ISSA International Series: Trials & Tribulations of Social Engineering
We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks
Moderated by: Pete Lindstrom, IDC
Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
Andrew Lewman, Laxdaela Technology
Ben Rothke, Senior Security Consultant, Nettitude
Paul Williams, CEO, Clarity Consulting Corporation
RecordedJul 24 2018121 mins
Your place is confirmed, we'll send you email reminders
IT implementors are made less successful due to ‘Technical Debt’. Cybersecurity suffers from ‘Myth Debt’, where the same untrue tropes are repeated and hold us back. It takes experience to recognize these myths, but worse still is they can mask the valuable truths that lie within the myth. These never-dying misunderstanding spread outside cybersecurity and falsely inform the IT and business leaders, making it harder still to stop bad things from happening.
So let’s poke some holes in some myths, pick some or all:
•Insider threat is the biggest worry
•Great Pen Tests mean excellent security
•Any attacker motivated enough can hack you easily
•Security training and education of devs will get us secure code and apps
•The cloud is secure. The cloud is insecure
•Encrypting everything makes for strong security
•Spending more on security makes security better
•Excellent endpoint security means we no longer have to worry about network or other security
•You can’t defend yourself against ransomware
Automated bot attacks are becoming increasingly sophisticated as they learn to avoid detection and stay unidentified longer.
Tune in for the live webinar on October 16 at 10 am PT as Ido Safruti, co-founder and CTO at PerimeterX and Deepak Patel, VP of Product Marketing at PerimeterX, highlight the top five ways to identify automated bot attacks to your website. We will also cover:
•Real use cases - attacks that happened in the real world
•Practical strategies for identifying automated attacks
Best practices for addressing and blocking bot attacks
In this panel webinar, ObserveIT’s Head of Security, Chris Bush, will discuss the topic of the risk from insider threats. We will illuminate the seven common motives—also known as the seven deadly sins—that influence insider threats, and share best practices for defending against them. We will explore what makes insider threats so different from traditional external threats. We’ll also cover:
•The seven most common motives for insider threats
•How to detect & investigate insider threats efficiently and accurately
•What to do about insider threats in your supply chain
•How to fit insider threat protection into your broader security program
•Legal and privacy concerns that often arise within insider threat programs
Ken Dunham, Senior Director, Technical Cyber Threat Intelligence, Optiv
In a recent Thales survey, two thirds of CISOs cited the increase in cloud service adoption, combined with a lack of strong security solutions, as the main reasons cloud services are the prime targets of attack. As organizations undergo digital and cloud transformation, CISOs and security officers are operating in a high stress environment caused by security, compliance and manageability challenges.
In this presentation we’ll discuss how identities are becoming the new security perimeter in a zero trust world and present best practices for implementing an access management framework that can help organizations remain secure – and scale – in distributed networking environments.
Dipto Chakravarty, Chairman of Security, Privacy and Trust COE, IoT Community
Felice Flake, CEO ScySec, LLC
Ashley Adams, Product Marketing Manager for Authentication and Access Management, Thales
How protected are you from the latest types of DDoS attacks? Our new cyber threats report confirms that DDoS attacks continue to be an effective means of inflicting damage to brand and revenue.
During this webinar we’ll provide an in-depth look at our latest findings:
•Growth and complexity of attacks
•Emerging new attack trends
•How to protect your online presence from new and evolving DDoS attacks
•Which cyber threats most concern senior IT security executives
And much more.
Register to attend our webinar to understand the latest developments in DDoS attacks and how to mitigate them.
Michael Levin, CEO/Founder, Center for Information Security Awareness
Bob Weiss, CEO, WyzCo Group Inc
Michael Kaczmarek, VP Product Management, Neustar
While GDPR and CCPA have been the focus for most professionals, legislation is not all about PII. Over the past year there have been numerous pieces of legislation and regulation drafted, which has been missed by most of us. With controls on export, technology use, IoT, consumer device security, and other things looming this is your chance to see what's going on.
Mathieu Gorge, Vigitrust
Ross Nodurft, Senior Director of Cybersecurity Services, Venable
Harley Geiger, Director of Public Policy, Rapid7
Paul Lanois, Director, Fieldfisher
It is increasingly apparent that authenticating only with username and password is no longer sufficient as stolen passwords are responsible for 81% of data breaches. And even though many organizations have implemented multi-factor authentication (MFA) through mobile push, or One Time Passwords (OTP) via SMS and mobile apps, these authentication techniques have been shown to be vulnerable to account takeovers.
Attend this webinar to learn:
* How WebAuthn, the new web authentication standard, is paving the way for a highly secure passwordless future
* The key benefits of passwordless login for your employees, partners, and customers
* Best practices for enterprise authentication
Phishing is one of InfoSec's longstanding threats. But for cyber criminals, email is just one entry point of many. How can you better prepare you and other end users in your organization for cyber security threats beyond email-based social engineering?
