Insiders: What Motivates Them and How to Protect Sensitive Data
Criminals, competitors, and nation-states have all discovered the value of hacking from the inside. Even your own employees plan to take your sensitive data when they leave. Is it any surprise then that insider threats have increased, as have avenues to profit from selling sensitive information?
It’s time to understand what motivates insiders and what you can do to protect your sensitive business data. Join us as we discuss how to:
•Understand what motivates insiders
•Assess your organization's data security posture
•Apply practical, real-life steps for securing databases, files, and Web applications
Raphael has done pioneering work championing the importance of unstructured data governance and educating organizations on data protection and security. Prior to joining Imperva, Raphael held senior positions at Varonis, Cisco, Check Point, Echelon and Network General. Additionally, Reich was a software engineer at Digital Equipment Corporation. He has over twenty years of business experience and holds a bachelors degree in computer science from UC Santa Cruz and an MBA from UCLA.
RecordedSep 15 201148 mins
Your place is confirmed, we'll send you email reminders
Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
Cyberattacks can cost an organisation its reputation, its customers and a great deal of money, making CEOs and board members more accountable. Yet, research shows that a high percentage of corporate boards are not actively involved in cybersecurity oversight. Nonetheless, Gartner estimates by 2021, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually.
When communicating your cybersecurity program to the board, it is important to translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.In order to justify the desired cybersecurity expense, you must clearly present the risks, the plan you will implement to protect the company’s assets, and the rationale behind the cost. In this webinar, our expert panel will discuss how to present cybersecurity to the board and get buy-in, including how to:
- Map out your cybersecurity program.
- Get an independent view of your current cybersecurity state and present the facts.
- Translate technical, tactical details about cybersecurity into business terms: risks, opportunities and strategic implications.
- Propose concrete solutions and demonstrate ROI.
Panel Moderated by Colin Whittaker, Founder of Informed Risk Decisions
Many organizations rely on governance, risk, and compliance (GRC) technology to consolidate risk information from internal sources (such as finance, IT, and operations) and external sources to understand their threat landscape. Yet as vendor ecosystems grow in size and complexity, risk management teams are increasingly struggling to procure and maintain high-quality, real-time data to feed their GRC systems.
Creating a threat intelligence strategy is essential for a company to identify and prioritize threats effectively. But when it comes time to choose threat intelligence services and products it can be hard to know where to start. In this webinar, our expert panel will discuss how to use real-time threat intelligence to accelerate threat detection, including how to:
- Understand the important distinction between threat data and intelligence.
- Establish what types of intelligence will prove beneficial to your organization and be critical for ROI.
- Ensure logging and reporting mechanisms are in place that can provide data per API to simplify forensic and compliance reporting.
- Gain complete visibility into all of your organization’s API traffic, and analyze relevant intelligence effectively from large volumes of threat data.
- Empower your teams to leverage automation to detect and block threats to your organization.
Under the weight of new and changing regulations around the world, many organizations struggle to achieve compliance. They often lack a holistic view of their compliance profile and face increasing challenges due to digital transformation. Chief Compliance Officers who take a top-down approach are often met with resistance, but a successful program requires management to actively participate, not just sign off.
Organizations can no longer afford to apply check-the-box approaches to compliance. Executive management must take a variety of actions to demonstrate leadership and commitment to the company’s compliance management program. On this CPE accredited webinar our panel of experts will discuss the current compliance landscape and challenges facing today's organizations, and they will address best practices to modernize your compliance program, including how to:
- Use a risk-based approach to meet regulatory demands.
- Employ digital transformation in the management of compliance obligations.
- Understand the impacts of regulatory changes and minimize resource-intensive manual processes.
- Get buy-in from other departments and create a working group of stakeholders to develop and improve your compliance program.
Colin Whittaker, Founder of Informed Risk Decisions, with speakers from ProcessUnity and OneTrust
In response to the Coronavirus Pandemic, countries are turning to tech to find solutions for containing the spread of the virus. New government initiatives including contact tracing apps are being implemented at lightning speed, and tele-health regulation is being approved in days instead of years. The world is rapidly digitising in response to all users working from home simultaneously, companies are adding network technology to expand coverage and capability, and online video conferencing is exploding.
