Hi [[ session.user.profile.firstName ]]

SIM Swapping Digital Identities

This Election Hacking episode will explore the recent wave of SIM swap attacks in the context of MFA compromise, account hijacking and data theft ahead of the 2020 election.

Can SIM swapping be used to target and steal identities of high-value individuals in the 2020 elections (e.g. campaign staff, influencers, local election officials)?

Join this panel to learn more about:
- Why attackers are focusing on identities
- SIM swap attacks and two-factor authentication
- Phishing - most commonly used for SIM swapping
- Other ways attackers can get the victim's info
- What can be done to protect digital identities
- Early SIM-swapping attack warning signs

Speakers:
- Allison Nixon, Chief Research Officer at Unit 221B
- Cody Hussey, Security & Privacy Advocate, Solutions Engineer at Yubico

Moderator: David Morris, Executive Director at Digital Risk Management Institute

This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
Recorded Jun 18 2020 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
David Morris | Allison Nixon | Cody Hussey
Presentation preview: SIM Swapping Digital Identities

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Identities, Privileged Access & Cloud Security Mar 18 2021 11:00 am UTC 58 mins
    Brandon S. Dunlap; Jeremy Snyder, Rapid 7; Morten Boel Sigurdsson, Omada; Corey Williams, CyberArk
    Securing the access to cloud data assets has never been more important. According to the latest Verizon DBIR, 73% of cloud breaches involved an email or web application server, while 77% of these cloud breaches also involved breached credentials. What does this mean for enterprise cloud security, especially in the time of COVID19 and remote working?

    Join this keynote panel to learn more about:
    - How the landscape has changed in 2020
    - Why attackers are focused on identities
    - Understanding privileged user behavior and securing identities
    - Discover how organizations are doing IAM, and what's needed for a more secure enterprise
    - Best practices and recommendations by the experts
  • The Future is Identity-Centric Mar 17 2021 4:00 pm UTC 60 mins
    Diana Kelley, SecurityCurve | Joseph Carson, Thycotic | Dave Farrow, Barracuda
    Instead of the traditional "castle and moat" model of the past, today the security perimeter is being defined around the identity of the person or the device requesting access. What are organizations doing to protect digital identities in the age of breaches? How are the current trends in identity and access management helping address this issue?

    Join this interactive roundtable discussion with notable security experts to learn more about:
    - The shift to identity-centric security
    - The zero trust mindset
    - What constitutes strong and effective authentication and authorization
    - The role of policy orchestration and enforcement
    - Best practices for protecting identities and managing access across the enterprise

    Panelists:
    - Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
    - Dave Farrow, VP, Information Security at Barracuda

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • [Panel] Cloud Security Hurdles and How to Overcome Them Mar 17 2021 3:00 pm UTC 60 mins
    Jeff Foresman, VP of Security Operations and CISO, Digital Hands; David LeBlanc, Chief Product Officer, SecureCloudDB
    The push to remote work in response to the 2020 pandemic pressured many businesses to quickly move to the cloud, often resulting in security decisions being made on the spot. What are the long-term implications for enterprises, the common mistakes made along the way and the ways to overcome them?

    Join this panel of experts to learn about the security side of cloud transformation and the best practices for improving cloud security in 2021.

    The topics up for discussion during this interactive session will include:
    - Security considerations when moving to the cloud
    - Rethinking your threat model
    - Addressing the complexity of managing hybrid or multi-cloud environments
    - Governance and compliance considerations
    - Fostering a robust security culture and tighter collaboration between teams
    - Best practices and recommendations for moving security operations to the cloud
  • Simplifying Cloud Security Concepts Mar 17 2021 9:00 am UTC 60 mins
    Milica Lijeskic, Security Cloud Architect, KyberStorm
    As more organizations embrace distributed working environments, we see a rapid acceleration of cloud adoption. However, we notice that this adoption is typically done without a strategic migration plan causing more challenges in already complex environment.
    Many organizations don’t have a good handle on who should bear a burden of ensuring proper security in the cloud, much less a strong end-to-end vision of what technologies are required to secure their cloud deployments.
    In this session you will learn about:
    • The current security challenges in the cloud
    • How to integrate security throughout the IT life cycle
    • How to take a holistic, continuous, and defense-in-depth approach to security
    • Technologies that can help you securely adopt cloud

