Email Security in A World of Breaches

The Gartner Summit 2019 agenda featured five comprehensive programs to cover your security and risk management key priorities and challenges. Digital transformation continues to challenge the conventions of information risk and security management. It requires a coherent digital security program based on a clear vision and strategy. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level.

The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.

Gartner includes data ethics and privacy on their list of the top 10 strategic technology trends of 2019, placing it on the same level as AI-driven development, blockchain, and edge computing. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data.

The cloud, SaaS applications, and user mobility are powerful enablers of digital transformation, but many IT organizations are grappling with legacy network and security architectures that haven't evolved in decades. In the era of Cloud 3.0, companies are re-imagining business processes from and for the cloud. With these new opportunities comes a new cybersecurity reality for IT leaders in a hybrid, multicloud world. At a minimum, cloud computing breaks into 3 primary layers: SaaS, PaaS and IaaS.

This presentation will explain primary security controls. You’ll learn how to take a strategic approach to risk, improve business and data resilience, build digital trust and implement a new generation of continuously adaptive security strategies. Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address key issues.

Today’s increasing organizational complexity and evolving threat environment have made it more critical than ever for organizations to clearly identify their exposures, measure vulnerability risk, and quickly prioritize remediation efforts. Cyberattacks are often hidden from view under a mountain of alerts generated by security systems, giving attackers time to gain access to systems and seize valuable data.

To ensure their companies don't end up in the headlines for the wrong reasons, corporate governance, risk management, compliance management and other “lines of defense” functions need to rethink their security strategy and take an approach that looks at behavior and attack patterns. By conecting cybersecurity attack analytics with risk programs and GRC work streams, executives can increase visibility into the overall security risk of the organization which makes the investigation of application security events easy, and enables teams to mitigate and respond to real security threats quickly and decisively.

Join this CPE panel webinar for insights on achieving smarter GRC with CAA. We will share:

- Why traditional endpoint security is failing to see and stop attacks.
- How using attack analytics can stop cyberattacks now and in the future.
- Efficient ways to analyze events and prevent threats.
- How to move from looking back to real-time and forward-looking GRC monitoring.

Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data.

The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.

Join this interactive webinar to learn more about:
- The latest trends and strategies for securing sensitive data in cloud and the enterprise
- How to discover and capture your data inventory
- What’s needed to prevent a data breach by securing your critical data and protect your reputation

As more and more organizations are getting breached, executives are finally paying attention to cybersecurity and data protection. What are the biggest challenges for businesses when it comes to securing the enterprise?

Join this panel of experts to learn more about the current state of breaches, how organizations of all sizes are coping, and what CISOs are prioritizing this year.

Attendees will learn more about:
- Who is most at risk of being breached
- How to prevent a breach or minimize its impact
- How long it takes to detect a breach
- Best practices for investigation and remediation
- Words of wisdom from the experts

Speakers:
- David Morris, Managing Partner, Morris Cybersecurity
- Nick Vigier, CxO Advisor, Coalfire
- Kalani Enos, Founder & CEO, kenos Technologies

Trying to navigate the stormy seas of multi-factor authentication (MFA) to find the “killer app” both you and your organization can use to bolster security? In this webinar, we look at:

- The various factors of authentication
- Factor vs “steps”
- Considerations in choosing a factor
- The various technologies that people are using
- What seems to be working

Whether you’re pondering Near Field Communication (NFC) ninja tech for your smart phone, or those new biometric doo-dads that verify you based on the smell of your ears (really), we can help you sort out what might work for you and what would be crazy to implement. And as a bonus: this tech will all keep you far safer that your plain old password ever did.

Most people associate DDoS with large scale volumetric attacks. This is far from reality. Many organisations subjected to DDoS attacks are therefore unlikely to identify them or mitigate them because they simply don’t know what defences work against the huge range of attack vectors out in the wild.

DDoS is much more than experiencing degraded performance; and the operational response is as important as the technology in place to attempt to prevent the attack. Unfortunately most vulnerability management program focus on scanning and penetration testing and simulating genuine DDoS attacks is seldom on the agenda. Resilience against Denial of Service should be as prominent in IT Networks as safety is in the automotive or airline industry.

Have you ever tested your system defences and response capability?