But what does this all mean for privacy, and how can companies maintain compliance with regulations such as the GDPR in the current climate? Join this CPE accredited webinar to learn from our panel of security and privacy experts as they discuss how to implement a framework for compliance in the current climate, including how to:
- Better align global privacy data regulations,
- Enable business agility in a changing environment,
- Foster greater interplay between CIOs, CTOs, DPOs and CEOs,
- Create successful privacy frameworks that are globally aligned, and locally deployed.
With email security breaches constantly making headlines, it is crucial for organisations to be ahead of the curve. Join this interactive panel of industry experts as they discuss the latest trends in email security and how to prevent becoming the next international headline.
Join this Q&A panel to learn more about:
- Emerging trends in email attacks
- How to stay on top of the latest threats
- Best solutions to protect your organization
Moderator: Michael Thoma, Principal Consultant at the Crypsis Group
As in-house security becomes increasingly complex and costly, organizations are in need of a reliable and safe security provider. Join industry experts as they discuss the latest trends in SEaaS, including:
-Why your organisation needs to move towards SEaaS
-The different models of security as a service
- SEaaS solutions and strategies
Remote working has been a growing trend for the last few years, especially in the tech sector. However, the COVID19 outbreak has really pushed businesses to adopt or accelerate their remote integration plans. How has this affected security? What are the steps companies need to take to better protect their remote workforce?
Join this episode as we explore the security challenges in the time of COVID, why a strong security culture is important, and what steps to take today.
- What are the security challenges associated with remote working
- Examples of changes in cyber-attacks during COVID
- Managing patching, VPNs, and backups for large and small remote workforces
- How to maintain auditability and visibility
- How to enable and keep your remote team secure
- Tips for training end users to help themselves
- Why a strong security culture matters now more than ever
- David Sherry, CISO, Princeton University
- Manoj Apte, Chief Strategy Officer, Zscaler
This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
Colin Whittaker, with LogicGate, Allan Liska, Recorded Future; Jonathan Ehret, RiskRecon, ProcessUnity
High-Profile Data Breaches have placed a spotlight on the risk of cyber security breaches with vendors and subcontractors, expanding the need to have greater rigor in third-party risk management and ongoing risk assessments. By integrating third-party risk management systems with other enterprise systems, external data sources, and analysis and reporting applications, and organization can deliver significant benefits and centralize processes into a single, automated platform that standardizes workflows and reduces manual effort.
On this CPE accredited webinar our panel of experts will address how to strengthen your third-party risk management process for improved efficiency and effectiveness, and get more from your platform investment through automated integrations with a broader digital ecosystem. Attendees will learn:
- How integrations with external data sources accelerate the assessment process and improve security, financial, and reputation risk reviews,
- Where to connect to internal systems — ERP, GRC, CRM, Contracts, and more — throughout the third-party management lifecycle,
- The pros and cons of various integration methods and how to make a best-fit choice,
- How to strengthen and streamline your third-party risk management efforts.
Eric A. Nielsen, CISSP, C|CISO, CCSP, HCISPP, CAP, CRISC, Chief Executive Officer, Defense In Depth Cyber Security
As an information security professional knowledge of cloud security and cyber-attack tactics and techniques is critical to protecting your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:
Gartner predicts that by 2021, over 75% of midsize and large organizations will have adopted multi-cloud or hybrid IT strategy. The corporate perimeter has been redefined.
In this session, we’ll discuss:
Six major cloud security threats along with risk mitigation and avoidance tactics
Best practices to help secure cloud deployments
Shared Responsibility Model for Cloud Security
Jo Peterson, Vice President, Cloud and Security Services
Tyler Cohen Wood, Cyber Security Expert, Former Senior Intelligence Officer
Mark Lynd, Head of Digital Business at NetSync
Paul Love, SVP Chief Information Security & Privacy Officer, Co-Op Financial Services
Mali Yared, Robert Razavi, Baber Amin & Proofpoint Speaker TBD
Is your organization aware of the main differences in data regulations around the world?
Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.
Viewers will learn more about:
- What's new on the data privacy and compliance landscape
- Main differences between data regulations around the world and what this means for your organization
- Expert recommendations regarding best tools and practices for achieving and maintaining compliance
- The future of data privacy
- What to expect in 2020 and beyond
Moderator: Mali Yared, Practice Director, Cybersecurity and Privacy, Coalfire
Robert Razavi, Senior Security Architect CTO Office, IBM Canada
Baber Amin, CTO West, Ping Identity
Speaker TBD, Proofpoint
Arun Kothanath, Shahrokh Shahidzadeh, Eitan Bremler, John Pepe
There have been countless insider threat breaches recently, it’s no surprise that research suggests that up to 60% of cyberattacks are due to insider threats. With so much at stake, it's vital for organizations to protect against insider threats.
