Hi [[ session.user.profile.firstName ]]

Why Vendor Liability is Necessary to Secure Consumer IoT

We live in an IoT world. Connected devices now include TVs, refrigerators, security systems, phones, music players, smart assistants, DSL modems, cars, and even toothbrushes. Besides privacy and personal security concerns, these devices pose significant risk of cyber attacks. IoT devices have been used in devastating DDoS attacks that have paralyzed key Internet services, emergency services, and heating systems. In addition to run-of-the-mill hackers and hacktivists, they are the first line of attack in any low-to-medium scale cyber conflict between nation states.

Vulnerable IoT devices represent a direct threat to safety, life, property, business continuity, and general stability of the society.

This talk will discuss the security challenges surrounding IoT devices, and what is needed for a balanced framework that forces vendors to implement a reasonable level of best practice without causing them undue burden and risk.

About the Presenter:
Tatu Ylonen is a cybersecurity pioneer with over 20 years of experience from the field. He invented SSH (Secure Shell), which is the plumbing used to manage most networks, servers, and data centers and implement automation for cost-effective systems management and file transfers. He is has also written several IETF standards, was the principal author of NIST IR 7966, and holds over 30 US patents - including some on the most widely used technologies in reliable telecommunications networks.
Recorded Jun 21 2017 55 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc.
Presentation preview: Why Vendor Liability is Necessary to Secure Consumer IoT

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • An Intelligence Led Approach Using AI for Cyber Defense Apr 8 2020 2:00 am UTC 45 mins
    John Lee, Managing Director, GRF Asia Pacific
    The world is becoming increasingly connected in the digital age that is setting upon us and there is no turning back. The huge opportunities from the IT and OT convergence enable new services and increased productivity. At the same time with greater connectivity there is also greater risks to organizations because of this increased threat surface. A new approach to defend against cyber attacks is needed to keep pace with other business changes and evolving threats. Artificial Intelligence and Machine Learning technologies may present a solution to this problem.

    The webinar will cover:
    - Why the digital economy is not cyber secured
    - Cyber Security Strategic choices
    - The threat Intelligence life cycle
    - Threat detection and incident response: the future
    - Summary

    About the presenter:
    John Lee is the Managing Director for the Global Resilience Federation Asia-Pacific office. He is managing an Information Sharing Analysis Centre for Operational Technology operators. He had past roles in Information Security, GRC and Operations working for MNCs covering APAC and Middle East. He is the immediate past President of the ISACA Singapore Chapter. He had also taught various cybersecurity certifications from ISACA and ISC2. He is a certified APMG trainer for ISACA.
  • Securing the Future: Preparing for the Cyber Threats of 2020 Apr 7 2020 10:00 am UTC 33 mins
    Jon Abbott, CEO, ThreatAware
    Carbon Black recently found that 84% of UK organisations had suffered one or more data breaches in the past year. Effectively cybersecurity is critical for ensuring the success of your business in the digital age.

    In this webinar, ThreatAware CEO Jon Abbott explores the problems that cybersecurity professionals have faced over the past year and how these are likely to evolve in 2020. He draws on his twenty years of experience, including as founder of MSP Priority One, to examine how cyber threats develop and how business cybersecurity needs to grow to meet new challenges.

    From comprehensive asset management to compliance with international standards, proficient cybersecurity requires you to juggle a vast number of tools and processes. Jon’s presentation will look at the way in which innovative technology can increase visibility and reduce complexity when it comes to cybersecurity management, to allow your business to embrace positive risk in 2020.

    Key takeaways
    - The biggest risks cybersecurity professionals faced in 2019
    - How these risks are likely to evolve moving forward into 2020
    - What tools allow businesses to embrace new technologies securely
  • Let COVID-19 Teach us about Cyber Security Apr 7 2020 4:00 am UTC 45 mins
    Jason Yuan, VP Product & Marketing, Sangfor Technologies
    Despite our advances in medical science, humans are still vulnerable to newly developed virus such as COVID-19.

    One thing we know today about coronavirus: it can be extremely contagious even if patients have shown no sign of symptoms. This is remarkably similar for IT security. For example, most ransomware remains dormant for weeks or months until activated.

