Email Security in A World of Breaches

There’s something refreshing about starting a new year. What’s not so refreshing is facing new security risks. To fortify your approach and learn a few must-take steps, join us to hear how a panel of experts is approaching cloud security in 2021.

SecureCloudDB Founder Aaron Klein will moderate a candid conversation with expert security leaders Tim Sandage of AWS, Mike Hughes of Prism RA, Jeff Collins of Lightstream, and Tyler Kennedy of Rewind as they discuss:

- Emerging cloud security trends
- The biggest security threats facing organizations
- Strategies to prevent or stop an attack
- Actions that you should take today
- Regulations to watch out for
- Considerations for CISOs using the public cloud

This panel will offer practical advice about emerging threats and recommended counters for anyone who is responsible for navigating security in the cloud. Come with questions as live audience Q&A will wrap up the session.

Despite the recent rise of workplace chat and instant messaging apps as a result of the pandemic and the shift to remote working, email continues to be the primary method of business communication for many organizations. Email is also still very commonly used by attackers. In fact, according to Verizon's Data Breach Investigations Report, around 96% of phishing attacks arrive by email. What can enterprises do to strengthen email security in 2021?

Join this panel of security experts and industry leaders to learn more about:
- New and persisting email security threats
- What's at stake and what organizations can do to better protect their employees and data
- Phishing fears and employee training in COVID times- Addressing business email compromise attacks- Best practices and solutions for protecting the enterprise from email-based threats

Other than eliminating humans, what are the best practices for reducing business email compromise?

Join this session to learn how to:

- leverage the cloud
- take advantage of SaaS security features
- implement email security controls, monitor and respond to incidents, and
- empower your workforce to be the first line of defense

Presented by Sean Letona, Director of Professional Services at Abacode, Inc.

The SolarWinds Hack and response is creating new cyber security science and awareness of survivorship bias. Since Dec 13th, 2020 DHS/CISA has issued elaborate, regularly updated guidance to all government agencies and private sector organizations on how to respond, contain, recover and mitigate unprecedented and immeasurable insider data breach risk posed by the Russian Intelligence APT29 group. To address newly discovered stealth operations and privileged identity exploits, MITRE has also concluded new techniques need to be defined and added to their popular ATT&CK framework. We will review key CISA guidance to both Organizational Leaders and SOC teams, sharing new best-practices and suggested new ATT&CK techniques for threat hunters, compliance groups and DFIR practitioners.

About Valentin Bercovici:
Val is founder and CEO at Chainkit, democratizing trust throughout digital transformation. Previously, Val was co-founder, now senior advisor at Peritus.ai, focused on AIops via machine learning. A Cloud, Big Data & DevOps pioneer, Val was a founding member of the governing board at the Cloud Native Compute Foundation (CNCF), the Linux Foundation’s home for Google’s Kubernetes, and most popular open source project. Val has enjoyed a long leadership career. Previously, at NetApp/SolidFire, he launched multibillion-dollar storage and compliance products, created the competitive team and strategy, directed new research investments for the NetApp Data Fabric roadmap, and served as SolidFire’s CTO. A pioneer in the cloud industry, Val led the creation of NetApp’s cloud strategy and introduced the first international cloud standard to the marketplace as CDMI (ISO INCITS 17826) in 2012. Val advises numerous data-driven start-ups and is passionate about improving diversity within the tech industry. He has several patents issued and pending around data centre applications of augmented reality and data authenticity.

Working from home has caused many firm’s attack surface to grow exponentially overnight. Where there might have been three locations prior to the advent of COVID19, there could now be 300 or 3,000.

Many firms are concerned with this and have shored up their security around remote access significantly. But what if the risk was still located inside their network. From careless staff to rogue employees, the consequences your business could face if tampered by an insider are unfathomable.

Research has suggested that 75% of all breaches could be avoided by better management of third party access and insider threats.

The principles of Zero Trust and least privilege is a method by which each employee is provided access to just what is needed for their job and nothing more.

The term “Zero Trust” was coined by Forrester Research analyst and thought-leader John Kindervag, and follows the motto, “never trust, always verify.” His ground-breaking point of view was based on the assumption that risk is an inherent factor both inside and outside the network.

