Name: Your Bank’s Digital Side Door
Start: 2018-11-27T19:00:00Z
End: 2018-11-27T19:00:54.000Z
Location: BrightTALK
Rating: 4.8

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.  We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence.  Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.  

The European Union Aviation Safety Agency (EASA) has introduced the Part-IS regulation to strengthen the resilience of aviation organizations against the growing threat to information systems. 

The first compliance deadlines are approaching quickly: October 16, 2025, and February 22, 2026. 
Our experts invite you to join this session to review your regulatory obligations and prepare effectively. 

Agenda: 
- Cybersecurity context in the aviation sector 
- Applicability across domains 
- Overview of Part-IS requirements and expectations 
- Strategies for achieving compliance 
- Our support for your compliance journey 

During this webinar, our experts will share their insights, provide practical guidance, and answer your questions.

How to Prepare for EASA Part-IS: What Aviation Organizations Need to Know

The new EU Machinery Regulation (EU 2023/1230) brings a major shift: cybersecurity becomes a mandatory safety requirement for machinery placed on the EU market. Manufacturers, integrators, and machine builders must ensure their products are protected against cyber-induced hazards and be able to demonstrate compliance to maintain CE marking and market access. 

For many manufacturers, the challenge is clear: Which machines fall under scope? What does compliance actually require? And how do you prepare without adding unnecessary complexity or cost? 

In this webinar, our experts will break down what the regulation means for your organization and share practical guidance to help you prepare and stay compliant. 

We will cover:
-   What changes under the new Machinery Regulation and which machines fall in scope 
-   Key cybersecurity duties for manufacturers, including secure design, control, and alignment with CRA and IEC 62443 
-   Practical steps to prepare and how Bureau Veritas supports compliance end-to-end

How to Prepare for Cybersecurity in the Machinery Regulation

WARUM DIESES WEBINAR?
Der Entwurf der Revision der ISO 9001 ist da - und damit viele Fragen:
Was hat sich geändert? Was bedeutet das für mein Unternehmen? Und vor allem: Wie setze ich das Ganze einfach und praxisnah um?
In unserem kompakten Webinar zeigen wir Ihnen, wie Sie die neuen Anforderungen Schritt für Schritt in ihrem Unternehmen integrierst - ohne Fachchinesisch, ohne Stress, dafür mit vielen Tipps aus der Praxis.

DIE AGENDA FÜR DAS WEBINAR:
- Einführung & Zielsetzung in die ISO 9001: 2026 Revision
- Was ist neu? Wesentliche Änderungen der Revision
- Schritt-für-Schritt: Umsetzung der Revision im Unternehmen
- Häufige Stolperfallen & wie man sie vermeidet
- Tools & Hilfsmittel für eine einfache Umsetzung
- Wie läuft die Zertifizierung nach ISO 9001:2026 ab?
- Q&A & Ausblick

In dieser Live-Session erläutert unser Experte, was die ISO 9001:2016 Revision für Ihre Organisation bedeutet. Bringen Sie Ihre Fragen mit – wir haben Zeit für eine interaktive Q&A-Runde eingeplant.

ZIELGRUPPE:
Qualitätsmanager, Auditoren, Produktionsleiter, Compliance-Verantwortliche, Unternehmensberater und alle, die mit der Einführung, Pflege oder Weiterentwicklung von Qualitätsmanagementsystemen nach ISO 9001 befasst sind.

ISO 9001 Revision leicht gemacht – Wie sich Unternehmen bereits jetzt vorbereiten können

As organizations accelerate their adoption of AI, many are integrating it deeply into their core operations. In our upcoming webinar, we explore the year 2028 through the story of Lair, a global manufacturing company that has embraced AI to boost efficiency and innovation. 

But their progress attracts the attention of Anti I-lite, a highly skilled cyber-criminal group specializing in AI manipulation. When they infiltrate Lair’s systems, the company faces a sophisticated attack that disrupts critical AI-driven processes and puts its crisis teams under pressure. 

Join us for this interactive and immersive session, where we demonstrate how secure-by-design AI integration and strong incident response capabilities can make all the difference. You’ll experience firsthand why building resilience is essential as AI becomes central to industrial operations.

AI Gone Wrong: A Crisis Simulation

Discover how Advanced Persistent Threats target operational technology through the lens of offensive security. This webinar deconstructs sophisticated attacks on industrial control systems and critical infrastructure from the attacker's perspective.
 
