Name: How IoT Expands Hackers Attack Surface
Start: 2018-06-13T12:00:00Z
End: 2018-06-13T12:00:50.000Z
Location: BrightTALK
Rating: 4.4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

As data collection and analysis become increasingly central to business, research, and governance, protecting sensitive information is more crucial than ever. This session will examine the privacy, ethical, and security challenges involved in analyzing sensitive data such as personal health records, financial information, and other confidential datasets. 

Key questions to be addressed include: 
- How can sensitive data be ethically and responsibly analyzed while still protecting individual privacy? 
- What technical and policy safeguards are essential when working with sensitive data? 
- How can risks related to re-identification, unauthorized access, and data leakage be mitigated? 
 
This talk presented industry thought leader Donald Farmer will review best practices and frameworks for enabling secure and ethical data analysis across various industries and applications. Expert perspectives on navigating emerging regulations, managing tradeoffs, and aligning analytical objectives with privacy values will be discussed. Attendees will gain critical insights into analyzing sensitive data securely while upholding public trust and mitigating risks.

Analyzing Sensitive Data: Privacy, Ethics, and Security Considerations

Companies need to understand “wicked” problems, and the best way to navigate the organization during periods of uncertainty.

Companies should ask themselves how speedy their response be to a data security incident, when escalating to the senior leadership team, more so when it is an extortion and/or ransomware attack that involves critical data sets.

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the crisis management options for those scary technology moments for when super speedy decisions are needed (or are they)?

By the end of the session, you will be able to:
- Be aware of data security incident management processes and procedures. 
- Form an understanding of the need for having a plan (runbooks/playbooks) and agreed crisis escalation process.
- Be conversant with a joined-up thinking approach when reviewing technology incident management that is “fit-for-purpose”.

Data Security Incident Management: What Keeps You Awake At Night? Part 3

Tune into this session to hear from industry thought leader Vincent Amanyi as he provide a 360-degree view for developing a strategy that can easily drive a zero-day attack, while maintaining an ironclad environment. 

Key takeaways 
- Understand the moving parts of your organizational entities. 
- Establish an enterprise posture that mirror's your assets.
- Develop a mechanism to manage attack evolution.

Developing strategy that enables zero-day exploitation

Tune into this session from industry thought leader Vincent Amanyi as he explore a 360-degree view for developing a strategy that can easily drive a zero-day attack, while maintaining an ironclad environment. 

Key takeaways
- Understand the moving parts of your organizational entities.
- Establish a an enterprise posture that mirror’s your assets.
- Develop a mechanism to manage attack evolution.

This session from industry thought leader will provide a 360-degree view on how to develop a strategy that can easily drive a zero day attack, while maintaining ironclad environment. 

Key takeaways:
- Understand the moving part of your organization entities. 
- Establish an enterprise posture that mirror's your assets. 
- Develop a mechanism to manage attack evolution.

Developing Strategy That Enables Zero-Day Exploitation

Companies at a senior leadership level recognize operational risk in the form of  their “Risk Appetite & Tolerance”, defined as “the amount and type of risk that an organisation is willing to take in order to meet their strategic objectives”. 

The question companies should ask themselves is how much can cybersecurity risks identified in the 2024 threat forecast impact organizations technology, and how can they communicate effectively what this means to their organizations' strategic objectives?

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light the operational risk considerations and resilience options for those “scary” technology moments which can cause organizations to face the Maximum Tolerable Period of Disruption, or when an organization faces tough decisions, one of which may mean no choice but to close down!

By the end of the session, you will be able to:
- Be aware of The 2024 threat forecast and potential cybersecurity impacts on technology. 
- Form an understanding of the difficult language that must be used when dealing with the senior leadership team.
- Be conversant with a joined-up thinking approach when reviewing technology operational risk and identifying resilience measures.

Threat Forecast Vs. Operational Risk: What Keeps You Awake At Night?  Part 2

Our presentation team will cover 4 key areas that focus on the time-saving advantages that many large language models (LLMs) can offer, but also highlights important considerations for the potential risks to the organization’s reputation, IP, and overall security posture, by using an LLM.