Come hear some practical examples of how to get started utilizing zero trust in your organization to protect yourself from internal risk of employees and third parties accessing your network.

Dealing with the threats from insiders who have administrative privilege in your systems is a challenge enough, but how do you handle the risk that comes from vendors and other third parties such as contractors who need privileged access? These are usually trusted vendors and have undergone some vetting but it isn't usually as rigorous as your internal processes and your visibility into their employee’s background and activities within your systems can be opaque. We will go over why this kind of access represents an outsized risk to security and compliance, the challenges of managing these “Inside-Outsiders” and give some best practices to make sure that their access is as secure, compliant and efficient as your internal employees.

About Tony Howlett:
Tony Howlett is a published author and speaker on various security, compliance, and
technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board
Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA
certifications, and a B.B.A in Management Information Systems. He has previously served at
CTO for Codero, a managed cloud hosting provider and CTO of Network Security Services, a
security and compliance consulting firm, as well as founding InfoHighway Communications, one
of the nation’s first high speed internet access providers. Tony is currently the CISO at
SecureLink.

The COVID-19 Pandemic has amplified cybersecurity concerns particularly related to the cloud. Threat actors have recognized a unique opportunity to exploit pandemic-related vulnerabilities through social engineering attacks, business email compromise, work from home or other remote weak points. This results in increased risk and occurrence of ransomware attacks and data breaches that can disrupt or totally compromise organizations’ ability to conduct business. These security incidents can also subject victims to liability for violations of privacy and data breach notification laws. Join this webcast as SNIA experts will discuss:
• Changing threat landscape due to COVID
• Recent attacker exploits
• Common security failures and their consequences
• Data Protection (Mounir)
o Strategies to combat malware
o Minimizing ransomware risks
• How emerging technologies (5G, IoT, AI, etc.) expand the threat landscape

The 2020 US presidential election is behind us, but the key cybersecurity issues surrounding election integrity could linger for years to come. From ransomware attacks on local governments, to the untamed spread of disinformation, to experimenting with online voting apps and the myriad of vulnerabilities uncovered across election infrastructures, cybersecurity had never before taken such a central place in the national conversation as it did in 2020.

So, what have we learned in the aftermath? And how can we apply it to better protect upcoming elections as well as enterprises, customers and employees?

Join this interactive panel with security experts and tech leaders to learn the biggest lessons from the election from a cybersecurity and privacy standpoint. Discover what went down, what could have gone better and how to prepare for the midterm elections in 2022.

- Can we build a hack-free election
- Does misinformation on social sites impact how people vote and what can be done to stop the spread
- What was new this time and what should security leaders keep in mind for their organizations
- Would it be safer if we brought the voting process online or in app
- Can nation state actors change voter rolls or polling data
- What the biggest election threats mean for industry
- Key takeaways for cybersecurity leaders

Panelists:
- Jim Richberg, Public Sector Field CISO at Fortinet
- W. Curtis Preston, Chief Technical Evangelist, Druva

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

The MITRE ATT&CK framework has become an excellent way for security professionals to understand and describe threats. However, most of the time, it is used to describe the actions of external threats.

But what about the insider threats? According to Forrester, 25% of breaches resulted from internal incidents, and almost half of them were malicious. In the past few years, insider threats have evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications and the current remote work setup make tracking and protecting sensitive data extremely challenging.

Can we use the MITRE ATT&CK framework to help us describe, understand, and finally detect and protect against insider threats? If the framework often describes and supports threat detection of external threats, does it also help deal with insider threats? What organizations should expect from this exercise, and what do they need to do differently to achieve the desired results?

Join Augusto Barros, VP of Solutions at Securonix, to learn about:

• How insider threats have evolved and the new challenges they present?
• How the MITRE ATT&CK framework supports threat detection practices?
• How the MITRE ATT&CK framework can also help to address the issues related to insider threats?

Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

This webcast, Tackling Insider Threat with Open Source Intelligence (OSINT), will demonstrate how OSINT can be leveraged to help identify and prevent insider threat.

