WannaCry Ransomware Attack: What You Need to Know & How to Protect Against It
The recent WannaCry ransomware attack was unprecedented in scale. With over 230,000 computers infected in over 150 countries, it is the largest cyberextortion scheme ever. More importantly, some experts fear that the danger is far from over.
Join this panel of security leaders as they discuss:
- What is WannaCry?
- Why did it spread so quickly and at such a scale?
- How can we protect our companies against this and similar cyber attacks?
- Threatscape: What can we expect to see in the future?
- Lance Cottrell, Chief Scientist at Ntrepid Corp.
- Brian Minick, CEO of Morphick
- Sven Krasser, Chief Scientist at CrowdStrike
- RJ Gazarek, Product Manager at Thycotic
RecordedJun 1 201762 mins
Your place is confirmed, we'll send you email reminders
Rhonda Bricco (UnitedHealth Group), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
The stream of near constant data breaches has left consumers desensitized to the news their information was lost or stolen. We’ll discuss issues around complacency both in consumers and enterprises such as how long the customer cares after a breach occurs, whether data loss is as negatively impactful to an organization’s reputation as it used to be, and how breach fatigue benefits hackers.
The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate?
Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.
Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.
Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.
Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.
Kelley Vick, Host. With Chris Poulin, Principal Consulting Engineer at BitSight.
In today's cybersecurity landscape, having continued visibility into your organization’s attack surface is essential to staying ahead of new and evolving threats. But as your digital ecosystem continues to expand, monitoring and mitigating cyber risk become increasingly difficult.
During this CPE webinar, BitSight’s Chris Poulin, a risk reduction and cybersecurity expert, will take a deep dive into how you can evaluate your current digital risk management efforts, identify gaps, and prioritize improvements.
Join us on Thursday, March 26, to learn how to:
●Validate and manage your digital footprint across various ecosystems
●Monitor for indicators of attack, compromise, and abuse
●Leverage business context to prioritize remediation efforts and allocate resources
●Initiate response plans to mitigate risks
●Track and communicate progress with objective data across environments
●Use risk intelligence to improve your security posture
David Morris | John Bambenek | Lance James | Dean Nicolls
AI-generated fake videos, or deepfakes, are becoming more common, more convincing and easier to create. In the era of social, technically manipulated videos can spread like wildfire.
This is a particularly sensitive issue in today's politically charged environment. With the 2020 U.S. presidential election on the horizon, foreign interference in elections is a real problem and social media the perfect gateway for sowing misinformation, discord and mistrust.
Can deepfakes impact the outcome of elections? How easy are they to spot, and do you need a tool for that?
Join this episode of the Election Hacking series to learn more about the emergence of deepfakes and what can be done to mitigate its impact on elections.
- The current state of deepfakes
- How deepfakes can be used in misinformation campaigns
- Use of deepfakes in cyber crime
- Social media and the spread of fake videos
- How tech companies are addressing the scourge of deepfakes (Facebook, Twitter, YouTube)
- Lance James, CEO of Unit 221B
- John Bambenek, VP for Security Research and Intelligence at ThreatSTOP
- Dean Nicolls, VP of Global Marketing, Jumio
Moderator: David Morris, Executive Director at Digital Risk Management Institute
This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
The new normal during the current COVID-19 crisis is changing every aspect of the business world. It is also affecting how QSA’s deal with PCI assessment.
A QSA for the most part has to be on-site for a PCI assessment, how are they do to that when they can’t get to the site?
On this webinar, The PCI Dream Team will:
- Provide an overview of the PCI DSS requirements to be on-site
- Discuss strategies to perform PCI assessments when being on-site is now impossible
- Answer any specific questions to deal with this predicament
- Detail work at home issues and concerns
Diana Kelley | Chris Calvert | Larry Whiteside, Jr. | Gary Hayslip
The world needs more people in infosec. There are currently about 2.8 million cybersecurity professionals, but roughly 4 million more are needed to close the skills gap.