Drawing from red team experience, we'll examine the APT lifecycle and some real-world case studies. We'll understand how sophisticated adversaries approach OT targets, what techniques they employ at each stage of their operations, and most importantly how to build defensive capabilities that actually disrupt these attacks.

Targeting Operational Technology: A Red Team Perspective

Stehen Sie unter Druck, Vorschriften einzuhalten, wissen aber nicht, wo Sie mit der IEC 62443 anfangen sollen? Wenn Sie in OT, IT, Produktsicherheit, Fertigung oder speziell im kritischen Sektor tätig sind, ist dieses Webinar genau das Richtige für Sie. 

Nehmen Sie am Mittwoch, den 22. Oktober um 10:00 Uhr (CEST) am Live-Webinar von Bureau Veritas Cybersecurity teil, das von Experten geleitet wird. Wir entmystifizieren die IEC 62443 und geben Ihnen einen klaren Fahrplan zur Compliance mit praktischen Schritten, die Sie sofort umsetzen können. 

Die Cyber-Regularien wachsen rasant. Die IEC 62443 bietet einen Rahmen, um bis zu 80 % der globalen Anforderungen zu erfüllen. In diesem Webinar zeigen wir Ihnen, wie Sie daraus eine praxisorientierte Compliance-Strategie für Systeme, Branchen und Regionen entwickeln können. 

-   Wie ordnet sich die IEC 62443 in andere Vorschriften wie NIS2, CRA und RED ein? 
-   Wie können wir mit einer einzigen Norm globale Anforderungen erfüllen?
-   Mit welcher IEC 62443-Gruppe muss meine Organisation konform sein? 

In dieser 45-minütigen Live-Session werden Laura und Yashar erläutern, was die IEC 62443 für Ihre Organisation bedeutet. Bringen Sie Ihre Fragen mit, wir haben Zeit eingeplant, um sie live zu beantworten. 

Zielgruppe:
Hersteller von Produkten, Asset Owner, Systemintegratoren, Komponentenlieferanten und Wartungsdienstleister in Industrie und kritischer Infrastruktur. Ebenfalls ideal für OT- und IT-Sicherheitsfachleute, die an der Absicherung vernetzter Systeme und der Einhaltung von Vorschriften beteiligt sind. 

Wichtige Erkenntnisse: 
-   Ein klarer Fahrplan, um die IEC 62443 in Ihrer täglichen Arbeit und in Ihrer Organisation anzuwenden. 
-   Verständnis darüber, wie die IEC 62443 mit anderen Cybersicherheitsvorschriften übereinstimmt. 
-   Praxisbeispiele erfolgreicher Implementierungen in industriellen und kritischen Umgebungen.

Wie Sie mit IEC 62443 für industrielle Netzwerke, OT und kritische Systeme beginnen

Cyber regulations are growing fast. IEC 62443 offers one framework to meet up to 80% of global requirements. In this webinar, we’ll show you how to turn it into a practical compliance strategy across systems, sectors, and regions. 

Are you facing pressure to meet regulations but not sure where to start with IEC 62443? If you're in OT, product security, manufacturing, or specifically in the critical sector, this webinar is for you. Join Bureau Veritas Cybersecurity on Wednesday, October 7 at 15:00 CEST for a live, expert-led webinar. 
We’ll demystify IEC 62443 and give you a clear roadmap to compliance with practical steps you can use right away. 

-    How does IEC 62443 map to other regulations like NIS2, CRA, and RED? 
-    How can we use one standard to meet global requirements? 
-    Which IEC 62433 group does my organization need to comply with? 

During this live 45 min session, Anna Prudnikova and Carla Amorós will break down what IEC 62443 means for your organization. Bring your questions, we’ve set time aside to answer them live. 

INTENDED AUDIENCE
Product manufacturers, asset owners, system integrators, component suppliers, and maintenance providers working in industrial and critical infrastructure. It’s also ideal for OT and IT security professionals involved in securing connected systems and ensuring regulatory compliance. 

KEY TAKEAWAYS
-    Leave with a clear roadmap to apply IEC 62443 across your daily work and organization. 
-    Understand how IEC 62443 aligns with other cyber regulations. 
-    Discover real-world examples of successful implementation in industrial and critical environments. 

ABOUT THE SPEAKERS
Anna Prudnikova is the Director of Industrial Europe at Bureau Veritas Cybersecurity. 
Carla Amorós is the Communications Specialist at Bureau Veritas Cybersecurity.