These 4 areas include:
- AI Applied: The current scenario mindset - examining ROI and competitive advantage.
- AI Risk: The worst-case scenario mindset - reputational risk and loss of intellectual property.
- AI Trust: The best-case scenario mindset – aligning brand values with customer values- every relationship is about trust.
- AI Tomorrow: The unknown-scenario mindset – examining the need for acceptable use policies, and development of data-driven risk management systems.

While there are obvious time-saving and cost-reducing benefits that many LLMs can offer, it’s crucial to maintain staunch awareness of the risks to your organization’s reputation, IP, and overall security posture, just from using an LLM.

The AI Elephant in Every Room

In our ever-evolving digital landscape, the fusion of artificial intelligence (AI) and machine learning (ML) technologies has ushered in a new era of innovation and efficiency. However, as we step into 2024, we must also prepare for the darker side of this technological advancement -- the looming cybersecurity threats posed by both AI and ML.

This webinar will dissect the most recent trends and vulnerabilities that cybercriminals are likely to exploit using AI and ML techniques. From AI-driven social engineering attacks to ML-powered malware, we will explore the full spectrum of threats and discuss practical strategies to defend against them. With insights from real-world incidents and cutting-edge research, this webinar aims to equip individuals and organizations with the knowledge and tools needed to safeguard their digital assets and privacy in the face of evolving cyber threats driven by AI and ML technologies.

Will 2024 Bring Us a Year of AI and ML Threats?

The need for structured IR readiness process that addresses both on-premises and cloud environments is clearer than ever before. In this session, an incident responder and cloud security architect will share their personal experiences in defending against nation-state attacks. 

Through real-life case studies, they will cover best practices for Incident Response methodology and tools that stand the test of nation-state attacks. They will then present how this battle-tested but traditional approach to IR is challenged with the introduction of cloud computing. Finally, they are introducing a a battle-proven framework to enhance your IR capabilities in the cloud.

About the speakers:
Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems. Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.

Aviv Srour has more than a decade of Cyber Security experience. He specializes in defensive security, Incident Response (IR) and organizational information security. Currently he holds the position of Head of Cyber Innovation at EPAM.

Aviv has handled hundreds of security incidents, starting back at his days at Israeli Air Force where he led the CIRT team. His hands-on experience with complex security incidents helps him develop an unique view on what is needed from IR readiness processes and how to significantly reduce detection and remediation time.

Is Your IR Ready for Cloud? Lessons From the Front Lines of Nation-State Attacks

Supply chains face known and unknown risks. IT organizations are especially susceptible to supply chain risk as it often uses many open source products in the acquisition and development of their software. We need a structured approach for cybersecurity supply chain risk management. A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components. 

The Executive Order (EO) on Improving the Nation’s Cybersecurity released on May 12, 2021 acknowledges the increasing number of software security risks throughout the supply chain. This EO mandates that Federal departments and agencies (and their suppliers) understand the cybersecurity risks through the software and services that they acquire, deploy, use, and manage from their supply chain (which includes open source software components). Acquired software may need to contain known and unknown vulnerabilities as a result of the product architecture and development life cycle.

In this webinar learn about cybersecurity risk management and governance. 
- Identify and document the risks and known vulnerabilities.
- Build a supply-chain risk-management framework. 
- Know and manage critical components and suppliers. 
- Develop a supplier/vendor software bill of materials, of each binary component that is used in the software, firmware, or product.
- Build a remediation plan for any vulnerable open source materials.
- Institute a governance and monitoring process.

Cybersecurity Supply Chain Governance

When you think about it, supply chain security surfaced as an important focus in the wake of several significant events that highlighted vulnerabilities in global supply chains. These events began with the 9/11 attacks in 2001 resulting in a heightened focus on national security - including the security of supply chains. Subsequently, we had high-profile product recalls and quality issues - such as contaminated foods and counterfeit drugs - again raising concerns about supply chain security. Additionally, we also had an increasing reliance on digital systems and technology in supply chains that were made more vulnerable due to cyber threats. 

