Integrating IT-Related Risk: The Next Chapter In Business Benefit
Good news: Enterprises are finally making progress toward breaking down the IT silos and forging a view of IT-related risk that crosses those IT silos. Slowly but surely, network security, availability, access security, recovery, change, release, often physical security and occasionally even project management are being viewed together – to see their interrelationships and balance improvements. Bad news: The struggle is far less advanced in connecting a view of IT-related risk to business operations. In enterprises that are increasingly dependent on IT, the failure to take an end-to-end business operations view of risk boarders on tragic. Of the several challenges faced by both operational and IT professionals, a significant hurdle has been the lack of a shared risk management process that integrates operational risk to the business (products, process, frauds, continuity and such) with IT related risk. This has made it difficult to put the puzzle pieces together, understand relationships and even share terminology. Worse, this has all been complicated by confusion over whether risk management is being used to drive business performance or just a compliance exercise. Join in this webinar to understand the latest approaches and tools to integrate IT and operational risk to improve business performance. This session draws on lessons learned across industries and countries, with special emphasis on helping financial companies implement meet their pressing business and regulatory needs.
RecordedJun 2 201145 mins
Your place is confirmed, we'll send you email reminders
Patrick Lloyd, Solutions Architect, Cisco Security Services
Smart buildings are the hottest topic of 2021. But the thought of system integrations to make this a reality is enough to give most network security teams heartburn. The planning, design, and implementation of IOT based “smart” buildings can be eased in its complexity, to realize ROI quicker, while ensuring that devices on the network are prevented from endangering the network or each other.
Through exploring lessons learned from successful projects, this session demonstrates how to start in your approach to a practical implementation of Securing a Smart Building, applying an interpretation of Zero Trust. It will cover methods used when security is of the utmost importance, and universal segmentation of threats is a requirement.
This talk introduces the main security pitfalls that every developer needs to know about before writing and shipping code.
A recent non-official proposal of OWASP top 10 helps us better understand what weaknesses our contemporary systems face and how we can manage our daily job to avoid them. The new candidate, SSRF (Server-side Request Forgery), will also be highlighted in more detail.
What you will learn:
- What are the biggest mistakes we make while writing and shipping code?
- Why is OWASP top 10 relevant for our daily jobs?
- How can we avoid the most critical vulnerabilities?
Shriram Munde, Team Lead | Himanshu Dubey, Director, Security Labs, Quick Heal Technologies Ltd.
We are living in Data Age. Most organizations these days, in one form or other, rely on data to drive decisions & run their business. Thus, any data loss would mean considerable business impact to such organizations. Additionally, organizations’ collect certain data from users of their products, which is used for variety of purposes. If this data is lost / stolen, it may pose serious risks for the affected individuals and likely, tarnish the organization’s reputation.
In recent past, we have seen many data breaches across the globe, which have affected organizations of all shapes & sizes. So, it is imperative that organizations take steps to safeguard themselves against data breaches.
In this presentation, we will discuss:
- Recent data breaches & their impact
- Attack approaches used by Cyber Attackers
- Prevention steps to safeguard data
WiCyS brings together women and supporters from around the world to develop cybersecurity skills with the aim of advancing women in, building equity in and developing minority talent in the field. One of WiCyS’s focuses is bridging the cybersecurity skills gap for female veterans, which is what helped launch the Veterans’ Program. Military career experience aligns well with a job in cybersecurity.
The WiCyS Veterans’ Apprenticeship Program includes paid training and apprenticeship, secure long-term employment, and a litany of possible resources including access to technology and mentoring. This innovative apprenticeship model is DOL-certified and a top-notch gateway to get the support needed to enter into thriving cybersecurity careers. Join this webinar to learn more about the WiCyS Veterans' Apprenticeship Program and see if it's the right fit for YOU! And, as always... we thank you for your service.