During this session, we will share results from the Proofpoint’s Beyond the Phish® Report, which examines end-user understanding of a broad range of cyber security topics and best practices. The report features analysis of data related to nearly 130 million cyber security questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.
- The importance of assessing and training end users about cyber security threats beyond email-based social engineering
- The strengths and weaknesses among end users across 14 cyber security topics, highlighting how end-user knowledge levels vary across industries
- A more holistic view of susceptibility by looking beyond knowledge assessments and training activities
- How you can use this information to reduce the risk of successful cyber attacks within your organization
Join our experts as we dive into the report and share best practices and pitfalls as we stimulate a stronger security culture.
The first year is always the most critical as we wind our way through legislation with companies, courts, and people working to understand and adjust the rules. Well It has been one year since GDPR became active. In that time how many cases have been tried, fines levied, and what changes have been made?
One key aspect of digital transformation for many companies has been the evolution and rise of the remote user. Application access from any device, anywhere has become an imperative for success, but with transformation comes challenges with attack surface and network vulnerability.
Adopting a zero trust model is key to combat cybercriminals who are probing security perimeters and enterprise resources for vulnerabilities with a distinct purpose. Application access and identity is one of the key areas to begin.
Join us on ……May 15th at 1pm EST for a discussion with Akamai security professional Faraz Siddiqui as he shares steps you can take to protect your network against breaches by evolving access policies and solutions.
Why passwords are a thin illusion of protection and what to do about it. Passwords have become nothing more than a thin illusion of protection. Human nature and human error are the weakest links in protecting organizations from cyberattacks and data breaches. Users choose poor passwords and then re-use them across multiple applications and systems, leaving them vulnerable to phishing and social engineering by bad actors. For years, users have been encouraged to create complex passwords and change them frequently.
It is time to remove human error from the equation.
The adoption of passwordless authentication protects against phishing attempts and minimizes the threat of stolen credentials. Passwordless technology generally combines: Multi-layered risk analysis that evaluates location, devices, access rights and typing sequences; Intricate yet convenient 2FA/MFA methods;
Biometrics and hardware authentication keys
Learn how passwordless authentication works and how it can help you increase security while reducing friction for your users.
Stephen Cox, Vice President and Chief Security Architect, SecureAuth
Mike McKinzie, Solutions Advisor, Swivel Secure
This year saw IPv6 adoption worldwide surpassing the twenty-five percent mark. While previously only used by some innovative attackers, the incentive to explore the space for fresh targets grows as more than a quarter of the Internet is now IPv6-capable. Many organizations are challenged with adequate monitoring their IPv6 networks, misconfigured devices and a shortage of time to implement IPv6 best practices.
In this session we’ll aim to spur more conversations and curiosity in the IPv6 security space by:
- Examining ways to enumerate an oasis of infrastructure in the large desert of addresses
- Discussing current malware observed with IPv6 capabilities
- Remarking on some already observed security issues with the protocol
Michael Levin, CEO/Founder, Center for Information Security Awareness
Chad Anderson, Research Engineer, DomainTools, LLC.
Dipto Chakravarty, Chairman of Security COE, IoT Community
How can IT security professionals take advantage of Security-as-a-Service to supplement their existing security programs?
While cyber-attacks are increasing, your IT budgets and available security staff probably isn’t. You have too little time, too many alerts, and security tools are becoming more expensive and time consuming.
In this presentation, Ryan Kelly, Solutions Engineer, AT&T Cybersecurity and Kevin Landt, VP of Product Management, Cygilant, will explore ways that IT security professionals can leverage Security-as-a-Service options, including:
At the end of the day it is not about the technology that runs the system but the humans that detect, respond, and or are co-opted to circumvent it. This session will provide insight into attacks as well as the human breach interactions.
In this session, ExtraHop Deputy CISO Jeff Costlow will discuss how security operations teams can escape the cycle of reactivity characterized by constantly responding to a flood of alerts, and move toward a more proactive stance by using the right data sources and workflows, driven by network traffic analysis, to focus on developing proactive capabilities like continuous encryption auditing, policy auditing, and more advanced use cases like threat hunting.
Mikhael Felker, Director of Information Security & Risk Management for Farmers Insurance
Jeff Costlow, CISO, ExtraHop
Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solutions.
CASBs have quickly evolved into highly specialized solutions that are an essential part of any cloud security strategy. They help organizations to govern the use of the cloud and protect sensitive data. According to Gartner, at least 99% of cloud security failures will be the customer’s fault through 2023. So, how do you ensure that you have the right tools in place as your organization adopts more and more cloud applications?
In this webinar you will learn:
- How the CASB market has evolved beyond shadow IT?