Petya, notPetya or Goldeneye - The Lies, the Truth and What's Coming Next
Media hype, so called cyber experts and the rest of the delettantes are all out in force trying to decipher what just happened with Petya. Ransomware or not? Script kiddies? Cyber warfare?
Let's dive into behind the scenes of what may just be the turning point in targeted malware (sorry ransomware) attacks.
Tune into this session to get the lowdown on where the attacks came from; who was behind them; what they mean for the cyber security industry and how you can improve the protection for your business the next time something similar rolls along.
You'll also have the chance to ask Amar your Petya or ransomware questions and to get the upper hand defending your organisation.
CEO & Founder: Cyber Management Alliance & Give01Day.com - Chair of ISACA's UK Security Advisory Group.
Experienced cyber, information security & data privacy practitioner. Senior C Level Executive, Global Chief Information Security Officer, Expert in Information Risk Management
UK Government GCHQ Certified Trainer and creator of APMG & GCHQ Certified course CSPE (Cyber Security & Privacy Essentials)
Creator and trainer of business focused Cyber Incident Planning & Response Course for middle to senior executives. (CIPR)
We are cybersecurity practitioners and leaders in Cyber Incident Planning & Response and believe there is no better way to prepare for a crisis than analysing and learning from past cyber-attacks.
Reviewing past cyber attacks is an effective way to learn from what happened, how the attackers and succeeded and how the organisation responded to the attack. In our launch series of Cyber Attack Timeline reviews we are going to review the ransomware attack on the company Travelex.
This webinar has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online.
Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.
Part 1 of Designing and Testing Cyber Incident Response Plans smashed all our records 300 live viewers over 600 registrations, 26 5 star reviews 80 questions. We are truly humbled.
Having efficient cyber incident response plans is the first part of the journey. We are excited to bring you part 2 of this series that focuses on how you test your incident response plans.
Testing is NOT
- Asking people to read the response plans.
- Sitting in a room and reviewing the plans against a scenario.
In this webinar, Amar Singh will share his insights and experience on how to plan and run an effective testing exercise (yup, you can call it a tabletop exercise) against your incident response plans. In his trademark fun and frank conversational style Amar will disclose more than just powerpoint tips but his actual approach in planning and conducting a testing exercise.
Designing an incident response plan may seem like an easy task. Most people will download a template assuming it’s the best way to create a response plan.
What do most templates do? Most templates will tell you to 'chuck it all in the plan', including the 'kitchen sink'. Most templates, when filled in, equal to 50 - 100 pages..
Guess what folks. No one ever reads the cyber incident response plan before the actual incident! No surprise there. Imagine having to land a plane on the Hudson. You have 60 seconds to read 100 pages. Not workable is it?
There is a better way.
Join us as we show you how to design and then test your Cyber Incident Response Plans. We also will share 5 key components you should focus when creating your cyber incident response plan.
You also get EXCLUSIVE access to our Cyber Incident Response Plan Template that you can use immediately.
Amar Singh, Sylvain Cortes, Chris Eves, Johnathon Taghavi
If you want to kill someone, the easiest way is to attack the heart. When cyber-criminals want to unleash a fatal attack on your organisation, they go for the Active Directory!
During the webinar, we will demonstrate how attackers are using Active Directory misconfigurations to spread ransomware inside the organisation, and ultimately take control of your data. We will expose the most common techniques attackers use to infect the first PC, catch credentials, move laterally to other machines, and take control of Active Directory.
The session will focus on actual demonstration, not just a boring slide deck – you will learn first hand about primo-infection, lateral movement, and privilege escalation. We will reveal the main counter strikes and what accurate defence mechanisms are efficient to deploy inside your organisation.
The new normal, that of working from anywhere, is starting to significantly impact organisations and their governance, compliance and information security postures.
Fact: If you had 10,000 staff working from one office today you have 10,000 remote-offices!
Fact: You still remain 100% responsible and liable for a data-breach or other non-compliance activities!
To say that the size of the threat and resulting risks has grown thousandfold is an understatement with the normal creating the largest ever data-sprawl risk we have ever seen. In addition, the CISO, the compliance and governance officers are going to have to deal with constantly growing threats like
- Cross contamination of corporate data & personal data.
