Name: Hacks That Bypass MFA and How to Make Your MFA Solution Phishing Resistant
Start: 2022-09-29T20:53:00Z
End: 2022-09-29T20:54:00.000Z
Location: BrightTALK
Rating: 4.7

KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created to help organizations manage the problem of social engineering, spear phishing, and ransomware attacks, through a comprehensive new-school awareness training approach. KnowBe4 trains employees to make smarter security decisions.

When you think of using biometric technology as part of your multi-factor authentication process, you assume these attributes are safe. Cybercriminals can’t hack your fingerprints, can they? The answer may surprise you!

Cybercriminals are always coming up with new ways to get around safeguards, and biometric based hacks are on the rise.

Watch Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist, as he dives into how biometrics can work, how they can be used against you, and how you can best protect your organization.

In this on-demand session you’ll learn:

- How biometric attributes are stored and used
- Why your digital fingerprint is not nearly unique as you think
- How cybercriminals steal biometric data and use it against you
- Attributes of strong biometric solutions
- Why training your users is your best, last line of defense

Get the information you need now to protect your network and watch this webinar now!

Hacking Biometrics: If You Thought Your Fingerprints Were Safe, Think Again!

What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods?

Password complexity, length, and rotation requirements are the bane of IT departments’ existence and are literally the cause of thousands of data breaches. But it doesn't have to be that way!

Watch Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist, for this thought-provoking on-demand webinar where he shares the most common risks associated with passwords and how to develop password policies that work.

You’ll learn:
- What you need to know about password length and complexity
- How password attacks work and which ones you should be most worried about
- What your password policy should be and why
- Why your organization should be using a password manager

Start improving your password defenses now and watch this webinar now!

A Master Class on Cybersecurity: Roger Grimes Teaches Password Best Practices

Everyone knows you shouldn’t click phishy links. But are your end users prepared to quickly identify the trickiest tactics bad actors use before it’s too late? Probably not. 
 
Cybercriminals have moved beyond simple bait and switch domains. They're now employing a variety of advanced social engineering techniques, like sneaky rogue URLs, to entice your users into clicking and putting your network at risk. 
 
Watch Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, in this on-demand webinar as he shows you how to become an expert phish finder. He dives deep into the latest techniques and defenses to share:
 
- Real-life examples of advanced attacks using rogue digital certificates, homograph attacks and more
- Safe forensic methods for examining URLs and other tactics for investigating phishy emails
- Strategies for dissecting URLs on mobile without clicking
- Simple ways you can train your users to scrutinize URLs and keep your network safe
 
Find out what you need to know to keep your network protected and safe from the latest phishing attacks!

Combatting Rogue URL Tricks: Quickly Identify and Investigate Phishing Attacks

No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Erich Kron, Security Awareness Advocate for KnowBe4, provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by oily car dealers, to sophisticated social engineering and online scams. Additionally, we’ll look at how to ethically use the very same levers when educating our users.

Key Takeaways:
- The Perception Vs. Reality Dilemma
- Understanding the OODA (Observe, Orient, Decide, Act) Loop
- How social engineers and scam artists achieve their goals by subverting OODA Loop's different components
- How we can defend ourselves and our organizations

Levers of Human Deception: The Science and Methodology Behind Social Engineering

The California Consumer Privacy Act (CCPA) is a landmark California law that has had privacy implications far beyond state borders.

Now organizations like yours likely need to comply with the California Privacy Rights Act (CPRA). The new regulation is an extension of the CCPA with more focus on individual privacy rights and more stringent requirements.

If your organization handles data of California residents, these regulations cannot be ignored. Gaining insight into the progress of your peers and what work still needs doing is vital for prioritizing your next steps and ensuring compliance. 

Watch Lecio DePaula, Jr., KnowBe4 VP of Data Protection, and Michael Sampson, Senior Analyst at Osterman Research, in this on-demand webinar as they explore how organizations have prepared for the CCPA and what steps need to be taken to comply with CPRA. 

In this session you’ll learn:

- The average organization's maturity with regard to data privacy
- Budget amounts organizations are expecting to spend on CPRA compliance
- The status of employee training initiatives related to the CPRA
- Best practices for complying with the CPRA

How to Comply with the CPRA: Stats and Best Practices You Need to Know

Cybercriminals are out there, watching and waiting for the perfect opportunity. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.

But with a strategic approach to cyber defense you can hack the hacker before they strike! In this session, we'll share insights into their strategies and their motivations. You’ll learn how to use that understanding, along with simple strategies to make your organization a hard target.

Join Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, for this new webinar as he exposes the mind of a hacker to help you see your cyber risks from the outside in.

