In December, Infosecurity Magazine will host its annual end of year webinar. Moderated by Michael Hill, editor, and Dan Raywood, deputy editor, the webinar will bring together a panel of experts to reflect on the key topics, trends and headlines that impacted the information security industry over the course of 2019.
In a year which saw threats continue to evolve and mature, the announcement of huge intentions to fine under GDPR and the first $1m bug bounty launched, there were a plethora of talking points and incidents that affected data users and organizations all around the world.
In this special webinar, Infosecurity will share the thoughts of industry thought leaders to gauge how 2019 will be remembered from the information security perspective.
•What were the cybersecurity trends that dominated the headlines in 2019, and was the right story told?
•How threats and risks evolved in 2019, and what positive security strides were made
•What trends will have the biggest impact in 2020, and is the industry ready for them?
Moderator: Michael Hill - Speakers: Rick Moy and more tbc
Organizational threat detection is the process of using data to discover security threats across a business, both of internal and external nature. The objective is to find anomalies, analyze their threat level and determine what actions may be required to respond to them.
In today’s multi-faceted cyber-threat landscape, having the ability to detect data security risks is of paramount importance, but effective data detection requires careful consideration and forethought.
This webinar will examine the current data threat detection landscape, assess how data threat protection can be used to aid organizations in their information security strategies and outline best practices for successfully mastering the art of threat detection.
•Learn the importance of advanced threat protection in your organization
•Discover strategies for implementing effective threat detection strategies
•Learn about emerging technologies and approaches for threat detection and response
Zero Trust is quickly becoming the dominant security model for the cloud, shifting the perimeter from the network to the people and devices that make up a modern workforce.
Traditional enterprise security models were built on an assumption that everything inside the network – whether its devices or people – is trustworthy. However, the evolution of attack sophistication and the proliferation of BYOD has brought greater risk, which means that newer, more holistic measures must be taken to ensure security across the business.
Zero Trust can be used to effectively secure modern organizations from a variety of threats.
However, implementing an effective zero trust approach is not without its challenges, and for a model with many moving parts, the immediate question is: where to start?
This session will explore:
• How to effectively manage a successful Zero Trust strategy
• The full zero trust reference architecture and steps to get there
• Why identity is the foundational layer to build contextual access controls from
Moderator: Dan Raywood - Speakers: Brian Hanrahan, and more tbc
Compromised privileged credentials remain the #1 tool of attackers, despite adoption of privileged access management technology. Legacy approaches focused on protecting secrets have proven ineffective with excessive standing privilege leaving a clear path for lateral movement when a user is compromised.
In this webinar, we will challenge your assumptions about privileged access management and describe a simpler, more effective approach to PAM built on best practices.
•Understand how privileged access is used by attackers, and how to foil attempts
•What a Just In Time approach looks like and the concept of Zero Standing Privileges (ZSP)
•How to make privileged access a straightforward element of your security program
•How a single elegant approach to PAM can meet the demands of cloud, hybrid cloud and on-premise computing
•How Dev-ops and automation solutions can operate within a modern PAM solution
The road to compliance continues to be more rocky, with new frameworks due in 2020 set to further make the job of the data protection and compliance officer more complex. In order to achieve compliance, could a segmentation strategy – enabling better visibility of assets – be a way to ensure compliance is better achieved?
In this webinar, we will look at the concept of network segmentation and how it enables compliance, how failed segmentation in the cloud led to some cases of data breaches and which compliance frameworks you need to be aware of, now and in the future.
- How segmentation can aid visibility of your network
- How to start a segmentation strategy that makes security more robust and easier to manage
- The key steps to enabling compliance, like PCI or SWIFT, with simple segmentation and visibility
With the talk of supply chain and third party risk being a more serious cause of security weakness in an organization, how confident are you that your tech stack and security environment is the most secure it can be? Is there a way to get a “grade” of how secure your business is?
In this webinar, we will uncover the concept of cybersecurity ratings, how they can give you a non-intrusive snapshot or “grade” of how secure your business is, and better enable (third party) risk management.
-Get a better understanding of cybersecurity risk ratings, and their importance
-How to get the best return from your security investments
-Understand what your rating is against other security teams
-How to get the best return from your security investment
Insiders have something outside threat actors never will: trust. They’ve surpassed the challenge of external security defenses and can navigate sensitive internal resources with breakneck speed.
Today, 60% of attacks are carried out by insiders (IBM Cyber Security Intelligence Index), and the average cost of this type of breach is $8.76m (Ponemon Institute).
Unfortunately, many teams aren’t equipped to act quickly to detect and stop these incidents before it’s too late.
In this webinar, we will explore the top motives of insider threats and outline how organizations can determine the right countermeasures to stop both accidental and malicious insider threats in their tracks.
•The top seven most common insider threat focus areas, from accidental leaks to espionage
•What motivates these insider threat actors
•The risks of each type of insider threat
•Real-world examples of these threats in action
•Countermeasures to defend against each type of threat
Today’s attackers come in many forms, from criminal gangs to state-sponsored military operations, and they use an array of attack tactics to break into your network. From APT-style attacks used by organized groups, to offensive AI measures, the capabilities of attacks are becoming more advanced.
In this webinar, we will look at how threat actors will use AI to automate the traditional attack process, how real the threat is, and what sort of tactics businesses can deploy to best defend against AI-powered threats.
Recent developments in the cyber threat landscape
The difference between an APT-style attack and automated attacks
How to prepare for AI-powered attacks
How defensive AI can help human security teams regain advantage
Moderator: Dan Raywood Speakers: Donnie MacColl, Julien Legrand
How is your organization moving sensitive files? Human error, file transfer inefficiency, and subpar encryption processes are among the common challenges that IT security professionals face when sharing files both inside and outside the organization.
