Since 2016, Business Email Compromise (BEC) and Email Account Compromise (EAC) have become an exponentially increasing problem, costing organizations over $26 Billion in losses according to the FBI. These very targeted attacks utilize public research and social engineering to target an organization’s people and fraudulently obtain funds and valuable information. So how can you better protect your end users in 2020?
Join us for our webinar to learn more about these BEC and EAC attacks and how you can effectively protect your organization's most valuable assets: your people and your data. In this session we'll share:
•Techniques for preventing these cyber threats
•A framework for understanding where potential gasp exist
•What a people-centric approach looks like to better protect your company
As we head into a new year, we continue to anticipate new and complicated challenges around Cyber Security. This past year we continued to see major breaches, hacks, and attacks surfacing and that does not look to be slowing down. The nature and range of the attacks varied from email hacking to zero days, from minor incursions to (potentially) everyone’s data being stolen. 2019 will probably go down as the new worst year for Cyber Security with all the previous year’s events having been far surpassed. Even our doom and gloom or same old same old predictions of last year have been blown away. The question now, will 2020 bear the full weight and impact of the events of 2019, or will it have its own harrowing events. Will the growing impact and occurrences spotlight security and translate in terms of media and regulatory attention? What kinds of threats will dominate the 2020 landscape?
Join us, make notes, and then check back in a year to see how our panel of experts did in providing insight and making predictions for the 2020 challenges to InfoSec.
James McQuiggan, Security Awareness Advocate, KnowBe4
Ira Winkler, Lead Security Principal, Trustwave
Jim Reavis, CEO, Cloud Security Alliance
In the world of cybersecurity, asset management has been the boring sibling of more exciting things like threat hunting, deception, and automation. But the foundational challenges of understanding what devices, users, and cloud instances are in our environments have jumped to the top of CISOs priority lists. Despite the amazing tools we have in cybersecurity, teams still struggle to answer basic questions like: how many devices and cloud instances do I have, and are they secure?
In this webinar, we’ll examine:
•Why asset management has a bad reputation
•What’s changed that has made security teams prioritize asset management for cybersecurity
•The challenges around making sure all assets comply with security policies
•Six essential questions you should know about every asset
David Vaughn, Director, ISSA International Board of Directors
Nathan Burke, Chief Marketing Officer, Axonius
Brian Bethelmy, CISO, Mancon
Businesses have turned to IT for competitive differentiation. They demanded IT bring accelerated delivery, resource conservation and cost savings. IT has responded with DevOps/cloud-based models and practices that utilize automation, autoscaling and playbooks. With this speed comes increased risk, compliance concerns and has left IT staff wondering how they can gain visibility and segmentation across their entire heterogeneous environments easily, effectively and at this new speed of innovation. With the realization that traditional methods of segmentation like VLANs, cloud security groups and firewalls are not suitable for today’s rapidly changing enterprise environments enterprises have turned to software-defined segmentation.
In this webinar come learn about how modern software-defined segmentation solutions:
Start with visibility.
Provide enterprises with easy ways to identify and label workloads.
Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain.
Enables DevOp automation, provisioning and management.
Is decoupled from and works in an agnostic fashion across every enterprise platform.
Provides unparalleled security while enabling compliance and ongoing compliance validation.
Robert Martin, Sr. Security Engineer, Cisco Systems, Inc.
Dave Klein, Senior Director, Engineering & Architecture, Guardicore
Jonathan Fowler, CISO, Consilio
More than 99% of all targeted cyber-attacks rely on users to activate them. Nowadays, threat actors are not going after an organization's technology and infrastructure. They are going after your most valuable assets - your people and your data. So, do you know when or how your people are being targeted? Do you know who the most cyber-attacked people are in your organization? Are your Very Attacked People (VAPs) the same as your Very Important People (VIPs)?
Join our cybersecurity experts for a deep dive into what the current healthcare threat landscape looks like, how a people-centric approach can help institutions identify and protect your end users, and the latest findings in healthcare threat research.
