How to Rethink End-User Protection and Eliminate Phishing and Ransomware
Ransomware attacks have surged in the past year–and with the rise of ransomware-as-a-service, it’s become an increasingly profitable tactic for cyber criminals.
According to Cybersecurity Ventures, in 2021 global losses from ransomware attacks are expected to exceed $20bn, and by 2031 that figure may be as high as $265bn. This follows recent high-profile attacks that led to Colonial Pipeline in the US paying over $4m in Bitcoin to the attackers and Travelex paying $2.3m to regain control after hackers shut down its financial transaction networks.
Such is the severity of the situation that 60% of respondents to a recent Menlo poll think ransomware attacks should be treated the same as terrorist attacks. But it is quite possible to make malware, even ransomware attacks, a distant memory. To do so, organizations should discard outdated detect-and-remediate approaches and rethink how they protect users, applications, data and the business from these attacks from the outset.
Join this 1-hour webinar to learn:
• How phishing and ransomware attack trends have changed as a result of COVID-19
• Ways you can eliminate ransomware and protect your digital and remote workforce
• How a leading logistics and insurance business achieves 100% malware protection without impacting end-user experience or convenience
Live onlineSep 232:00 pmUTC
or after on demand75 mins
Your place is confirmed, we'll send you email reminders
Moderator: Eleanor Dallaway, Speaker: Professor Lisa Short
Digital transformation during the past year is occurring at the rate of 7 years for every 6 months. The same period saw more data breaches and malicious cyber intrusions and attacks than in the last 15 years combined. Despite this increased risk from a pervasively changing digital world, the potential of technology such as blockchain and AI is undervalued and often misunderstood, or seen as an afterthought, not foundational as a solution to risk mitigation and elimination. The security industry, have an inherent responsibility to remain abreast of threats and opportunities from emergent technology
to best serve the economy.
Machine identities are everywhere. From cloud services, containers, and applications, to the code running on them, every machine needs a trusted identity.
But with the rapid increase in machine identities, many security and infrastructure teams are left with an uneasy feeling of not being in control. The stakes are high – keeping ahead of certificate outages, key theft or misuse, and audits is a constant challenge.
The result? 88% of organizations still experience serious outages due to expired certificates. Another 89% of organizations experienced at least three failed audits due to insufficient key management.
In this webinar, you’ll learn:
• Why crypto-agility emerged as a top priority for organizations
• Key risks and challenges in managing machine identities
• How to build a case for prioritizing machine identity and reduce risk of unmanaged machine identities
• Steps for building a Crypto Center of Excellence (CCoE)
Active Directory (AD) access points are frequently used to launch cyber-attacks and adequately securing these systems has become increasingly critical to organizations’ security, particularly amid the shift to hybrid working.
This webinar will focus on this exact topic, with a panel of experts highlighting how cyber-criminals have successfully targeted AD and offering guidance on how to secure this area. This will include the security risks to watch for in managing AD as well as Azure AD, how to look for warning signs that your core identity-management system has been compromised, and how your business should respond in the event of a successful attack. The panel will also exchange real life experiences with securing AD and Azure AD and the challenges they overcame.
Attendees will learn:
· The common AD and Azure AD weak spots exploited in recent cyber-attacks
· Top security risks to watch for in managing a hybrid identity environment
· Preparing for AD and AAD attack remediation
· How to enabling proper backup and recovery procedures for either environment
All organizations need to ensure their employees have quick and easy access to data so they can be as productive as possible. Sadly, this approach often increases the risk of data breaches occurring, particularly among hybrid workforces operating outside of corporate buildings.
In this environment, the traditional focus on infrastructure control is no longer sufficient to protect organizations’ data. Instead, steps must be taken to protect data throughout its entire lifecycle, from the point that it is created, to various ways it is shared, going beyond our control into the hands of a business partner, shareholder or customer.
In this webinar, a panel of experts will highlight the key mechanisms organizations need to introduce to protect their data at all stages, thereby developing a best-in-class policy that their customers can have confidence in.
Attendees will learn:
· The common ways data breaches occur, especially since the start of COVID-19
· The inadequacies of traditional approaches to data protection
· The key technologies and processes required to secure data across its entire lifecycl
Improvements in cybersecurity technologies have made it more difficult for threat actors to mount direct attacks on organizations’ networks. Cyber-criminals are therefore increasingly looking for alternative routes into systems to steal sensitive and confidential data. One of these involves compromising the login credentials of employees or external contractors/vendors, especially those who have privileged accounts and are able to freely access sensitive systems and data.
This issue has been exacerbated by the COVID-19 pandemic, with remote employees more vulnerable to having their login credentials compromised. A zero-trust model of security has regularly been highlighted as vital to keeping a hybrid workforce secure alongside internal employees and external contractors, and this must be underpinned by a strong privileged access management policy, ensuring that compromised accounts do not lead to disastrous data breaches for businesses.
This webinar will explore the latest trends and challenges in privileged access management, and outline the strategies and technologies required to stay one step ahead of threat actors.
