Name: 7 Lessons for CISOs from a Battle-tested, Ransomware Survivor Public Sector CIO
Start: 2021-06-18T16:43:00Z
End: 2021-06-18T16:43:55.000Z
Location: BrightTALK
Rating: 5

Joining David Spark (@dspark), producer of CISO Series for this discussion will be:

Aviv Grafi (@avivgrafi) CTO and founder, Votiro
Sandy Dunn (@subzer0girl), CISO, Blue Cross of Idaho

They'll discuss:
- How has security traditionally been a hindrance to business productivity?
- How are we making file access easier/more difficult?
- What’s the net result when security is a hindrance to business operations? Who ends up winning? Who loses?
- How can security better demonstrate that they are actually on the side of business productivity?
- What are the different angles of productivity we should consider? (e.g., individual productivity, security team’s productivity, interdepartmental productivity, third party productivity.)
- Provide some examples of secure guardrails that don’t hinder business operations.

"Hacking Productivity" - CISO Series Video Chat

Nearly 85% of malspam in Q2 2019 contained a link that sent the recipient to a malicious file download (Proofpoint). The pandemic increased the use of link-based phishing attacks, as file-sharing and communications moved from the physical office to the digital. What makes links so dangerous? On average, security tools like Secure Email Gateways cannot detect and prevent 40%+ of malicious links (Cofense), leaving it up to the user to decide whether or not a link is safe to click. And 85% of all incidents, as reported in the Verizon DBIR, involved human error.

Malicious links lead to 1 of 2 locations: a page designed for the user to input credentials or to a file-sharing or other website that hosts a malicious file embedded with malware – which may automatically download to the user’s device.

While you cannot prevent all malicious links from entering your employees’ inboxes, you CAN prevent these links from downloading malicious content to devices. Join Henry Frith, Votiro VP of Customer Success, as he explains an innovative technology that allows users to safely browse the web without becoming victim to malicious downloads:

- Enable your users to browse the web and download files from the web without risk of hidden malware
- Reduce the risk of malicious email links sent in phishing campaigns to employees
- Scale risk reduction to all devices without impacting data flow or slowing business

How to Prevent Malware Downloads from Malicious Links

As organizations continue to deal with emerging threats in the malware space, it's easy for some to take a complacent view and say, 'Malware, haven't we done this already?' We've been dealing with this for decades. And while people who take this view aren't necessarily wrong, ransomware continues to be one of the most popular cyber attacks among organizations. With malware and ransomware becoming more sophisticated and threatening than ever before, it's important for security teams to up their defense and strategies and stay ahead of these attacks. Simply put, ransomware is not going away.

Join us as we explore: 

- Evasive malware and ransomware tactics and delivery methods 
- Live example of a threat and a peek inside of Votiro's Secure File Gateway
- Preventing unknown malware threats without disruption to productivity

SANS Forum Webcast: You CAN Prevent What You Can't See

In this discussion-based panel event, Frank Johnson, battle-tested, ransomware survivor Public Sector CIO and Chris Fedde, Board Member of Votiro, will review lessons learned from Frank's experience dealing with a breach.

Along with stories from inside the breach, this session will also explore how best to prioritize prevention with the modern day CISO's common obstacles, from the highly evasive nature of ransomware threats, to stretched budgets, to newly remote workforces.

In this session we'll cover:

- Lessons learned during a ransomware event, including the CISO decision-making process in the aftermath of a breach
- Why the conventional advice on how to avoid ransomware breaks down
- Where to focus on reducing risk within your organization and your human attack surface
- Newer technologies available to prevent ransomware attacks, and recommended actions that security leaders should consider

7 Lessons from a Battle-Tested, Ransomware Survivor, Public Sector CIO

Ransomware attacks are on the rise, with successful attacks like Colonial Pipeline impacting not just companies but everyday citizens. In this webcast, SANS Analyst Jake Williams and ex-IDF security researcher, pentester, and current Votiro CEO, Aviv Grafi deep-dive into stealthy ways that ransomware and other malware enter networks.

