All organizations need to ensure their employees have quick and easy access to data so they can be as productive as possible. Sadly, this approach often increases the risk of data breaches occurring, particularly among hybrid workforces operating outside of corporate buildings.
In this environment, the traditional focus on infrastructure control is no longer sufficient to protect organizations’ data. Instead, steps must be taken to protect data throughout its entire lifecycle, from the point that it is created, to various ways it is shared, going beyond our control into the hands of a business partner, shareholder or customer.
In this webinar, a panel of experts will highlight the key mechanisms organizations need to introduce to protect their data at all stages, thereby developing a best-in-class policy that their customers can have confidence in.
Attendees will learn:
· The common ways data breaches occur, especially since the start of COVID-19
· The inadequacies of traditional approaches to data protection
· The key technologies and processes required to secure data across its entire lifecycl
RecordedSep 9 202163 mins
Your place is confirmed, we'll send you email reminders
The inherent security weaknesses of on-premises Active Directory (AD) have been well documented, but the risk profile has increased further as a result of the shift to hybrid working environments that use both AD and Azure Active Directory. This has expanded the attack surface for adversaries, and recent incidents, including the SolarWinds breach, are evidence that cyber-criminals are actively targeting hybrid identity security gaps.
Although many organizations have strategic plans to move services and assets to the cloud, the reality is that most will be operating in a hybrid identity scenario for the foreseeable future. Amid this landscape, organizations must enhance their AD and Azure AD defenses. In this session, a panel of security experts will outline the top security risks to watch for in a hybrid AD environment and offer guidance and expertise on how organizations can harden their hybrid AD security defenses.
Attendees will learn:
· The Azure AD authentication model and how it differs from on-premises AD authentication
· Changing definition of the “perimeter” in Azure Active Directory
· The radical shift in the permission model—with a real-world example of delegated application permissions and how misconfigurations can open the door to cyber-attacks
Machines already outnumber the humans on your network, which means every machine needs a trusted identity. Consider IoT devices, mobile devices and software-defined workloads and applications – trusted identity for each and every machine is critical.
As zero-trust and multi-cloud architecture become the norm, the role of machine identities in enterprise IAM (identity and access management) has reached critical importance – each needing to be managed and protected. The stakes are high, and keeping ahead of outages, key theft or misuse and internal and regulatory audits is a serious challenge.
In this webinar, our panel will discuss:
· The use (and misuse) of machine identities in organizations today
· Implications of machine IDs on data privacy and protection
· Strategies and recommendations to manage machine identities
· How to operationalize your strategy with a Crypto Center of Excellence (CCoE)
Three forces are creating a perfect cyber storm: an escalated threat level, a cyber-talent shortage and the growing complexity of managing a multitude of security solutions, all exacerbated by the digital shift during COVID-19. This storm is driving change, forcing us to break down silos between endpoint, workload, network and identity. It's driving the need to leverage existing tooling rather than bolting on more. It’s also reshaping managed security services to be less focused on "busy work," and more focused on "expert work."
Managed detection and response (MDR) services could provide the shelter from this storm for organizations if leveraged correctly and with the right technologies and skills in place. In this webinar, a panel of security experts will break down the current threat landscape and how MDR can protect your organization in this environment.
· The trends increasing the risk of cyber-attacks to organizations
· The development of MDR services and their growing relevance
· How to select an MDR solution that works for your organization
What parts of your cyber supply chain are you unknowingly neglecting? The SolarWinds hack was a wake-up call for companies to check their suppliers and partners for risk. There are still plenty of other dangers lurking in third party systems ranging from software applications and APIs through to embedded devices, chipsets, firmware, and IoT solutions.
These risks lie in other organizations' assets and are seemingly out of your control, but there are protective measures that you can take. Attending this webinar will give you a new perspective on this complex challenge and some actionable insights on where to begin.
Talking points will include:
- The kinds of vulnerabilities that exist in third-party resources
- How to audit for supply chain vulnerabilities
- Strategies for mitigating supply chain availabilities early
The COVID-19 pandemic drove many companies to rapidly deploy cloud solutions to support the overnight shift to remote working. However, the speed of this adoption meant this process was often rushed, leaving many organizations exposed to new security risks. With the pandemic easing and the world entering a ‘new normal’, businesses can no longer be complacent about this issue. The risk is too great – to your brand, your share price and your customers.
