectable by most security tools. In many ways, encrypted DNS poses the same risks to information security as the TOR network. However, in areas where accessing the wrong web content can lead to severe consequences, encrypted DNS can literally save lives. Join Infoblox and (ISC)2 on Tuesday, March 24, 2020 at 1:00PM GMT for a discussion examining the rationale and tech behind encrypted DNS, the risks and benefits and it can bring, and strategies information security teams can use to approach this rapidly emerging technology.

The security industry is constantly changing and there’s always a new technology to learn how to defend or a new threat to fight against. However, with a rapid and constantly changing landscape of technologies, threats, frameworks, techniques and legislations - it’s easy to get lost in the day-to-day of cyber security and neglect progression at a personal, team and organizational level. Working across the full spectrum of security teams, from newly formed to the well-established; both Splunk and (ISC)2 are constantly observing the patterns for success in cyber security at every level. Spoiler alert - those who get the promotions or pay rises don’t do so for successfully configuring a firewall or by being lucky enough that their company hasn’t been breached (yet). Join us on March 17, 2020 at 1:00PM (GMT) for a discussion on what success looks like in security, how success is defined by an organization and its board, what personal and team success looks like for individual contributors and the top six observations of what makes a security professional stand out.

The MITRE ATT&CK Framework provides an excellent structure for security professionals to identify the strengths and gaps in their ability to detect attacker tactics, techniques, and procedures (TTPs) in the environment. The framework is applicable for cloud, on-premises, and hybrid environments. Join ExtraHop and (ISC)² on March 5, 2020 at 1:00PM Eastern for a discussion on the MITRE ATT&CK Framework as we look at:

• How to get the most value from the MITRE ATT&CK Framework in a hybrid environment

• How upcoming changes in MITRE ATT&CK may affect utilization of the framework by SecOps teams

• How MITRE ATT&CK fits into an overall framework-driven strategy for improving detection coverage and security maturity in hybrid enterprises of all sizes.

The year 2019 ushered in a host of new adversaries, new attack methods and new challenges for the cybersecurity industry. The CrowdStrike® Services team faced these trials head-on, across geographical regions and within public companies, private industries and governmental entities spanning a variety of digital mediums.

This webcast, drawn from real-life engagements and presented by the experts who investigated them, focuses on the themes and trends observed in the global incidents the Services team responded to and remediated throughout 2019 and what they mean for 2020.

Join this webcast to learn the following:
•How business disruption emerged as a main attack objective
•Why third-party compromises served as a force multiplier for attacks and attackers
•Why macOS machines are now clearly in the cross-hairs of adversaries
•Recommendations based on CrowdStrike Services investigations that can help you increase your organization’s cyber defences

There is much talk in the Industry with regards to Zero Trust Networking (ZTN) - but what does it involve and what does this mean for Network Visibility? In this Webinar we will explore the reason for ZTN, some of the current ideas surrounding the implementations of ZTN and where Network Visibility plays a key role in securing such environments. With one of the key concepts of ZTN being the encryption and authentication of data in motion, we will also discuss the need for Metadata and why this can be an advantage over traditional methods of monitoring.

Join us for this webinar to learn more about how you can:

- Understand the ZTN trust model at a high level

- See which components are important within ZTN and why

- Understand why the perimeter is changing and why the need for segmentation goes beyond physical devices

- How Metadata can play a key role in understanding the activity of applications on your network

2019 was a watershed year in cybersecurity, with unprecedented growth in headline-grabbing breaches and revenue-impacting fines. As organisations struggle to deal with the ever-growing cyber threat, the need for an objective, easy way to quantify both security performance and the risk posed by vendor relationships has become apparent. Security Rating Services provide exactly the kind of insight security and management teams need to make data-driven, risk-based decisions that can enable a secure digital business transformation and improve security performance.

However, plenty of misconceptions and misinformation still exists about what Security Ratings can do for an organisation.

Join BitSight’s Chris Poulin for a look at how Security Ratings can transform your organisation’s security and risk management program.

With more than three decades of use, MFA is a proven method to reduce the risk of breaches due to stolen or weak credentials. While nearly any MFA method is an improvement over username and password alone, creative and resourceful attackers continue to expose weaknesses in legacy solutions such as token-based or telephony-based authentication. When considering or reviewing your secure access options, there are valuable lessons that can be learned from some of these real-world examples.

Join Duo Security’s Josh Green on 11 February for a grounded discussion on how MFA methods have evolved, a dissection of several successful attacks, and how modern MFA solutions fare against the same threats.

In this webinar, you will also learn:

Why SIM-Swap attacks and insecure multi-factor authentication (MFA) methods can increase the risk of the credential theft
How attackers leveraged these security gaps in the real-world breach examples