So, how are organizations addressing this shortage? What are some of the things organizations are doing when it comes to attracting and retaining cybersecurity talent, but also balancing the workload for the security teams they already have.
Join today's episode to learn more about the challenges and solutions when it comes to balancing the security workforce.
- Security skills shortage: Myth vs. Reality
- Top challenges for security teams
- Addressing burnout and analyst fatigue
- How machine learning can help
- Areas where people are better than AI
- Building a security culture
- Removing obstacles and attracting new talent
This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
- Chris Calvert, Co-Founder & VP Strategy at Respond Software
- Larry Whiteside, Jr., Veteran CISO & Cybersecurity Thought Leader; Co-Founder & Interim President - ICMCP
- Gary Hayslip, CISO, Softbank
Jeff Schmidt, VP of Cyber at Columbus Collaboratory
COVID-19 pandemic has not only changed our lives but immediately changed our corporate threat profiles by extending our cyber attack surface and increasing our exposure to all kinds of attacks from authentication to human error. Transitioning to a remote workforce directly and significantly impacts your defensive protections. Practical changes can reduce the risk exposure while also minimize unneeded disruptions and fire drills during this turbulent time. In this webinar, we will discuss important cyber threats to consider and provide actionable advice on how to reduce your risk.
In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.
Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.
We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
Dan Lohrmann (Security Mentor, Inc.) | Scott Larsen (Inova Health System) | Earl Duby (Lear Corporation)
How are state and local governments responding to COVID-19? What are private sector companies doing now? From public health actions to directives for staff, what emergency response steps and risks should be considered?
Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 outbreak.
Topics will include:
- Policy, technology and process steps to take today to protect your workforce and organization.
- How are orgs dealing with more staff working from home (telework)?
- What mistakes can be avoided –and how?
We will close with a Q/A session with the audience.
- Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
- Scott Larsen, CISO at Inova Health System
- Earl Duby, CISO at Lear Corporation
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
Join this webinar to learn more about what attendees found interesting at RSAC USA 2020:
- Emerging Privacy Issues
- The Human Factor
- Advancements in Machine Learning
- Security in App Development
- Trends from the Innovation Sandbox
- New Standards and Regulations
- Security for The API Economy
Panelists: John Chisum, RiskRecon; Jaymin Desai, OneTrust; Allan Liska, Recorded Future; and David Klein, ProcessUnity
As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.
As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.
On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:
- The importance of holistic risk management and sustainable ongoing monitoring,
- How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
- Ways to advance your third-party risk maturity with threat intelligence.
A little discipline goes a long way when moving to the public cloud.
Attend this talk by SEC Consult America's CEO Kelly Robertson as he discusses what applications are appropriate to move to a public cloud infrastructure and what questions do you need to ask.
Six considerations of this session:
- Data Protection
- Choosing a Cloud Provider
- Workload Analysis
- Incident Response
About Kelly Robertson:
I'm a senior executive with 30 years of professional Information Security Experience in the Silicon Valley. I worked mainly for large enterprises for the first 15 years, then started Zisher InfoSec, a security consulting firm. In 2017, Zisher InfoSec became part of the SEC Consult organization and I am presently responsible for the SEC Consult organization in the Americas.
Information Security spans all aspects of the technologies that mankind relies upon and also has a huge impact on digital citizens. I have been fortunate to have worked in 30 countries in the past 20 years across many disciplines, technical vectors and market segments. I believe that the work that we do in this career field is essential to the human race and I hope that my contributions have made a positive difference. A great deal of my focus is in mentoring information security professionals, as individuals and groups through education programs, presentations and publications.
Cyber attacks are growing daily, broadening in scope and the costs of a breach are skyrocketing. And here is the kicker, every industry from financial service to healthcare, to government to manufacturing are in the cross hairs. Even the great Warren Buffet recently said that every company is at risk.
Yes, The Oracle of Omaha is talking tech!
Cyber criminals have expanded every company’s attack surface by attacking networks, cloud, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers.
