Evolution of the Threatscape

Defending your IT/OT assets is becoming more difficult every day, as illustrated by the ease with which a ransomware gang was able to knock out half the gasoline supply for the Eastern seaboard. And despite the billions we spend every year on cybersecurity, the breaches keep happening. It’s time to rethink our approach and improve security, not by spending more money on point solutions but by getting the most out of what we have. On June 29, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific, Keysight and (ISC)2 for a discussion on a holistic approach to IT and OT security by maximizing existing investment by optimizing deployed tools, continually optimizing SIEM rules to decrease MTTR and easily validating defenses against late-breaking headline threats rather than disrupting SecOps workflow.

With the onset of social justice movements and awareness of racial and gender inequality around the globe, many organizations and leaders are recognizing the need to dig deeper and lead the charge for their stakeholders and communities for lasting transformation. Yet, what makes diversity and inclusion—seemingly so simple—so complicated and difficult to achieve? What are some of the key challenges and tensions that often arise throughout the inclusion journey? And, how can leaders ignite the passion needed to face these challenges? Join (ISC)2 on June 23, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific as Clar Rosso, (ISC)2 CEO joins with cyber industry leaders to explore these paradoxes, challenges and high-impact solutions and what it takes to achieve a truly diverse and inclusive cyber profession; one that weaves inclusion into everything it does.

5G wireless connectivity is gaining momentum, with consumers and companies keen to adopt the newest generation of wireless for its fast speeds, low latency and innovation possibilities. Municipalities are moving 5G into smart buildings. Health systems are incorporating 5G to raise the bar on care decisions and treatments. And everyone wants to stream any and all media without any drag, whether live or on demand. This requires reappraisals of wireless network infrastructures, data management, access controls, location tracking and carrier contracts…just to name a few boxes that need to be checked. Join Infosecurity Professional’s Editor in Chief Anne Saita as she moderates a panel discussion at 1 p.m. Eastern/10 a.m.Pacific on Tuesday, June 15, 2021 on the biggest risks associated with 5G rollouts.

Call It NetSecOps, IT/Security Operations, SOC/NOC or SNOC. Whatever the name, better collaboration between security operations and network operations teams has enormous benefits for teams that follow through. Join Extrahop and (ISC)2 on June 3, 2021 at 1:00 p.m. Eastern for a discuss on how this union can help with tool consolidation, improve incident response time and effectiveness and adapt to the cloud, remote work, and beyond.

While security departments are leveraging machine learning (ML) and artificial intelligence (A\I) to cut the time for detection and response, bad actors are using the same technology to try and breach your organization. Attacks using AI/ML have been optimized and can find the inherent vulnerabilities that exist in these types of platforms. On May 27, 2021 at 1:00pm ET/10:00 am PT, DomainTools and (ISC)2 will discuss how red, blue, and purple teams can use these automated tools to defend and understand how adversaries are using the same technologies to attack them.

The frequency of Incidents and breaches of companies and critical infrastructure continues to increase. Often, law enforcement (local/state/federal) will need to be brought in. But how do you decide if it has risen to that level? Where do you start? Do you bring in local law enforcement or reach out to an organization like the FBI (Federal Bureau of Investigation)? When you do, how do you work with them, what steps do you need to take to protect your organization and the evidence? Join (ISC)2 and representatives from the FBI on May 25, 2021 at 1:00PM Eastern for a discussion on when to bring in law enforcement, how to work with them and how to make vital pre-incident connections. Learn from and about cybersecurity professionals at the FBI and how they help secure and defend the country.

As organizations continue to struggle to find trained cybersecurity professionals to build out their teams, recruiters and hiring managers may need to adjust the tactics they use to proactively identify internal and external candidates. Developing bench strength by targeting candidates who have transferable skills can lead to long term depth and stability on security teams. Understanding who to look for and managing their expectations of what cybersecurity roles entail is critical to success. Join Clar Rosso, CEO of (ISC)2 on May 18, 2021 at 1:00 p.m, Eastern/10:00 a.m. Pacific as she provides an overview of the 2021 (ISC)2 Cybersecurity Career Pursuers Study, which surveyed both experienced cybersecurity professionals as well as jobseekers considering a career in the field. The study examines such topics as which tasks and experiences make a cybersecurity professional successful, the value of mentorship, at what point in their careers pursuers seem likely to seek a cybersecurity path, what attracts people to the profession and which qualities rank as strong indicators of future success for team members.

It plays out over and over after a major cybersecurity breach makes headlines. Questions are asked: Why was the victim organization vulnerable? Could this have been avoided? What did they do wrong? What policies do they need to change? Who should be held responsible? In most cases, the spotlight only peripherally touches on the attacker. On April 29, 2021 at 1:00PM Eastern, (ISC)2 will bring together a panel of cybersecurity leaders to discuss why our first reaction is to blame the victim, rather than examining the threat ecosystem, how many attacks have already been thwarted and where the true blame should reside.

Threat actors are targeting individuals in the Healthcare industry and using email as their main entry point for cyber attacks. These attacks are aimed at specific people in an organization to steal money, data or sensitive healthcare information. Threat actors can gain access to legitimate mailboxes using tactics such as phishing, malware or social engineering to impersonate the victim. This leads to further infiltration into an enterprise system. What can those in the healthcare industry do to combat this targeting by cyber criminals? Join Proofpoint and (ISC)2 on April 27th at 1 pm ET / 10 am PT for a panel discussion focusing on email compromise/account takeovers and best practices for dealing with these threats in healthcare.