    About Milica Lijeskic:
    Milica serves a Cloud Security Architect and Compliance Subject Matter Expert at KyberStorm. During her career she has worked across wide range of technologies and industries to implement countermeasures to mission-critical systems hosted in the cloud or on-premises. Her portfolio of work includes the authorship of strategic cybersecurity plans and policies and system architecture designs for federal government agencies and private companies. Her forward looking approach, resourcefulness, and passion for continued education has helped her resolve complex and provide unmatched services to her customers.
    Milica holds Bachelor’s degree in Business Leadership from George Mason University, as well as a variety of technical certifications: CISSP, Amazon Web Services (AWS) Solutions Architect, and CompTIA Security +.
  • Multi-Cloud Security: A concern for providers and consumers Mar 16 2021 9:00 pm UTC 60 mins
    Dr. George Edeh, UMGC, Founder, Technology Impact Associates, a Technology Consulting Company
    Cloud computing is not going anywhere and the demand for Cloud services quadruple as seen in the demand for Multi-Cloud implementation. Multi-Cloud have many advantages but its complexity creates security challenges that consumers and providers should be concerned about.
    This presentation will take you through the tools you need to enable visibility across the entire platforms through a single view point.

    Dr. George Edeh, Assistant Professor Cybersecurity Program, UMGC, Founder, Technology Impact Associates, a Technology Consulting Company:gedeh@teiassociates.com
  • Cloud Security Threat - Cloud Monitoring and Breach Prevention Mar 16 2021 11:00 am UTC 60 mins
    James Johnson, Cloud Security Specialist, Proofpoint
    In this session we explore the threats associated with cloud security, breach monitoring and prevention.

    We also explore how organizations can protect themselves both from a denial of service, information leak, data theft.

    With all the limitations of traditional security architectures, we explain how a CASB with Unified Information Protection can achieve cloud & data security detection through to remediation.

    Significantly improving enterprise security, bridging the gap between cloud and information security.

    After this presentation, attendees will:
    - Understand the core principles of people-centric cloud security, and why it’s important to adopt them now.
    - How enterprises can achieve a unified, layered defence to cloud and resultant data impact issues.
    - Understand how their organization can adapt a people-centric cloud security strategy, integrating with and enhancing their infrastructure.
  • Thinking Like A Hacker Mar 15 2021 11:00 pm UTC 60 mins
    Josh Stella, Fugue Co-Founder, CEO and CTO
    When it comes to cloud misconfiguration vulnerabilities, compliance frameworks and monitoring tools aren’t always going to help you. If you’re using the cloud, odds are your security model is broken.
    The cloud changed the way hackers think and operate: Rather than targeting an organization and then searching for vulnerabilities to exploit, hackers use automation to scan the internet looking for cloud misconfigurations to exploit.

    Once an attacker has access to your environment, they use IAM resources like a network to move laterally, find data, and extract it. We’ve graduated from simple misconfiguration mistakes to techniques bad actors are using today to breach data out from under the most advanced cloud security teams—often without detection.

    In this talk, Josh Stella Fugue Co-Founder , CEO and CTO, will put you into the hacker mindset so you can think more critically about fixing your broken cloud security.

    Specifically, this talk will cover:
    - Common cloud misconfigurations that compliance won’t catch
    - How attackers take advantage of IAM misconfigurations
    - How to find advanced misconfiguration vulnerabilities and fix them
    - Strategies for remediation and building security into cloud design
  • Security Issues and Solutions in Cloud Computing Mar 15 2021 11:00 pm UTC 60 mins
    Pankul Chitrav and Leena Bongale, TD Bank Group
    Cloud computing’s security is an area of concern for organizations all over the world in today’s increasingly remote world. As we have send in the recent years security breaches in large organizations point out that some of these security problems present as data breaches while others deal with access control. Whatever the issue, it concerns decision makers greatly when making a choice of software or solution.

    Organizations should take note that these security challenges are well documented. At the same time, each presents its own solution to vulnerabilities found in using cloud computing to meet business challenges and customer demands. In short, if you take the right precautions, cloud computing can be both safer and more satisfying for your business needs.

