Hi [[ session.user.profile.firstName ]]

Key Technologies, Strategies and Tactics to Fight Phishing

The global pandemic has seen phishers jump on the COVID-19 trend, and as a result the quantity of phishing messages related to the virus has spiked over the last few months. As well as phishing messages that try to download malware via lures of official documents, the standard practise of trying to a victim’s password and financial details remain.

However as we have seen an increase in the types of phishing, to include more targeted efforts and business email compromise, phishers have not missed this opportunity either. In this webinar, we will look at the overall rise of phishing as a malicious trend, and ask how we can make steps to resolve it.

Key takeaways:

How to better spot and prevent phishing messages from reaching your users
What differences there are between more targeted and standard phishing practises
What the best security technologies and strategies are to fight phishing
Understanding the techniques phishers use
Recorded Aug 6 2020 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Moderator: Dan Raywood - Speakers: Olesia Klevchuk, James Gosnold, Alex Brotman
Presentation preview: Key Technologies, Strategies and Tactics to Fight Phishing
  • Channel
  • Channel profile
  • #IMOS20 A Strange New World: COVID-19 and Changing Infosec Norms Sep 22 2020 8:15 am UTC 60 mins
    Moderator: Dan Raywood
    A Strange New World: COVID-19 and Changing Infosec Norms
    At the start of 2020, few people could have envisaged the unprecedented impact the COVID-19 pandemic has had across the globe. The health crisis has affected and, in many cases, dramatically altered practically every industry and sector we’ve come to know, and information security has been no exception.
    Overnight, mass remote working strategies became the norm as huge numbers of companies looked to equip their workforces with the means to work from home, inevitably resulting in exposure to various new data security risks. At the same time, cyber-criminals moved in their droves to greaten the stress by exploiting the pandemic with numerous tailored scams and attacks.

    The ensuing weeks and months proved testing for organizations large and small, greatly impacting how people work and how data is secured. However, time has passed, and now organizations find themselves faced with a new reality: adapting to a ‘new normal’ in a world forever changed.

    In this session, a panel of speakers will reflect upon:
    • How and why the pandemic has impacted the information security landscape
    • The impact of an increase in remote-working business tools, such as Zoom and VPNs
    • How organizations can adapt and flourish in a productive, innovative and secure way going forward
  • Utilizing Native IaaS Controls to Ensure and Achieve Continuous Security Recorded: Sep 17 2020 63 mins
    Moderator: Dan Raywood - Speakers: Thomas Martin, Christopher Hertz
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure, and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organizations struggle with determining when and how to use these native security controls, doing so in a consistent fashion, and also understanding how and when to augment these to ensure continuous security and compliance.

    On this webinar we will look at these issues, and how you can better augment native security controls in IaaS platforms.

    Key takeaways:

    • How and when to use native cloud security controls
    • Why and when you may want to augment these controls
    • How to leverage automation to gain continuous security and compliance in public cloud
  • Managing Open Source Risk: More Visibility, More Speed Recorded: Sep 17 2020 61 mins
    Moderator: Michael Hill, Speakers: Paul Horton, Nick Coombs
    In today’s world, to survive and compete effectively, IT leaders are hiring armies of software developers, consuming massive amounts of open source and embracing DevOps to automate and optimize the entire software development lifecycle.

    Do CISOs and application security professionals have visibility into the open source being used? Furthermore, what automated security processes can be initiated when a new breach is announced?

    Threat actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, where OSS project credentials are compromised and malicious code is intentionally injected into open source libraries, allows hackers to poison the well.

    Join this webinar where a panel of experts will discuss the tactics businesses can deploy to best defend against these open source threats.

    Key takeaways:

    • Analyze and detail the events leading to recent ‘all-out’ attack on the OSS industry
    • How to automatically identify open source risk and remediate known vulnerabilities
    • Empower developers to protect themselves and the millions of people depending on them
  • Faster detection and response with MITRE ATT&CK Recorded: Sep 10 2020 62 mins
    Moderator: Dan Raywood - Speakers: Guy Grieve, Rick Howard, Dominic Grunden
    The MITRE ATT&CK framework is a tool to help security teams create a more effective security defense. ATT&CK uses open standards and is essentially a database of documented threat behaviors.