These events in conjunction with the rapid growth of globalization and outsourcing of manufacturing and sourcing activities to different areas of the globe increased the complexity and extended the geographic reach of supply chains. Hence, supply chain security -- including cyber and physical -- surfaced and required important focus. 

Join Ernie Hayden (Founder & Principal, 443 Consulting) to gain a better perspective of the physical security issues involved with the current global supply chain and get insights on how to overcome them. Key challenges discussed in the session include:  
- Unauthorized access to the supply chain and materials. 
- Inadequate surveillance of physical security of supply chain operations; and,  
- Transportation security weaknesses arising from inadequate packaging, lack of tracking and tracing mechanisms, or insufficient verification of drivers and personnel involved in the transportation process.

The Nuances of Physical Security and Supply Chain Management

Supply chain managers are being asked to better manage supply chain risk and create more resilient supply chains while maintaining efficiency. Unfortunately, traditional approaches to risk management and resilience are insufficient to address this complex issue.  

Many companies lack the data, tools, and insights needed to manage risk and improve resilience effectively and efficiently. Fear not - there is a game-changing solution on the horizon: the intelligent use of digital technologies!  

In this session, Digital Supply Chain Advisor, Fabio Tiozzo shares his expert insights on the transformative power of digital technologies in supply chain risk management and resilience. Get an overview of the digital technology stack, including both mature and emerging technologies, and discover how to leverage them to revolutionize supply chain resilience and risk management.

Topics for discussion include:  
- What supply chain managers can do to better manage supply chain risk and improve resiliency, while maintaining supply chain efficiency. 
- Why embracing digital supply chain risk management and resilience is not only a necessity for survival, but an opportunity to create new value and gain a competitive advantage. 
- How to map out your digital adoption roadmap to ensure you are integrating the right technologies into your processes. 
- And more...

Innovating SCRM and Resilience: Harnessing the Potential of Digital Technologies

More companies are seeking out 100% availability as a key part of their disaster recovery plan. But delivering such a commitment is a huge feat. Companies would need a service that was able to “To resist and tolerate failure and recover mission critical communication elements within a business acceptable timescale by planning and design” as well as to manage whatever intentional human and natural risks likely to occur. Full availability would also need infrastructure resilience, in-place disaster recovery plans, and contingency capability as well as the establishment of an integrated and external incident command system. 

The question companies should ask themselves is “How easy would it be to achieve all of this in my organization and, if so, at what cost?’

Tune into this session presented by disaster recovery and cyber resilience expert Steve Yates as he brings to light “scary” technology moments companies must consider and how companies can tackle them if they put in place the right strategy based upon their specific requirements. Viewers are encouraged to share their thoughts on disaster recovery plans and their major concerns to gain the most from this session.

By the end of the session, you will be able to:
- Be aware of the challenges you may likely encounter. 
- Form an understanding of the core supporting elements.
- Be conversant with a joined-up thinking approach when delivering technology resilience.

About the speaker
Steve is a Founding Fellow of the Business Continuity Institute (FBCI), as well as being a Disaster Recovery Institute (DRI) International Certified Business Continuity Professional (CBCP) and Cyber Resilience Professional (CCRP). He has been awarded the Freeman of the City of London for his work in incident management and technology disaster recovery during the response to several terrorist bombings, and is now a Liveryman of the Worshipful Company of Information Technologists (WCIT).

Disaster recovery plans: What keeps you awake at night?

AI Systems are rapidly emerging in a broad range of industries and applications. Businesses find themselves compelled to accelerate and deploy these systems at “warp speed,” far more rapidly than previous new or emerging technologies. But AI introduces many new risks. In the rush to deploy and monetize AI, there has been little time to understand these risks, nor how to manage and mitigate them. Reports of failures, financial loss, litigation, and reputational damage appear in the news regularly. Even the most experienced and sophisticated AI players have been exposed to these risks.

