Hi [[ session.user.profile.firstName ]]

ISSA Thought Leadership Series: BEC Attacks - Who's Impersonating Whom?

The 2019 HMSS Cybersecurity Survey indicated that email is the initial point of compromise for healthcare cyber-attacks, with Business Email Compromise (BEC) becoming the favored tactic by cybercriminals. Because BEC emails do not carry malicious payload and are narrowly targeted, it’s difficult for health institutions to detect these attacks. With overall losses of more than $1.7 billion in 2019, BEC attacks are quickly becoming a significant headache for healthcare CISOs. Join us for a deep dive into the dos and don’ts when it comes to BEC, and best practices to mitigate against risk of this vital attack vector.
Recorded Jun 17 2020 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Effie Tsiopras Senior Information Security Engineer; Ryan Witt Managing Director, Healthcare Industry Practice
Presentation preview: ISSA Thought Leadership Series: BEC Attacks - Who's Impersonating Whom?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Zero Trust and the New Normal of Cybersecurity Jun 30 2021 5:00 pm UTC 60 mins
    Doug McKillip, Solutions Architect, A10 Networks and Babur Nawaz Khan, Product Marketing, A10 Networks
    2020 was an eventful year for cybersecurity, with an unprecedented rise in cyberattacks. Many organizations were caught off guard as the pandemic accelerated and dictated the need for remote work and education. However, the accelerated move to everything cloud has left many wondering about the future, whether their on-premises investments have been rendered obsolete or if the “new normal” would only rely on cloud-only solutions.

    The pandemic has also highlighted the need for fool-proof Zero Trust implementations to enhance the security of networks against modern cyberattacks, whether they are initiated from the outside or within. However, with most internet traffic encrypted, it is becoming increasingly difficult to effectively implement a Zero Trust approach.

    In this webinar, we will discuss:
    * What the “new normal” of cybersecurity might look like in a post-pandemic world
    * What role will Zero Trust play in the future of cybersecurity
    * Why effective decryption is essential for a fool-proof Zero Trust implementation
  • Why Breach and Attack Has Become a Foundational Security Tool Jun 23 2021 5:00 pm UTC 60 mins
    TBD
    From “Hype” to “Critical” Why Breach and Attack Has Become a Foundational Security Tool

    Join us as we discuss why Breach and Attack Simulation (BAS) has quickly ascended into the limelight in 2021. With both Gartner and IDC’s recent publications pointing to BAS as a critical tool to enable a successful security strategy, we’ll discuss how this technology is helping security teams drive business impact and reduce overall risk by validating security controls, identifying and prioritizing threats by risk to the business, and operationalizing threat intelligence efforts.
  • Cybersecurity Asset Management Trends 2021 Jun 16 2021 5:00 pm UTC 60 mins
    Noah Simon, Director of Product Marketing at Axonius and Jake Munroe, Product Marketing Manager at Axonius
    Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future

    Last year’s overnight shift to remote work drove rapid changes in security and IT priorities — resulting in more challenges than ever before.

    Now, as teams prepare for a post-pandemic “new normal”, IT and security teams are facing fresh obstacles.

    Axonius partnered with Enterprise Strategy Group (ESG) for a global survey of IT and cybersecurity professionals to explore how the pandemic impacted IT complexity, and what security initiatives teams are prioritizing post-pandemic.

    Register now for Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future on June 16 at 1:00 p.m. E.T. Noah Simon and Jake Munroe of Axonius will dive into the survey’s findings to share key insights and takeaways from security leaders and practitioners worldwide, including:
    72% of respondents report increased complexity over the past two years.
    55% cite increased remote workers as the top cause of complexity (compared to only 22% last year)
    87% say the pandemic has accelerated cloud infrastructure adoption
    82% plan to increase investment in asset inventory
  • Why Privacy (usually) Needs Anonymity Jun 15 2021 5:00 pm UTC 60 mins
    George Rosamond
    Privacy finally earned its legitimate place in the world of the technology despite years of being dismissed as the domain of the paranoid or the guilty. But strong privacy often requires what some consider its nefarious sibling, anonymity. Is collecting so much identifying data about users really critical to security? This presentation will approach how strong privacy enhancing technologies should also be appreciating the necessity of anonymity, or at least pseudonymity, in their design.
  • Is your enterprise MFA solution effective? Jun 9 2021 5:00 pm UTC 60 mins
    Dan Hall, Principal Product Manager, Akamai
    MFA is critical to reducing risk in the enterprise. But not all MFA factors are equally effective. Join us as we discuss how attackers are taking advantage of weaknesses in the most popular MFA factor. We will review a strong authentication factor based on the FIDO2 standards, which presents its own challenges in balancing security against cost and productivity. Finally, we will introduce a modern authentication factor and service tailored to your business model and needs that delivers a secure, cost effective and low friction solution.

