[Video Interview] The Cyber Year in Review: Troels Oerting, CISO, Barclays

WiCyS brings together women and supporters from around the world to develop cybersecurity skills with the aim of advancing women in, building equity in and developing minority talent in the field. One of WiCyS’s focuses is bridging the cybersecurity skills gap for female veterans, which is what helped launch the Veterans’ Program. Military career experience aligns well with a job in cybersecurity.

The WiCyS Veterans’ Apprenticeship Program includes paid training and apprenticeship, secure long-term employment, and a litany of possible resources including access to technology and mentoring. This innovative apprenticeship model is DOL-certified and a top-notch gateway to get the support needed to enter into thriving cybersecurity careers. Join this webinar to learn more about the WiCyS Veterans' Apprenticeship Program and see if it's the right fit for YOU! And, as always... we thank you for your service.

As AI adoption increases and becomes a competitive and operational efficiency advantage, managing AI-related risks poses the top challenge for AI initiatives. Cybersecurity along with AI failures, misuse of personal data, and regulatory uncertainty are also top areas of concern.

The pandemic and the shift to remote working has strained networks and pushed organizations to speed up their digital transformation journeys. With more users on the network than ever before, security has become a key priority.

Discover how organizations are addressing the security challenges of remote working and the latest trends in network security.

Join this panel of security experts and industry leaders to learn more about:
- The impact of COVID on networks and security
- The emergence of secure access service edge (SASE)
- The need for smart network monitoring technology
- New and old threats, and common vulnerabilities
- Lessons from the SolarWinds hack
- Best practices and recommendations for strengthening security in 2021


Kalani Enos, Kenos Technologies
Mike Ichiriu, VP, Zentera
Mike Grimshaw, Sre & Security Manager, Moovweb
Robinson Delaugerre, Investigations Manager (Computer Security Incident Response Team), Orange Cyberdefense

When it comes to building or updating your strategy for detecting threats to your business, it is important to know the direction you are headed in.

Many Managed Detection and Response providers align themselves to a very short term strategy that would appear to solve all of your problems, when in fact what is needed is a more pragmatic approach that helps model out the different options you have for gaining visibility and also allowing for an understanding of the impact of limitations specific to your environment (for example a missing data or security event types).

Join our Global Service Area Owner for Managed Detection and Response, Grant Paling, for an insight into how to build a strategic plan for improvements in security monitoring.

Key takeaways:

• Understand the different options for getting started with detection and response (including endpoint, log and network-based approaches).

• Learn how they differ and the pros and cons of different approaches.

• Find out how to model the impacts on visibility when choosing different approaches, and balancing that out against the time to value

• See examples of where we’ve used our Threat Detection Framework to build business cases for expansion and to illustrate the impact caused by challenges from non-security parts of the business.

Cyber threats are constantly and rapidly changing. With time, as security products have evolved, threat actors have also evolved and have found newer ways of infiltrating networks and hijacking devices. Also, as more and more organizations go through digital transformation, the opportunity for Cyber Attackers is only increasing. In addition, many Critical Infrastructure organizations, across the globe, are going digital; which substantially increases the stakes around successful Cyber Attacks, and has given rise to Nation State backed Cyber Attacks.

In this talk we will discuss some major cyber-attacks of recent times, their motivation, & techniques used. We will also talk about best practices that organizations should adopt to protect against such threats.

Key takeaways from this session:

- Cyber Attack trends & motivations.
- Insights into recent noteworthy Cyber Attacks.
- Protection mechanisms.

The rapid removal of threats has never mattered more. In our Annual State of Phishing report, we discuss how 2020 saw the emergency of new threat actors, the appearance of some old ones and changes in malware and phishing attacks.

What you will learn:

- How over 50% of phishing reported by Cofense customers are credential phish
- An effective phishing defense program enables organizations to quickly reduce risk
- Tactics used by threat actors to make it to the inbox

This month's episode of The (Security) Balancing Act will focus on botnets as a growing threat to the enterprise, examples from the real world, and what enterprises can do to better protect against botnet-fueled state sponsored attacks.