This session will review the key risks of AI systems and their impacts. Many of these are new and unique. Additionally, unlike conventional systems, these associated risks extend into operational deployment and ongoing production use of AI systems. Industry thought leader Allan Cytryn will present examples and consequences along with insights and guidance on measuring, managing, and mitigating them. 

Attendees will develop a meaningful understanding of what AI is and isn’t, its risks, and how to effectively lead risk management efforts in their organizations. This session is foundational, and hence will also provide attendees a basis for further exploration of AI risks and risk management on their own.

Risk management for AI systems

Ready to expand into the international cybersecurity market? Join us to discover how to get started and explore the wealth of State and Federal resources available to cyber companies.

Business development experts Pompeya Lambrecht, Senior International Trade Specialist at the U.S. Commercial Service, and Ellen Meinhart, Senior International Trade Manager from the Virginia Economic Development Partnership, will be our guests giving U.S.-based businesses tips and resources to help break into the international cyber marketplace.

Sign up today!

How to Break into the International Cybersecurity Market

Protect & Improve Your Business: Top 5 Best Practices for Connected Devices

Embrace the Suck: How to Protect IoT Devices You Can't Change

Considering IoT, Think Security

Top Five Myths About Securing IoT

The Internet of Insufficiently Safe Things

Building Trust and Security into the IoT

How to Get Yourself Cyber-Ready in an Era of Unknown Threats

Auditing IoT

IoT Architecture, Vulnerabilities and Exploits

Mitigating the Risk of IoT with Application Security Testing

Securing IoT: Trust No Thing

IoT Threats and Vulnerabilities

The Role of AI in IoT Security

Solving Mobile Security: Peer-tested Strategies That Work

Going Fast with Cybersecurity – DevSecOps Can Help

Inside the MIND of a Hacker – How a Lightbulb Almost Stopped Christmas

Eliminate the IoT Security Blind Spot

Piecing Together IoT Risk from Flexible & Fractured Design Components

IoT Security – Debunking the “We Aren’t THAT Connected” Myth

What's Needed to Secure the IoT & IIoT

Effective IoT Threat Modeling and Data Privacy

Securing the IoT: Keeping planes in the air and the lights on at home

Security-Enabling Industrial IoT – What Are the Challenges?

How to Better Secure the Internet of Vulnerable Things

IoT - Forget the Hype and Focus on What It Means for Your Organisation

Your IoT Security Strategy: Critical Factors For Secure Implementations

Securing the IoT

How do hackers infiltrate organizations through IoT connected devices? What can be done to prevent the next attack via an IoT device?  Why can a weakened link in the IoT chain lead to compromised digital assets? The Internet of Things (IoT) is bringing convenience to consumers and process optimization to businesses, but it comes at a cost. Exploding onto the IT scene and the consumer world, it has created endless opportunities for a super-connected environment. But IoT could also signal the next security crisis. IoT formed a rising tide of shadow IT and a new frontier to data security vulnerabilities, in an ever-expanding attack surface. 

By joining this webinar with XM Cyber’s Security Expert, Amit Waisel, you will learn about the perils of an expanding attack surface and what can be done to prevent an APT attack via an IoT connected device.  We will dive into hard core questions including:
- How an ever-expanding IoT attack surface is creating multiple opportunities for the perfect attack vector to digital assets
- Why an innocent aquarium thermometer, defibrillator or printer is a possible gateway to disaster
- Steps you can take to avoid a potential crisis

About the Speaker
Amit Waisel is a Senior cybersecurity Engineer at XM Cyber. He is a seasoned data security expert with vast experience in cyber offensive projects. Prior to XM Cyber, Amit filled multiple data security positions in the Israel intelligence Corps. He graduated from the Open University with a BSc. in Computer Science and is currently completing a MSc. degree in Computer Science at Tel Aviv University.

How IoT Expands Hackers Attack Surface

Internet of Things

Hackers

Cyber Attacks

Security

Threat Intelligence

Connected Device

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How IoT Expands Hackers Attack Surface

Presented by

About this talk

More from this channel