- The decreased ability to manage corporate IT assets with rigour and diligence.
- Data Spillages & Data theft: Accidental or by cyber-criminals.
Join Amar Singh and Fredrik Forslund as they share their experience and knowledge on how to:
- Ensure cyber-criminals are unable to read ANY data from your corporate hard drives
- Ensure you have 100% compliant data sanitisation across the organisation.
- Conduct REMOTE data cleansing across every 'remote-office'
Fredrik Forslund, VP, Enterprise and Cloud Erasure Solutions, is a member of the Blancco global leadership team. With more than 20 years industry experience, he previously founded SafeIT Security in Sweden, a security software company now a part of the Blancco Technology Group.
Amar Singh is the CEO and co-founder of Cyber Management Alliance Ltd and a practising Chief Information Security Officer and creator multiple UK Government certified training courses.
These are the 3 major requirements when designing a WiFi network:
• DESIGN: The WiFi network must be efficient and error-free. At all times.
• MANAGEMENT: The WiFi Access points & network must be super-easy to manage. From
• AUTOMATION: You must be able to automate every aspect of the management and security. No excuses.
Join Paul Melvin from IGXGlobal and Neil Goddard from Juniper Networks as they take you through this educational session on how to transform your network with a modern microservices cloud architecture and inline engine that provides unprecedented scale, agility, insight, and automation.
We’ll cover the following:
- How to design an API based, highly scalable WiFi network.
- How to automate large-scale deployment of APs - create 500 sites in 5 minutes!
- How to apply business logic using APIs - a must see.
- How you can authenticate a user’s IoT device like a Point of Sale machine with secure corporate credentials and create a group pre-shared key - facilitating either a “home from home” experience, or segregation of device types.
In addition to the above, Mist Systems will run a live demos on how to use APIs to interact with your WiFi devices and how to integrate IoT device management directly from your WiFi device.
One of the biggest challenges in building a cyber resilient organisation is the ability to rapidly detect and even more importantly, rapidly respond to a malicious confirmed cyber-attack.
Here is a question? Can your cybersecurity toolset detect a sophisticated attack and take a calculated, automatic and immediate (stress on immediate, say between 0-10 seconds max) mitigating response?
Karsten Desler set out to create just that. He wanted to create a solution based on proven machine learning algorithms that can continuously learn and analyse malicious traffic and automatically take corrective action, with no human interaction.
Is this really possible or hyperbole?
Join Amar Singh as posts this question to the co-founder of Link11 company. Karsten is the chief developer who designed and produced the technology behind Link11.
We will also be joined by Joss Penfold, Regional Director UK & Ireland, Link11.
Cyber Management Alliance and Palo Alto Networks have earlier shed extensive light on SOAR - Security, Orchestration, Automation & Response and their platform that plugs in critical gaps in the incident response lifecycle.
Now, it’s time to pull out the stops and share the unusual, the strange, the unexpected. Because when it comes to security & network operations, there’s always room to reduce the boring, repetitive tasks that sap the life out of your day.
Need some examples? Here's what you can expect:
- How to build a playbook to automate on-boarding and off-boarding of employees;
- Better manage your physical security;
- Semi-automating remediation tasks (with strict workflows)
- Getting married and need to send out invitations? Believe it or not, we can do that too, and much more…
Join Patrick Bayle from Palo Alto and Amar Singh from Cyber Management Alliance Ltd as they review the possibility of Orchestration and how it can help you in increasing your cyber resilience posture.
Patrick Bayle CISM CISSP, Senior Systems Engineer @ Cortex (a Palo Alto Networks company) spent his first ten years of employment working on the security front line for one of the largest financial institutions in the world.
How to Extend your Enterprise to All Staff with one Single Click & other operational strategies to secure your Staff Connectivity.
Large scale and regular remote working poses unique operational and security challenges that need a new and optimised approach. The question is NO longer about remote working. The question is can you
- Safely segregate your corporate data from your staff's personal digital artefacts.
- Protect your corporate data from compromised home wifi
- Proactively troubleshoot and resolve connectivity issues fully remotely. Quick.
- Ensure that your staff can safely work from anywhere NOT just the home.
Join Jan Van de Laer and Amar Singh as they discuss the challenges, the threats and importantly
- Give you a live demo of how the ZERO Touch configuration and remote troubleshooting works.
