Securing Payment Card Data with Encryption and Tokenization

According to Digitalguardian.com, a data breach at U.S. firm in 2019 cost an average of $8,19 million, an increase from $7.91 million in 2018, and more than twice the global average.

The number of data breaches is growing as well. Statisa reports a 14% increase in the number of breaches in 2019 over 2018 figures. So how can we guard against them? While there is no one and done solution for solving security challenges, Risk Reduction is a key element

In this session we’ll discuss both the educational and technical approaches to data breach risk reduction:

- Types and Causes of a Data Breach
- Consequences of a Breach
- Data Breach Response Plan and Breach Notification Plan
- Method for Evaluating Risks and Harm
- Breach Prevention Tactics

Moderated by:
Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Panelists:
Tyler Cohen Wood, Executive Director Cyber Workforce Program
CyberVista
Stephenie Southard, CISO of BCU
Rich Thompson, VP Sales Engineering, BlackBerry

Just when the cybersecurity industry thinks it has seen it all criminals go a step further and prove us wrong. Even with a global pandemic, threat actors reaffirm just how low they are willing to go, targeting massively under-resourced, critical services like hospitals or academic institutions.

I’ve always drawn many parallels between cybersecurity and martial arts (one of my other passions) both of which I have been involved with for over 25 years.

So, join me as I use my experience in both fields to take you on a whistle-stop journey on how to put together a cyber incident battle plan for - surviving enemy contact.

Join us for an interactive discussion on how deception technology can provide early detection of a breach and significantly improve an organization's capabilities to quickly and accurately defeat attackers. We will cover:

- Faster detection of threats at a lower cost
- Collecting specific threat intelligence on if and how you are being targeted
- Reducing false positives and not missing alerts
- Detecting insider threats

Speaker bio - Steve Cobb, CISO at One Source
Steve Cobb is One Source’s Chief Information Security Officer (CISO) bringing more than 25 years of leadership consulting surrounding IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Since joining One Source in 1995, Steve has been responsible for providing strategic IT consulting, delivering an increased organization efficiency and security for our customers. Prior to One Source, he was a Senior Security Engineer with Verizon Managed Security and a Senior Escalation Engineer with Microsoft. Steve serves on several CISO boards and a frequent presenter at conferences such as InfoSecCon, ISSA, Cyber Defense Summit, and others.

Breach protection and detection is a central challenge for security experts who are tasked with protecting an enterprise. In addition, the endless effort to protect business assets does not lead to certainty.

It is difficult to prove that defensive efforts are effective and ready for real life attacks.

In this presentation, you will learn how the collaboration between a Threat Intelligence Team and a Red Team led to a revolutionary change in security posture and provides an effective method to evaluate and improve the prevention and detection of compromises.

In this session you will explore
- A method to identify gaps in breach protection and detection
- The challenges around endpoint protection and DLP
- Enhancing logging and monitoring by adding context
- Building a trusted environment

Opportunity is the cause of cyber crime, take away the opportunity and take away the crime.

Threat actors collaborate, conspire and acquire targets with impunity - just below the surface of what we see on the internet every day. Often referred to as the Deep Web or Dark Web, these virtual meeting places hide cybercriminals, insiders, terrorists and activists from plain view. How do you become proactive and get visibility into the forums and communication channels where 'bad actors' hatch their plans? This session will dispel the mystery of the dark web, discuss how the virtual underground operates and provide guidance on how organisations can gain visibility into these environments to help inform and manage their business risk. Join BCyber as they host a discussion with intelligence expert, Brett Williams, Flashpoints Lead Solutions Architect, where we will provide an:

- Understanding and dispelling the myths of the deep and dark web
- Overview on how cybercrime works and how illicit actors operate
- Update on key trends being seen in first half of 2020, for example, COVID threats, extortionist ransomware and more
- Example from real-life, covering content from virtual illicit communities, like forums, marketplaces, chat services etc
- Actions that you can do to gain external visibility for your organisation to better manage business risk

In response to the COVID-19 pandemic, more employees are working from home than ever before, introducing corporate devices to a variety of new and evolving vulnerabilities. We recently examined the data we routinely collect from Internet traffic to learn more about how this unprecedented shift to remote work changed the security landscape — and the results were alarming.