Cybersecurity affects us all. Malicious actors are constantly scanning vulnerable systems of companies across all sectors, and healthcare organizations are a particularly attractive target. They are often responsible for the safety and security of confidential patient records, which is valuable information for malicious hackers. While the use of innovative technology in healthcare is on the rise, the industry faces tremendous risks from cyber threats due to this growing attack surface and the prevalence of dated medical hardware and software across the supply chain. This session will discuss the IoT threats facing the healthcare sector, as well as strategies for managing and mitigating threats. 

Join this webinar to learn about:
- Why the healthcare industry is a highly-targeted industry for cyber attacks
- What Internet of Things (IoT) technology is and how it’s being leveraged for crime
- Why legacy medical hardware and software exacerbates IoT-based risks
- How to manage and mitigate IoT risk in the healthcare sector

The Internet of Things is expected to grow to 30 billion devices within the next two years. This means more security and privacy risks that organizations will need to address. Learn how businesses are dealing with their IoT risk, the best practices cybersecurity professionals are recommending, and get the answer to your most pressing IoT security questions.

Join this interactive panel to learn more about:
- How the rise of IoT is impacting your organization's security
- Cybersecurity threats and most common IoT vulnerabilities
- Assessing your organization's IoT risk
- Best practices for minimizing your cyber risk
- Words of wisdom: Steps to better security and what you can do today

With: Michael Goldgof, Senior Director, Product Marketing, Barracuda
Kalani Enos Founder & CEO KEnos Technologies LLC
Nathan Wenzler, Senior Director of Cybersecurity, Moss Adams

Internet of Things (IoT) products proliferate the market today. They manifest in different forms – from a pacemaker inside a human body, to an oil and gas rig monitoring device in the remotest locations on the planet. IoT products are usually made up of small hardware devices (gateways and nodes) deployed in the field, supported by much larger software stack in the form of mobile and cloud-hosted applications that complete the product ecosystem picture.

In our presentation, we discuss threats against industrial and consumer IoT products. We demonstrate how it is possible to use cheap, publicly available hardware and open source software tools to break into Zigbee-style Wireless Sensor Networks to compromise the confidentiality and integrity of IIoT platforms (think, turning life-saving vaccines into lethal chemicals!). On the consumer IoT front, we show - with simple Android applications, how we are able to exploit vulnerabilities in Bluetooth and BLE flows. We conclude with an analysis of why such vulnerabilities occur, and how we can reform existing SDLC practices to make them relevant for next-generation technologies.

This keynote is designed to address the seemingly overwhelming collection of security concerns with which today’s leaders contend:

- Do you struggle with designing and implementing a security program that effectively achieves the goals outlined in your security mission?
- Are you interested in better understanding how hackers think, how they operate, and how to defend accordingly?
- Do you struggle to know where to invest resources in order to best deliver security to your organization?
- Are you concerned about your organization suffering a security incident under your watch?
- Are you seeking more certainty that by investing resources into a given security approach, that investment will deliver the outcomes you seek?
- Do you have the appetite and capacity for change?

If any of this describes you, this is the keynote for you! An engaging blend of research-based issue analysis combined with storytelling, this keynote seeks to empower today’s security leaders, teaching attendees how to:

- Implement a 3-phase action plan, based on years of practical experience in security research and security consulting, designed to help equip leaders to deal with modern attackers.
- Define and implement a threat model.
- Differentiate between assessment methods.
- Understand level of attacker intensity.
- Challenge conventional wisdom

As IoT devices continue to evolve in different ways, connecting (even more) the physical with the cyber world, the adversaries continue to evolve methods for compromising them for different purposes.

Based on their nature and the tasks they need to perform, the common general characteristics of IoT devices are:

- They are very minimalistic,
- They have limited resources,
- Most of them are battery-based
- They interact with other devices
- They are connected to the cloud for different reasons
- They have special RF protocols

IoT use cases (as listed below) have a lot of security challenges that haven’t been addresses properly because of the devices’ constrains, the limited budget the contractors have (cause the solutions have to be “cost-effective”) and the priority is always functionality, thus sacrificing security, therefore exposing our society to massive risks.

- Smart City
- Smart Manufacturing
- Autonomous Vehicles
- Critical Infrastructures

This is why we need to work on detecting threats in a structured way, taking into account that once attackers access to the IoT network, they won’t have much limitations moving around that network and even jumping to other networks, including IT network. When adversaries compromise IT networks, they are affecting business but when they compromise IoT devices, they can compromise our lives.

In this webinar I’m going to propose a methodology that can be applied to enhance IoT network security by mitigating IoT cyber risks using MITRE ATT&CK Framework..