    Using the ATT&CK framework, analysts can track threat actor behavior to speed up incident response and investigation. When combined with a SIEM or UEBA solution, ATT&CK bridges the gap between why an alert is firing and what it means.

    In this webinar, we will look at how security analysts can use the ATT&CK framework to more quickly understand how an alert relates to a larger attack so they can take the necessary steps to protect their business.

    Key takeways:

    •What is the MITRE ATT&CK framework
    •How MITRE ATT&CK improves detection and response
    •How to reference ATT&CK tactics and techniques in an investigation
  • Does Phishing Prevention Require Better Technology, Detection or Strategy? Recorded: Sep 3 2020 65 mins
    Moderator: Dan Raywood - Speakers: Lior Kohavi, Lisa Ventura, Wendi Iglesias
    Phishing has proved to be a consistent problem not just in this new decade, but for many years as the traditional form of fraud and financial extortion has evolved to include Business Email Compromise and spear phishing attacks. Combined, these threats prove successful for attackers, and a problem for the SOC as they struggle to stop them efficiently.

    Therefore, is a better or extra solution needed for phishing prevention? In this webinar we will look at whether there is a need for better inbox protection, for better security for Office 365 or if the issue can be resolved with what we have already.

    Key takeaways:

    New tools to better fight against phishing threats
    If Office 365 can keep up with inbound threats
    How to arm your SOC with the ability to spot and detect phishing emails
  • Securing Remote Access to Critical Infrastructure: The Key to Industrial Digital Recorded: Sep 3 2020 64 mins
    Moderator: Michael Hill - Speakers: Sarb Sembhi, Ledum Maeba, Rashid Ali
    The last few months have highlighted the need for organizations to implement security safeguards to secure remote access to critical assets for all employees and suppliers. However, when it comes to remote access, we tend to picture an office worker trying to access a business application or an administrator accessing a server. This leaves out a huge segment of critical infrastructure: industrial equipment.

    In fact, each machine and the related controllers are a wealth of information critical to increase flexibility and adapting the industrial process and supply chain to the challenges of an ever-changing environment. While cybersecurity is often pictured as an obstruction to productivity, in this case, it can be a vector of efficiency by allowing secure access to this wealth of data in order to align and optimize production, maintenance and supply processes.

    In this webinar, we will shift the focus to the critical needs of securing remote access to factory floors and factory data, exploring how to apply the principle of Zero Trust and Zero Standing Privileges to secure the access to data and facilitate the digital transformation of industry sectors and critical infrastructures.

    Key takeaways :

    • Understand the cybersecurity challenges and opportunities in the industrial sector

    • Understand the role of privileged access and credential management solutions

    • Learn about industrial case studies
  • Identity Management for a Dynamic Workforce: Zero Trust Versus Risk-Based Sec Recorded: Aug 27 2020 61 mins
    Moderator: Michael Hill, Speakers: Ian Jennings, Russel Ridgely, Ed Moyle
    User working patterns have completely transformed within the last six months. Recently, many businesses have integrated remote working, collaboration tools, cloud storage and applications into their ecosystem.
    Let’s address the elephant in the room: how can businesses securely facilitate access to these diverse applications, data stores, devices and tools?
    In this webinar, a panel of security experts will discuss Zero Trust versus risk-based security strategies for managing agile and remote workforces, evaluating and assessing the benefits and limitations of both approaches.
    Learn how to:
    •Leverage identity management principals in new, intelligent, user friendly and innovative ways
    •Achieve the right balance between user experience and risk mitigation
  • Building a Diverse, Skilled and Evolved Security Team Recorded: Aug 20 2020 70 mins
    Moderator: Michael Hill, Speakers: Amanda Honea-Frias, Larry Whiteside Jr, Jessica Barker, Kunjal Tanna
    In the fast-paced and data-driven modern landscape, a key element of a team’s success requires several layers of diversity – from thought to skill level, through to past experiences and future ambitions.

    Effective security teams are those built with diverse groups of highly-skilled specialists and broadly-adept generalists. While traditionally organisations have opted to create a list of required security specialities and then tried to hire a team that can cover as many as possible, a fresh approach focuses on the skill sets of existing employees within the organisation and moulds security roles to meet those abilities.

    This can often include introducing engineers from outside the security team to contribute their first-hand project experience and customer-facing support team members who best understand current user challenges or feedback.

