Name: Cyber Notes Cast - Lessons learned from the Uber data breach
Start: 2023-05-26T15:00:00Z
End: 2023-05-26T15:00:07.000Z
Location: BrightTALK
Rating: 3

Our mission is to eliminate abuse of privilege in organizations around the world and build digital sovereignty. To achieve this, Senhasegura works against data theft through the traceability of privileged actions of human and machine identities on assets such as network devices, servers, databases, industry 4.0, and DevOps environments. Companies of various sizes and industries rely on Senhasegura to protect one of their most valuable assets: data.

senhasegura is considered a Leader vendor by KuppingerCole in its 2023 Leadership Compass report and as Leaders in its 2022 report. 

We are the only PAM vendor with 5 stars on the Gartner Peer Insights Voice of the Customer report 2022. In the same portal, our customer reviews delivered a recommendation rate of 100%*, the highest among all PAM providers.

In 2020, Senhasegura was recognized as a “Challenger” in the Gartner Magic Quadrant (MQ) report. In the same year, Gartner also ranked us among the top three PAM technologies in the world in its Critical Capabilities PAM report.

In December 2020, we were named by GPTW as a Great Place to Work by our employees.

Cybersecurity in the Middle East: Protecting Cloud Identities with PAM

In the era of digital transformation, addressing cybersecurity risks is paramount for ensuring business continuity, particularly within the dynamic and expanding cloud environments of the Middle East.

Our webinar explores the pivotal role of Privileged Access Management (PAM) in fortifying cloud identities against threats amidst the evolving digital landscape. With the recent inauguration of Google Cloud's new data centers in Dammam, Saudi Arabia, and the pioneering PAM solutions offered by senhasegura, we stand at a crucial juncture in regional cybersecurity.

Key Takeaways:

- Navigating the Dynamic Cybersecurity Landscape
- The Significance of Google Cloud's Expansion
- Understanding the Vitality of PAM in Cloud Security
- Overcoming Implementation Challenges of PAM
- Selecting the Optimal PAM Provider
- Embracing PAM Solutions in the Middle East

Who Should Attend?

- IT and Cybersecurity Professionals
- C-Level Executives Focused on Enhancing Digital Security
- Cloud Technology Enthusiasts
- Business Owners Seeking Insights into PAM's Role in Cloud Environments

Don't miss this exclusive opportunity to bolster your cybersecurity acumen and stay ahead of the curve.

Webinar Cybersecurity in the Middle East: Protecting Cloud Identities with PAM

In a world where digital security is non-negotiable, join us for a groundbreaking webinar that delves deep into the ever-evolving realm of cybersecurity. 

Our focus? The seamless integration of passwordless authentication methods into Privileged Access Management (PAM) systems.

What You'll Gain Insight Into:

- Fundamentals of Digital Identity and Authentication - Dive into the cybersecurity landscape, unraveling the essentials of digital identity and the evolution of authentication tokens;

- The Rise of Passwordless Authentication - Explore how passwordless solutions are revolutionizing security protocols, striking the perfect balance between enhanced security and user convenience;

- Integrating Passwordless with PAM - Navigate the practical aspects of embedding passwordless authentication into PAM systems, uncovering the benefits and tackling challenges head-on;

- Expert Insights from Industry Leaders - Hear firsthand from our strategic partner, a trailblazer in passwordless authentication technology, as they share their expertise and real-world applications;

- Live Demonstration - Witness real-time demonstrations showcasing the seamless integration of passwordless methods in PAM. Experience the ease of use and heightened security in action.

What's In It for You:

- Understand Emerging Trends and Technologies - Gain insights into the latest happenings in the cybersecurity universe;

- Learn Practical Approaches to Enhance Security - Acquire actionable strategies to fortify your organization's security posture;

- Network with Industry Experts and Peers - Engage with the cybersecurity community, forging valuable connections.