Amid this environment, and following a surge high-profile cyber-attacks this year, now is the time to pause and re-examine your cloud security to gain a true understanding of your complete attack surface. Better visibility of your network is critical to ensure the most efficient and effective use of your current and future security investment. This panel of cloud security experts will examine:
• What are the real consequences of an attack to a business?
• How gaps in your security can so easily be missed, particularly following the adoption of new technologies
• How do you maintain the required vigilance to keep up with the growing risk of cyber-attacks?
Over the last few years, the cybersecurity industry has rapidly adopted cloud computing and containerization. These trends have broken many traditional security paradigms, forcing security teams to rethink, retrain and adopt new approaches.
The transition to cloud computing and containerization is proving difficult and leading to an increase in misconfigurations and breaches. According to Gartner, by 2030, at least 99% of cloud security failures will be the customer’s fault. This panel will discuss the challenges facing security teams and how the cybersecurity industry is addressing them.
In this webinar, you will learn about the following challenges:
· Lack of visibility into and across cloud service providers
· Changes to the process where application developers implement security
· Learning and implementing native CSP and Kubernetes security controls
· Implementing security in a hybrid, multi-cloud environment
The threat landscape is continuously evolving. As organizations adapt to new ways of working and look to harness the potential of emerging technologies, threat actors lay in wait — anticipating the next exploit, technique or open door that will grant access to networks and information.
To keep up, detection and response technologies have evolved at an equal pace. This rapid acceleration of threats and solutions can make it difficult to choose the right solution for your organization — especially as not all security solutions are created equal.
In this webinar, a panel of experts will explore threat detection and response programs, EDR, MDR, XDR solutions and how they can work effectively together to strengthen your overall cybersecurity program.
Attendees will learn:
• The differences and evolution of XDR, EDR, and MDR
• Insights into the challenges of managing these platforms — making the managed vs. non-managed decision
• Key considerations of finding the best solution for you and your organization
Ransomware attacks have surged in the past year–and with the rise of ransomware-as-a-service, it’s become an increasingly profitable tactic for cyber criminals.
According to Cybersecurity Ventures, in 2021 global losses from ransomware attacks are expected to exceed $20bn, and by 2031 that figure may be as high as $265bn. This follows recent high-profile attacks that led to Colonial Pipeline in the US paying over $4m in Bitcoin to the attackers and Travelex paying $2.3m to regain control after hackers shut down its financial transaction networks.
Such is the severity of the situation that 60% of respondents to a recent Menlo poll think ransomware attacks should be treated the same as terrorist attacks. But it is quite possible to make malware, even ransomware attacks, a distant memory. To do so, organizations should discard outdated detect-and-remediate approaches and rethink how they protect users, applications, data and the business from these attacks from the outset.
Join this 1-hour webinar to learn:
• How phishing and ransomware attack trends have changed as a result of COVID-19
• Ways you can eliminate ransomware and protect your digital and remote workforce
• How a leading logistics and insurance business achieves 100% malware protection without impacting end-user experience or convenience
Moderator: James Coker, Speakers: Diana Kelley, James McQuiggan
Cyber-criminals often favor cryptocurrencies because they are easy to monetize and provide some level of anonymity. From cyber-criminals using cryptocurrency as a method of payment for tools and criminal services, to attacks on cryptocurrency, to cryptojacking…this session will look at the ways in which cryptocurrency is shaping the cybercrime landscape.
Moderator: James Coker, Larry Whiteside Jr, Andrew Hay, Niel Harper
Ransomware attacks, demands, payments and counter-attacks have dominated cybersecurity headlines in 2021. In this session, a panel of experts debate whether there is ever a good argument for paying the ransom when struck by ransomware, or whether funding crime is never the answer. Panelists will also explore ways in which organizations can rebuild and move forward if they choose not to pay the ransom.
In this ‘how to’ session, you will be given a practical guide on how to build and implement a positive cybersecurity culture. Considerations will include: winning over the C-suite, language and methods for communication and messaging, training and education best practice, reporting, incentives and internal campaigns.