    Our presentation is an introduction to some of the security challenges you can mind while relying on cloud computing for your business. We speak on at least four common concerns and their solutions, i.e Data Breaches, Access Control, Data Loss & Denial Of Service.
  • Cyber Resilience in Multiple Cloud Environments Mar 15 2021 5:00 pm UTC 60 mins
    Bincy Ninan-Moses, Director of Cybersecurity, Integral Consulting Services, Inc.
    Over the past year, we have seen a lot of unprecedented changes to our usual way of life with everything and everyone going remote as a result of the COVID-19 pandemic. This has led to various technology disruptions including adoption of multiple cloud environments across the globe. The shift to multiple cloud environments and a fully remote workforce that adds endpoints to access data and networks leads to location-agnostic operations and calls for heightened security that has broken the traditional perimeter-based network security model.

    In this session, we will discuss the current proliferation of multiple cloud environments and explore how best to adopt these disruptive multi cloud environments through holistic cloud security solutions and zero trust.

    About Bincy Ninan-Moses:
    Bincy Ninan-Moses is an enterprise technology solutions and cybersecurity subject matter expert (SME) leading Integral’s cybersecurity and cloud computing practices. She works to build Integral’s technical capabilities through innovative solutions and industry partnerships. She has worked for over 13 years in various roles in technology, cybersecurity, research and analysis, and as a technical solutions architect working at the intersection of business and emerging technology. Bincy has published research on national critical infrastructure security, cyber economic incentives, U.S. national and international innovation ecosystems, science and technology (S&T) policy, and S&T prediction markets. She holds a Bachelor’s degree in Electronics and Communication Engineering from Visvesvaraya Technological University, a Master of Business Administration (MBA) degree from Ohio University, and an Executive certificate in Cybersecurity from Harvard University. Bincy is a Certified Ethical Hacker (CEH) and holds professional certifications in penetration testing, cloud computing, and cybersecurity.
  • [Panel] Securing a MultiCloud Environment Mar 15 2021 3:00 pm UTC 60 mins
    Jo Peterson, Clarify360; Ed Featherston, Distinguished Technologist in Cloud for HPE
    According to the Flexera 2020 State of the Cloud Report, 93 percent of enterprises have a multi-cloud strategy.

    In this session we’ll explore some of the critical challenges that a multi cloud environment can present around security such as access, hypercomplexity and reduced visibility.

    We’ll review options around:
    - Cloud Security Frameworks
    - Multi-Cloud Security Best Practices
    - Specific Tips to Strengthen Cloud Security Configurations
  • Preventing & Detecting Cloud Security Incidents Mar 15 2021 11:00 am UTC 56 mins
    Jeff Foresman, VP of Security Operations & CISO, Digital Hands
    We have seen explosive growth in organizations moving applications, services and systems to the Cloud but unfortunately many do not understand how to secure these environments. Numerous IT and Security departments approach security in the cloud as they were securing individual servers in a data center and do not understand how to prevent data breaches or accidental data disclosers. Organizations are also struggling with how to effectively get full visibility into the cloud environment to monitor for malicious activity or configuration errors.

    This presentation will focus on how to prevent and detect cloud security incidents including:

    - Cloud Security Threats
    - Review of Cloud Data Breaches
    - How to Prevent Cloud Security Incidents
    - How to Detect Cloud Security Incidents

    Attendees to this discussion will come away with an understanding of the threats to cloud platforms and how an organization can develop solutions to effectively prevent and detect cloud data breaches. We will also provide best practices and native cloud solution recommendations to harden and monitor their applications, services and systems.
  • Cyber Authors Ep.3: How to Do Application Security Right Mar 10 2021 6:00 pm UTC 60 mins
    Ted Harrington, Author of Hackable & Executive Partner at ISE | Sushila Nair VP Security Services at NTT DATA
    If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk, too.

    Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, maybe you’re uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or, maybe you think you do know, but don’t realize what you’re doing wrong.

    To defend against attackers, you must think like them. Join Ted Harrington, author of HACKABLE: How to Do Application Security Right and learn:
    - how to eradicate security vulnerabilities
    - establish a threat model
    - build security into the development process

    You’ll leave knowing how to build better, more secure products, gain a competitive edge, earn trust, and win sales.