As AI adoption increases and becomes a competitive and operational efficiency advantage, managing AI-related risks poses the top challenge for AI initiatives. Cybersecurity along with AI failures, misuse of personal data, and regulatory uncertainty are also top areas of concern.
Kalani Enos, Kenos Technologies | Mike Ichiriu, Zentera | Mike Grimshaw, Moovweb | Robinson Delaugerre, Orange Cyberdefense
The pandemic and the shift to remote working has strained networks and pushed organizations to speed up their digital transformation journeys. With more users on the network than ever before, security has become a key priority.
Discover how organizations are addressing the security challenges of remote working and the latest trends in network security.
Join this panel of security experts and industry leaders to learn more about:
- The impact of COVID on networks and security
- The emergence of secure access service edge (SASE)
- The need for smart network monitoring technology
- New and old threats, and common vulnerabilities
- Lessons from the SolarWinds hack
- Best practices and recommendations for strengthening security in 2021
Grant Paling, Product Manager, Orange Cyberdefense
When it comes to building or updating your strategy for detecting threats to your business, it is important to know the direction you are headed in.
Many Managed Detection and Response providers align themselves to a very short term strategy that would appear to solve all of your problems, when in fact what is needed is a more pragmatic approach that helps model out the different options you have for gaining visibility and also allowing for an understanding of the impact of limitations specific to your environment (for example a missing data or security event types).
Join our Global Service Area Owner for Managed Detection and Response, Grant Paling, for an insight into how to build a strategic plan for improvements in security monitoring.
• Understand the different options for getting started with detection and response (including endpoint, log and network-based approaches).
• Learn how they differ and the pros and cons of different approaches.
• Find out how to model the impacts on visibility when choosing different approaches, and balancing that out against the time to value
• See examples of where we’ve used our Threat Detection Framework to build business cases for expansion and to illustrate the impact caused by challenges from non-security parts of the business.
Cyber threats are constantly and rapidly changing. With time, as security products have evolved, threat actors have also evolved and have found newer ways of infiltrating networks and hijacking devices. Also, as more and more organizations go through digital transformation, the opportunity for Cyber Attackers is only increasing. In addition, many Critical Infrastructure organizations, across the globe, are going digital; which substantially increases the stakes around successful Cyber Attacks, and has given rise to Nation State backed Cyber Attacks.
In this talk we will discuss some major cyber-attacks of recent times, their motivation, & techniques used. We will also talk about best practices that organizations should adopt to protect against such threats.
The rapid removal of threats has never mattered more. In our Annual State of Phishing report, we discuss how 2020 saw the emergency of new threat actors, the appearance of some old ones and changes in malware and phishing attacks.
What you will learn:
- How over 50% of phishing reported by Cofense customers are credential phish
- An effective phishing defense program enables organizations to quickly reduce risk
- Tactics used by threat actors to make it to the inbox
Diana Kelley, SecurityCurve | Johna Till Johnson, Nemertes Research | Craig Harber, Fidelis | Derek Manky, Fortinet
This month's episode of The (Security) Balancing Act will focus on botnets as a growing threat to the enterprise, examples from the real world, and what enterprises can do to better protect against botnet-fueled state sponsored attacks.
Join this interactive roundtable discussion with security experts and industry leaders to learn more about:
- How botnets have become a tool for cyber criminals and nation state actors
- Real-world examples & known botnet attacks
- Nation state ransomware attacks
- DDoS attacks
- Cyber espionage
- The trouble with attribution
- What enterprises and governments can do to address the threat
- Johna Till Johnson, CEO and Founder of Nemertes Research
- Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
- Craig Harber, Chief Customer Success Officer, Fidelis
This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
Phishing attacks related to working from home and the pandemic are on the rise, and email continues to be the primary vehicle. With so much on the line, how are enterprises addressing the risk of email-based attacks? What are the latest trends in email security and how to keep up with the old and new threats?