    While the infected hosts are not causing any damages, they are busy infecting other systems. IT organizations only have knowledge of ransomware that are reported by PC or server users. This discussion borrows the lessons learned from center for disease control, such as detection, quarantine, and tracking down “patient zero”, and demonstrate the importance of AI & machine learning in security with the best practices for cybersecurity professionals, helping organizations to understand their current threat landscape, perform impact analysis, improve their security posture.
  • Strategies to Prevent Online Fraud Apr 7 2020 2:00 am UTC 45 mins
    Jia Min Tan, Director of Alliances, APAC, NS8
    Online fraud is a growing and constantly evolving epidemic so it’s important to learn how to safeguard your business online.

    This presentation will include some strategies and tips for preventing online fraud by sharing a fraud prevention plan that focuses on ad fraud, order fraud and chargebacks
  • [PANEL] What would a CISO do? Apr 6 2020 7:00 am UTC 60 mins
    John Lee, GRF Asia Pacific | RV Raghu, Versatilist Consulting India | Germanie Tan, Darktrace
    As cybersecurity vulnerabilities and breaches continue to make headlines and put organizations reputation at stake, it’s important to ask “What would a CISO do?”

    Join this interactive panel of industry experts as they discuss:

    - Top threats to look out for in 2020
    - Key factors for building a successful CISO strategy
    - Selling your security strategy
    - Why your entire organization should be up to date on cybersecurity

    Moderator: Paul Brennecker QSA, Head of Operations at 3B Data Security

    John Lee, Managing Director, GRF Asia Pacific
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    Germaine Tan, Director of Threat Analysis, Darktrace
  • Expectation from the CISO in the new decade Apr 6 2020 3:30 am UTC 45 mins
    RV Raghu, Director Versatilist Consulting India Pvt Ltd & Director, ISACA
    With the new decade bringing the biggest threat to humanity in terms of COVID19 and its cascading global impact, the ask of the CISO is evolving and the CISO will have a much larger role to play in the enterprise and be truly asked to sit at the big table.

    By listening to this session, participants will:

    a) have a view of how the changing world looks for the CISO
    b) understand what the CISO can do to remain relevant in this new world
  • Data Protection & Privacy During the Coronavirus Pandemic Recorded: Apr 2 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Remote work is quickly becoming the new normal and criminals are taking advantage of this chaotic situation.

    The EU Agency for Cybersecurity's providing guidance for the huge increases in the number of people working remotely, using tele-health it is vital that we also take care of our cyber hygiene.

    Viewers will learn more about:
    - How to use encryption, controlling new storage of regulated data and data sharing in this new situation.
    - Anonymization leaves personal data open to re-identification, which exposes firms to GDPR non-compliance risks.
    - How are the HIPAA rules changing in this situation?
    - GDPR prescribing pseudonymization and how is that work.
    - How is CCPA changing the rules?
    - How to secure wi-fi connections preventing snooping of your traffic and fully updated anti-virus and security software, also on mobile phones.
    - How important files can be backed up remote or locally. In a worst case scenario, staff could fall foul of ransomware for instance.
    - What apps are secure to use in this new era?
    - Should we use MFA, PW managers or local PW management?

    We will also discuss how to use the CERT-EU News Monitor to stay updated on the latest threats and check the following basics.
  • Cyber Breach Fatigue Recorded: Mar 31 2020 36 mins
    Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    The stream of near constant data breaches has left consumers desensitized to the news their information was lost or stolen. We’ll discuss issues around complacency both in consumers and enterprises such as how long the customer cares after a breach occurs, whether data loss is as negatively impactful to an organization’s reputation as it used to be, and how breach fatigue benefits hackers.
  • COVID-19 - What Will Attackers Do? Recorded: Mar 31 2020 58 mins
    Chris Roberts, Rod Soto, Nir Gaist, Ira Winkler
    The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate?

    Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.

    Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.

    Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.

    Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

    Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.
  • [Earn CPE] How to Get More Visibility into Your Digital Ecosystem Recorded: Mar 26 2020 70 mins
    Kelley Vick, Host. With Chris Poulin, Principal Consulting Engineer at BitSight.
    In today's cybersecurity landscape, having continued visibility into your organization’s attack surface is essential to staying ahead of new and evolving threats. But as your digital ecosystem continues to expand, monitoring and mitigating cyber risk become increasingly difficult.

