Hi [[ session.user.profile.firstName ]]

Part 2: How Is This Yahoo! Breach Different from Their Other Breach?

On December 14 Yahoo revealed a new breach affecting more than 1 billion users’ data. This breach is separate to the hack it disclosed earlier this year, which was the biggest data breach on record. Join John Bambenek, Threat Systems Manager at Fidelis Cybersecurity on the latest developments in the Yahoo breaches, what it means for you and steps to take today.
Recorded Dec 22 2016 35 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Bambenek, Manager, Threat Systems at Fidelis Cybersecurity
Presentation preview: Part 2: How Is This Yahoo! Breach Different from Their Other Breach?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Let COVID-19 Teach us about Cyber Security Apr 7 2020 4:00 am UTC 45 mins
    Jason Yuan, VP Product & Marketing, Sangfor Technologies
    Despite our advances in medical science, humans are still vulnerable to newly developed virus such as COVID-19.

    One thing we know today about coronavirus: it can be extremely contagious even if patients have shown no sign of symptoms. This is remarkably similar for IT security. For example, most ransomware remains dormant for weeks or months until activated.

    While the infected hosts are not causing any damages, they are busy infecting other systems. IT organizations only have knowledge of ransomware that are reported by PC or server users. This discussion borrows the lessons learned from center for disease control, such as detection, quarantine, and tracking down “patient zero”, and demonstrate the importance of AI & machine learning in security with the best practices for cybersecurity professionals, helping organizations to understand their current threat landscape, perform impact analysis, improve their security posture.
  • [PANEL] What would a CISO do? Apr 6 2020 7:00 am UTC 60 mins
    John Lee, GRF Asia Pacific | RV Raghu, Versatilist Consulting India | Germanie Tan, Darktrace
    As cybersecurity vulnerabilities and breaches continue to make headlines and put organizations reputation at stake, it’s important to ask “What would a CISO do?”

    Join this interactive panel of industry experts as they discuss:

    - Top threats to look out for in 2020
    - Key factors for building a successful CISO strategy
    - Selling your security strategy
    - Why your entire organization should be up to date on cybersecurity

    Moderator: Paul Brennecker QSA, Head of Operations at 3B Data Security

    Panelists:
    John Lee, Managing Director, GRF Asia Pacific
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    Germaine Tan, Director of Threat Analysis, Darktrace
  • Expectation from the CISO in the new decade Apr 6 2020 3:30 am UTC 45 mins
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    With the new decade bringing the biggest threat to humanity in terms of COVID19 and its cascading global impact, the ask of the CISO is evolving and the CISO will have a much larger role to play in the enterprise and be truly asked to sit at the big table.

    By listening to this session, participants will:

    a) have a view of how the changing world looks for the CISO
    b) understand what the CISO can do to remain relevant in this new world
  • Data Protection & Privacy During the Coronavirus Pandemic Apr 2 2020 4:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Remote work is quickly becoming the new normal and criminals are taking advantage of this chaotic situation.

    The EU Agency for Cybersecurity's providing guidance for the huge increases in the number of people working remotely, using tele-health it is vital that we also take care of our cyber hygiene.

    Viewers will learn more about:
    - How to use encryption, controlling new storage of regulated data and data sharing in this new situation.
    - Anonymization leaves personal data open to re-identification, which exposes firms to GDPR non-compliance risks.
    - How are the HIPAA rules changing in this situation?
    - GDPR prescribing pseudonymization and how is that work.
    - How is CCPA changing the rules?
    - How to secure wi-fi connections preventing snooping of your traffic and fully updated anti-virus and security software, also on mobile phones.
    - How important files can be backed up remote or locally. In a worst case scenario, staff could fall foul of ransomware for instance.
    - What apps are secure to use in this new era?
    - Should we use MFA, PW managers or local PW management?

    We will also discuss how to use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics.
  • Cyber Breach Fatigue Recorded: Mar 31 2020 36 mins
    Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    The stream of near constant data breaches has left consumers desensitized to the news their information was lost or stolen. We’ll discuss issues around complacency both in consumers and enterprises such as how long the customer cares after a breach occurs, whether data loss is as negatively impactful to an organization’s reputation as it used to be, and how breach fatigue benefits hackers.
  • COVID-19 - What Will Attackers Do? Recorded: Mar 31 2020 58 mins
    Chris Roberts, Rod Soto, Nir Gaist, Ira Winkler
    The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate?

    Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.

    Panelists:
    Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.

    Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.

    Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

    Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.
  • [Earn CPE] How to Get More Visibility into Your Digital Ecosystem Recorded: Mar 26 2020 70 mins
    Kelley Vick, Host. With Chris Poulin, Principal Consulting Engineer at BitSight.
    In today's cybersecurity landscape, having continued visibility into your organization’s attack surface is essential to staying ahead of new and evolving threats. But as your digital ecosystem continues to expand, monitoring and mitigating cyber risk become increasingly difficult.

    During this CPE webinar, BitSight’s Chris Poulin, a risk reduction and cybersecurity expert, will take a deep dive into how you can evaluate your current digital risk management efforts, identify gaps, and prioritize improvements.

    Join us on Thursday, March 26, to learn how to:
    ●Validate and manage your digital footprint across various ecosystems
    ●Monitor for indicators of attack, compromise, and abuse
    ●Leverage business context to prioritize remediation efforts and allocate resources
    ●Initiate response plans to mitigate risks
    ●Track and communicate progress with objective data across environments
    ●Use risk intelligence to improve your security posture
  • Deepfakes, Social & Impact on Elections Recorded: Mar 26 2020 61 mins
    David Morris | John Bambenek | Lance James | Dean Nicolls
    AI-generated fake videos, or deepfakes, are becoming more common, more convincing and easier to create. In the era of social, technically manipulated videos can spread like wildfire.

    This is a particularly sensitive issue in today's politically charged environment. With the 2020 U.S. presidential election on the horizon, foreign interference in elections is a real problem and social media the perfect gateway for sowing misinformation, discord and mistrust.

    Can deepfakes impact the outcome of elections? How easy are they to spot, and do you need a tool for that?

    Join this episode of the Election Hacking series to learn more about the emergence of deepfakes and what can be done to mitigate its impact on elections.
    - The current state of deepfakes
    - How deepfakes can be used in misinformation campaigns
    - Use of deepfakes in cyber crime
    - Social media and the spread of fake videos
    - How tech companies are addressing the scourge of deepfakes (Facebook, Twitter, YouTube)

    Panelists:
    - Lance James, CEO of Unit 221B
    - John Bambenek, VP for Security Research and Intelligence at ThreatSTOP
    - Dean Nicolls, VP of Global Marketing, Jumio

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Dealing with PCI DSS Compliance During the COVID-19 Crisis Recorded: Mar 25 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    The new normal during the current COVID-19 crisis is changing every aspect of the business world. It is also affecting how QSA’s deal with PCI assessment.

    A QSA for the most part has to be on-site for a PCI assessment, how are they do to that when they can’t get to the site?

    On this webinar, The PCI Dream Team will:
    - Provide an overview of the PCI DSS requirements to be on-site
    - Discuss strategies to perform PCI assessments when being on-site is now impossible
    - Answer any specific questions to deal with this predicament
    - Detail work at home issues and concerns
  • Balancing the Security Workforce Recorded: Mar 25 2020 56 mins
    Diana Kelley | Chris Calvert | Larry Whiteside, Jr. | Gary Hayslip
    The world needs more people in infosec. There are currently about 2.8 million cybersecurity professionals, but roughly 4 million more are needed to close the skills gap.

    So, how are organizations addressing this shortage? What are some of the things organizations are doing when it comes to attracting and retaining cybersecurity talent, but also balancing the workload for the security teams they already have.

    Join today's episode to learn more about the challenges and solutions when it comes to balancing the security workforce.
    - Security skills shortage: Myth vs. Reality
    - Top challenges for security teams
    - Addressing burnout and analyst fatigue
    - How machine learning can help
    - Areas where people are better than AI
    - Building a security culture
    - Removing obstacles and attracting new talent

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

    Panelists:
    - Chris Calvert, Co-Founder & VP Strategy at Respond Software
    - Larry Whiteside, Jr., Veteran CISO & Cybersecurity Thought Leader; Co-Founder & Interim President - ICMCP
    - Gary Hayslip, CISO, Softbank
  • Preparing for COVID-19: An Infosec Perspective Recorded: Mar 25 2020 30 mins
    Jeff Schmidt, VP of Cyber at Columbus Collaboratory
    COVID-19 pandemic has not only changed our lives but immediately changed our corporate threat profiles by extending our cyber attack surface and increasing our exposure to all kinds of attacks from authentication to human error. Transitioning to a remote workforce directly and significantly impacts your defensive protections. Practical changes can reduce the risk exposure while also minimize unneeded disruptions and fire drills during this turbulent time. In this webinar, we will discuss important cyber threats to consider and provide actionable advice on how to reduce your risk.
  • Coronavirus Pandemic – Cyber Intelligence Fighting the Virus in Cyberspace Recorded: Mar 23 2020 61 mins
    Alex Holden
    In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.

    Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.

    We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
  • Coronavirus Actions and Risks for Tech and Security Leaders Recorded: Mar 13 2020 62 mins
    Dan Lohrmann (Security Mentor, Inc.) | Scott Larsen (Inova Health System) | Earl Duby (Lear Corporation)
    How are state and local governments responding to COVID-19? What are private sector companies doing now? From public health actions to directives for staff, what emergency response steps and risks should be considered?

    Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 outbreak.

    Topics will include:
    - Policy, technology and process steps to take today to protect your workforce and organization.
    - How are orgs dealing with more staff working from home (telework)?
    - What mistakes can be avoided –and how?

    We will close with a Q/A session with the audience.

    Speakers:
    - Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
    - Scott Larsen, CISO at Inova Health System
    - Earl Duby, CISO at Lear Corporation
  • What I Learned at RSAC 2020 Recorded: Mar 12 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.

    Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.

    Join this webinar to learn more about what attendees found interesting at RSAC USA 2020:
    - Emerging Privacy Issues
    - The Human Factor
    - Advancements in Machine Learning
    - Security in App Development
    - Trends from the Innovation Sandbox
    - New Standards and Regulations
    - Security for The API Economy
  • [Earn CPE] Matching Threat Intelligence & Third-Party Risk for Cyber Security Recorded: Mar 12 2020 74 mins
    Panelists: John Chisum, RiskRecon; Jaymin Desai, OneTrust; Allan Liska, Recorded Future; and David Klein, ProcessUnity
    As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.

    As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.

    On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:

    - The importance of holistic risk management and sustainable ongoing monitoring,
    - How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
    - Ways to advance your third-party risk maturity with threat intelligence.
  • Hey You, Get Off Of My Cloud Recorded: Mar 12 2020 51 mins
    Kelly Robertson, CEO, SEC Consult America
    A little discipline goes a long way when moving to the public cloud.

    Attend this talk by SEC Consult America's CEO Kelly Robertson as he discusses what applications are appropriate to move to a public cloud infrastructure and what questions do you need to ask.

    Six considerations of this session:

    - Security
    - Compliance
    - Data Protection
    - Choosing a Cloud Provider
    - Workload Analysis
    - Incident Response

    About Kelly Robertson:

    I'm a senior executive with 30 years of professional Information Security Experience in the Silicon Valley. I worked mainly for large enterprises for the first 15 years, then started Zisher InfoSec, a security consulting firm. In 2017, Zisher InfoSec became part of the SEC Consult organization and I am presently responsible for the SEC Consult organization in the Americas.

    Information Security spans all aspects of the technologies that mankind relies upon and also has a huge impact on digital citizens. I have been fortunate to have worked in 30 countries in the past 20 years across many disciplines, technical vectors and market segments. I believe that the work that we do in this career field is essential to the human race and I hope that my contributions have made a positive difference. A great deal of my focus is in mentoring information security professionals, as individuals and groups through education programs, presentations and publications.
  • Cyber Risk THIS! 6 Practices to Beat Hackers and Satisfy Regulators Recorded: Mar 12 2020 47 mins
    Tony Pietrocola, President, Agile1
    Securing Cloud and SaaS

    Cyber attacks are growing daily, broadening in scope and the costs of a breach are skyrocketing. And here is the kicker, every industry from financial service to healthcare, to government to manufacturing are in the cross hairs. Even the great Warren Buffet recently said that every company is at risk.

    Yes, The Oracle of Omaha is talking tech!

    Cyber criminals have expanded every company’s attack surface by attacking networks, cloud, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers.

    This presentation will cover:
    - Cyber Risk Management
    - How to mitigate risk
    - Show real life case studies
    - Six best practices to explore for your business

    About the speaker:
    Tony Pietrocola is President of Agile1. Agile1 is an intelligence-driven CyberSOC protecting critical network infrastructures from cyber threats. Agile1’s CyberSOC technology is built on a proprietary Machine Learning engine, which analyzes end-point security data in real time allowing us to detect and respond to threats 24X7, before a breach proliferates.