How to start with IEC 62443 for industrial networks, OT, and critical systems

At this moment, late 2025, the most common AI application is still Chatbots like ChatGPT, Copilot, or some chatbot built for the needs of your company. Looking ahead we are seeing a rapid move toward Agentic AI systems with autonomous agents capable of making decisions and executing workflows. While this evolution promises efficiency and innovation, it also exposes organizations to compliance blind spots and resilience gaps that can undermine security and business value.

In this webinar, Jair Santanna, Principal Security Specialist at Bureau Veritas Cybersecurity, will explore how enterprises can navigate the transition from today’s generative AI to tomorrow’s agentic systems. They’ll discuss the hidden risks in scaling AI, the governance practices required to mitigate them, and the resilience frameworks that ensure safe adoption.

Participants will walk away with:
A clear view of current AI adoption (chatbots of all sorts of integrations) and the trajectory toward agentic AI.
Practical insights into avoiding compliance blind spots and resilience gaps.
A blueprint for embedding security and proving business value as AI adoption accelerates.
Join us to learn how to deploy AI safely, deliver measurable ROI, and prepare your organization for the agentic future.

Jair Santanna is an enthusiastic and passionate principal specialist on Artificial Intelligence and Cybersecurity (@Bureau Veritas Cybersecurity Europe), an assistant professor (@University of Twente), and an advisor on research and development (@Europol EC3). He is a practical, data-driven, and extremely curious person. He loves to spread the knowledge with the scientific community and with cybersecurity practitioners. He prepares his presentations thinking about you (the audience). Therefore, he promises to give an engaging, enthusiastic, and to-the-point presentation.

Beyond Chatbots: How to Deploy Agentic AI Securely

Is your software development process building in risk or resilience?

Cyberattacks increasingly exploit weaknesses embedded during the software development process. According to Gartner, by 2025, 70% of organizations will mandate secure software development practices in their procurement language, up from just 20% in 2021. And yet, many security leaders still lack clear visibility into where their SDLC (Software Development Lifecycle) is vulnerable or how to cost-effectively strengthen it.

In this essential webinar, Andrew Williams, Senior Security Engineer and SDLC Center of Excellence Lead at Bureau Veritas Cybersecurity, will guide you through the end-to-end journey of securing the SDLC from requirements gathering to post-deployment monitoring.

You’ll learn how to integrate security into every phase of the development lifecycle, why it’s a business-critical imperative, and how to prioritize your efforts for maximum ROI. The session will demystify common security gaps and provide realistic, budget-friendly solutions that teams can act on immediately.
We’ll answer key questions, including:
• What defines a “Secure SDLC” and why does it matter to the business?
• How can you pinpoint the highest risk gaps across your current SDLC?
• What are the most economical short-term fixes that move the needle?
Webinar Highlights
• Training: Why role-based secure coding education is the foundation of proactive defense.
• Requirements & Design: Embedding security into requirements engineering, threat modeling, and architecture reviews.
• Implementation & Testing: Selecting effective security tools, enabling peer review, and integrating DevSecOps practices into pipelines.
• Release & Post-Deployment: Establishing continuous monitoring and patching workflows that reduce your long-term risk surface.

Securing the SDLC: Is your software development process creating risk or building resilience?

Healthcare Cybersecurity: Protecting Patients, Systems & Data
Cyber threats in healthcare are growing more severe, with real-world impacts on patient safety, operational continuity, and data integrity. This session examines today’s most urgent risks—and offers practical, expert-backed solutions.

Featured Experts
Esmond Kane is CISO at Advarra and a veteran cybersecurity executive with over 20 years of experience in healthcare, research, and education. He has led security programs at Harvard, Mass General Brigham, and Steward Health Care, and serves on advisory boards helping organizations manage cyber risk.

Joseph Davis, Customer Security Officer at Microsoft, brings 30+ years of experience spanning medicine, entrepreneurship, and cybersecurity leadership. He advises healthcare leaders on secure cloud adoption, AI governance, and compliance, drawing from past CISO roles at Covidien and Sensata.

Scott Foote is a veteran cybersecurity and privacy executive with deep expertise in pharma, healthcare, biomedical research, and ePHI sharing, alongside broad experience across IT, IoT/IIoT, OT, and ICS/SCADA sectors. He has guided public pharma companies, biomedical research organizations, and healthcare providers in protecting critical research, clinical trials, manufacturing, and patient data while ensuring HIPAA and GDPR compliance. 