    This episode is part of Cyber Authors, a new series with Sushila Nair. We welcome viewer participation and questions during this interactive interview.
  • Succeeding as a CISO in 2021 Recorded: Feb 17 2021 62 mins
    Diana Kelley, SecurityCurve | Patricia Titus, Markel Corp | Jonathan Nguyen-Duy, Fortinet | Gerald Mancini, Fidelis
    This month's episode of The (Security) Balancing Act will look at how the CISO role has evolved in the last few years, what today's expectations are and what it takes to succeed as a CISO.

    Some of the topics to be covered during this roundtable discussion with security and tech leaders include:
    - How has the CISO role evolved over the last few years and what is expected of CISOs in 2021?
    - CISO vs BISO
    - How to see ROI on your cybersecurity investment?
    - How to get the business to understand risk and care about security?
    - How to keep cyber employees happy. The churn is exhausting and costly for companies, and it’s exacerbated by employee burnout and a “grass is greener” approach.

    Panelists
    - Patricia Titus, Chief Privacy and Information Security Officer, Markel Corporation
    - Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet
    - Gerald Mancini, Chief Operating Officer of Fidelis Security

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Threat Hunting in a Borderless World Recorded: Feb 11 2021 73 mins
    Eric Lorson, Senior Security Engineer, Sumo Logic
    With organizations moving infrastructure to the cloud at a record pace, building a perimeter wall around your organization is no longer a viable option for securing your data. Cloud computing completely changes the attack surface available to be exploited and can create potential security vulnerabilities for those unaware of what to look for. Fortunately, the data provided by cloud providers can be your best tool for identifying and mitigating threats. We will take a look at how threat hunting changes in the cloud.
  • Data Breaches: Two Tales, Two Motives: Financial vs. Espionage Recorded: Feb 11 2021 54 mins
    John Grim, Distinguished Architect, Verizon Threat Research Advisory Center
    For the 2014-2020 DBIR (Data Breach Investigations Report) timeframe, annually, we see Financial motive underlying breaches between 67% and 86% of the time and Espionage motive as the driver between 10% and 26% of the time. Given their nature (e.g., stealthy tactics, specific targeting), Espionage attacks can be difficult to detect and identify as an actual Espionage-related attack (given scant IoCs and other details). Whereas Financial attacks—if not detected while occurring or soon thereafter—eventually become apparent when money goes missing. At that point, the Financial motive, if not already ascertained, can be determined.

    When we look at the VERIS (Vocabulary for Event Recording and Incident Sharing) A4 Threat Model—Actors, Actions, Attributes, Assets—we see similarities with and differences between data breaches involving Financial attacks and Espionage attacks. Join this session and discover:

    · how data breaches with Financial and Espionage motives compare
    · how data breaches with Financial and Espionage motives differ
    · what can be done to counter either Financial and Espionage attacks
  • Cybercrime on Constant Watch Recorded: Feb 11 2021 36 mins
    Rodrigo Araujo, Security Advisor at Bell Canada
    Due to the fast pace the organizations are using for their digital transformation, cybersecurity excellence is becoming difficult to achieve.

    Most organizations need to consider not only a single network to secure, but also mobile developments, hybrid cloud implementation, among many other environments. This also includes a complex software development lifecycle, like DevSecOps, microservices, containers, etc.

    Being on the top of the game is hard, so it is better to have a good strategy to be proactive to prevent new attacks (who wants another WannaCry?)

    In this talk we will see:

    · The best practices to properly defend itself against current threat trends
    · How to predict a broad number of future attacks
    · How organizations can be more proactive to prevent the next wave of attacks before they occur
  • Are Your Vendors a Threat to Your Business? Recorded: Feb 11 2021 66 mins
    Troy Vennon, Director, Cybersecurity & Trustworthiness, Covail
    Your vendors present a real operational risk to your business in 2021. The pandemic drove major shifts in not only how your business operates and partners, but also how your suppliers operate and partner. These systemic changes left unchecked can leave your business at significant risk to real cybersecurity threats.

    Join Troy Vennon, Director of Cybersecurity and Trustworthiness at Covail, for a quick session on:
    1. The 2021 outlook on supply chain risk and threats
    2. How MITRE ATT&CK can help prioritize threats and risks
    3. Practical, actionable steps to get you on the right path to managing third-party risk with confidence
  • Attacking the Dark Corners of the Internet Recorded: Feb 11 2021 36 mins
    John Bloomer, Regional Director, Security Engineering, Office of the CTO at Check Point Software
    The trouble with the world is not that people know too little; it’s that they know so many things that just aren’t so”. This eye-opening quote by Mark Twain makes one think about the possible misconceptions we might have in our minds.