This presentation will cover:
- Cyber Risk Management
- How to mitigate risk
- Show real life case studies
- Six best practices to explore for your business
About the speaker:
Tony Pietrocola is President of Agile1. Agile1 is an intelligence-driven CyberSOC protecting critical network infrastructures from cyber threats. Agile1’s CyberSOC technology is built on a proprietary Machine Learning engine, which analyzes end-point security data in real time allowing us to detect and respond to threats 24X7, before a breach proliferates.
Tony serves on the board of EBO Group, Inc (acquired by Timken) and Metisentry and is a Board Member of Northern Ohio InfraGard Members Alliance. He holds a Bachelor of Science in Finance from the University of Toledo.
Dr. Alea Fairchild, Ecosysm and The Constantia Institute | David Spencer, IBM GTS
Cybersecurity monitoring is designed to complement, mirror and support your business operations. To create a data leadership position and innovation for your customers, the appropriate cybersecurity policies and solutions need to be in place that fit your specific business model. You need to be thoughtful about assembling a cybersecurity team configured to serve your specific company needs.
We will discuss how companies are designing their data leadership strategies based on cybersecurity requirements, looking at their internal staffing, technology sourcing and selection of 3rd party providers. Infrastructure expert, Dr. Alea Fairchild will be sharing industry trends based on Ecosystm research findings on cybersecurity solution selection.
Join this webinar to hear Alea, joined by David Spencer from IBM Security, discuss how to profile your company’s cybersecurity requirements to seek out the best advisors, skill sets and MSSP solution providers to work with your own business model in a cyber secure manner.
They will explore how organizations can develop a fit for purpose cybersecurity strategy that grows with them in resilience while meeting the challenge of maturing security programs to scale with their business.
1. Guidelines to grow a data leadership strategy in a non-highly regulated business.
2. Five essential questions to ask as you screen potential cybersecurity solution providers.
3. Why cyber resiliency is a more logical goal than being cyber secure.
Dr. Alea Fairchild, Principle Advisor, Infrastructure & Cloud Enablement at Ecosystm and Director at The Constantia Institute sprl
David Spencer, Associate Partner, Cloud Resilience and Availability, IBM GTS
Kojo Degraft Donkor CISSP, Cisco Systems – CX Americas
Black hat actors continue to escalate the attack surfaces brought on by opportunities in emerging and matured technologies in Cloud, Internet of Things, Machine Learning, Artificial Intelligence. Several frameworks exist for managing Cyber Risks.
This presentation will answer these questions:
- How does your organization frame responses to these threats?
- What approach works best for your organization?
- What key elements make up an effective Cyber Risk Program?
- Which of these elements should be top priority?
- How dynamic is your Cyber Risk Management approach?
Common understanding of Internet of Things (IoT) includes smart devices, such as mobile phones, smart appliances, CPE networking devices and industrial sensors. However, the time is coming when dumb devices, such as tools, lab supplies, assembly parts, household items will join the IoT. If you are worried about IoT security now, imagine the scale and the magnitude of implications when the entire physical world gets included into the attack surface.
In this presentation we will describe a practical use-case, illustrate the limitations of current methods and discuss the ways to address them.
About the speaker:
Misha Nossik is a serial entrepreneur and technology executive with over 25 years of experience in new product development for the Cloud, Cybersecurity and IoT sectors. He is a co-founder and CEO of Haystack Magic, an IoT SaaS for enterprise physical asset tracking.
Previously, he was a co-founder, CTO and VP R&D of CloudLink, a cybersecurity startup acquired by EMC in 2015. Before that he was a founder and CEO of Thintropy, an early VDI vendor, which was acquired by SIMtone (f.k.a. XDS). He co-founded Solidum Systems, a network processor pioneer, acquired by IDT Inc. In 2001 he co-founded and chaired the Network Processing Forum. Misha has earned his MSc in Applied Mathematics at MIIT in Moscow. Misha is an avid skier and an active instrument-rated pilot.