Topics We’ll Cover
- Ransomware: How attacks disrupt care, delay treatment, and expose patient data
- IoMT Vulnerabilities: Securing connected devices lacking modern protections
- Compliance vs. Security: Bridging the gap between evolving threats and outdated frameworks like HIPAA
- Supply Chain Risks: Preventing cascade failures from third-party breaches
- OT Threats: Addressing cyber risks that affect physical systems and patient safety
- Join us for a critical discussion on strengthening healthcare’s cyber resilience—and protecting those who rely on it most.

EdTalks - Securing Healthcare - The Cyber Threats Putting Patient Safety at Risk

From August 1, 2025, all radio-enabled products sold in the European market must comply with the cybersecurity requirements of Article 3.3 of the Radio Equipment Directive (RED). Yet many manufacturers still have critical questions about how to prepare.

- Is self-certification enough, or do I need a Notified Body?
- Is my product in scope?
- How much time should we budget for certification?

During this live session, Gaurav Raina, Jérôme Hamel, and Ramakrishnan Lakshmi Naryanan will answer these and other pressing questions. There will also be plenty of time for your own questions.

INTENDED AUDIENCE
This session is designed for IoT product manufacturers, Regulatory affairs professionals, CTOs, CISOs, and Compliance managers.

KEY TAKEAWAYS
- Learn the pros and cons of self-certification versus going through a Notified Body
- Understand which products are in scope of RED 3.3 and which are not
- Get clarity on realistic certification timelines and how to align them with development cycles
- See how the EN 18031 standard fits into the process
- Take away a concrete checklist to help you move forward confidently

ABOUT THE SPEAKERS
- Gaurav Raina is Senior Security Consultant at Bureau Veritas Cybersecurity Europe. He specializes in RED cybersecurity assessments and EN 18031 risk analysis. 

- Jérôme Hamel is Head of Cybersecurity Technical Governance, LCIE, Bureau Veritas CPS (RED Notified Body). He leads RED 3.3 assessments across IoT, medical, industrial, and automotive sectors. 

- Ramakrishnan Lakshmi Naryanan is Certification Specialist at Bureau Veritas Cybersecurity Europe. He specializes in embedded and hardware security and is an expert in RED functional testing.

Expert Q&A on RED 3.3 Cybersecurity requirements | For Product Manufacturers

Most organizations only start thinking about the security of their Industrial Control Systems (ICS) after a compromise or government mandate, but this reactive approach often leads to costly operational disruptions and potential equipment damage, even injuries or fatalities. This webinar will explore the critical need for proactive security measures to protect ICS environments. Securing ICS environments is particularly challenging as these systems are critical to round-the-clock operations and cannot be easily taken offline for patching, updating, or upgrading. This webinar is designed for security professionals and industrial controls experts who want to learn how to effectively threat model and secure their ICS environments, rather than waiting until a compromise occurs.

Attendees will learn the following:
- Overview of a simple ICS network architecture
- Threat modeling an ICS environment
- Teams involved in ICS environment operations and security
- Implementing security measures to mitigate and capture ICS environment intrusions
- Aligning security controls with the IEC 62443 industrial cybersecurity standards

Meet the Speaker
Josue Alvarez-DeGolia is a Security Engineer at Bureau Veritas Cybersecurity (formerly Security Innovation), where he conducts application security assessments, secure code reviews, and network vulnerability simulations. A U.S. Navy veteran and former submarine nuclear operator, Josue brings a systems-thinking mindset shaped by experience in military operations, power generation, investment banking, and business consulting. His cybersecurity work spans AWS security, ICS/SCADA penetration testing, and hardware threat modeling. He was part of the winning team at the DEF CON 32 ICS CTF, and combines technical depth with business acumen to help clients protect complex, high-risk systems.

Threat Modeling Essentials: A Strategic Approach to Mitigating ICS Cyber Risks

Most organizations only start thinking about the security of their large language models (LLMs) once the model is already developed and deployed. However, this reactive approach often leads to costly retrofitting, unexpected vulnerabilities, and missed opportunities to build security in from the ground up.

This webinar takes a different approach, guiding security professionals and LLM developers on how to address security concerns at every stage of the LLM development lifecycle. Rather than waiting until the end, we will explore the security implications and best practices for securing LLMs during the critical phases of project inception, data curation, model architecture, training at scale, evaluation, post-improvements, and API integration.