In this session you’ll learn:

- How hackers collect “private” details about your organization and your users
- The most common root causes that lead to damaging cyber attacks
- Common mistakes made when designing cyber defenses and how to fix them
- Data-driven strategies for mitigating your biggest weaknesses
- Why a strong human firewall is your best, last line of defense

Get the details you need to know now to outsmart cybercriminals before you become their next victim!

Hacking the Hacker: Assessing & Addressing Your Organization’s Weaknesses

It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware of beyond standard “click and infect” attack vectors?

Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and popular cybersecurity author for this eye-opening webinar. Roger will share his take on several significant, advanced, and yes, crazy cyberattacks he’s seen in the wild. Plus, he’ll share defensive strategies you’ll want to implement to prevent them from affecting your network.

You’ll see examples of 10 amazing hacks showing how:

- Your users’ passwords can be cracked in mere minutes
- Cybercriminals easily bypass Multi-Factor Authentication
- Automated malware can devastate your network
- Hackers can completely take over your network with a few simple steps
- And more!

Find out what you can do to mitigate these advanced hacking techniques instead of becoming the next unknowing victim.

10 of the Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them

If you think the only way your network and devices can be compromised via email is phishing, think again!
 
A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team.
In this webinar Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run. 
 
Roger will show you how hackers compromise your network. You’ll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World’s Most Famous Hacker and KnowBe4's Chief Hacking Officer.
 
Roger will teach you:
- How remote password hash capture, silent malware launches and rogue rules work
- Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective
- The ins and outs of clickjacking
- Actionable steps on how to defend against them all
 
Email is still a top attack vector cybercriminals use. Don’t leave your network vulnerable to these attacks.

Incredible Email Hacks You'd Never Expect and How You Can Stop Them

Don't click phishy links. Everyone knows that. But are your end users prepared to quickly identify today's tricky tactics being used by bad actors? Probably not. Cybercriminals have moved beyond simple bait and switch domains. They're now employing a variety of advanced social engineering techniques to entice your users into clicking and putting your network at risk. You need to stay a step ahead of cybercriminals.
 
Join us when Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, shows you how to become a rogue URL expert. He’ll dive deep into the latest techniques and defenses to share:

- Real-life examples of advanced attacks using rogue digital certificates, homograph attacks, and more
- Safe forensic methods for examining URLs and other tactics for investigating phishy emails
- Strategies for dissecting URLs on mobile without clicking
- Simple ways you can train your users to scrutinize URLs and keep your network safe
 
Find out what you need to know to keep your network protected.

A growing number of organizations worldwide are utilizing cryptocurrency for a host of investment, operational, and transactional purposes. Seemingly overnight, technologies like non-fungible tokens (NFTs) emerged and just as quickly, cybercriminals learned how to capitalize on organizations’ naivete for their own benefit. 
 
Are you still not sure about the ins and outs of NFTs and cryptocurrencies? Should your organization even care? The answer is YES, and we are here to help you make sense of it all. Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, as he shares what you need to know to defend yourself in this new age of Web 3.0. 
 
Roger covers:
- The business impact of NFTs and cryptocurrencies: What are they and why should you care
- The various and increasingly popular attacks against NFT and cryptocurrencies
- How you can best defend yourself and your organization from becoming the victim of an attack
- The projected future of NFTs and cryptocurrencies
 
Stay up-to-date on the latest technologies and their hidden threats!

Understanding the Threat of NFT and Cryptocurrency Cyber Attacks

A growing number of organizations worldwide are utilizing cryptocurrency for a host of investment, operational, and transactional purposes. Seemingly overnight, technologies like non-fungible tokens (NFTs) emerged and just as quickly, cybercriminals learned how to capitalize on organizations’ naivete for their own benefit. 
 
Are you still not sure about the ins and outs of NFTs and cryptocurrencies? Should your organization even care? The answer is YES, and we are here to help you make sense of it all. Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, as he shares what you need to know to defend yourself in this new age of Web 3.0. 
 
Roger will cover:
- The business impact of NFTs and cryptocurrencies: What are they and why should you care
- The various and increasingly popular attacks against NFT and cryptocurrencies
- How you can best defend yourself and your organization from becoming the victim of an attack
- The projected future of NFTs and cryptocurrencies
 
Stay up-to-date on the latest technologies and their hidden threats!

As organizations have increased their scope of vendors and partners, they have also increased their digital risk surface and are facing new challenges regarding vendor risk management. By taking a data-driven approach to identifying, understanding, and acting on risk, you can efficiently eliminate your organization's most critical third-party security gaps.

Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist and 30-year security veteran, and former auditor who has passed the CPA and CISA exams. Roger will show you how to leverage your organizations’ data to significantly improve your third-party risk management program. 

Roger will show you:

- The evolution of vendor risk management
- Differences between traditional risk management and "real" risk management, and why it matters
- How to create a data-driven risk management plan using best practices

Learn how you can close your organization's most critical third-party security gaps by taking a data-driven approach to identifying, understanding, and acting on risk.