    In this webinar, a panel of experts will discuss the importance of having a diverse and inclusive security team and outline how organisations can build modern security teams best-suited to their business needs.

    Key takeaways:
    • The power of cultivating a diverse and evolved security team
    • Why internal hiring of staff outside the security function can benefit the organisation
    as a whole
    • Strategies for developing cross-functional teams, including the importance of
    apprenticeship schemes and ‘Security Champions’
  • Mobile and Web App Security: Mitigating Risks and Protecting APIs Recorded: Aug 13 2020 60 mins
    Moderator: Michael Hill Speakers: Eoin Keary, Paul Dant, Thom Espach
    From mobile banking to eCommerce, consumers are relying on web and mobile apps more than ever before. However, as organizations become even more dependent on the revenue these apps generate, most still aren’t doing enough to protect applications and their underlying APIs against attacks that can compromise data or lead to fraud.

    Consumer web and mobile applications are particularly vulnerable to reverse engineering, and analyst research suggests most lack the protective capabilities and code hardening necessary to prevent apps from being compromised.

    Relying on legacy security methods, such as network or perimeter protection, is not adequate to detect and prevent app attacks.

    In this webinar, a panel of experts will discuss:
    •How the growing app demand for API access is changing the security landscape
    •How to develop web and mobile applications with designed-in security to protect APIs
    •How to integrate application protection into existing DevOps processes
  • Key Technologies, Strategies and Tactics to Fight Phishing Recorded: Aug 6 2020 63 mins
    Moderator: Dan Raywood - Speakers: Olesia Klevchuk, James Gosnold, Alex Brotman
    The global pandemic has seen phishers jump on the COVID-19 trend, and as a result the quantity of phishing messages related to the virus has spiked over the last few months. As well as phishing messages that try to download malware via lures of official documents, the standard practise of trying to a victim’s password and financial details remain.

    However as we have seen an increase in the types of phishing, to include more targeted efforts and business email compromise, phishers have not missed this opportunity either. In this webinar, we will look at the overall rise of phishing as a malicious trend, and ask how we can make steps to resolve it.

    Key takeaways:

    How to better spot and prevent phishing messages from reaching your users
    What differences there are between more targeted and standard phishing practises
    What the best security technologies and strategies are to fight phishing
    Understanding the techniques phishers use
  • Using a Managed Security Services Provider in 2020: Everything You Need to Know Recorded: Aug 4 2020 59 mins
    Moderators: Michael Hill and Dan Raywood - Speakers: Paul McKay, Brian Honan and Becky Pinkard
    Despite the maturity of the managed security services provider (MSSP) market, security professionals and vendors often fail to sync up as true, successful partners. Whilst the role of the MSSP has been called into use in recent months as a result of managed services being required for a largely remote workforce, the MSSP is also needed when a company has weaknesses in its defense.

    In this webinar, we will consider how MSSP relationships work, explore MSSPs are being effectively used and assess what services they are (or should be) offering in the new decade.

    Key takeaways:
    •Where an MSSP can aid your team’s strengths and weaknesses
    •How to choose an MSSP that works for you and your security program’s capabilities and limitations
    •How to manage an MSSP relationship, and what you should expect from MSSPs
    •Where an MSSP can aid you in a time of business continuity
  • Mitigating the Security Risks and Challenges of Office 365 Recorded: Jul 30 2020 66 mins
    Michael Hill, J. Peter Bruzzese
    In the current digital age, large numbers of organizations rely heavily on Microsoft Office 365 services to manage data and processes, with the Office 365 suite enabling companies to communicate and collaborate from multiple location points (in the office, at home and on the road) thanks to sophisticated cloud-based environments.

    At the same time, and amid growing data breach threats and regulatory compliance needs, cyber-hygiene and effective information security has never been more important for organizations to master when implementing cloud-based and hybrid environments.

    Therefore, with Office 365 suites now fully integrated into so many businesses – large and small – and used to store and share huge amounts of important and potentially sensitive corporate data, the security risks of implementing such services must be at the forefront of organizations’ minds. Enterprises simply cannot afford to fail to ensure effective cyber-hygiene in their use of Office 365 and cloud services.

    In this webinar, a panel of experts will discuss the security risks surrounding the use of Office 365 and outline best practice suggestions for ensuring data remains safe while using complex cloud-based services.