Unlock the Future of Secure Access: Integrating Passwordless into PAM

In an era where cyber threats loom larger than ever, the traditional 'trust but verify' security model is becoming obsolete. Enter Zero Trust – a paradigm shift that redefines organizational cybersecurity. 

But what role does Privileged Access Management (PAM) play in this new framework? 

Join us in this illuminating webinar as we explore the crucial interplay between PAM and Zero Trust.

Why Privileged Access Management is essential to achieve Zero Trust Security

In an era where cybersecurity challenges are escalating, understanding the latest trends, impacts, and strategies is paramount to address associated risks. Discover how organizations worldwide are responding to breaches, making investments, and harnessing the power of AI and automation to mitigate risks. 

Join us for an insightful webinar as we dive into the key findings of the market-recognized IBM and Ponemon’s 2023 Cost of a Data Breach Report. From the rising costs to the influence of DevSecOps and cloud security, this webinar offers invaluable insights to enhance your security posture and safeguard your digital assets.

Turning Insights into Action: Exploring IBM's 2023 Cost of a Data Breach Report

Join us for an exhilarating panel discussion as we unpack the most provocative and groundbreaking discussions from DEF CON and Bsides 2023. From the evolving role of artificial intelligence in cybersecurity to the intricacies of digital certificate management, the audacious world of wearables and biohacking, to the revelations in RFID and mobile network vulnerabilities—our experts will explore these themes in detail. Engage with industry leaders and gain actionable insights into the future of cybersecurity.

The Hacker’s Paradigm: Insights from DEF CON and Bsides 2023

Join us for an insightful journey into the world of cutting-edge cybersecurity practices and techniques unveiled at DEF CON 2023 workshops. This webinar will delve into key areas that are shaping the cybersecurity landscape, including incident response strategies, cloud vulnerabilities, the emergence of wearable tech and biohacking, and the evolving challenges of hacking WiFi and mobile networks. Our expert speakers will share hands-on experiences, real-world case studies, and practical insights gained from DEF CON workshops, offering you a unique opportunity to stay informed about the latest trends and emerging threats in the cybersecurity realm.

Topics:

Cloud Vulnerabilities and Misconfiguration
Wearables and Biohacking
Wifi and Mobile Networks Hacking
The importance of Incident Response in cybersecurity

Hands-On Cybersecurity: Unveiling the Techniques and Tools from DEF CON 2023

In the ever-changing world of digital technology, the line between science fiction and reality is becoming increasingly blurred. The rise of Artificial Intelligence (AI) and Machine Learning (ML) is a testament to this, as these technologies are no longer just buzzwords but have become integral parts of our digital infrastructure. 

One area where AI and ML are making a significant impact is cybersecurity, specifically in Privileged Access Management (PAM). PAM is the digital equivalent of a high-security vault, safeguarding an organization's most critical systems and data. It's a booming market, projected to hit $2.3 billion by 2024, according to Gartner. 

Tune in to the discussion between our cybersecurity expert, David Muniz, and Charlie Harold from the renowned SecurityGuyTV.com. They delve into the ways Artificial Intelligence and Machine Learning enhance identity protection.

Free eBook about AI and ML in PAM: https://bit.ly/47yKpyu

How Artificial Intelligence and Machine Learning Help Identity Protection

In Information Technology, the term port refers to an access point for transferring data. However, the software port can have different purposes and mostly corresponds to the Internet protocols TCP and UDP, which have different particularities.

In this episode, we discuss secure and insecure ports and show how you can secure these access points. Follow!

In the area of Information Technology there are several terms and nomenclatures. Among them, we highlight the ports, which can be software or hardware. These ports are comprised of important protocols that perform various functions such as I/O processing and data transfer.

In practice, there is a large number of ports, characterized by their functions and a number, which allows classifying them between the protocols that make up UDP and TCP.