Rachel will discuss the critical role OSINT can play in effective business risk management, specifically in managing insider threat.

In particular, Rachel will describe how companies can make more informed decisions about the people they employ and do business with by embedding OSINT within their recruitment and screening purposes, thereby minimising the risk of taking on high risk personnel.

Rachel will also discuss how OSINT can be used to understand an individual’s vulnerability to being an unconscious insider by, for example, inadvertently clicking on a link to a malicious website through a specifically targeted email.

Lastly, the webcast will examine the way in which organisations are using continuous OSINT methods combined with machine learning to identify and alert them to early indicators of insider threat, for example negative attitudes towards work, excessive spending, or a close association with a competitor. Indicators which when fused with other information regarding an individual such as a change in working hours or excessive data extraction, can start to build a picture of risk.

Key takeaways:
- The principles of OSINT
- The types of freely available information on people and companies
- The value OSINT brings to business risk management, specifically in managing insider threat
- How OSINT can be embedded within recruitment processes to help prevent companies taking on high risk personnel
- How understanding a company’s and individual’s online footprint can help reduce the harm caused by unconscious insiders
- How machine learning and continuous OSINT methods can help detect insider threat and provide an early warning of potential harm

Join SonicWall expert John Aarsen as he goes through the anatomy of social engineering attacks to demonstrate how people are manipulated into performing actions or divulging confidential information. These attacks have become more frequent and aggressive as attackers attempt to exploit the circumstances surrounding COVID-19. In the case of both users and organizations, overconfidence can lead to complacency, allowing such attacks to succeed. That’s why it’s crucial that you consider social engineering as your company builds its boundless cybersecurity strategy.

Threat actors are clever adversaries who prey on human error in your employee workforce to execute successful cyberattacks. They use social engineering to trick your teams into giving them access to your files and network. That’s why having a team of experienced security analysts on your side that work 24/7 is a crucial defense. When you’re up against real people who are targeting your employees, the solution isn’t a computer program but other people who know to combat these attackers.

Join Randy Pargman, Senior Director of Threat Hunting and Counterintelligence at Binary Defense and former FBI Computer Scientist, in this discussion that covers real stories from his experience with attacks targeting employees, how attackers attempt to deceive analysts, and ways to educate your workforce to defend against these attacks.

In this webinar you will learn:
- How threat actors target employees
- What next steps cyber criminals take to continue their attacks
- Examples of attacks on businesses
- Ways that an experienced SOC can combat these attacks

Improve your relationship with your developers and auditors, protect your environment, and go from frenemy to friend through streamlined processes and automated detective and corrective controls.

This session will cover tips on ways to address human error elements for development within your Google Cloud environment.

In this webinar, Changiz will cover:

- Description of cyber attacks and statistics from known and published attacks
- The most common types of attacks including phishing, ransomware, DDOS, Drive-By-Downloads, Dumpster Diving
- Why cyber attackers target people to set their attacks such as human senses, feelings, emotions, etc. with examples such as affection, kindness, greed, political and religious views, financial and employment needs
- Examples of common attacks such as phishing, social engineering, social media attacks, etc. and how they target those human senses
- Distinguishing the fake communications from the real ones
- Solutions and the importance of the SETA (Security Education, Training, and Awareness) programs for individuals and organizations

In today’s world of intense cybersecurity awareness, the daunting task of securing your workforce while employees are working from home can be very overwhelming. To address this issue most Information Technology and Information Security staff focus on digital factors, but it is important to not overlook the human factors.

The biggest human factor in Cyber Security is human behavior and the issues that result directly and indirectly from how we think, behave, and act. In this presentation I will cover the most common digital and non-digital threats I have encountered that are designed to take aim at exploiting human nature and are designed to “steer” how we act and react, as well as common mistakes in configurations and policies that can drastically impact any organizations “readiness” to protect against cyber attack. The goal of this presentation is that by the end of it you will be in a much better place of understanding the threats you and your organization face, and what you can do to resolve these issues through unified threat management, utilization of a multilayer cybersecurity approach, automation platforms in the cloud, and end user education.