Chris Hazelton, Lookout | JP Bourget, Syncurity | Ondrej Krehel, LIFARS | Jonathan Lee, Menlo Security
The email threat landscape is constantly evolving. How are organizations staying up to date on all the email-based cyber threats?
Join this panel of security experts and industry leaders as they discuss the latest trends in email security and how to prevent becoming the next news headline. Learn how to protect your organization from spam, malware, and phishing attacks.
- Emerging trends in email attacks
- Why email security is a key CISO priority in 2020
- The human element of security
- Solutions and best practices for protecting your organization
Chris Hazelton, Director of Security Solutions, Lookout
JP Bourget, Founder, Director, Chief Security Officer, Syncurity
Jonathan Lee, Senior Product Manager, Menlo Security
Ondrej Krehel, Digital Forensics Lead, CEO and Founder, LIFARS
Companies are at risk when transitioning from traditional on-premise applications and infrastructure to cloud computing solutions.
It is critical that security and compliance be addressed in the cloud environment. Failure to ensure appropriate security and address compliance requirements may ultimately result in higher risks, costs and potential loss of business. Highly regulated companies should take a comprehensive approach to data privacy, security and compliance before moving systems to the cloud. This includes:
- Understanding the challenges of compliance on premise versus the cloud
- What security standards should be adopted in the cloud
- Demonstrating compliance: how to establish and maintain data privacy, security, and compliance in a cloud environment
Darrin Nowakowski, Director Client Services, Cyber Security, CGI
Hybrid Cloud is the new normal for the modern Enterprise. Information Security departments have accepted that the perimeter is no longer defined by the network and that data protection is central to this new paradigm.
Are software-defined data controls across clouds and data centers weaker than traditional perimeter defenses? Not necessarily. In some cases they are actually stronger.
This talk is about the opportunities presented by today’s tools and how these apply to compliance. In particular how continuous compliance is now possible. We will also outline how this changes GRC processes and the role of security compliance in DevOps aka DevSecOps.
Topics covered include:
• What is Compliance and what should be included?
• Compliance Frameworks and Standards.
• What can we measure and test?
• How to tie together hybrid cloud compliance
• Access Controls, Infrastructure, Data and Policies
• Continuous Compliance
About the speaker:
Darrin Nowakowski has 25 years experience working in Cyber Security in Canada and internationally. He has extensive experience as both a practitioner and strategist with a focus on providing Security Architecture, Penetration Testing, Cloud, Web and Mobile Security as well as Executive Consultation, Security Program Development, Strategies and Roadmaps, Risk management and demonstrated leadership.
As a founder and senior leader, President and CISO, for Star Circle Security, Darrin managed a consulting practice through strong client relationships in the Financial, Public, Telecommunications and Retail Sectors. Mr. Nowakowski is currently working as the Director for Client Services of the Greater Toronto Area Cyber Security Practice for CGI.
Cloud compliance could be difficult if you are a multinational or in some cases if you have clients in different states, how can you address all the compliance requirements without losing your time redoing work, in this webinar we will describe the basic points you need to develop in order to be ready to comply with different regulations, audits or annual reviews.
About the speaker:
Juan Carlos Carrillo is a Security & Privacy professional with IT Management experience of more than 20 years in high tech industry. He has large expertise doing business with technology solutions to financial companies. Throughout Juan Carlos' career, he has developed extensive knowledge with software, hardware, consulting and professional services.
Juan Carlos has a Masters in Finance graduated from ITESM in Mexico, a B.S. in Computer Systems Engineer from UVM in Mexico, He is certified as an Information Privacy Professional (CIPT), Certified as an Identity and Access Administrator (CIAM) and Certified in Cloud Security (CCSK).
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
WannaCry Ransomware Attack: What You Need to Know & How to Protect Against ItLance Cottrell (Ntrepid), Brian Minick (Morphick), Sven Krasser (CrowdStrike), RJ Gazarek (Thycotic)[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]61 mins