By adopting a proactive security mindset, attendees will learn how to:
• Align security assessments with the intended use cases and model requirements during the scoping phase
• Mitigate risks like data poisoning, backdooring, and adversarial prompting throughout the development process
• Ensure training stability and model integrity through techniques like checkpointing, weight decay, and gradient clipping
• Evaluate LLM performance while preventing manipulation of benchmark datasets and evaluators
• Implement access controls, data leakage prevention, and other security measures during fine-tuning and API integration

Attendees will leave this webinar with a comprehensive understanding of how to weave security into every step of the LLM lifecycle, empowering them to build more secure and trustworthy AI systems from the start. This proactive approach is crucial for organizations looking to stay ahead of evolving security threats and deliver LLM-powered solutions with confidence.

Securing the LLM Development Lifecycle: A Proactive Approach

"We run annual e-learnings and phishing simulations twice a year, yet employees still click...” Or: “We had 15% fewer clicks this year—proof that our awareness materials work... right?”

Security awareness alone isn’t enough. If you truly want to reduce human risk, you need to go deeper—into human behavior, decision-making, and psychology.
Join us for an eye-opening session on how to design security awareness, behavior, and culture programs that actually change behavior—not just check the box. We’ll explore how psychological principles can help move from passive awareness to active prevention.

In this webinar, you’ll learn:
- Why many well-intentioned phishing simulations fall short—and what to do differently?
- How psychological resistance keeps employees from preventing physical unauthorized access—and how to create engagement?

Whether you're a security leader, awareness program manager, or behavior change enthusiast, this session will give you fresh tools to rethink how you drive secure behavior in your organization.

About The Speaker

After researching the psychological impact of ransomware attacks, Lucas developed a strong focus on behavior change within information and cybersecurity. He has designed and implemented security awareness, behavior, and culture programs across various sectors.

Lucas takes a behavioral approach to human risk—recognizing that effective security interventions are never one-size-fits-all. His work ranges from custom target group programs to launching multimedia campaigns using behavior change techniques and providing live training sessions. In addition, Lucas has extensive hands-on experience with social engineering—ranging from email and voice phishing to a strong focus on physical social engineering. He believes human risk management is still in its early stages and strongly advocates for tailored, user-centered strategies.

Human Risk Management: From Fatigue to Engagement

Join us for the upcoming webinar, "Golden Rules for Industrial Cybersecurity: Assessment & Asset Protection," featuring cybersecurity expert Anna Prudnikova. This session will cover key principles of industrial cybersecurity, including frameworks such as IEC 62443 and NIST CSF, as well as the importance of asset visibility and risk-based assessments. The discussion will address common challenges, such as bridging the gap between compliance and actual security and overcoming implementation hurdles in industrial environments. Attendees will gain insights into best practices for risk assessment, mitigation strategies, and a structured approach to cybersecurity compliance.

In addition, we will examine real-world OT cyber-physical incidents in the U.S., such as 2021 Colonial Pipeline attack, which highlighted vulnerabilities in industrial control systems and the impact of ransomware on critical infrastructure. The session will conclude with an interactive Q&A and case studies showcasing successful security strategies.

This webinar is ideal for industrial cybersecurity professionals, compliance officers, and asset managers looking to strengthen their cybersecurity posture and learn from real-world incidents.

Golden Rules for Industrial Cybersecurity

Join us for this EdTALKS, where industry leaders will dissect the security challenges of IIoT, share real-world insights, and explore strategies to balance innovation with risk management.

What You’ll Learn:
• Key vulnerabilities in industrial supply chains and IIoT ecosystems
• Best practices for securing digital energy technologies
• The role of SBOMs (Software Bill of Materials) in mitigating cyber threats
• Strategies for improving resilience across critical infrastructure

Panelists:

Cassie Crossley
VP Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, and data privacy.

Emma Stewart
Director, Center for Securing Digital Energy Technology, Idaho National Laboratory
With over 15 years in power systems and cybersecurity for critical infrastructure, Emma leads efforts in cyber-physical resilience for emerging energy technologies, ensuring responsible cloud usage and digital transformation.

Josh Corman
An Executive in Residence for Public Safety & Resilience at the Institute for Security and Technology (IST), where he leads a new initiative on the resilience of lifeline basic human needs: water and wastewater, emergency medical care and hospital services, food supply chains, and power. Josh founded I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, director of the Atlantic Council’s Cyber Statecraft Initiative, and in leadership roles at PTC, Sonatype, Akamai, IBM, and the 451 Group.