When it comes to security metrics, there are lots of variables. The company. The size and scale of that company. Measuring where things are at today and where you hope things will be in the future.
There’s a lot at play, but one thing’s for certain: There’s a laundry list of security metrics you could be measuring. So how do you know where to start? And once you have your foundation, what’s next? On April 1, 2021 at 1:00PM Eastern, Axonious and (ISC)2 will host a webcast to examine:

· Which security metrics are commonly used for executive-level reporting and to track progress across vulnerability management, security operations & incident response, and more
· The foundational prerequisites to ensuring accuracy and context
· How to evaluate vulnerability management, security operations, cloud security, and other programs.

The ramifications of the SolarWinds incident continue to evolve as more details emerge about the impact it had on a wide range of organizations. A recent survey of more than 300 cybersecurity practitioners by (ISC)2reveals just how concerning the incident was and what these professionals recommend to shield organizations from similar supply chain threats. Join this panel discussion on March 30, 2021 at 1:00pm Eastern to hear anecdotes and best practices related to third-party technologies in the security stack, and how peers in cybersecurity leadership positions are future-proofing their defenses while planning for worst case scenario.

Traditional Intrusion Detection Systems rely on brittle signatures, and can be a major resource drain. As the internet continues to evolve, so do the methods and tactics of the adversary. Attackers are now more focused on your users rather than system vulnerability exploits. A new approach is needed….one that encompasses machine learning anomaly detection, cross platform visibility and cloud ready. Join ExtraHop and (ISC)2 on March 11, 2021 at 1:00pm for a discussion on Next Generation IDS and how it can provide more than just a compliance check off and provide context to the alerts you receive.

To mark the 46th annual International Women’s Day on March 8, 2021, (ISC)2 is proud to present a panel of accomplished women in the field of cybersecurity for a webinar discussion at 11:00am Eastern. This group will come together to discuss data on the demographics that make up the workforce and how they are shifting. They will also outline their own journeys in the profession that led them to the leadership positions they now hold, including the challenges they encountered and strategies they employed to succeed. The discussion will also look ahead to the evolution of diverse cybersecurity teams and the principles that inform how they are being assembled today. Speakers include:
Clar Rosso, CEO, (ISC)2

Aanchal Gupta, CISSP, Vice President, Azure Security at Microsoft

Lori Ross O’Neil, CISSP, Sr. ICS Cyber Researcher & Project Manager, Pacific Northwest National Laboratory; Vice Chairperson, 2021 (ISC)2 Board of Directors

Megan West, CISSP, X-Force Cybersecurity Incident Response Consultant, IBM

All of our organizations are dependent on their supply chain and
having a secure and uninterrupted ecosystem of vendors and partners is critical
to smooth operations. Of course, if it is important to us, then it is a target,
no matter the locale. The recent SolarWinds attack illustrated how a patient
adversary can be successful as they work their way through multiple vendors in a
supply chain to reach their desired target. This infiltration was difficult to
spot and for many, even harder to respond to adequately. These types of attacks
will continue and grow in sophistication. Organizations need to use OSINT and
other vendor tools that can investigate their partners in the supply chain to
gain insight into if they can trust what those applications are doing on their
network. Join DomainTools Senior Security Researcher, Chad Anderson, and
(ISC)2 on March 4, 2021 at 1:00 PM Eastern for a roundtable discussion on supply chain attacks and security,
what tools work and can provide insight into your supply chain and partner’s
infrastructure, and how a good security posture builds from knowing the
inventory and behaviors of what’s running on your supply
chain.

With the massive shift to remote working in 2020, organizations are racing to rethink their security programs to both guard from external attacks as well as manage risk from insiders. Modern approaches to insider threat management must incorporate investments in People, Process, and Technology. This means formalized insider threat management programs; it means investment in insider threat management technologies; and it means building resilience into the fabric of your organization with training.

Join Proofpoint and (ISC)2 on February 23, 2021 at 1:00pm Eastern as we kick off the new year with a discussion about security awareness, education and insider threat management and how best to defend your organization and arm your users to mitigate an insider incident.

XDR (Extended Detection and Response) promises to unite and integrate such security tools as focused on threat protection, detection and response, creating a single megasolution. Such an approach could yield significant benefits for an organization, Join ExtraHop and (ISC)2 on January 28, 2021 at 1:00PM Eastern for an examination on the costs and benefits of this strategy, a discussion of use cases, as well as:

• How to avoid vendor lock-in while still getting the best security tools available

• What XDR is, and what it isn't, including which data sources and security tools are typically included in XDR offerings, and how they work together.

• The advantages and disadvantages of Best of Breed vs. Single Vendor detection and response strategies.

Every organization receives unwanted email and various forms of phishing on a daily basis. Most are common and some are quite unique. Protecting against malicious attachments and links on inbound email is now security table stakes. But with the continuous evolution of cybercriminals, what’s old is new and what’s new is new. They never stop recycling or reinventing. And the cybercrime-as-a-service ecosystem never stops making it easier and cheaper to setup and launch phishing-based campaigns to deliver ransomware, RATs, steal credentials, spread internally, impersonate your executives, or exploit your brand online. Mimecast and (ISC)2 will discuss both popular phishing related techniques as well as newly emerging ones on December 15, 2020 at 1:00pm Eastern. We’ll also discuss various types of defensive techniques, emerging analytics, and user training strategies that can be applied today to better protect your organization.