Moderator: Eleanor Dallaway, Speaker: Professor Lisa Short
Digital transformation during the past year is occurring at the rate of 7 years for every 6 months. The same period saw more data breaches and malicious cyber intrusions and attacks than in the last 15 years combined. Despite this increased risk from a pervasively changing digital world, the potential of technology such as blockchain and AI is undervalued and often misunderstood, or seen as an afterthought, not foundational as a solution to risk mitigation and elimination. The security industry, have an inherent responsibility to remain abreast of threats and opportunities from emergent technology
to best serve the economy.
Moderator: Eleanor Dallaway, Brad LaPorte, Martin McKeay, Miranda Ritchie, Alissa Knight, Michael F D Anaya
The last two years have certainly seen a huge amount of change and evolution, and cyber-attack vectors and attack techniques have been no exception. In this session, a panel of experts will analyze the most dangerous attack techniques being used today, complimented with advice on how to build a defense against these methods.
Moderator: Benjamin David, Corey Nachreiner, Dominic Vogel, Massimo Ferrari
Automating tasks allows businesses to concentrate on more productive problem-solving activities, which can lead to a more resilient organization from a cybersecurity standpoint.
However, automation increases the complexity of an organization’s systems, and as cyber-criminals expand their scope, cybersecurity programs must be ready to implement automated cybersecurity in defense.
But where can automation be lacking, or worse, problematic? This session will explore the pros and cons of cybersecurity automation.
It's an all too familiar story, especially in cybersecurity. A driven professional sets lofty goals for herself and someone comes along to tell her why she’s not being realistic, why she’s pushing too far too fast, why she’s simply not qualified. For many, it’s the internal voices that are our biggest opponents to success. Acrophobia, more commonly known as a fear of heights, is something that holds many of us back in our career journeys. We're told not to aim too high for fear we may fall. Yet those voices that tell us to be afraid, to be conservative in our goals, do us more harm than good.
In her keynote address, Alyssa Miller talks about the mistakes that professionals often fall into when we believe the voices that tell us if we’re too ambitious we will get hurt. She’ll discuss where these voices come from, how they threaten to limit not only our careers but our ability to contribute to the cybersecurity community. She’ll draw from examples in her own career progression to illustrate both the mistakes she made and successes she achieved along the way. Listen as she gives you tangible tools to silence those voices, discover your value, and aim for heights that allow you to play among the stars. Remember, you'll never make it to the moon if you insist on keeping one foot on the ground.
Moderator: Eleanor Dallaway, Speakers: Stu Peck, Jan Carroll, Rob Dartnall, Staurt Davey
In this session, a panel of experts will consider the current global cyber-threat landscape. What are the changing tactics being explored and deployed in countries around the world? What are the notable trends in the more notable regions in the cybercrime / cyberwarfare world, and how do they differ from each other? Are there any new emerging attack vectors and techniques? This session will look to answer these questions and more.
Moderator: James Coker, Speakers: Jake Moore, Holly Grace Williams, Brian Honan
In June 2021, the world watched as a single software bug in Fastly brought down large parts of the internet. It was fleeting, but it shone a light on just how vulnerable the internet can be. What needs to be done in order to strengthen the resilience of the internet? What can major companies and governments do to reduce reliance on the companies forming the building blocks of the internet? This session takes a look at the risks if cyber-criminals were to target these companies.
Moderator: Eleanor Dallaway, Tash Norris (Head of Cyber Security for Moonpig Group)
Over the last few years, we've seen a real shift in the way software engineers work. Many companies no longer have tightly defined roles (DBA, linux engineer, network engineer, front | back end developer). Engineers are no longer just deploying software onto existing boxes but are full stack, managing the infrastructure layer as well as the software layer, often as part of the same deployment.
So is having an AppSec team focused on just one portion of those builds the right approach? Are our security teams evolving at the same pace as our engineering functions? In this talk Tash Norris will cover why Moonpig chose to have a product security team, how they differ to application security teams and the role they can play in supporting the growth and security of your business.
Moderator: James Coker, Speakers: Matt Lorentzen, Manoj Bhatt, Giovanni Cozzolino
For organizations looking to strengthen their security posture, and let’s face it, who isn’t, the decision about whether to build an internal Security Operations Center(SOC) versus choosing to delegate and select an external Managed Security Service Provider (MSSP) is often a challenging one. Considerations need to include resource and skills, budget, time demands, security posture, technology, ROI…the list goes on. In this session, experts will weigh up the pros and cons of SOCs and MSSPs and give you the knowledge you need to make your own decision on which is the right solution for your organization.