In this session, we’ll share:
•Why cybersecurity transformation is critical right now
•What a people-centric approach means to today's healthcare threat landscape
•How hospitals are leveraging a people-centric strategy to improve their security posture
•How to better protect your patients' data and improve your end-users' safety
Lee Neely, Senior IT & Security Professional, LLNL
Ryan Witt, Managing Director, Healthcare Industry Practice, Proofpoint
Barbara Guerin, CISO, Renown Health
Andrew Seward, CISO, Solution Health System
Numerous cloud trends, including storing sensitive data in cloud and the recognition that data security mandates also apply there, drive both cloud consumers and providers to endeavor to share the challenge of keeping data secure in the cloud. This webinar will explore trends and challenges in multicloud computing, introduce a cloud data security toolkit, including requirements to control cloud data encryption keys. From there we will explore a cloud provider case study: Salesforce Shield Platform Encryption and its newest and most secure key management feature: “Cached Keys”. The webinar will close with potential solutions to multicloud data encryption key management including Salesforce Cached Keys.
IT implementors are made less successful due to ‘Technical Debt’. Cybersecurity suffers from ‘Myth Debt’, where the same untrue tropes are repeated and hold us back. It takes experience to recognize these myths, but worse still is they can mask the valuable truths that lie within the myth. These never-dying misunderstanding spread outside cybersecurity and falsely inform the IT and business leaders, making it harder still to stop bad things from happening.
So let’s poke some holes in some myths, pick some or all:
•Insider threat is the biggest worry
•Great Pen Tests mean excellent security
•Any attacker motivated enough can hack you easily
•Security training and education of devs will get us secure code and apps
•The cloud is secure. The cloud is insecure
•Encrypting everything makes for strong security
•Spending more on security makes security better
•Excellent endpoint security means we no longer have to worry about network or other security
•You can’t defend yourself against ransomware
Jorge Orchilles, SANS Certified Instructor
Greg Young, VP, Cybersecurity, Trend Micro
Zane Lackey, Co-Founder, Chief Security Officer, Signal Sciences
Dr. Cragin Shelton, DSc, CISSP
Automated bot attacks are becoming increasingly sophisticated as they learn to avoid detection and stay unidentified longer.
Tune in for the live webinar on October 16 at 10 am PT as Ido Safruti, co-founder and CTO at PerimeterX and Deepak Patel, VP of Product Marketing at PerimeterX, highlight the top five ways to identify automated bot attacks to your website. We will also cover:
•Real use cases - attacks that happened in the real world
•Practical strategies for identifying automated attacks
Best practices for addressing and blocking bot attacks
In this panel webinar, ObserveIT’s Head of Security, Chris Bush, will discuss the topic of the risk from insider threats. We will illuminate the seven common motives—also known as the seven deadly sins—that influence insider threats, and share best practices for defending against them. We will explore what makes insider threats so different from traditional external threats. We’ll also cover:
•The seven most common motives for insider threats
•How to detect & investigate insider threats efficiently and accurately
•What to do about insider threats in your supply chain
•How to fit insider threat protection into your broader security program
•Legal and privacy concerns that often arise within insider threat programs
Ken Dunham, Senior Director, Technical Cyber Threat Intelligence, Optiv
In a recent Thales survey, two thirds of CISOs cited the increase in cloud service adoption, combined with a lack of strong security solutions, as the main reasons cloud services are the prime targets of attack. As organizations undergo digital and cloud transformation, CISOs and security officers are operating in a high stress environment caused by security, compliance and manageability challenges.
In this presentation we’ll discuss how identities are becoming the new security perimeter in a zero trust world and present best practices for implementing an access management framework that can help organizations remain secure – and scale – in distributed networking environments.
Dipto Chakravarty, Chairman of Security, Privacy and Trust COE, IoT Community
Felice Flake, CEO ScySec, LLC
Ashley Adams, Product Marketing Manager for Authentication and Access Management, Thales
How protected are you from the latest types of DDoS attacks? Our new cyber threats report confirms that DDoS attacks continue to be an effective means of inflicting damage to brand and revenue.
During this webinar we’ll provide an in-depth look at our latest findings:
•Growth and complexity of attacks
•Emerging new attack trends
•How to protect your online presence from new and evolving DDoS attacks
•Which cyber threats most concern senior IT security executives
And much more.
Register to attend our webinar to understand the latest developments in DDoS attacks and how to mitigate them.
