Based on recent DDoS attacks against DYN and a number of other critical targets on the Internet, let’s examine what drives the hackers behind the scenes. We are dealing with a different breed of hackers, not striving for fame or fortune but looking for a malevolent path of destruction. Understanding hackers’ motivation, their tools, capabilities goes along with scaling our defenses against similar devastating attacks.
RecordedNov 11 201660 mins
Your place is confirmed, we'll send you email reminders
Security threats mutate and lately they are becoming more bold than ever. What is driving this pattern? We will examine new patterns in ransomware, phishing, and data exposures that are greatly affecting our security posture as well as provide better guidelines for mitigating these threats.
As our journey towards better security continues, we need to learn from mistakes of the past. We will discuss capitalization on past successful experiences and learn cautionary tales from failures. Secure-by-design is our goal but it cannot be at the expense of user experience or product quality.
On the way to maturity, we are to learn from our own mistakes but how well do we do it? Are we also able to learn from mistakes of our peers and our industry? We will examine the common pitfalls and provide actionable advice on improving the information security posture for organization on many levels.
Technology and threats pace exceeds our ability to educate everyone about secure use of technology and defensive tactics. We will discuss current threats like ransomware, credentials abuse, data exposures, and many others. We will map defensive techniques that you need to know about these and emerging threats.
We invest a lot of time, skill, and technology into our defenses yet the hackers are still successful. What lessons can we learn from the recent attack techniques and breaches to make our networks less vulnerable?
Alex Holden, CISO and President Hold Security, LLC
The Dark Web is a dark world inhabited by hackers covertly trading stolen data, information, and unlawful goods, therefore not a place many of us visit. This community of criminals continues to thrive, so let’s analyze this dark world and investigate the systems they use to steal our data and gain a better understanding of their targeting techniques, as well as learn about the Black-Market dynamics. The best way to stop or prevent a breach is by understanding this world of criminals and learn to beat them at their own game.
As our electronic footprint is growing, we attach our personal and corporate identity not only to computers, networks, and clouds but also to a countless number of devices in the Internet of Things. From medical devices, to home devices, to complex devices in manufacturing, and beyond we will discuss how your identity can be impacted by a security breach. What are the right steps that you should be taking for the IOT security? What are the most common pitfalls?
Phishing and website impersonations are one of the most common and harmful techniques that cause a substantial amount of damage. Mining DNS data can be a great and effective way to prevent these attacks from ever taking off. We will discuss how to detect and blacklist sites before the first fraudulent email or first web connection is made.
Learn about techniques and tools available to stop these attacks at root.
One of the toughest fights in information security is the fight for your budget. The most integral part of your budget are your employees. We will discuss how strategic investments into the human capital can make or break your security posture. How to get the right talent, and also how to retain it. The human side of economics is usually the most unpredictable one and you need to know how to navigate it.
The simplest way to compromise systems is not by hacking but through use of previously stolen information like credentials that would let the bad guys walk in through the front door and take everything.
Therefore, stolen credentials have a high demand on the Dark Web and we are constantly barraged by news about massive credentials thefts.
You should be protecting your users from losing their credentials and subsequent abuse. However, you should also protect them against misinformation about "new" credentials cache discoveries.
After being credited with the largest legitimate stolen credentials discoveries, I feel like one of the world's foremost experts to provide you with insights about critical thefts.
Learn what kind of challenges the next generations of technology will bring to cybersecurity and what kind of safeguards we are building. From our history of technologies becoming obsolete, to the rise and fall of hacker techniques; we can derive our lessons and not only fantasize about our future but predict it based on a solid track record from the past.
We try to fortify our perimeter against the hackers. The truth is that some of them get through, and in most dire cases, they take your data with them to the Dark Web. We will discuss detection of the breaches from the Dark Web perspective. What hackers do with your data, and how to tune your tools to detect your breached data outside of your perimeter.
What do hackers want to do with your medical data? These are practical examples from the Dark Web of real HealthCare data abuse. What is important to the bad guys, what is not? Learn about the hackers’ perspective and how to defend the data against abuses.
With GDPR at our doorstep, getting breached not only carries losses due to hackers but the potential of penalties from the regulators and government. What is the best advice on how to deal with breaches, besides not getting breached? Let’s discuss the basics to show a measured standard for detecting malicious events, classifying them, and responding with at most efficiency.
Most breaches cannot be simply mitigated with technology or cyber insurance. Breaches have short-term and long-term price tags that come with loss of reputation with customers and stakeholders. We will discuss the true costs of breaches and what you can do to minimize the impact they cause.
About the Presenter:
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile breaches including Adobe Systems, initial vendor breach that led to the discovery of the JPMorgan Chase breach, the independent discovery of the Target breach and the Veraz (Equifax Argentina) breach. In 2014, he discovered the largest breach of data to-date. Dubbed the CyberVor breach, he recovered a cache of over 1.2 billion stolen credentials gathered from over 420,000 exploited web sites. Considered one of the leading security experts, he regularly voices his professional opinion in mainstream media.
If your organization has never been breached, think again, it probably happened and more than once. If you have dealt with a data breach before, you know how stressful and painful this can be. But let’s take a step back and examine:
- The basics for the incident response
- How to deal with the worst that the hackers can throw at you and still re-emerge successfully.
Understanding the hacker advances in AI is critical to stop the new generation of cyber threats. At the same time, what techniques can we teach our AI's to examine and prevent new exploitations.
About the Presenter:
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile breaches including Adobe Systems, initial vendor breach that led to the discovery of the JPMorgan Chase breach, the independent discovery of the Target breach and the Veraz (Equifax Argentina) breach. In 2014, he discovered the largest breach of data to-date. Dubbed the CyberVor breach, he recovered a cache of over 1.2 billion stolen credentials gathered from over 420,000 exploited web sites.
Considered one of the leading security experts, he regularly voices his professional opinion in mainstream media.
Alex Holden (Hold Security) | Jesper Johansson (Yubico) | Nathan Wenzler (AsTech)
Uber recently disclosed a massive data breach in which the personal information of 57 million Uber customers and drivers were stolen by hackers in October 2016. What are some of the lessons we can draw from this latest breach?
Join this interactive panel of experts as they review:
- What is the impact of this breach?
- What should Uber users do in response to this breach?
- What are the most common reasons for breaches?
- What should organizations be doing to better tighten their security?
- Alex Holden, CISO of Hold Security
- Jesper Johansson, Chief Security Architect, Yubico
- Nathan Wenzler, Chief Security Strategist, AsTech Consulting
With cyber threats constantly emerging every week, many struggle to keep up with all of the issues and many others feel hopeless. We will examine recent trends and breach categories to understand how the threat landscape has shifted. We must learn from our recent and not so recent history to be able to predict the next wave of attacks and to structure our defenses against them.
Grown and shaped by market demand, Hold Security, LLC is an Information Security, Threat Intelligence, Risk Management, and Incident Response Company helping businesses of all sizes to stay secure.
Powered by the brightest security experts, Hold Security works with companies around the world to enhance their security posture. Our engineers continue to play lead roles in discovery and investigations of major security breaches, with a proven track record of success.