    During this CPE webinar, BitSight’s Chris Poulin, a risk reduction and cybersecurity expert, will take a deep dive into how you can evaluate your current digital risk management efforts, identify gaps, and prioritize improvements.

    Join us on Thursday, March 26, to learn how to:
    ●Validate and manage your digital footprint across various ecosystems
    ●Monitor for indicators of attack, compromise, and abuse
    ●Leverage business context to prioritize remediation efforts and allocate resources
    ●Initiate response plans to mitigate risks
    ●Track and communicate progress with objective data across environments
    ●Use risk intelligence to improve your security posture
  • Deepfakes, Social & Impact on Elections Recorded: Mar 26 2020 61 mins
    David Morris | John Bambenek | Lance James | Dean Nicolls
    AI-generated fake videos, or deepfakes, are becoming more common, more convincing and easier to create. In the era of social, technically manipulated videos can spread like wildfire.

    This is a particularly sensitive issue in today's politically charged environment. With the 2020 U.S. presidential election on the horizon, foreign interference in elections is a real problem and social media the perfect gateway for sowing misinformation, discord and mistrust.

    Can deepfakes impact the outcome of elections? How easy are they to spot, and do you need a tool for that?

    Join this episode of the Election Hacking series to learn more about the emergence of deepfakes and what can be done to mitigate its impact on elections.
    - The current state of deepfakes
    - How deepfakes can be used in misinformation campaigns
    - Use of deepfakes in cyber crime
    - Social media and the spread of fake videos
    - How tech companies are addressing the scourge of deepfakes (Facebook, Twitter, YouTube)

    - Lance James, CEO of Unit 221B
    - John Bambenek, VP for Security Research and Intelligence at ThreatSTOP
    - Dean Nicolls, VP of Global Marketing, Jumio

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Dealing with PCI DSS Compliance During the COVID-19 Crisis Recorded: Mar 25 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    The new normal during the current COVID-19 crisis is changing every aspect of the business world. It is also affecting how QSA’s deal with PCI assessment.

    A QSA for the most part has to be on-site for a PCI assessment, how are they do to that when they can’t get to the site?

    On this webinar, The PCI Dream Team will:
    - Provide an overview of the PCI DSS requirements to be on-site
    - Discuss strategies to perform PCI assessments when being on-site is now impossible
    - Answer any specific questions to deal with this predicament
    - Detail work at home issues and concerns
  • Balancing the Security Workforce Recorded: Mar 25 2020 56 mins
    Diana Kelley | Chris Calvert | Larry Whiteside, Jr. | Gary Hayslip
    The world needs more people in infosec. There are currently about 2.8 million cybersecurity professionals, but roughly 4 million more are needed to close the skills gap.

    So, how are organizations addressing this shortage? What are some of the things organizations are doing when it comes to attracting and retaining cybersecurity talent, but also balancing the workload for the security teams they already have.

    Join today's episode to learn more about the challenges and solutions when it comes to balancing the security workforce.
    - Security skills shortage: Myth vs. Reality
    - Top challenges for security teams
    - Addressing burnout and analyst fatigue
    - How machine learning can help
    - Areas where people are better than AI
    - Building a security culture
    - Removing obstacles and attracting new talent

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

    - Chris Calvert, Co-Founder & VP Strategy at Respond Software
    - Larry Whiteside, Jr., Veteran CISO & Cybersecurity Thought Leader; Co-Founder & Interim President - ICMCP
    - Gary Hayslip, CISO, Softbank
  • Preparing for COVID-19: An Infosec Perspective Recorded: Mar 25 2020 30 mins
    Jeff Schmidt, VP of Cyber at Columbus Collaboratory
    COVID-19 pandemic has not only changed our lives but immediately changed our corporate threat profiles by extending our cyber attack surface and increasing our exposure to all kinds of attacks from authentication to human error. Transitioning to a remote workforce directly and significantly impacts your defensive protections. Practical changes can reduce the risk exposure while also minimize unneeded disruptions and fire drills during this turbulent time. In this webinar, we will discuss important cyber threats to consider and provide actionable advice on how to reduce your risk.
  • Coronavirus Pandemic – Cyber Intelligence Fighting the Virus in Cyberspace Recorded: Mar 23 2020 61 mins
    Alex Holden
    In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.

    Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.