A Data-Driven Approach for Your Third-Party Risk Management Processes

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to be a race between effective technology and ever evolving attack strategies from the threat actors. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface: New-school security awareness training.

In this on-demand webinar Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, and Joanna Huisman, KnowBe4's Senior Vice President of Strategic Insights and Research, review our 2022 Phishing By Industry Benchmarking Study, a data set of 9.5 million users across 30,173 organizations.

You will learn more about:
- New phishing benchmark data for 19 industries
- Understanding who’s at risk and what you can do about it
- Actionable tips to create your “human firewall”
- The value of new-school security awareness training

Do you know how your organization compares to your peers? Watch this webinar to find out!

New 2022 Phishing By Industry Benchmarking Report

The scary fact is that the majority of data breaches are caused by human error. With so many technical controls in place hackers are still getting through to your end users. How are they so easily manipulated into giving the cybercriminals what they want? Well, hackers are crafty. And the best way to beat them is to understand the way they work.

In this webinar Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will take you through the "Cyber Kill Chain" in detail to show you how a single email slip up can lead to the total takeover of your network.

Roger will show you:
- How detailed data is harvested using public databases and surprising techniques
- Tricks used to craft a compelling social engineering attack that your users WILL click
- Cunning ways hackers deliver malicious code to take control of an endpoint
- Taking over your domain controller and subsequently your entire network

But not all hope is lost. Roger will also share actionable strategies you can put in place now to greatly reduce your risk. Find out how to protect your organization before it's too late!

Hacking Your Organization: 7 Steps Cybercriminals Use to Control Your Network

No matter how much security technology we purchase, we still face a fundamental
security problem: people. This webinar will explore the different levers that social
engineers and scam artists pull to make us more likely to do their bidding.

Join Jacqueline Jayne (JJ), KnowBe4's Security Awareness Advocate as she shares
her insights and examples of mental manipulation in everyday life: from the tactics used
by tricky advertisers to sophisticated social engineering and online scams. Additionally,
we’ll look at how to ethically use the very same levers when educating your users.

Key Takeaways
- The Perception Vs. Reality Dilemma
- Understanding the OODA (Observe, Orient, Decide, Act) Loop
- How social engineers and scam artists achieve their goals by subverting - -
OODA Loop's different components
- How we can defend ourselves and our organizations

Cyber crime has become an arms race where the bad guys constantly evolve their attacks while you, the vigilant defender, must diligently expand your know how to prevent intrusions into your network. Staying a step ahead may even involve becoming your own cyber crime investigator, forensically examining actual phishing emails to determine the who, the where, and the how.

In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, shows you how to become a digital private investigator! You’ll learn:

- How to forensically examine phishing emails and identify other types of social engineering
- What forensic tools and techniques you can use right now
- How to investigate rogue smishing, vishing, and social media phishes
- How to enable your users to spot suspicious emails sent to your organization 

Get inside the mind of the hacker, learn their techniques, and how to spot phishing attempts before it’s too late!

Cyber CSI: Forensically Examine Phishing Emails to Protect Your Organization

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?

For decades, end-users have borne the brunt of the password tyranny, a result of the IT industries’ inability to engineer secure systems. Password complexity, length, and rotation requirements are the bane of your end-user experience and literally the cause of thousands of data breaches. But it doesn't have to be that way!

Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, and David Littman from Truth In IT to find out what your password policy should be and learn about the common mistakes organizations make when creating password policy.

In this webinar you'll learn:
- Why passwords are so easy to hack and how the bad guys do it
- How to craft a secure, risk-focused password security policy
- The truth about password managers and multi-factor authentication and how they impact your risk
- How to empower your end users to become your best last line of defense

The Pesky Password Problem: Policies That Help You Gain the Upper Hand

The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple password.

Join Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist for this on-demand webinar to learn common MFA hacking techniques and what it takes to make your MFA phishing resistant. He’ll also share a pre-filmed MFA hacking demo from Kevin Mitnick, KnowBe4’s Chief Hacking Officer.

In this webinar you’ll learn:
- Government recommendations for effective MFA
- Characteristics that make MFA easily hackable
- Features you should look for in a strong MFA solution
- Which phish-resistant MFA you should be using
- Why a strong human firewall is your best, last line of defense 

Get the information you need to know now to better defend your network.

Hacks That Bypass MFA and How to Make Your MFA Solution Phishing Resistant

Multi-Factor Authentication

Security Awareness

Cyber Security

Information Security

Cyber Attacks

IT Security

Cyber Defence

Cyber Crime

Network Security

Data Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Hacks That Bypass MFA and How to Make Your MFA Solution Phishing Resistant

Presented by

About this talk

KnowBe4