    Key takeaways:

    • Understand the risks of failing to secure your office and home-based networks

    • How to gauge how much protection you really have in your current working environment

    • How layered solutions can secure data with you while working in the office or from working from home.
  • From Governance to Implementation to Results Recorded: Jul 23 2020 65 mins
    Moderator: Dan Raywood - Speakers: Bob Bigman, Deke George
    Which cybersecurity measures should today’s CISOs be taking that are actually helpful in stopping hackers? Which strategic areas are worth focusing on and spending money on? Also, what is not working? Which programs have CISOs implemented that aren’t returning a good value?

    In this webinar, we’ll discuss the building blocks of great security programs from governance, automation, implementation models, and more. We won’t be talking about products and technology solutions you should buy, we’ll be offering practical advice about what you need to focus on to protect your systems.

    Key Takeaways

    •Building blocks of a great security program
    •What’s working to identify and counter hacking
    •What are leading organizations doing within programmatic testing
    •How to build a strong team and governance within your team
    •Core areas that every security organization should be focusing on
  • The Impact of Artificial Intelligence on Cyber-Resilience Recorded: Jul 16 2020 61 mins
    Moderator: Michael Hill Speakers: David Day, Karsten Desler, Joss Penfold, Raef Meeuwisse
    Artificial intelligence (AI) has become one of the major trends in digitization. AI applications including machine learning and pattern recognition are affecting the economy, politics and society at large.

    In the field of information security, AI can be used to identify potential risks and increase the level of IT protection by automatically detecting weak points or malware. On the other hand, cyber-criminals can use it to carry out targeted attacks that cause serious damage. Thus, AI is neither entirely ‘good’ nor ‘bad’ – it can benefit a company, or it can harm it. It all depends on who’s running it.

    In this webinar, a panel of experts will discuss the rise of AI and machine learning and it’s impact on the security of data from both a defensive and risk exposure perspective.

    Key takeaways:
    •How companies can take advantage of AI
    •How and why cyber-criminals use and abuse AI technology
    •How companies can protect themselves against AI-enhanced cyber-threats
  • ISO 27701: The New Privacy Standard, and How You Can Get Certified and Compliant Recorded: Jul 9 2020 66 mins
    Moderator: Dan Raywood - Speakers: Ryan Manyika, Valerie Lyons
    The ISO 27701 certification for a Privacy Information Management System - the privacy extension of ISO 27001 - establishes privacy controls for the processing of personal data, and may become the foundation for future GDPR certifications. This new privacy standard leaves many wondering, what does it take to get ISO 27701 certified, and why does it matter?

    While ISO 27001 focuses on the assessment of risks and protection of the organization, ISO 27701 focuses on Privacy Information Management Systems

    In this webinar, learn about the ISO 27701 certification to get a straight-forward guide to achieving ISO 27701 compliance


    Takeaways

    Understand the ISO 27701 privacy standard and its application within regulatory compliance

    Learn the steps to becoming ISO 27701 certified and how to leverage an existing ISO 27001 certification throughout the audit process

    How to develop a roadmap and action plan for bridging privacy and security in your organization
  • The CCPA Enforcement Era Begins: What to Expect from California’s Privacy Act Recorded: Jul 2 2020 62 mins
    Moderators: Dan Raywood and Michael Hill, Speakers: Natasha Amlani, Caitlin Fennessy, Caroline Thompson
    Following the introduction of the EU GDPR in 2018, the state of California introduced its own data security act this year, offering privacy standards for its consumers. Officially launched in January, the CCPA has been broadly welcomed across the industry as a refreshing take on data privacy legislation.

    However, after seven months of working under this new legislation, enforcement is set to begin no later than July 1, and we could see a lot of action and enforcement taken as CCPA enforcement begins.

    In this webinar, we take a detailed look at what the CCPA is and assess what we can expect from it.

    Key takeaways:
    •What the CCPA is all about, and how it applies to your business
    •What the dates mean in terms of compliance and monetary enforcement
    •How you can achieve compliance with CCPA and other data privacy and protection standards
    •What we can expect to happen under CCPA enforcement in the next six-12 months
  • Building Remote Resilience: A Secure by Design Approach to Remote Working Recorded: Jul 2 2020 61 mins
    Moderator: Dan Raywood - Speakers: Jason Georgi, Kevin Fielder, Rory Duncan
    IT and security specialists have had to adapt to the demand for remote working at speed and at scale. Technology has kept the UK PLC in business, and home has become the new Enterprise. It is clear that many organizations are unlikely to return to normal office life until much later in the year – and for some businesses, this may be the tipping point to change the way they work forever.