Join this interactive roundtable discussion with security experts and industry leaders to learn more about:
- How botnets have become a tool for cyber criminals and nation state actors
- Real-world examples & known botnet attacks
- Nation state ransomware attacks
- DDoS attacks
- Cyber espionage
- ATPs
- The trouble with attribution
- What enterprises and governments can do to address the threat

Panelists:
- Johna Till Johnson, CEO and Founder of Nemertes Research
- Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
- Craig Harber, Chief Customer Success Officer, Fidelis

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Phishing attacks related to working from home and the pandemic are on the rise, and email continues to be the primary vehicle. With so much on the line, how are enterprises addressing the risk of email-based attacks? What are the latest trends in email security and how to keep up with the old and new threats?

Join this panel of security experts and industry leaders to learn more about the email security challenges enterprises are facing and the best practices for a stronger, more resilient enterprise:- Amplification of old attacks and email security challenges we will continue to see in 2021:

- How are organizations dealing with phishing and spear-phishing
- COVID-related phishing and social engineering attacks
- Common red flags - how to spot a phishing email from a mile away- Protecting against business email compromise (BEC) attacks
- Preventing credential theft
- Lessons from the SolarWinds attack- Best practices for improving email security and protecting the enterprise


Moderated by:
Michelle Drolet, CEO, Towerwall
Panelists:
Rodrigo Araujo, Security Advisor, Bell
JP Bourget President, BlueCycle

Often times, even with the best technology and software, cybersecurity detection and response strategies don’t meet their maximum potential or, worse yet, fail without a team that has the right capacity and expertise behind them.

Join Herjavec Group’s VP of Customer Success, Eric Dowsland as he discusses best practices and strategies for enterprise detection and response programs including layering your security approach, and properly leveraging the MITRE ATT&CK Framework.

Discover how leveraging Managed Security Services (MSS) to support your cybersecurity plan is key to identifying, disrupting, containing, and remediating the onslaught of malware and emerging threats that will occur this year.

SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.

Cloud computing, remote work and the increasing use of mobile devices has redefined the network edge. The concept of endpoint security and the strategies used to protect this new perimeter from sophisticated adversaries and advanced persistent threats has evolved as well

We’ll discuss:

• The changing organizational view of the redefined endpoint
• Increased attack vectors
• Maturing threat detection and response tools
• The blurring line between End point security and data security
• The move to Zero Trust Network Access

Moderated by:
Jo Peterson, Vice President, Cloud and Security Services, Clarify360

Panelists:
Stan Lowe, former CISO of Zscaler and former Global CIO of PerkinElmer
Doug Saunders.CIO, Sweeping Corporation
Christopher Camaclang, Technical Partner Manager - US MSP, Alert Logic

As organizations are making plans to extend working from home through next summer, what are some things employees and IT teams can do to better protect their devices and networks? Learn more about how endpoint security can be implemented and improved to protect your organization from breaches.

Join this interactive keynote panel with security experts and industry leaders to learn more about:
- COVID-19’s impact on home network security
- Why attackers are targeting the endpoint
- Why your connected devices may be at risk and what to do about it
- How to seamlessly integrate your endpoint security with existing solutions
- Identifying threats, solutions and breach prevention best practices

Over last three decades, evolution of Cyber Security & Cyber Attacks has gone hand-in- hand. Whenever one side gains an upper hand, the other comes up with novel ways to move forward. Because of this need for constant evolution, both sides have been at the forefront of new technology adoption. And Artificial Intelligence is no exception.

Cyber Security vendors have been utilizing AI based solutions in their products for a while now. As these solutions mature, the Attackers are gradually finding it harder to bypass the protection. Subsequently, we expect Cyber Attackers to also start utilizing AI for their purposes. Which would require Security vendors to alter their approach.