During this webinar, Dan Dahlberg, Director of Data Research at BitSight, will dive into our research and provide proven recommendations for mitigating cybersecurity risk across a remote workforce. Join us on Wednesday, July 15, for:

- Insights into the hidden dangers lurking in residential networks
- Tips on navigating the new security challenges
- Best practices for monitoring your expanding attack surface and ensuring all digital assets are secure

With the increase in mobile and smart devices, we've expanded the threat landscape not only against threats to steal information, but for threats that have real physical risks. For instance, recent research by Google Project Zero and Volexity showed sophisticated attacks against both Android and iPhone devices that were targeted at Uighur Muslims and Tibet. Victims of this malware are targeted for persecution by the government of the People's Republics of China.

This talk will cover not only these attacks in specific, but in how threats are emerging that use new technologies which are being used to create physical threats to its victims and what that means for enterprises, SMBs, and society at large.

Takeaways:

- Technical discussion on mobile surveillance techniques and malware.
- Cover real-world instances where such cyber attacks have led to physical harms.
- Discuss practical techniques to begin to mitigate such threats.

As the number and frequency of malware attacks continue to increase, we look at the threats, vulnerabilities and risks factors associated with malware attacks and how to keep your organizations secure.

Join this keynote panel with security experts as they discuss malware trends, strategies and tools for better security in 2020:

• The most prevalent threats in 2020
• Identifying the latest malware delivery tools and techniques
• Developing a modern defence strategy and empowering your users
• Malware strategy best practices

Speakers:
Joseph Carson, Chief Security Scientist, Thycotic (Moderator)
Pedro Uria, Director of PandaLabs, Panda Security
Jack Mannino, CEO, nVisium
Stan Lowe, Global Chief Information Security Officer, Zscaler
John Aarsen, SE - Benelux and Nordics, SonicWall

The presenters for this session (Gregory Van Den Ham & Nate Zimmerman), will be discussing the following points:



The History of Ransomware
Delivery Vectors
Ransomware Behavior Examples
Detection / Prevention tactics
Mitigation and Cyber Incident Response

Nate and Greory have over 30 years combined experience in IT Security, click 'attend' to join this thought-provoking and interactive live session.

Enterprise tech has transformed over the past decade, bringing improvements not only in elasticity & efficiency but especially security. Ten years ago, vulnerabilities were the easiest path into systems, but operating systems and software have become more secure through better practices, consistent updates, & leading-edge security solutions. As tech evolved, so have the exploits, which now leverage human error more than ever; capitalizing on misconfigurations or leveraging tactics like social engineering - as a primary path to compromise.

In this presentation, Luke will chronicle the evolution of malicious attacks over the last ten years and demonstrate how the security industry has responded through the implementation solutions that address the ever-changing nature of data breaches.

The presentation will address:

· Lessons learned from ten years of exploitation evolution
· Why modern threats are effective even though there are more security tools on the market than ever before
· Changes companies can make now to build stronger defenses

Luke began his cybersecurity career in the US Navy, where he trained to conduct offensive security operations for the Department of Defense. He participated in daily computer network exploitation missions in support of national intelligence requirements and in support of protection against foreign nation-state sponsored hackers. After separating from the United States Navy, he joined the start-up company, IronNet Cybersecurity. Luke conducted penetration tests and vulnerability assessments, while also providing product development support and threat hunting capabilities. Following his time at IronNet, Luke worked as a Director in security consulting at Ankura Consulting Group, where he specialized in red teaming, penetration testing, intelligence gathering, threat hunting, digital forensics, and technical writing. Luke has a M.S. degree from Eastern Michigan University and is CISSP, OSCP, and CEH certified.

Every time there is a major crisis I feel like the cybercriminals should cut us a break and yet every time it seems like they double down. You may recall over the years when a major natural disaster, health crisis or social issue dominate the news there are a flood of crisis related phishing campaigns using the topic as a pre-text for launching an attack.

Using popular topics and references is a key way that attackers can increase the probability of getting someone to click on their phishing lure to launch something like a ransomware attack. In this talk will cover some of the ways we can prepare for the next calamity.

• Phishing detection and defense practices
• Techniques for ransomware prevention
• Training your employees to be resistant to Social Engineering techniques

Join us for a discussion on how to prepare both your people and security infrastructure for the next wave of attacks. The cybercriminals are phishing – let’s talk about how to stop your employees from clicking on the bait.