    In our daily life, we use many tools and rapidly adopt innovative technologies to improve our routine. Yet we are being neutral to the risks involved with those tools due to a false belief regarding the attacking vector and potential threats related to those devices.

    In this section, we focus and disrupt cyber security misconceptions.

    From the digital cameras, that we all use to take photos and our indispensable smartphones, to the newest technologies on the public cloud infrastructures, this session presents our research findings and vulnerabilities on those devices.

    The common denominator for those platforms all have weak spots, allowing malicious individuals to take advantages and reach to our data on devices.

    Breaking those misconceptions shows that we need to take cyber precautions in order to prevent the potential upcoming attacks.

    All vulnerabilities presented on the talk were “responsibly disclosed” and are being discussed publicly after the relevant vendors have applied all patches
  • Panel Discussion: Defending FinTech - best practices and lessons learned Recorded: Feb 11 2021 61 mins
    Donald Codling, CISO & Chief Privacy Officer & Mark Vanderbeek at REGO Payment Architectures & Johnny Wong at Veracode
    The Challenge - With the worldwide migration to Ecommerce platforms accelerating several years ahead of estimates, coupled with an increased attention to personal privacy and data security needs, The demands on all sizes of E Commerce firms to build in security and privacy as a foundation has taken new relevance and urgency. Between the pressures imposed by regulatory measures addressing Cyber Security and Data Privacy measures like CCPA (California Consumer Privacy Act)-GDPR (General Data Protection Regulations) and the increase and evolution of the Cyber Security threat landscape demands a holistic, segmented and layered 'zero trust' approach. (From Theft of Intellectual Property, Theft of Personally Identifiable Information all the way to ransomware-wiperware destroying a companies very existence.)

    The approach REGO Payments Architecture has taken with its partners- From the beginning of the technical design and marketing discussions-due primarily to the sensitive nature of the spirit and decision mantra was the platform MUST comply with COPPA and GDPR Privacy and security mandates. We have taken an 'all hazards; approach to the emerging threat landscape and implemented a few key functions-

    Light Stream-
    Veracode-
    Armor-

    Some bullet points/key takeaways for the audience e.g in this webinar you will learn.....
    1-Need for resilience and redundancy
    2-Need to have a holistic view of all the parts
    3-Cyber Hygiene has never been more important-patches, updates applied and logged. IAM tools in place, restrict admin access, etc.
    4-Maintain across all business units the foundation of security and privacy (Not just meet minimum standards or regulatory threshholds but add extra care whenever possible

    Panelists:
    Donald Codling, Advisor & Acting CISO & Chief Privacy Officer at REGO Payment Architectures
    Mark Vanderbeek, CTO at REGO Payment Architectures
    Johnny Wong, Director, Solutions Architecture at Veracode
  • Securing the Distributed Workforce in the New Normal Recorded: Feb 11 2021 61 mins
    Lux Rao, Senior Director – Solutions & Consulting at NTT India
    Dealing with Cyber Security issues in a post pandemic world

    2021 may be the year the world starts to overcome a health pandemic, but the effects on how work is undertaken and the consequent evolution of threats to organizations’ information assets have not yet been fully felt.

    The shift to distributed working, accelerated by the pandemic, continues to disrupt organizations’ attempts to mitigate risk. The impact for many organizations has been catastrophic as evidenced by the surge in cyber-attacks in the immediate aftermath of the pandemic.

    As security teams grapple with updating organization-wide policies, there are multiple implications thrown up by a distributed workforce including Shadow IT, lack of employee awareness, the insider threat of willful employees collaborating with malicious actors et al – all these coupled with the brazenness of the hackers who may well have found an easy back-door entry into an apparently ‘secure’ Enterprise.

    Is there a solution to this issue?

    This session will cover the following key areas
    -Enforcing the Enterprise Security Posture to a distributed workforce
    -The importance of employee accountability & ownership in securing the Enterprise
    -Identifying & addressing the scourge of the insider threat - malicious cooperation between outside actors & willful employees.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: SIM Swapping Digital Identities
  • Live at: Jun 18 2020 4:00 pm
  • Presented by: David Morris | Allison Nixon | Cody Hussey
  • From:
Your email has been sent.
or close