Michael Levin, CEO/Founder, Center for Information Security Awareness
Bob Weiss, CEO, WyzCo Group Inc
Michael Kaczmarek, VP Product Management, Neustar
While GDPR and CCPA have been the focus for most professionals, legislation is not all about PII. Over the past year there have been numerous pieces of legislation and regulation drafted, which has been missed by most of us. With controls on export, technology use, IoT, consumer device security, and other things looming this is your chance to see what's going on.
Mathieu Gorge, Vigitrust
Ross Nodurft, Senior Director of Cybersecurity Services, Venable
Harley Geiger, Director of Public Policy, Rapid7
Paul Lanois, Director, Fieldfisher
It is increasingly apparent that authenticating only with username and password is no longer sufficient as stolen passwords are responsible for 81% of data breaches. And even though many organizations have implemented multi-factor authentication (MFA) through mobile push, or One Time Passwords (OTP) via SMS and mobile apps, these authentication techniques have been shown to be vulnerable to account takeovers.
Attend this webinar to learn:
* How WebAuthn, the new web authentication standard, is paving the way for a highly secure passwordless future
* The key benefits of passwordless login for your employees, partners, and customers
* Best practices for enterprise authentication
Phishing is one of InfoSec's longstanding threats. But for cyber criminals, email is just one entry point of many. How can you better prepare you and other end users in your organization for cyber security threats beyond email-based social engineering?
During this session, we will share results from the Proofpoint’s Beyond the Phish® Report, which examines end-user understanding of a broad range of cyber security topics and best practices. The report features analysis of data related to nearly 130 million cyber security questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.
- The importance of assessing and training end users about cyber security threats beyond email-based social engineering
- The strengths and weaknesses among end users across 14 cyber security topics, highlighting how end-user knowledge levels vary across industries
- A more holistic view of susceptibility by looking beyond knowledge assessments and training activities
- How you can use this information to reduce the risk of successful cyber attacks within your organization
Join our experts as we dive into the report and share best practices and pitfalls as we stimulate a stronger security culture.
The first year is always the most critical as we wind our way through legislation with companies, courts, and people working to understand and adjust the rules. Well It has been one year since GDPR became active. In that time how many cases have been tried, fines levied, and what changes have been made?
One key aspect of digital transformation for many companies has been the evolution and rise of the remote user. Application access from any device, anywhere has become an imperative for success, but with transformation comes challenges with attack surface and network vulnerability.
Adopting a zero trust model is key to combat cybercriminals who are probing security perimeters and enterprise resources for vulnerabilities with a distinct purpose. Application access and identity is one of the key areas to begin.
Join us on ……May 15th at 1pm EST for a discussion with Akamai security professional Faraz Siddiqui as he shares steps you can take to protect your network against breaches by evolving access policies and solutions.
Why passwords are a thin illusion of protection and what to do about it. Passwords have become nothing more than a thin illusion of protection. Human nature and human error are the weakest links in protecting organizations from cyberattacks and data breaches. Users choose poor passwords and then re-use them across multiple applications and systems, leaving them vulnerable to phishing and social engineering by bad actors. For years, users have been encouraged to create complex passwords and change them frequently.
It is time to remove human error from the equation.
The adoption of passwordless authentication protects against phishing attempts and minimizes the threat of stolen credentials. Passwordless technology generally combines: Multi-layered risk analysis that evaluates location, devices, access rights and typing sequences; Intricate yet convenient 2FA/MFA methods;
Biometrics and hardware authentication keys
Learn how passwordless authentication works and how it can help you increase security while reducing friction for your users.
Stephen Cox, Vice President and Chief Security Architect, SecureAuth
Mike McKinzie, Solutions Advisor, Swivel Secure
This year saw IPv6 adoption worldwide surpassing the twenty-five percent mark. While previously only used by some innovative attackers, the incentive to explore the space for fresh targets grows as more than a quarter of the Internet is now IPv6-capable. Many organizations are challenged with adequate monitoring their IPv6 networks, misconfigured devices and a shortage of time to implement IPv6 best practices.
In this session we’ll aim to spur more conversations and curiosity in the IPv6 security space by:
- Examining ways to enumerate an oasis of infrastructure in the large desert of addresses
- Discussing current malware observed with IPv6 capabilities
- Remarking on some already observed security issues with the protocol
Michael Levin, CEO/Founder, Center for Information Security Awareness
Chad Anderson, Research Engineer, DomainTools, LLC.
Dipto Chakravarty, Chairman of Security COE, IoT Community