Bios:
· Tony Lauro is Director of Technology & Security Strategy for Akamai Technologies. Over the past seven years Tony has worked with Akamai’s top global clients to provide application security guidance, architectural analysis, web application and adversarial resiliency expertise.
· Steve Winterfeld is our Advisory CISO. Before joining Akamai, he served as CISO for Nordstrom bank and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve focuses on ensuring our partners are successful in defending their customers and determining where we should be focusing our capabilities.

As an information security professional your knowledge of ransomware as well as the tactics & techniques to detect & respond effectively are critical to your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:

- What is Ransomware?
- Leveraging Architecture Components to Detect & Respond to Ransomware
- Ransomware Scenarios & Solutions
- Tips to Protect Your Organization

An increased awareness about privacy issues among individuals. In many countries, databases containing personal, medical or financial information about individuals are classified as sensitive and the corresponding laws specify who can collect and process sensitive information about a person. The financial services industry has rich sources of confidential financial datasets which are vital for gaining significant insights.

However, the use of this data requires navigating a minefield of private client information as well as sharing data between independent financial institutions, to create a statistically significant dataset. A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion.

We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including k-anonymity and differential privacy. We will discuss multi-party computation where the data donors want to securely aggregate data without revealing their private inputs. We will also review industry standards, implementations, key management and case studies for hybrid cloud (Amazon AWS, MS Azure and Google Cloud) and on-premises.

We often don’t realize the full impact of cyber crime, which then relapses us into repeating the same mistakes. Even large companies do not completely understand how their data and services are being abused. I want to take you on a journey of observing credit card fraud and abuse from stealing a credit card to trafficking of stolen goods. Learning about these vectors of abuse will help you and your organization to mitigate a number of common attacks and abuses.

With email security breaches constantly making headlines, it is crucial for organisations to be ahead of the curve. Join this interactive panel of industry experts as they discuss the latest trends in email security and how to prevent becoming the next international headline.

Join this Q&A panel to learn more about:

- Emerging trends in email attacks
- How to stay on top of the latest threats
- Best solutions to protect your organization

Moderator: Michael Thoma, Principal Consultant at the Crypsis Group
Panelists: Arif Hameed, Senior Director, Client Security at Equifax
Lior Kohavi, Chief Strategy Officer and EVP for Advanced Solutions, Cyren
Chris Wallace, Chief Information Security Officer

Outsmarting Cybercriminals: 3 Actionable Steps to Minimize Successful Phishing Attacks



With 94% of breaches starting with attacks targeting people, and phishing as the top threat action in confirmed breaches (32%)1, every organization is trying to stay on top of email security to mitigate risks. Unfortunately there is no “magic” solution to prevent 100% of all phishing attacks. But what if there were a few actions you could take to minimize the success of phishing attacks?

Join us for this webinar as we discuss what you can do to minimize the success of phishing attacks against your organization. Walk away from this presentation with insight into:

- Tools to prevent BEC and Account Takeover attacks
- Actionable insights that allow users to make better decisions
- Tips to improve your mean time to detect (MTTD) and mean time to respond (MTTR)

Speaker bio:
Kevin O’Brien is GreatHorn’s CEO and Co-Founder. Under Kevin’s leadership, GreatHorn has become the world’s leading next-generation email security company, analyzing billions of messages and stopping phishing attacks that target a global customer base of organizations, both public and private.

Kevin brings deep industry experience, having been an early member of multiple successfully exited security companies, including CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec). In addition to his role at GreatHorn, Kevin serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group and is a frequent speaker at key cloud cybersecurity and industry events. He has presented at the RSA Security Conference, Xconomy’s What’s Hot in Cybersecurity Conference, Microsoft’s Innovation Outreach Program, the MassTLC Cybersecurity Conference, and has been featured in TechCrunch, NPR Marketplace, Mashable, Forbes, CSO Magazine, and more.

To defend against phishing, your organization needs to understand the key trends and top threats. Cofense’s Intelligence Team spends every day analyzing phishing threats including credential theft, ransomware campaigns, and more. Learn about the top threats that define today’s phishing landscape and how to defend your organization against them.

- See what tactics are successfully evading secure email gateways and reaching enterprise end users.
- Learn what is trending when it comes to malware delivered via phishing, including ransomware.
- Receive tips for ensuring your phishing defense strategy is proactive and well-coordinated.