- How REAL Machine Learning helps in keeping remote staff safe and secure whilst vastly reducing the support burden on technical staff.
- The simple and easy to implement steps to greatly reduce the current risk of remote working.
An Insider's Story on How One Company Created a Treasure Trove of Threat Intelligence.
Join us to hear the details of Mimecast, a company that is synonymous with email security, ended up building one of the world's largest repository of security threat intelligence. Malware, ransomware, word or excel documents. You name the threat vector the chances are they have seen it.
We all know that good and timely threat intelligence is one and very effective way to try to keep up with the cyber criminal. However, there are three major challenges when it comes to good quality threat intel
- Sourcing: You need to have a reliable source
- Scale: Especially when it comes to automated threat-intel, the larger the footprint of the source the better (we will explain more on this during the webinar)
- Credibility: As it implies, you need to know that the provider has credibility and integrity
Join the webinar to listen to Anoop Das who shares how Mimecast built and maintains this treasure trove of threat intelligence.
Despite significant investments in security, many organisations are still grappling with building a strong cyber-resilient business. Amongst their top challenges; How can they can be more effective in building the awareness and employee behaviours required to be more resilient to growing cyber-attacks.
Join us to hear about the awareness training journey a large organisation with 80,000 staff has been on, the challenges they’ve faced and the lessons they’ve learnt. What can we learn from their experience to enhance our own campaigns?
In addition during this webinar we will :
Join us as we
---> Share practical real-world examples and a blueprint for showing how your cyber awareness training could work based on a set of evidence-based principles.
---> Corporate learning in the digital age needs to enable and support behaviour change and we will assess the ways in which immersive training and active employee engagement can form the backbone of your cyber awareness blueprint.
--> Assess ways in which we can start to re-wire our ‘human operating systems’ – helping to ensure we help our employees become our most effective defence rather than just hoping they don’t make simple mistakes. Mistakes that our adversaries are counting on us to make.
- Stuart Coulson, Director, HiddenText
- Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA
- Amar Singh, Founder and CEO, Cyber Management Alliance
The author Maya Angelou has said: “…people will forget what you said, people will forget what you did, but people will never forget how you made them feel.”
The fact is security that doesn’t work for your people, doesn’t work.
We need to understand our own ‘human operating systems’ to ensure we can be effective in designing and managing innovative and collaborative solutions for our own ‘human error’ – the most significant threat to our organisations security and resilience. If, like us, you believe that there is a better way to achieve lasting behaviour change, then join us and share your experiences and insights.
The webinar will:
- Outline and illustrate some of the principles that should underpin an engaging and effective cyber awareness training.
- Highlight the critical questions you should be asking in assessing any awareness training solution.
- Highlight techniques now being used to make cyber awareness training engaging and fun,
- Discuss new research designed to develop real ‘people-centred’ security.
- Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA Frontline
- Amar Singh, Founder and CEO, Cyber Management Alliance
- Lizzie Coles-Kemp, Professor of Information Security, Royal Holloway, University of London
Interesting new research reveals that organisations in India and APJ face a series of cybersecurity shortcomings in the areas of education, company culture, skills, budgeting and operational management.
The attackers are attracted to the "low hanging fruit" and green pastures as companies in India and the region are only just coming to terms with the negative impact of being insecure and not ready for cyber-attacks.
Join Amar Singh & Ben Verschaeren as they discuss why overcoming these challenges won’t be easy and the opportunities available to strengthen these areas in addition to the hardening of the technology platforms and tools used.
Ben, based in Australia, is Sophos' Global Solutions Engineer and threat researcher. Ben is responsible for researching the threat landscape and educating the Sophos team, customers and partners on the latest threats. This includes building demonstration and training tools, focusing on real world exploits and malware.
Amar is based in London, UK and is a globally recognised cyber and privacy specialist and a practising CISO. Amar and his firm Cyber Management Alliance Ltd are trusted advisors in cybersecurity and privacy to global organisations and mentor CISO and C-Level executives on cyber resilience and data-privacy.
What the Industry Tries to Cover Up and What you Need to know.
"This is the most secure solution that you will ever need. It has Machine Learning, advanced Artificial Intelligence, block-chain and blah blah blah."