    As lockdowns are eased and people begin to return to their workplaces, what can we learn from this unplanned period to build greater cyber resilience and protect our colleagues, devices, processes and services? In the struggle to react, have we lost sight of the strategic goal of becoming secure by design?

    In this webinar, we will look at tactics and strategies to ensure a secure by design approach to remote access capacity and scalability, identity management, secure access to cloud-based applications and workloads, and the value of threat intelligence to protect and future-proof your remote users.

    Key takeaways:
    1.Which challenges to a secure, compliant remote business should organizations prioritize and how can threat intelligence support intelligent security decision making?
    2.How can you get the most out of your existing assets to build resilience into your remote access capacity and scalability, identity management and access to cloud-based applications?
    3.Why does a secure by design approach help build resilience now and in the future?
  • Attack Yourself Before They Do: Strengthen Through Breach and Attack Simulation Recorded: Jun 25 2020 61 mins
    Moderator: Dan Raywood - Speakers: Scott Register, Andy Young, Joe Hancock
    Data breaches and cybersecurity attacks have not reduced in recent times, and whilst you can only do so much to protect against external attacks, you can attack yourself before they do. Using breach and attack simulation (BAS), you safely run the entire kill chain of attacks against your network to expose gaps, misconfigurations, and even lateral movement.

    In this webinar, we will look at the evolution of breach and attack simulation, where it stands today, how it works, and what you should look at before you consider implementing a BAS solution.

    Key takeaways:
    •What breach attack and simulation is, and how it reduces security risk
    •How to properly run a BAS program within your organization
    •How to deal with the results of a simulation
    •How this is different from a penetration test or red team exercise
  • Zero-Trust Security: Making Remote, Work Recorded: Jun 18 2020 62 mins
    Moderator: Michael Hill, Nikhil Khare, Gemma Moore, Sam Temple
    Cloud applications and hosting services continue to grow in popularity with enterprises because of the benefits they can provide in scalability, flexibility and costs.

    Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. However, the key is mastering said effective security strategy so that it allows for safe, seamless and remote working for all employees.

    The principles of zero-trust security can address this challenge and help you maintain your security posture regardless of whether a user is working on your network or on-the-go.

    In this webinar, we will discuss the fundamentals and application of zero-trust principles, and outline how you can implement them in your own environment.

    Key takeaways:

    •The security benefits of zero-trust security

    •How to effectively implement and manage a zero-trust approach

    •Key insights on making remote working secure and safe for your
    organization.
  • Advanced Protection Against Zero Day Threats and Malware Recorded: Jun 18 2020 62 mins
    Moderator: Michael Hill Speakers: Oli Venn, Mark Chaplin, Brian Honan
    The cyber-threat landscape continues to evolve. Each year, attackers add new techniques and tactics to their arsenal, increasing their ability to evade detection and attack your systems.

    Zero day threats and advanced malware can easily evade anti-virus solutions that are simply too slow to respond to the constant stream of emerging threats.

    The findings from WatchGuard’s Q4 2019 Internet Security report show that threat actors are always evolving their attack methods. With over two-thirds of malware in the wild obfuscated to sneak past signature-based defenses and innovations like Mac adware on the rise, businesses of all sizes need to consider implementing multiple layers of security.

    In this webinar, we will investigate evolving zero day and malware threats and discuss the best practice options for protecting your business.

    Key takeaways:

    •Discover more about how zero day threats can evade traditional defenses
    •Understand more about new and rapidly-evolving cyber-threats in 2020
    •Learn the tools, techniques and technologies needed to defend against zero day threats
    •Best practice advice to implement a multi-layered approach to protect your organization.
Strategy - Insight - Technology
Dedicated to serving the information security community, in person, in print and online.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Key Technologies, Strategies and Tactics to Fight Phishing
  • Live at: Aug 6 2020 2:00 pm
  • Presented by: Moderator: Dan Raywood - Speakers: Olesia Klevchuk, James Gosnold, Alex Brotman
  • From:
Your email has been sent.
or close