    What you will learn:
    • Why the most popular MFA factor should worry a security professional
    • The advantages of a strong authentication factor based on FIDO2
    • The Risk Management challenge: security vs cost & productivity
    • How to solve the Risk Management challenge with a modern authentication factor
  • Data Privacy: A World of Opportunities Jun 3 2021 5:00 pm UTC 60 mins
    Shivangi Nadkarni
    The session will cover:
    • What really is Data Privacy – and how is it different from Data Security
    • Implementing Data Privacy in organizations
    • Opportunities in the domain of Data Privacy
  • Life of a CISO Jun 1 2021 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress..

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Going Multicloud: Managing identities and privileges risk in AWS and Azure May 19 2021 5:00 pm UTC 60 mins
    Or Priel, VP Product Management
    Midsize and large organizations are moving rapidly to multi cloud, with 75% adopting a multi and/or hybrid cloud strategy by this year [Gartner].
    With a whopping 75% of cloud security expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner], how do you protect your multi cloud infrastructure -- and organization -- from inappropriate access and privileges risk? The challenge is compounded by different approaches to managing permissions and privileges from one public cloud to the next.
    Join Ermetic’s Or Priel, VP Product Management, for insight into how AWS and Azure handle identities, permissions and resources and how to manage identities and privileges risk in both environments. We will cover:
    - Azure’s RBAC vs AWS’s IAM roles and policies
    - Strategies for enforcing least privilege
    - Governing access and protecting sensitive resources
    - Using automation and analytics to mitigate risks across clouds
  • Secure Multi-Party Computations May 18 2021 5:00 pm UTC 60 mins
    Dan Bogdanov
    Secure multi-party computation is a cryptographic technology for running a computation on the confidential inputs of two or more parties so that nobody learns the inputs of others. To simplify, it is a kind of a distributed computer that can process data without seeing it. This has applications in protecting sensitive data such as cryptographic keys, personal data or business secrets. The benefit of the technology is greatest when multiple organisation wish to collaborate, but find themselves unable to share the data.

    MPC Alliance (https://www.mpcalliance.org) is an industry union of companies building key management solutions, virtual HSMs, privacy-preserving statistics, ML and AI systems for finance, healthcare and public sector. In the talk, we'll talk of the technology, its applications in security and privacy, with example use cases.
  • How to Get Your People, Processes and Technology Ready for CMMC Certification Recorded: May 13 2021 62 mins
    Rick Lemieux and Steve Torino
    The Cybersecurity Maturity Model Certification (CMMC) is a new DoD requirement for implementing cybersecurity risk management across the many supply chain companies that make up the defense industrial base (DIB). Eligibility for future DoD contract awards will require the CMMC certification. Supply chain company chief legal officers, compliance officers, and senior leadership are responsible for understanding and enforcing the new DoD security regulatory requirements and compliance standards within their respective organizations and ensuring these current and future business risks are mitigated to improve cybersecurity in the DoD supply chain.

    Why Attend?
    Small, medium, and even some large defense contractors, suppliers, universities, and research labs, which make up most of the DIB supply chain, are among the nation’s most vulnerable and face the highest risk of data exfiltration. Many organizations have not made the required information protection investments, do not have the necessary cybersecurity skills or maturity, and do not perceive themselves as likely targets. The old honor system relying on self-accreditation for supply chain risk management simply wasn’t working. In this interactive session and demonstration, you can meet the industry experts and ask questions to help you get started preparing for CMMC certifications.

    * Special Offer:
    For each person who registers AND attends the webinar, they will receive a FREE itSM Solutions NCSP Awareness Training Voucher worth $99
  • Security Shouldn't be a Secret. Why Transparency Matters Recorded: May 12 2021 57 mins
    Wayne Haber, director of engineering at GitLab
    Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.

    In this webinar, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.
  • Life of a CISO Recorded: May 11 2021 49 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress..

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Cybersecurity Compliance in 2021 Recorded: May 6 2021 61 mins
    Martha V. Daniel. Founder, President and CEO Information Management Resources
    Managing Cyber threats requires complete visibility to effectively make intelligent decisions about cyber threats. Cybersecurity compliance requirements are forcing Corporate Risk Managers to become more engaged with determining corporate cyber posture. With the most recent rollout of the mandatory Cybersecurity Maturity Model Certification (CMMC) for all Department of Defense (DOD) suppliers, it won’t be long before the commercial marketplace adopts a similar requirement. Increasing cyberattacks, lack of cybersecurity professionals, and mandatory cyber certifications are coming soon. These new regulatory requirements will force adoption of the NIST, ISO and GDPR frameworks. With more MSSPs and SOCs surfacing around the nations, CISOs will be re-evaluating inhouse vs outsourcing of cyber security services. Join in the discussion to learn more about these new compliance regulations and trends.
  • The Cost of Cloud Compromise and Shadow IT Recorded: May 5 2021 61 mins
    Larry Ponemon, Ponemon Institute and Itir Clarke, Proofpoint
    With the increased use of SaaS applications, cloud account takeover and Shadow IT present an increasing security risk to organizations. As the network perimeter is replaced by a user-defined security perimeter, it becomes critical to evaluate access controls, threat detection and data security in the cloud. So how can you better protect your company?