Join this interactive panel of industry experts as they discuss:
- How to protect your organisation from insider threats
- Latest technologies and solutions
- Benefits of early and timely detection
Arun Kothanath, Chief Security Strategist, Clango (Moderator)
Shahrokh Shahidzadeh, CEO of Acceptto
Eitan Bremler, Co-Founder & VP Corporate Development, Safe-T
John Pepe, Market Development Principal Financial Services, Proofpoint
John Burke, CIO and Principal Research Analyst, Nemertes Research
The destruction of hard perimeters, the rise of remote work and mobility, and increasingly hybridized infrastructures push identity to the center of enterprise security. Join us as we discuss identity-centric security in a multicloud environment, and concrete steps you can take towards that goal.
Global commerce was in transition before the pandemic. Now, businesses are accelerating their digital aspirations and work will never be the same. Mobility has raised business productivity, but it’s brought its share of issues, as well. One of the biggest challenges is the need to provide complete, consistent security across devices that you may not own.
• How do I control in one place the security and identification of all devices connecting to my network?
• How can I address the challenge of managing security in a world where cloud computing, mobility and the Internet of things are eroding the network perimeter?
• How can I provide Data Privacy and Data Security and be compliant with GDPR and local regulations?
• How do I give support engineers access to my organization's admin portal, provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments?
• How can I provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing.
• How can I repurpose the existing WiFi and create key metrics of the deployment and visitors use and integrate data with existing CRM tools?
• How do I dissociate and secure the use of my network among daily guests, consultants, employees and IOT devices?
We will discuss how a cloud-based proxy and firewall can route all traffic through its software to apply corporate and security policies.
In order to effectively use cryptography to protect information, one has to ensure that the associated cryptographic keys are also protected. Attention must be paid to how cryptographic keys are generated, distributed, used, stored, replaced and destroyed in order to ensure that the security of cryptographic implementations are not compromised.
This webinar will introduce the fundamentals of cryptographic key management including key lifecycles, key generation, key distribution, symmetric vs asymmetric key management and integrated vs centralized key management models. Relevant standards, protocols and industry best practices will also be presented.
Johna Till Johnson, CEO and Founder, Nemertes Research; Russell Rice, VP Product Strategy at Ordr
IoT initiatives are exploding. Nemertes has found that companies with successful IoT initiatives are increasing both the number of projects and the device count, with growth that ranges up to 100%+ year over year.
Scaling these initiatives requires scaling not only the IoT solutions, but also the infrastructure and cybersecurity environments in which they operate. As enterprise technologists begin to apply next-generation cybersecurity approaches like zero-trust, they need to think seriously about how to automate the control and management of their cybersecurity and infrastructure.
The answer? Automation. Successful organizations are more likely to automate earlier, more aggressively, and more comprehensively—with dramatic improvements in performance, security, and reliability.
Find out why automation is critical to securing, managing, and scaling IoT—and what best practices can help ensure success in implementing it.
Ransomware, ransomware, ransomware. Why are our current endpoint defenses so inefficient? We will take three leading endpoint security (antivirus) products and demonstrate live how ransomware developers use trivial techniques to bypass all of them. Often a single line of code is all that’s needed to render antivirus ineffective and all data lost.
NOTE: This webinar is applicable to technical audience only. We will be digging right in the source code and compiling ransomware on the fly.
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.
Pierre Mouallem, Lenovo; Ahmad Atamli, Mellanox; Steve Vanderlinden, Lenovo
One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? What are the potential risks of the wrong people reading the data? These are just a few of the questions that we try to answer when we go through the process of securing data.
Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.
For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:
• How requirements for “data at rest” differ from “data in flight”
• Legal and regulatory reasons to protect (or delete) data at rest
• Where and how data could be attacked
• Understanding the costs of ransomware
• How to protect cryptographic keys from malicious actors
• Using key managers to properly manage cryptographic keys
• Strengths and weaknesses of relying on government security recommendations
• The importance of validating data backups... how stable is your media?
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.