In this cyber notes cast episode, we cover secure and unsecured ports and how to secure them. To make your listening more enjoyable, we have divided our content into the following topics:

1. What are network ports?
2. What are risky network ports?
3. What is the most secure port?
4. Is port 443 a security risk?
5. Is port 8080 vulnerable?
6. How to secure insecure ports ?
7. How to detect open ports on the network?
8. How to ensure port security?
9. About senhasegura
10. Conclusion

Enjoy this Cyber Notes Cast episode!

CNC - Identifying secure and unsecured ports and how to secure them

In cybersecurity, the human element plays a critical role, both as a solution and as a challenge. The surge in cyberattacks during the Covid-19 pandemic has heightened the need for skilled cybersecurity professionals to safeguard organizations' confidential data. However, the industry is grappling with a significant skills gap, leaving businesses vulnerable to cyber threats. Join our webinar as we delve into the human aspect of cybersecurity, exploring the cybersecurity skills gap and the burden faced by cybersecurity professionals.

During the session, we will discuss the following key points:

Understanding the Cybersecurity Skills Gap;
Overburdened Cybersecurity Professionals;
Bridging the Gap and Alleviating Stressors;
How to Get People to Care About Security and Risk.

Join us as we shed light on the pressing issue of the cybersecurity skills gap and its impact on professionals. Together, let's uncover actionable insights to bridge the gap and alleviate the overburdening of cybersecurity teams, ensuring a secure digital landscape for organizations.

The Human Aspect in Cybersecurity: Skills Gap and Work-Related Stressors

Cloud solutions bring numerous facilities to companies, but also offer security risks. Want to know how to combat these threats? Read our article to the end!

A 2020 survey by cybersecurity solutions provider Barracuda showed that 53% of companies have accelerated plans to move their data to a cloud-based environment. This is due to the mass adoption of remote work that has occurred in recent years due to the Covid-19 pandemic.

The big problem is that this change makes organizations even more vulnerable to cyberattacks. To get a sense, according to Gartner, companies running cloud infrastructure services will experience at least 2,300 violations of least privilege policies annually through 2024.

The good news is that we at senhasegura can help you avoid losses caused by the lack of adequate protection for your cloud environments. We were even recently listed as Challengers in the KuppingerCole Leadership Compass for DREAM report, which deals with the subject.

Enjoy this Cyber Notes Cast episode!

CNC - How does senhasegura help protect your cloud environments?

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more!

The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview of data breaches occurring in 2022 in 17 countries and regions and 17 different industries.

To produce it, more than 3,600 people from companies that suffered leaks were interviewed, which made it possible to gather some relevant information.

According to the study, 83% of companies surveyed had more than one data breach. In addition, 60% of leaks resulted in higher prices being passed on to customers and the average cost of one of these events was US$4.35 million.

In this cyber notes cast episode, we are going to talk more about data breach and address its main causes. To facilitate your listening, we have divided our content into the following topics:

1. What is a data breach;
2. What are the 5 common causes of data breach;
3. Examples of data breach;
4. What are some common types of violations;
5. How to prevent data leakage;
6. About senhasegura;
7. Conclusion.
 
Enjoy this Cyber Notes Cast episode!

CNC - The main causes of data leaks

SOC 2 provides a report after completing the audit.

Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security.

Want to know more about this subject?

Listen this content until the end!

In December 2022, senhasegura reached compliance with the principles defined by the AICPA with the SOC 2 report, which attested to the reliability of the services provided by the organization and also of the 360º PRIVILEGE PLATFORM.

In practice, the System and Organization Controls 2 (SOC 2) consists of an audit report used to assess how a company undertakes and implements internal controls around the storage of its customers’ information.

This document points out that senhasegura uses standards defined by the AICPA regarding one or more of the following attributes: confidentiality, privacy, processing integrity, availability, and security.

In this cyber notes cast episode, we share more details about the SOC 2 report, achieved by senhasegura. To facilitate your listening, we have divided our content into the following items:

1. What is the SOC 2 report?
2. SOC 2 Trust Principles.
3. Is SOC 2 equivalent to ISO 27001?
4. How do I become an SOC 2?
5. About senhasegura.
6. Conclusion.
 