Join this panel of security experts and industry leaders to learn more about the email security challenges enterprises are facing and the best practices for a stronger, more resilient enterprise:- Amplification of old attacks and email security challenges we will continue to see in 2021:
- How are organizations dealing with phishing and spear-phishing
- COVID-related phishing and social engineering attacks
- Common red flags - how to spot a phishing email from a mile away- Protecting against business email compromise (BEC) attacks
- Preventing credential theft
- Lessons from the SolarWinds attack- Best practices for improving email security and protecting the enterprise
With 90% of cyberattacks starting with a human error and phishing attacks having more than tripled since the start of the Covid-19 pandemic, involving and training 100% of staff is becoming a major leverage for companies. In this new deal of cybersecurity, the human brain is often the best (or only) tool to detect these social engineering attacks.
The availability of tools and data are making the hackers' job easier: AI-driven software and social network data are starting to make large scale, individually personalized phishing attacks possible, including through phone or even video calls. Cyberattacks are increasing in sophistication and targeting staff in order to steal information and money or cause mayhem.
In this webinar, we will share our views on:
• Current and future technological trends around email protection
• How AI is impacting the potential of massive social engineering attacks
• How companies and software vendors are reacting to this trend with innovative training strategies
Eric Dowsland, VP, Customer Success, Herjavec Group
Often times, even with the best technology and software, cybersecurity detection and response strategies don’t meet their maximum potential or, worse yet, fail without a team that has the right capacity and expertise behind them.
Join Herjavec Group’s VP of Customer Success, Eric Dowsland as he discusses best practices and strategies for enterprise detection and response programs including layering your security approach, and properly leveraging the MITRE ATT&CK Framework.
Discover how leveraging Managed Security Services (MSS) to support your cybersecurity plan is key to identifying, disrupting, containing, and remediating the onslaught of malware and emerging threats that will occur this year.
SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.
Jo Peterson, Clarify360 | Stan Lowe | Doug Saunders, Sweeping Corporation | Christopher Camalang, Alert Logic
Cloud computing, remote work and the increasing use of mobile devices has redefined the network edge. The concept of endpoint security and the strategies used to protect this new perimeter from sophisticated adversaries and advanced persistent threats has evolved as well
• The changing organizational view of the redefined endpoint
• Increased attack vectors
• Maturing threat detection and response tools
• The blurring line between End point security and data security
• The move to Zero Trust Network Access
Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Stan Lowe, former CISO of Zscaler and former Global CIO of PerkinElmer
Doug Saunders.CIO, Sweeping Corporation
Christopher Camaclang, Technical Partner Manager - US MSP, Alert Logic
Simon Ratcliffe, Ensono; Brian Robison, BlackBerry, Jason Allen, Digital Hands and Darrin Nowakowski, CGI
As organizations are making plans to extend working from home through next summer, what are some things employees and IT teams can do to better protect their devices and networks? Learn more about how endpoint security can be implemented and improved to protect your organization from breaches.
Join this interactive keynote panel with security experts and industry leaders to learn more about:
- COVID-19’s impact on home network security
- Why attackers are targeting the endpoint
- Why your connected devices may be at risk and what to do about it
- How to seamlessly integrate your endpoint security with existing solutions
- Identifying threats, solutions and breach prevention best practices
Over last three decades, evolution of Cyber Security & Cyber Attacks has gone hand-in- hand. Whenever one side gains an upper hand, the other comes up with novel ways to move forward. Because of this need for constant evolution, both sides have been at the forefront of new technology adoption. And Artificial Intelligence is no exception.
Cyber Security vendors have been utilizing AI based solutions in their products for a while now. As these solutions mature, the Attackers are gradually finding it harder to bypass the protection. Subsequently, we expect Cyber Attackers to also start utilizing AI for their purposes. Which would require Security vendors to alter their approach.
In this talk we will discuss:
- Current AI usage in Cyber Security and path forward.
- Potential use of AI by Cyber Attackers.
- How Cyber Security would have to evolve to counter the new threat.