In this talk we will discuss:

- Current AI usage in Cyber Security and path forward.
- Potential use of AI by Cyber Attackers.
- How Cyber Security would have to evolve to counter the new threat.

Enterprises are adopting digital transformation with an ever-increasing speed to drive growth through new business models with the advent of digital technologies. Digital transformation has now become a business imperative rather than technology imperative. The rapid adoption of digital transformation also coincides with growing focus on Cybersecurity.
Today, due to ubiquitous connectivity, increased device density and digital technologies such as IoT, the threat surface have expanded multifold . The multiplication of devices and the edge-based automation adds to the complexity and need to manage differently. A denial of service, theft or manipulation of data can damage the customer experience and cause significant damage to the brand value, penalty, revenue loss and jeopardize the livelihood and safety of individual stakeholders. Cybersecurity during and post-transformation is key to the success of the digital transformation and also creating compelling customer experience. On the other side, consumers are expecting more and more proactive measures by enterprise for security and any compromise may results into exudes of loyal consumer from the brand.
The author intends to take vertical centric and digital transfection centric approach while narrating current state of cybersecurity in those key verticals. It also discusses various practices that today are required to digital transformation more secured and ultimately protect customer experience.
Key Take Aways:
1. The Complexity and challenges of Cybersecurity in Enterprises of APAC Region
2. How can trust and resilience-based ecosystem be enabled by enterprise?
3. Cross industry view of Cybersecurity

Presenters:
Dr. Neelesh Kumbhojkar, Director Symbiosis International (Deemed University) Pune, India
Ajit Paul, Business Transformation Advisor, Digital i2o

We need to carry out a deep introspection about the current state of the IT and InfoSec rollout and the associated policies. The sequence of doing so is of the utmost importance. We may have to re-engineer the following.

1. Network Security
2. Application Security
3. Operational Security
4. Information Security
5. BCP & DR
6. End-User Education

Computing has seen a significant transformation. The IT services are being utilized and consumed by the end-users in a much different way than before. The stress on the IT managers has increased as they are compelled to allow the much-debated issue of securing and rolling out the BYOD policies. The forced reduction of the headcount & reduced wages has had an adverse impact on the employee’s integrity. Remote users have many peeping toms at home looking at the computer screens. The Home Wi-Fi used by the employees is not secure.

This leads us to analyze the top 10 areas of concern. Parallelly, the outbreak of an undeclared war between the “Cyber Bullies” and the “IT Security Soldiers” is hotter than ever before. We will discuss the strategies that IT Security Soldiers are adopting and the success thereof.

The current perceived threats have created opportunities for the vendors providing the NAC, ZeroTrust, RPA’s, ATP’s, infusion of ML and AI into the Firewalls and perimeter security devices to a large extent. The OS and RDBMS patch updates have taken a front stage and are a priority task for the IT Managers.

We need to draft out an SOP for keeping the IT Infrastructure secured. We need to create “8 Commandments” to have a well-secured IT Infrastructure

There is a human angle to IT Security as well. Only having robust IT InfoSec Policies. The Human Resource department needs to play an important role.

The goals that an IT InfoSec leadership needs to achieve has to be clear, well defined, and meticulously followed.

This presentation will be a snapshot of an end to end journey.

Mandiant Threat Intelligence assesses with high confidence that the ransomware threat and its associated disruptions and costs will continue to grow in 2021. We assess with high confidence that cyber risks to the pharmaceutical, healthcare, and related industries will remain elevated throughout the coronavirus (COVID-19) pandemic and related vaccine distribution efforts.

We assess with high confidence that actors specializing in specific stages of the attack lifecycle will continue their activities, making sophisticated tactics more accessible to a wider variety of actors and threat activity more difficult to track. We also noted increased volume, sophistication, and diversity in information operations throughout 2020. We suggest that continued evolution will be at least partially driven by detection efforts.