Enjoy this Cyber Notes Cast episode!

CNC - What is the SOC 2 report and why is it important for senhasegura?

Description: Discover the key challenges and best practices for defending critical infrastructure against cyber threats in our insightful webinar titled "Defending Critical Infrastructure Against Cyber Threats - Challenges and Best Practices." Join our panel of experts as they explore the unique security landscape of critical infrastructure sectors and provide valuable strategies to mitigate cyber risks. Gain actionable insights into securing interconnected systems, managing resource constraints, implementing access controls, and developing incident response plans tailored to critical infrastructure environments. Don't miss this opportunity to enhance your knowledge and strengthen your defenses against cyber threats targeting critical infrastructure.

Topics to be covered:

Introduction:
 Evolution of identity verification approaches
 Password-based authentication as a legacy method
 Overview of the AAA framework (Authentication, Authorization, Auditing)
Legacy Authentication Methods:
 Password-based Authentication
 Knowledge-based Authentication (KBA)
 Token-based Authentication
Emerging Authentication Technologies:
 Biometrics
 Behavioral Analytics
 Passwordless
 Federated Identities
 Other modern authentication technologies
Challenges in the Authentication Process:
 Poor User Experience (UX)
 Cybersecurity awareness
 Authentication in legacy devices
 Password strength

Webinar - User Authentication Evolution and Associated Challenges

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed.

In this cyber notes cast episode, we explain in detail what side threats are and how to avoid them. Want to know more about it? Listen our content to the end.

A lateral movement attack can present itself in a variety of ways and for a variety of purposes.

In practice, this type of action is related to accessing an entry point, which corresponds to the initial target, so that the attacker can later gain access to other locations on the network, being able to steal data or infect devices and demand a ransom payment, for example.

However, it is possible to avoid lateral threats with the support of an IT team prepared to identify them in a timely manner and with the support of powerful cybersecurity solutions, such as PAM.
In this cyber notes cast, we share key information about a lateral movement attack. To make it easier to listen, we have divided our content by topics. They are:

1. What is a lateral movement attack?
2. How does a lateral movement attack occur?
3. Examples of lateral movement attack
4. How to detect a lateral movement attack?
5. How to prevent a lateral movement attack?
6. PAM senhasegura: the ideal solution for preventing lateral movement attacks.
7. About senhasegura.
8. Conclusion.

Enjoy this Cyber Notes Cast episode!

Cyber Notes Cast - What is a lateral movement attack and how does it occur

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more!

In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not among the industries that typically pay ransom demands.

According to a survey carried out by Check Point, in the third quarter of 2022, the government sector was one of the most attacked by hackers, receiving around 1,564 attacks weekly, which is equivalent to an increase of 20% compared to the same period in 2021.

However, last year, only 32% of state and local governments paid a ransom to restore encrypted data, 10% less than in 2020. With that in mind, we prepared this episode to clarify why attackers insist on having governments as one of their main targets. Here, you will see:

1. Why do hackers target government organizations?
2. What is the government’s role in cybersecurity?
3. Why should the national government of any country be aware of cyber targets?
4. What types of organizations do hackers most target?
5. What are the top 5 cyber threats to government organizations?
6. About senhasegura.
7. Conclusion.

Enjoy this Cyber Notes Cast episode!

CNC - Why are government organizations favorite targets for cybercriminals

Ransomware is a type of cyberattack where malicious attackers lock down their victims’ computers and demand a ransom to unlock.

In this cyber notes cast episode, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Listen our episode until the end!

Ransomware is considered one of the biggest threats to businesses in 2022. In this type of cyberattack, hackers lock their victims’ computers and charge a ransom to unlock.

You might be wondering what the basic steps of the Incident Response Plan for ransomware are, or what an Incident Response Plan should include. That’s why we prepared this episode.