Yet, cyber-crime is increasing!
Like in other sectors, IT and cyber have their fair share of Snake-oil sellers. However, if you include the blow-out-of-proportionists and aggressive selling tactics, it gets more complicated, dangerous and sometimes leaves you with little more than unadulterated lies.
Join Amar Singh and Chris Eves from Alsid as they separate the wheat from the chaff and filter-out the noise to show you the stuff that really matters when it comes to building a cyber-resilient business.
Amar Singh is an experienced Cyber and Privacy practitioner and is the CEO of Cyber Management Alliance Ltd and the founder of Wisdom of Crowds.
Chris Eves is a Data Protection expert helping to protect enterprise organisations from cyber attacks, both internally and externally. During Chris's 10 years in IT, he has built up knowledge of Networking, Infrastructure, Backup, Data Storage and more recently Data Protection & Governance and Active Directory Cyber Security.
Amar Singh (Cyber Management Alliance), Steven Peake (Barracuda)
To-the-point webinar that shows you the key technology stack you need to ensure you are able to detect and swiftly respond to the early stages of a cyber-attack. There are enough statistics and figures available to convince anyone - criminals will succeed in breaking-in. The question you have to ask yourself? - Are you prepared for Rapid Detection and Rapid Response.
Furthermore, successful and swift response requires the right technology stack where all the various technology solutions work together. Review this educational webinar to see how a harmonious eco-system works as one to make Rapid Incident Response real and effective.
Discover how email security is moving beyond the gateway, using new techniques such as artificial intelligence and machine learning to protect organizations against the latest emerging threats such as spear phishing and account takeover.
Wow - This is an exciting and busy webinar - with loads of templates and downloads too!
* Live session on how we create an incident playbook from scratch!
* Review of our playbook scratchpad - how we design the initial playbooks.
* Automating incident response - some thoughts.
* Exciting updates on the GCHQ-certified CIPR training
This playbook webinar is taken from our certified Cyber Incident Planning & Response (CIPR) workshop and we will have several past attendees sharing their experience about the workshop and how they implemented the lessons from this training.
Morrisons, the fifth largest super market in UK, will go down in history for all the wrong reasons. The inability to not just prevent but detect a massive data leak has meant that its brand name is being dragged through the mud and dirt, not once, but many times over. Yes Morrisons could have done many things and this webinar is NOT about beating up the brand or pointing a finger.
Experts in this webinar will discuss a better, simpler approach that may reduce or at least make these kind of incidents very difficult to materialise. Join Amar Singh, Barnaby Davies and Jeremy Wittkop as they take a positive and proactive approach to preventing brand-damaging data breaches.
Background: The Court of Appeal (October 2018) upheld a decision of the High Court holding Morrisons vicariously liable for data breaches caused by the actions of its employee, even though the employee’s actions were specifically intended to harm Morrisons.
Do Google: search for morrisons data leak court case for more information.
File storage & sharing should not just be about the size but also privacy and most importantly about maximum security.
* Is your data protected by default?
* Who has access to your data?
* Who can index your data?
* Where is your data stored?
These and many more questions will ensure you select the right type of service that offers NOT only you but your clients the assurance that you take privacy and security seriously - especially when it comes to the cloud.
Join Amar Singh as he discusses the following with Istvan Lam, the founder and CEO of Tresorit:
- How to design an intercept-proof file sync & sharing service?
- What does End-To-End encryption service actually mean?
- How to combine on premise equivalent security with consumer grade simplicity?
- Where is your data actually stored and what would happen in case of a breach of those cloud servers?
- What does ZERO-Knowledge mean in the real world?
View our exclusive "Insights with Cyber Leaders Series" and webinars
Cyber Management Alliance presents an exciting series of interviews with International Cyber Security Leaders. Want to know what they look for when hiring for their teams? Want to know the secrets to their success and what keeps them awake at night? Theses exclusive interviews are presented by industry thought leader and Chair of ISACA's UK Security Advisory Group and Global CISO Amar Singh. Series but humours and light hearted interviews. See the leading figures in Cyber Security like you've never seen them before. From Eugene Kaspersky to CTO HP Enterprise and CTO of Intel Security we have an amazing line up. Subscribe for updates.