    Tony serves on the board of EBO Group, Inc (acquired by Timken) and Metisentry and is a Board Member of Northern Ohio InfraGard Members Alliance. He holds a Bachelor of Science in Finance from the University of Toledo.
  • Creating Data Leadership through Cybersecurity choices Recorded: Mar 12 2020 27 mins
    Dr. Alea Fairchild, Ecosysm and The Constantia Institute | David Spencer, IBM GTS
    Cybersecurity monitoring is designed to complement, mirror and support your business operations. To create a data leadership position and innovation for your customers, the appropriate cybersecurity policies and solutions need to be in place that fit your specific business model. You need to be thoughtful about assembling a cybersecurity team configured to serve your specific company needs.

    We will discuss how companies are designing their data leadership strategies based on cybersecurity requirements, looking at their internal staffing, technology sourcing and selection of 3rd party providers. Infrastructure expert, Dr. Alea Fairchild will be sharing industry trends based on Ecosystm research findings on cybersecurity solution selection.

    Join this webinar to hear Alea, joined by David Spencer from IBM Security, discuss how to profile your company’s cybersecurity requirements to seek out the best advisors, skill sets and MSSP solution providers to work with your own business model in a cyber secure manner.

    They will explore how organizations can develop a fit for purpose cybersecurity strategy that grows with them in resilience while meeting the challenge of maturing security programs to scale with their business.

    Key Takeaways:

    1. Guidelines to grow a data leadership strategy in a non-highly regulated business.
    2. Five essential questions to ask as you screen potential cybersecurity solution providers.
    3. Why cyber resiliency is a more logical goal than being cyber secure.

    Speakers:
    Dr. Alea Fairchild, Principle Advisor, Infrastructure & Cloud Enablement at Ecosystm and Director at The Constantia Institute sprl
    David Spencer, Associate Partner, Cloud Resilience and Availability, IBM GTS
  • Cyber Risk Management - How Effective is Your Program? Recorded: Mar 12 2020 54 mins
    Kojo Degraft Donkor CISSP, Cisco Systems – CX Americas
    Black hat actors continue to escalate the attack surfaces brought on by opportunities in emerging and matured technologies in Cloud, Internet of Things, Machine Learning, Artificial Intelligence. Several frameworks exist for managing Cyber Risks.

    This presentation will answer these questions:

    - How does your organization frame responses to these threats?
    - What approach works best for your organization?
    - What key elements make up an effective Cyber Risk Program?
    - Which of these elements should be top priority?
    - How dynamic is your Cyber Risk Management approach?
  • An ever-expanding IoT attack surface and what to do about it Recorded: Mar 11 2020 49 mins
    Misha Nossik, Co-founder and CEO, Haystack Magic
    Common understanding of Internet of Things (IoT) includes smart devices, such as mobile phones, smart appliances, CPE networking devices and industrial sensors. However, the time is coming when dumb devices, such as tools, lab supplies, assembly parts, household items will join the IoT. If you are worried about IoT security now, imagine the scale and the magnitude of implications when the entire physical world gets included into the attack surface.

    In this presentation we will describe a practical use-case, illustrate the limitations of current methods and discuss the ways to address them.

    About the speaker:

    Misha Nossik is a serial entrepreneur and technology executive with over 25 years of experience in new product development for the Cloud, Cybersecurity and IoT sectors. He is a co-founder and CEO of Haystack Magic, an IoT SaaS for enterprise physical asset tracking.

    Previously, he was a co-founder, CTO and VP R&D of CloudLink, a cybersecurity startup acquired by EMC in 2015. Before that he was a founder and CEO of Thintropy, an early VDI vendor, which was acquired by SIMtone (f.k.a. XDS). He co-founded Solidum Systems, a network processor pioneer, acquired by IDT Inc. In 2001 he co-founded and chaired the Network Processing Forum. Misha has earned his MSc in Applied Mathematics at MIIT in Moscow. Misha is an avid skier and an active instrument-rated pilot.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Part 2: How Is This Yahoo! Breach Different from Their Other Breach?
  • Live at: Dec 22 2016 6:00 pm
  • Presented by: John Bambenek, Manager, Threat Systems at Fidelis Cybersecurity
  • From:
Your email has been sent.
or close