Here are the aspects that a proper response to a ransomware attack should include:

1. Risk assessment;
2. Identification of a ransomware attack;
3. Definition of the scope of the attack;
4. Isolation of affected systems;
5. Elimination of malicious software;
6. Disclosure of the attack;
7. Recovery of the environment;
8. Incident Recovery Plan;
9. Application of lessons learned.

Enjoy this Cyber Notes Cast episode!

Cyber Notes Cast - Building a Ransomware Incident Response Plan

Finding qualified cybersecurity professionals has been a challenging task for CISOs, as these leaders depend on a well-prepared team to deal with increasingly advanced threats to cybersecurity in their organizations. However, to overcome this shortage, there are some solutions, which will be explored in this article. Listen this cyber notes cast episode.

Cybersecurity is one of the most critical and challenging areas for modern organizations, which face increasingly sophisticated and frequent threats. To protect their data, systems and even their reputation, companies need skilled and experienced security leaders who can define and implement effective strategies, manage risk and incidents, and guide security teams.

However, finding and retaining these professionals is not an easy task. According to Proofpoint’s Voice of the CISO 2023 report, 61% of CISOs surveyed reported feeling that they were not prepared enough to deal with a targeted attack. In 2022, this number was 50%, and, in the year before, 2021, 66%.

With the growing cyber threat, companies are increasingly dependent on cybersecurity to protect their sensitive data and ensure business continuity. In addition, cybersecurity risks are increasingly associated with business risks, which makes ensuring adequate protection of environments and devices essential to ensuring business continuity. As a result, CISOs face a number of challenges in keeping their systems secure.

To facilitate, we will divide the content into the following topics:
1. What are the typical challenges the CISO faces in terms of security?
2. What are the main challenges in implementing cybersecurity?
3. What are the biggest challenges for the CISO?
4. Top 3 challenges organizations face when implementing security policies and controls.

Enjoy this Cyber Notes Cast episode!

CNC - How can CISOs overcome the shortage of cybersecurity professionals

Maintaining data security through cyber defense is one of the great challenges for organizations, especially after the regulation of data protection laws.

Maintaining data security is a major concern for organizations today. According to an IBM study, the average cost of a data breach is estimated at $4.35 million.

In addition, companies need to manage a large volume of information, which arrives faster and faster, often in complex and hybrid IT environments, in a context in which remote work increases the vulnerability of the business.

In this sense, it is essential to adopt the best cybersecurity practices in order to reduce losses related to the interruption of activities, loss of reputation and lawsuits.

With that in mind, we prepared this article to explore the topic. To make it easier to read, we have divided our text by topics. They are:

1. What are the best practices for data security?
2. What are the 5 pillars of security?
3. What are the 5 Cs of cybersecurity?
4. Conclusion.

Enjoy this Cyber Notes Cast episode!

Cyber Notes Cast - Best Data Security Practices Every Infosec Leader Should Know

Uber employees last month discovered a hacker intrusion into their internal network. This was possible because the attacker announced his feat on the organization’s Slack channel, as well as sharing it with the New York Times, which brought the story about the Uber data breach to light.

This isn’t the first time a data breach has occurred at Uber. Previously, the company had to pay a fine of US$148 million due to the theft of data from 57 million users and 7 million drivers worldwide in the year 2016.

The 2016 attack further prompted the conviction of former Uber CSO Joe Sullivan for hiding data breaches and theft from authorities.
In this Cyber Notes Cast, were going to dig into the two times Uber data was breached and the lessons learned from those intrusions. To facilitate your understanding, we have divided our text into topics. They are:

 - How did the data breach at Uber happen?
 - How did Uber respond to the hack?
 - What was the impact for the organization?
 - Who is responsible?
 - How did the 2016 Uber data breach occured?
 - About senhasegura
 - Conclusion

Enjoy this Cyber Notes Cast!

Cyber Notes Cast - Lessons learned from the Uber data breach

Data Breach

cyberattack

Security Strategy

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Cyber Notes Cast - Lessons learned from the Uber data breach

Presented by

About this talk

More from this channel