EdTALKS - Cybersecurity in Industrial IoT (IIoT) – Navigating the  Modernization Paradox

As organizations accelerate cloud adoption, cyber threats targeting cloud environments are evolving at an alarming pace. In Cloud Security Threats 2025, Security Innovation’s Cloud Center of Excellence Lead, Rohitanshu Singh, provides a deep dive into the latest threats, vulnerabilities, and defensive strategies that will define cloud security in the coming year.
This session begins by analyzing key cloud adoption trends, focusing on the shift toward multi-cloud and hybrid environments. We’ll examine real-world breaches—such as the Snowflake attack—to uncover how adversaries exploit misconfigurations, weak identity controls, and emerging attack techniques to compromise cloud assets.

Attendees will gain insights into the top cloud security threats of 2025, including:
- API security risks and supply chain vulnerabilities
- IAM misconfigurations and privilege escalation tactics
- Ransomware-as-a-Service and AI-driven attack methodologies
- Insider threats and mismanaged cloud workloads

Through interactive discussions and security simulations, participants will learn how to mitigate these threats using Zero Trust security models, AI-powered threat detection, and best practices for securing cloud workloads.
The webinar concludes with expert predictions on the future of cloud security, regulatory shifts, and a strategic roadmap to enhance cloud resilience.

Rohitanshu has been working in information security for over a decade, accumulating deep expertise in securing
multi-cloud environments across a plethora of industries and technology stacks. He leads our Cloud Center of
Excellence, which conducts ongoing research on emerging cloud threats, attacks, and deployment strategies.

Join us to stay ahead of emerging cloud threats and fortify your organization’s cloud security posture for 2025 and beyond.
Register now to secure your spot!

Cloud Security Threats 2025

The rapid rise of IoT devices has transformed industries but also exposed critical security vulnerabilities. To address these risks, the U.S. government introduced the US Trust Mark, a voluntary certification aimed at enhancing IoT security and building consumer trust.

Join this webinar to explore:
• The key security requirements of the US Trust Mark
• How certification helps IoT manufacturers stand out and gain consumer confidence
• The challenges and opportunities in implementing the Trust Mark

Meet the Experts:
Grace Burkard, Director of Operations, ioXt Alliance
Grace leads ioXt’s global efforts in establishing standardized security requirements for IoT devices. She collaborates with key stakeholders, regulatory bodies, and industry leaders to drive adoption of best security practices. With a passion for privacy and compliance, she plays a pivotal role in improving transparency and trust in the connected device ecosystem.

Michael Beine, Business Unit Manager, Bureau Veritas
With over 20 years in the Testing, Inspection, and Certification (TIC) industry, Michael specializes in cybersecurity for IoT and industrial automation. He has developed testing frameworks for connected devices and serves as a cybersecurity auditor under the IEC 62443 standard. His expertise spans wireless technologies, networked systems, and regulatory compliance in global markets. 

Geoffrey Vaughan, Director, Security Engineering, Security Innovation
Geoff leads Security Innovation’s IoT Center of Excellence, researching emerging threats in connected systems. His team develops tools and methodologies to assess vulnerabilities in embedded devices, web and mobile applications, and communication protocols. A frequent speaker at global conferences, he translates complex security risks into actionable strategies for businesses and developers.

The US Trust Mark: Using Cybersecurity to Differentiate your IoT products

A widely-used but little known technology has created a vulnerable “Side Door” to thousands of financial institutions in North America. This discovery started with a simple question: why does my bank require multi-factor authentication (MFA), but Quicken does not? This led to an exploration of the 20-year old Open Financial Exchange (OFX) protocol and the 3000+ North American banks that support it.  The conclusion:  80% of banks supporting OFX have no MFA support, putting consumers at risk by exposing login credentials. 

This presentation provides a summary of our research. It also describes how organizations can assess and mitigate enterprise risk posed by OFX.  Topics include:

· Open Financial Exchange (OFX) protocol — how it works and where it’s vulnerable 

· Research findings —  OFX security vulnerabilities that create enterprise and consumer risk

· Compliance implications - using a known vulnerable component creates headaches

· Assessment techniques — commercial scanning tools don’t work with OFX. Learn how to assess this risk quickly

·Mitigation techniques — compensating controls that reduce exposure while using the OFX protocol

Your Bank’s Digital Side Door

Cyber Security

Application Security

Authentication

Financial Markets

Privacy

Risk Based Security

Risk Management

Risk Mitigation

Vulnerabilities

Vulnerability Management

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Your Bank’s Digital Side Door

Presented by

About this talk

Bureau Veritas Cybersecurity