Welcome to the world of IoT (Internet of Things) as more and more devices get connected online. With weak or almost no security these devices can easily become a victim, be turned into a BOT which can then be controlled and used to participate in a DDOS (Distributed Denial of Service) attack like the one that has targeted Dyn bringing popular websites like Netflix, Twitter, Amazon, AirBnb, CNN and the New York Times to their knees and offline. This session walks you through the reality check on the risks and threats that IoT devices introduce to the business and what you can do to reduce the risks.

- What are the biggest risks from IoT devices?
- What are the biggest threats from IoT devices?
- Best Practices in reducing the risks
- Future of IoT Security

Risk agnostic approaches to adopting emerging technologies are eating business for breakfast, IoT too is garnering its fair share! Unlike most other technologies, IoT adds a new dimension of less understood cyber-physical risks.

This sessions seeks to scratch the surface on strategies for assessing business technology risks in adopting IoT.

As the world becomes increasingly connected, we have become more vulnerable to IoT threats and attacks. Having a comprehensive and strong security strategy in place is vital to organisational success.

Join this exclusive panel of industry experts as they discuss:
- IoT Security Maturity Model
- Trends in cyber-attacks and breaches affecting the IoT
- How to proactively prevent breaches and attacks
- New in IoT Security
- Security Strategy recommendations for CISOs

Panelist confirmed:
- Deral Heiland, IoT Research Lead, Rapid7
- Sandy Carielli, Director of Security Technologies, Entrust Datacard

This session will explain how the world’s leading mobile operators are using the GSMA’s IoT security guidelines and assessment process to deliver trusted and robust IoT products and services to their partners and customers.

The presentation will explain the commercial benefits and long-term value that was realised by following industry best practices, and how IoT companies can overcome security challenges themselves to implement new processes and address IoT security concerns.

Bug bounty hunter and cool nerd, Jasmine Jackson will kick off our newest webinar series #SheSpeaksTech with a short talk on " Thrill of the Hunt: My Leap into Bug Bounties.

Join this webinar series for a quick starter talk with women in cybersecurity. Each webinar will explore a new tech topic by a newbie speaker. She will deliver the first 20 minutes of her 1 hour talk and open to feedback on topic, delivery and tips. Check out (https://womenscyberjutsu.org/page/SHESPEAKSTECH) for more on SheSpeakTech or to register for your 30 minutes to shine.

Tomorrow's businesses need a simpler and more scalable way to increase the resiliency of global application infrastructure, without slowing innovation, today.

Join this interactive 1-2-1 discussion where EMEA Chief Technology Officer, Paul Farrington (CISSP, MBCS) will share how leading businesses are;

- Improving the level of security awareness and addressing the skills deficit
- Enabling developers to fix flaws and prevent new ones
- Prioritising and triaging the most exploitable flaws
- Automating application security
- Providing software development leaders with really useful security metrics
- Incentivising secure development as part of their culture

This session will show you how architects and developers are making smarter choices in designing secure software. You will also learn how to report success, and investment justification, to the board whilst setting realistic expectations throughout the software development lifecycle and not just at the destination.

How can enterprises shift from a reactive approach to privacy and data security to being proactive and closer to privacy-and-security-by-design? Join this panel of experts to get the answer to all of your privacy, security and compliance questions.

Viewers can learn more about:
- Effect of GDPR: One year later
- How are enterprises instituting changes to achieve and maintain compliance
- Challenges to achieving compliance in an IoT world
- How to bake privacy and security into your processes
- Best practices for data protection and privacy from the ground up

Panellists
Bill Mew, CEO,The Crisis Team
Ilias Chantzos, Senior Director, Government Affairs, Symantec

Moderated by Allan Boardman, CGEIT Certification Committee Member, ISACA

With today's enterprises leveraging around 1000 applications and multiple clouds, application security is becoming a key area of focus. Application security testing is being integrated into the DevOps process early on, while automation, speed and coverage and becoming critical to the success of DevSecOps programs.

Join this interactive panel of industry experts to learn more about:
- Why application security is critical
- Key principles for building application security into DevOps
- Best practices for leveraging automation
- Speed vs Security: Where do you draw the line?
- Recommendations for improving security in 2019

Panellists
Paul Farrington, EMEA CTO, Veracode
Keith Batterham, CTO - CISO - DevSecOps Evangelist
Moshe Lerner, SVP Product Strategy & Corporate Development, Checkmarx

Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community