Attendees will learn:

-Evasive techniques that let ransomware bypass detection
-Trends in delivery channels for ransomware attacks
-What tools & techniques can be used to combat evasive malware

SANS Webcast: Evasive Ransomware & Malware

Nearly 85% of malspam in Q2 2019 contained a link that sent the recipient to a malicious file download (Proofpoint). The pandemic increased the use of link-based phishing attacks, as file-sharing and communications moved from the physical office to the digital. What makes links so dangerous? On average, security tools like Secure Email Gateways cannot detect and prevent 40%+ of malicious links (Cofense), leaving it up to the user to decide whether or not a link is safe to click. And 85% of all incidents, as reported in the Verizon DBIR, involved human error.

Malicious links lead to 1 of 2 locations: a page designed for the user to input credentials or to a file-sharing or other website that hosts a malicious file embedded with malware – which may automatically download to the user’s device.

While you cannot prevent all malicious links from entering your employees’ inboxes, you CAN prevent these links from downloading malicious content to devices. Join Henry Frith, Votiro Director of Sales Engineering, as he explains an innovative technology that allows users to safely browse the web without becoming victim to malicious downloads:

- Enable your users to browse the web and download files from the web without risk of hidden malware
- Reduce the risk of malicious email links sent in phishing campaigns to employees
- Scale risk reduction to all devices without impacting data flow or slowing business

This 4 minute video shows how Votiro Secure File Gateway for Email protects from all malware embedded in incoming files.

Preventing Hidden Malware in Emails - 4 Minute Demo

As of March, 7 federal agencies are working from home. While teleworking keeps federal and civilian workers safe, it greatly increased cybersecurity risks.

One of the major risks was through internet browsing. Malicious code easily hides within the browser, and browsers can change from safe to malicious in an instant, creating risk for any user surfing the web or clicking on links in emails.  

In September, DISA announced that it was rolling out cloud-based internet isolation to protect government and civilian employees from browser risks. By recreating the browser environment, malicious elements are contained, and the user gets to surf a perfectly replicated virtual version of the web…that is, until they try to download something.  

Downloading files used to breach the secure environment of browser isolation. A new technology called Positive Selection® works with browser isolation to ensure that all web downloads are fully sanitized of threats before they reach the endpoint.  

Join Thales TCT's Trusted Cyber Security Advisor, Kirk Spring and Votiro's Director of Engineering, Richard Hosgood to learn:
o	How Federal Agencies are implementing browser isolation to keep servicemembers and civilians safe from malicious browser elements
o	How Positive Selection allows browser isolation users to download content from the web without risk

Federal Government: Revolutionizing Endpoint Security with Zero Trust

Financial Institutions and Insurance companies are uniquely vulnerable to file-borne threats. Having to accept and process tens of thousands of files a day from multiple sources—emails, uploads to customer-facing online portals & apps, and downloads from the web—puts these entities at a unique risk.  

KYC, loan application documents, check image uploads, photo evidence and proof during the claims process - all files can be compromised with embedded, zero-day malware that is undetectable by detection-based and signature-based security solutions (and this doesn’t even include the massive volume of attachment-based phishing schemes that corporate office and billing receives).  

Join this informative webinar to learn: 
- The ways that attackers can implant malware into seemingly safe files commonly used during financial course of business, including zipped files, PDFs, Excel, and more
- Dissection of a real attack on a financial instruction using files as the threat vector 
- The file security trends facing Financial Institutions & Insurance companies  
- How a new type of technology, Positive Selection, removes any and all hidden malware from files without interrupting business flow

No More Malware: How Financial Institutions can Stop File-Borne Attacks at Scale

Now, more than ever, you have to trust your workforce. To support remote teams, organizations are making greater use of web-based applications, systems, and content portals. But trust alone isn’t enough to keep employees—and the organization—safe. Webpages carry risk of malware delivered through browser exploits, and can flip from good to bad in an instant. Even if the page is good, the contents may carry risk (e.g. web email or social media).  And that’s before we even think about weaponized files that users might download from the web! 