Dr. Neelesh Kumbhojkar, Symbiosis International (Deemed University) Pune, India | Ajit Paul, Digital i2o
Enterprises are adopting digital transformation with an ever-increasing speed to drive growth through new business models with the advent of digital technologies. Digital transformation has now become a business imperative rather than technology imperative. The rapid adoption of digital transformation also coincides with growing focus on Cybersecurity.
Today, due to ubiquitous connectivity, increased device density and digital technologies such as IoT, the threat surface have expanded multifold . The multiplication of devices and the edge-based automation adds to the complexity and need to manage differently. A denial of service, theft or manipulation of data can damage the customer experience and cause significant damage to the brand value, penalty, revenue loss and jeopardize the livelihood and safety of individual stakeholders. Cybersecurity during and post-transformation is key to the success of the digital transformation and also creating compelling customer experience. On the other side, consumers are expecting more and more proactive measures by enterprise for security and any compromise may results into exudes of loyal consumer from the brand.
The author intends to take vertical centric and digital transfection centric approach while narrating current state of cybersecurity in those key verticals. It also discusses various practices that today are required to digital transformation more secured and ultimately protect customer experience.
Key Take Aways:
1. The Complexity and challenges of Cybersecurity in Enterprises of APAC Region
2. How can trust and resilience-based ecosystem be enabled by enterprise?
3. Cross industry view of Cybersecurity
Dr. Neelesh Kumbhojkar, Director Symbiosis International (Deemed University) Pune, India
Ajit Paul, Business Transformation Advisor, Digital i2o
We need to carry out a deep introspection about the current state of the IT and InfoSec rollout and the associated policies. The sequence of doing so is of the utmost importance. We may have to re-engineer the following.
1. Network Security
2. Application Security
3. Operational Security
4. Information Security
5. BCP & DR
6. End-User Education
Computing has seen a significant transformation. The IT services are being utilized and consumed by the end-users in a much different way than before. The stress on the IT managers has increased as they are compelled to allow the much-debated issue of securing and rolling out the BYOD policies. The forced reduction of the headcount & reduced wages has had an adverse impact on the employee’s integrity. Remote users have many peeping toms at home looking at the computer screens. The Home Wi-Fi used by the employees is not secure.
This leads us to analyze the top 10 areas of concern. Parallelly, the outbreak of an undeclared war between the “Cyber Bullies” and the “IT Security Soldiers” is hotter than ever before. We will discuss the strategies that IT Security Soldiers are adopting and the success thereof.
The current perceived threats have created opportunities for the vendors providing the NAC, ZeroTrust, RPA’s, ATP’s, infusion of ML and AI into the Firewalls and perimeter security devices to a large extent. The OS and RDBMS patch updates have taken a front stage and are a priority task for the IT Managers.
We need to draft out an SOP for keeping the IT Infrastructure secured. We need to create “8 Commandments” to have a well-secured IT Infrastructure
There is a human angle to IT Security as well. Only having robust IT InfoSec Policies. The Human Resource department needs to play an important role.
The goals that an IT InfoSec leadership needs to achieve has to be clear, well defined, and meticulously followed.
This presentation will be a snapshot of an end to end journey.
Yihao Lim, Principal Cyber Threat Intelligence Advisor, Mandiant Intelligence
Mandiant Threat Intelligence assesses with high confidence that the ransomware threat and its associated disruptions and costs will continue to grow in 2021. We assess with high confidence that cyber risks to the pharmaceutical, healthcare, and related industries will remain elevated throughout the coronavirus (COVID-19) pandemic and related vaccine distribution efforts.
We assess with high confidence that actors specializing in specific stages of the attack lifecycle will continue their activities, making sophisticated tactics more accessible to a wider variety of actors and threat activity more difficult to track. We also noted increased volume, sophistication, and diversity in information operations throughout 2020. We suggest that continued evolution will be at least partially driven by detection efforts.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.