    We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
  • Coronavirus Actions and Risks for Tech and Security Leaders Recorded: Mar 13 2020 62 mins
    Dan Lohrmann (Security Mentor, Inc.) | Scott Larsen (Inova Health System) | Earl Duby (Lear Corporation)
    How are state and local governments responding to COVID-19? What are private sector companies doing now? From public health actions to directives for staff, what emergency response steps and risks should be considered?

    Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 outbreak.

    Topics will include:
    - Policy, technology and process steps to take today to protect your workforce and organization.
    - How are orgs dealing with more staff working from home (telework)?
    - What mistakes can be avoided –and how?

    We will close with a Q/A session with the audience.

    - Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
    - Scott Larsen, CISO at Inova Health System
    - Earl Duby, CISO at Lear Corporation
  • What I Learned at RSAC 2020 Recorded: Mar 12 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.

    Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.

    Join this webinar to learn more about what attendees found interesting at RSAC USA 2020:
    - Emerging Privacy Issues
    - The Human Factor
    - Advancements in Machine Learning
    - Security in App Development
    - Trends from the Innovation Sandbox
    - New Standards and Regulations
    - Security for The API Economy
  • [Earn CPE] Matching Threat Intelligence & Third-Party Risk for Cyber Security Recorded: Mar 12 2020 74 mins
    Panelists: John Chisum, RiskRecon; Jaymin Desai, OneTrust; Allan Liska, Recorded Future; and David Klein, ProcessUnity
    As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.

    As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.

    On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:

    - The importance of holistic risk management and sustainable ongoing monitoring,
    - How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
    - Ways to advance your third-party risk maturity with threat intelligence.
  • Hey You, Get Off Of My Cloud Recorded: Mar 12 2020 51 mins
    Kelly Robertson, CEO, SEC Consult America
    A little discipline goes a long way when moving to the public cloud.

    Attend this talk by SEC Consult America's CEO Kelly Robertson as he discusses what applications are appropriate to move to a public cloud infrastructure and what questions do you need to ask.

    Six considerations of this session:

    - Security
    - Compliance
    - Data Protection
    - Choosing a Cloud Provider
    - Workload Analysis
    - Incident Response

    About Kelly Robertson:

    I'm a senior executive with 30 years of professional Information Security Experience in the Silicon Valley. I worked mainly for large enterprises for the first 15 years, then started Zisher InfoSec, a security consulting firm. In 2017, Zisher InfoSec became part of the SEC Consult organization and I am presently responsible for the SEC Consult organization in the Americas.

    Information Security spans all aspects of the technologies that mankind relies upon and also has a huge impact on digital citizens. I have been fortunate to have worked in 30 countries in the past 20 years across many disciplines, technical vectors and market segments. I believe that the work that we do in this career field is essential to the human race and I hope that my contributions have made a positive difference. A great deal of my focus is in mentoring information security professionals, as individuals and groups through education programs, presentations and publications.
  • Cyber Risk THIS! 6 Practices to Beat Hackers and Satisfy Regulators Recorded: Mar 12 2020 47 mins
    Tony Pietrocola, President, Agile1
    Securing Cloud and SaaS

    Cyber attacks are growing daily, broadening in scope and the costs of a breach are skyrocketing. And here is the kicker, every industry from financial service to healthcare, to government to manufacturing are in the cross hairs. Even the great Warren Buffet recently said that every company is at risk.

    Yes, The Oracle of Omaha is talking tech!

    Cyber criminals have expanded every company’s attack surface by attacking networks, cloud, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers.

    This presentation will cover:
    - Cyber Risk Management
    - How to mitigate risk
    - Show real life case studies
    - Six best practices to explore for your business

    About the speaker:
    Tony Pietrocola is President of Agile1. Agile1 is an intelligence-driven CyberSOC protecting critical network infrastructures from cyber threats. Agile1’s CyberSOC technology is built on a proprietary Machine Learning engine, which analyzes end-point security data in real time allowing us to detect and respond to threats 24X7, before a breach proliferates.

    Tony serves on the board of EBO Group, Inc (acquired by Timken) and Metisentry and is a Board Member of Northern Ohio InfraGard Members Alliance. He holds a Bachelor of Science in Finance from the University of Toledo.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Why Vendor Liability is Necessary to Secure Consumer IoT
  • Live at: Jun 21 2017 10:00 am
  • Presented by: Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc.
  • From:
Your email has been sent.
or close