Telling your staff to not use the web or download files impacts both business productivity and morale. Instead, find out how they can safely browse the web and download files without risk of breach.    

Join this webinar to learn:
• What webpage and file download risks you need to be most concerned about in 2021
• How Symantec Web Isolation keeps users safe
• The options available to design Isolation into your security system
• How Votiro technology integrates with Symantec Isolation to sanitize file downloads

"Don’t Surf, Don’t Click!” The Better Way to Access Websites and Download Files

File-borne attacks are on the rise, and 80% of successful breaches are new, unknown, or zero-day attacks that are not recognized by traditional signature-based detection solutions, such as antivirus. An example of this is an April 2020 attack that delivered Dridex ransomware to FedEx, UPS, and DHL customers. Sophisticated phishing emails—cleverly disguised to appear to be from company email accounts were sent with legitimate-looking attachments that delivered the payload. This threat's signature was not recognized in antivirus databases for 2 entire days, leaving businesses vulnerable.

In the past, detection and alert-based security tools were best-in-class. But in a world of zero-days and an overwhelming amount of attacks, these solutions miss massive quantities of threats—as much as 40%—leaving security teams fighting both alert fatigue and new threats from all fronts. 

In this talk, Richard Hosgood, white hat hacker and North American Director of Engineering at file security company, Votiro, dissects the April 2020 phishing attack, the gaps that antivirus and next-generation antivirus leave for unknown and zero-day threats, and how an emerging technology called Positive Selection technology can actually prevent these types of attacks.

How FedEx, UPS &  DHL Customers were Tricked by an Advanced Phishing Campaign.

Organizations receive malicious files from emails, web uploads, and content-sharing platforms daily. File-borne attacks are on the rise and 40%-60% of malicious files evade and breach existing security defenses to end up in your inboxes, on your platforms, and in your network.

We want you to send us those files. Seriously. Forward malicious files to badfiles@votiro.com.

During this live hack dissection event on July 21st at 11am ET, Richard Hosgood, white hat hacker and North American Director of Engineering at file security company, Votiro, will dissect your malicious files live and uncover the malware and viruses that are hidden within.

You will receive a completely clean, usable copy of your files back. Senders’ information will be kept confidential, and all files will be destroyed after the webinar.

Richard will also discuss how a new technology – Positive Selection technology – ensures that all files entering an organization are 100% safe, regardless if they enter through email, download, or upload.

Sign up for this webinar and send us your most malicious, most trojan-, ransomware-, and virus-riddled files to badfiles@votiro.com.

What's in that Malicious File? A Live File Dissection Event

In this discussion-based panel event, Frank Johnson, battle-tested, ransomware survivor Public Sector CIO and Chris Fedde, Board Member of Votiro, will review lessons learned from Frank's experience dealing with a breach.

Along with stories from inside the breach, this session will also explore how best to prioritize prevention with the modern day CISO's common obstacles, from the highly evasive nature of ransomware threats, to stretched budgets, to newly remote workforces.

In this session:
• Lessons learned during a ransomware event, including the CISO decision-making process in the aftermath of a breach;
• Why the conventional advice on how to avoid ransomware breaks down;
• Where to focus on reducing risk within your organization and your human attack surface;
• Newer technologies available to prevent ransomware attacks, and recommended actions that security leaders should consider.

7 Lessons for CISOs from a Battle-tested, Ransomware Survivor Public Sector CIO

Ransomware

Threat Prevention

Malware

Cyber Threats

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

7 Lessons for CISOs from a Battle-tested, Ransomware Survivor Public Sector CIO

Presented by

About this talk

More from this channel