    Join us for this special webinar with experts from Proofpoint and Ponemon Institute. They will discuss the findings of the newly conducted research among IT and security professionals to determine the risk and cost of cloud account takeovers and Shadow IT.
    In this session, we’ll cover:
    • The state of cloud usage in organizations
    • Security risks and practices to secure the cloud
    • Cloud compromises and the end user risk
    • The cost of compromised cloud accounts
  • Standardize and Automate Security Compliance in Public Sector Agencies Recorded: Apr 21 2021 60 mins
    Sameer Kamani. Senior DevOps Solutions Architect, Public Sector
    Federal agencies are improving their cybersecurity posture to some degree, particularly as they develop better basic cyber hygiene and modernize their legacy systems. At the same time, hackers are getting better at finding new ways to attack and access federal IT. Yet certain pain points remain, particularly around managing compliance and achieving Authority to Operate (ATO) while implementing the Risk Management Framework (RMF) principles.
    This session will discuss current challenges faced in dealing with emerging threats, securing a more remote workforce and sharing strategies for staying ahead of adversaries.
    • Building efficiencies in your existing Risk Management Framework

    • Automating the implementation of security control to achieve a continuous Authority to Operate process
    • Hearing how your peers are implementing new ways to expedite compliance and audit lifecycles
  • Taking Responsibility for Someone Else's Code Recorded: Apr 20 2021 59 mins
    Serge Egelman
    Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale

    Modern software development has embraced the concept of "code reuse," which is the practice of relying on third-party code to avoid "reinventing the wheel" (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.
  • How to build in flexibility to create a more effective security strategy Recorded: Apr 14 2021 59 mins
    Ray Espinoza
    If the past year has taught us anything, it's that what we put on paper doesn't always pan out. Cybersecurity professionals know that a security strategy can quickly turn into projects with many twists, turns, roadblocks and surprises. We’ve invited two seasoned CISOs to get their take on how to navigate the challenges of making things happen in the day-to-day of this fast-paced industry, and how to build in flexibility for the unknown surprises along the way. Expect answers to questions like:

    - Can you plan an effective security strategy for the unknown?
    - What parts of planning do you have to get right to reduce issues during execution?
    - What tips have served you well in your career to stay on top of disruptions?
    - How do you keep your team motivated when blockers just keep coming?
  • Digitally Evolving Credit Unions: A Business Case for Evolving Member Experience Recorded: Apr 14 2021 42 mins
    Elizabeth Kaspern, SVP at TruMark Financial Credit Union, Jay Levin, CRO at Relay Network & Karen Diamond, pureIntegration
    Today’s credit union members expect a consistent, personalized experience—no matter how or where they interact with you: in person, by telephone, through a smartphone application, or on your website. Join us to hear from industry leaders who will break down what it really means to evolve the member experience, how to plan your member’s digital journey, and how small changes make a big difference.
  • Life of a CISO Recorded: Apr 13 2021 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • How modern cyber threat intelligence can enrich system security risk measurement Recorded: Apr 7 2021 59 mins
    Christopher Strand, Chief Compliance Officer at IntSights.
    Threat Intelligence is normally used to enrich the process of security assessment, providing proof on the enforcement of security controls required to be secure and compliant. As threat intelligence technology evolves, it has become more valuable and instrumental to security audit, providing needed context to the process of gap analysis, data collection, threat identification, and prioritization. During this session we will explore examples based on real world data where contextual threat intelligence can be applied directly to data security, compliance, and regulatory requirements in order to prioritize and accelerate the assessment process, obtain measure of business risk or liability, and reduce threats targeting the business.

    During the presentation, you will learn the following:
    • What Cyber Threat Intelligence (CTI) is and why is it important for cybersecurity
    • How to use CTI to prioritize system security gaps and enhance security posture.
    • How to examine your Digital Footprint in order to help predict targeted threat patterns.
    • Understanding of how to use CTI findings to accelerating risk assessment.
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISSA Thought Leadership Series: BEC Attacks - Who's Impersonating Whom?
  • Live at: Jun 17 2020 5:00 pm
  • Presented by: Effie Tsiopras Senior Information Security Engineer; Ryan Witt Managing Director, Healthcare Industry Practice
  • From:
Your email has been sent.
or close