In this webinar, we will look at how your business can avoid the common file transfer pitfalls, how MFT is implemented, and what configurations and management are needed, and what the outsourced options look like.
•Avoiding the negative impact that privacy breaches can have on your business
•How to integrate and streamline connectivity with the apps you use every day on the cloud
•How to automate your processes between multiple web and cloud services at once through cloud application integrations with MFT
•Enabling audit trails and visibility and have evidence of transfer completion
Cybercrime and data breaches receive enormous amount of our attention, but the fact still remains that physical access control is a critical front-line defense in a comprehensive digital security posture. As the security landscape continues to change and become more complex, it brings with it opportunities to look at new technologies that respond to escalating security threats.
Card credential and other form factor technologies are common place in many office environments. Now that mobile devices are ubiquitous as well, employees are beginning to expect Mobile Access – the use of a mobile device such as a smartphone, tablet or wearable, to gain access to secured doors, gates, networks and more – as a choice.
However, the challenge for organizations is how to derive the greatest value from the infrastructure in place while integrating new solutions.
In this webinar, we will explore:
• Key insights into why mobile access drives a higher level of security
• The challenges that exist in implementing a mobile access program
• The best practices that create a path to mobile access today
Moderator: Dan Raywood - Speakers: Joe Hancock, Harry W, Michael Zuckerman
Despite claims that ransomware attacks were in decline, in 2019 we have seen new variants including Grandcrab, Shade, Ryuk and Megacortex. What has caused this revival in ransomware? What tactics are they using to be successful, and what can you do differently and better to defend against them?
On this webinar we will look at the latest threats, latest research and understand the state of the global ransomware assault.
How these differ from other variants we have seen in the past
What defensive tactics work, and what has failed in the past
What the state of ransomware looks like
Moderator: Dan Raywood - Speakers: Paul Hershberger, Torry Crass, Mike Lynch
Enterprises are facing a growing complexity crisis over identity: it can be difficult to manage them through traditional means, the number of access relationships are overwhelming, privileges are excessive and strategies have failed to prevent breaches occurring.
Against this backdrop of negativity, this webinar will look at the problems and solutions around IAM, and how you can better strategize and manage access to your network.
Why access management should not be daunting
How IAM can proactively help you prevent identity related breaches and alert you of abnormal activity
How to define security group management
Where IAM can give users access to the right things, at the right time
Phishing comes in many different forms, but spear-phishing is arguably the most dangerous type of phishing attack and the most difficult to detect.
Attackers will carefully research their victims and use sophisticated social engineering techniques to gain their trust and add credibility to their correspondence.
Traditional phishing attacks will often impersonate a trusted company and typically target masses of people at the same time. In contrast, spear-phishing is highly personalized and targeted.
With 91% of all cyber-attacks starting with a spear-phishing email, it’s vital that organizations are armed with all the knowledge they need to defend against attack. A
In this webinar, we will explore the various spear-phishing methods used by cyber-attackers and discuss how organizations can protect themselves from this growing threat.
•The danger of spear-phishing attacks and how they can impact your business
•The spear-phishing process: how attacks are crafted and what methods are used to target victims
•How to protect your organization from spear-phishing
The Digital Transformation Journey: Why Security is Key
A key element of modern-day business success is harnessing digital transformation to accelerate a company’s activities, processes and competencies.
That journey of digitization allows for various, forward-thinking opportunities, but for any business looking to make a success of digital transformation, security is paramount.
This session will discuss why the security function is crucial in supporting the business through a process of digital transformation, and provide strategies for ensuring it does so effectively.
•Why the security function must support the business through a process of digital transformation
•How to ensure business digitization is done securely, from the ground up
•How relationship between security and the wider business can flourish through digital transformation
Mitchell Noordyke, Rocco Grillo, Dean_Nicolls, Danny Bradbury
In January 2020, the California Consumer Privacy Act (CCPA) will come into effect, bringing with it stricter guidelines around the collection and processing of personal information in the US state.
Under the new law, residents of California will have new privacy rights regarding their data, which organizations will need to adhere to in order to avoid monetary penalties.
This session will explore what the CCPA will mean for businesses, assess what the challenges of compliance will be and discuss how organizations can plan ahead to be on the right side of the regulation.
•What CCPA is and what it will mean for businesses in the US from January 2020
•The challenges of CCPA compliance
•How to plan ahead for CCPA
Moderator: Dan Raywood - Speakers: Stephanie Aldridge, Chani Simms, Patrick Cohen
The Benefits of a Diverse Security Workforce
It’s widely agreed that a diverse workforce is a superior workforce, with varied opinions and different ways of thinking often leading to better decisions that can result in improved business outcomes.
However, the information security industry is often criticized for lacking the diversity present in other sectors, and it can suffer as a result.
In this session, a panel of experts will discuss why there is a need for more diversity across the security industry and outline the benefits of a diverse security team.
•Why a diverse security team is a better security team
•How to get diversity right, for the right reasons
Nicola Whiting, Tee Patel, Ed Bishop, Michael Hill
As cyber-threats continue to push businesses to their defensive limits, more and more enterprises are turning to automation and ‘cognitive computing’ to improve the proficiency of their security efforts hoping for quicker response times, better threat detection, the ability to process and analyze large amounts of data and to free up vital staff time.
However, how much hype is there around the true effectiveness of AI in security? Is it really the panacea that it is so often referred to, or should more caution be taken when considering how much reliance should be put into AI technologies?
This session will explore:
•The true effectiveness of AI technology in information security
•How to get the most out of automation, and when to look elsewhere
•The role of AI in the future of cybersecurity