In this webinar, a panel of experts will discuss:
· How threat actors are increasingly targeting staff or contractor accounts to steal sensitive data
· The importance of privileged access management in keeping organizations secure, particularly for a hybrid workforce
· The steps required to develop a successful privileged access management policy
The escalating use of shadow IT – information technology outside IT approval – creates significant risk to organizations and is one of the biggest challenges in digital forensics today.
During investigations, incidents, litigation or regulatory and legal compliance, companies must be able to acquire, preserve, analyse, examine and present digital media in a forensically sound manner.
According to McAfee, 80% of workers admit to using SaaS applications at work, in many cases without IT approval. Bring Your Own Device (BYOD) policies and remote working since the pandemic have continued to blur the lines between company and personal device usage.
Organizations need to understand how to get to grips with the expanding shadow IT environment in order to overcome the need and risk attached.
Join this webinar to learn:
· The growing challenges and risk of shadow IT
· Strategies for overcoming shadow IT, including the importance of staff awareness training
· How technologies can help enforce policies, protect data and intellectual property, and reduce costs
Access Identity credentials are one of your organization's biggest secrets. They're like oil: valuable, powerful, and - in the wrong hands - highly toxic. How can you manage them and make sure they’re secure?
In this webinar, our panel of experts will discuss the nature of access identity credentials, how they have evolved, and
some of the risks involved with not managing them properly.
We will also look at how you can keep credentials safe. What are the common credential management tasks that cause companies problems? How does the technical environment (for example, machine-to-machine infrastructure machine identities vs human users) affect credential management tasks? How can we ensure that end-users register and use
their credentials when they receive them, especially in a world of remote work? What best practices can companies follow when managing credentials, and how can technology help?
Talking points will include:
- What the modern credential authentication landscape looks like.
- Common credential management problems facing administrators.
- How credential management challenges face will change as we move to a passwordless world.
Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous, and harder to identify.
As AI-driven attacks evolve, they will be almost indistinguishable from genuine activity, and conducted at an unprecedented speed and scale. In the face of offensive AI, only defensive AI can fight back, detecting even the most subtle indicators of attack in real time, and respond with surgical actions to neutralize threats - wherever they strike.
In this session, discover:
· How cyber-criminals are leveraging AI tools to create sophisticated cyber weapons
· What an AI-powered spoofing threat may look like, and why humans will not be able to spot them
· Why defensive AI technologies are uniquely positioned to fight back
Standard security controls are excellent at ensuring that data stays secure and is only accessed by those with appropriate permissions. However, where security fails is knowing the information that privacy requires, such as where the data came from, why the data is being stored, who the data belongs to, who it’s shared with, and how long it will be retained. The answers to those questions for every system or data element has an impact on which security controls a company needs to have in place.
Join Infosecurity Magazine and data expert Chris Pin as he explains the critical intersection between data security and data privacy, including:
· The key differences between data security and data privacy
· Why it’s possible to have security without privacy, but impossible to have privacy without security
· How to enable and support both security and privacy when it comes to data
By taking a Zero Trust approach, security departments assume that all content–regardless of whether it originates from a trusted source–is untrustworthy. Treating all content as if it is malicious eliminates the need to make an allow-or-block decision at the point of a click. With cyber-attacks and data breaches becoming more prevalent since the shift to remote working, traditional detect-and-remediate approaches to cybersecurity are falling short and security leaders are increasingly adopting Zero Trust as a way to overcome the challenges presented by the anywhere, anytime workforce.
In addition, amid growing cloud adoption, many security leaders are looking to introducing Secure Access Service Edge (SASE) architecture into their organizations. Is there a tie between Zero Trust and SASE? Does SASE come in a box? Do you need to choose between one or the other?
During this session, a panel of experts will tackle these questions and discuss:
- Why focusing on detection is a reactive approach to security
- The relationship between SASE and Zero Trust
- Why isolation is the secret sauce in today’s fight against online security threats
Moving your cybersecurity to the cloud is a good way to protect your entire infrastructure, both in the cloud and on-premise. It makes security more consistent and scalable, and it integrates tightly with cloud-native systems. But for many, it's still a daunting prospect.
This webinar explores the process of transitioning your cybersecurity operation to the cloud, either as a standalone project, or as a necessary part of a broader cloud migration.
You'll leave with a better understanding of what to watch out for, what the best practices
are, and how your service provider can help ease the journey.
Talking points will include:
- The biggest concerns about moving cybersecurity measures to the cloud
- How cloud security has evolved and improved over the last decade
- Common misconceptions about cloud security
The global shift to remote working as the world tackles the COVID-19 pandemic has left employees needing to remotely access applications in cloud and on-premise, which, in turn, has left organizations needing to secure that access.
It’s important that employers enable their staff to thrive in the new working environment by ensuring everyone has the right access without compromising security.
In this webinar you will:
· Learn how to reduce costs, minimize friction for users and simplify operations
· Understand how to protect your IP and avoid becoming victim to phishing and ransomware attacks
· Consider the steps needed to modernize your IT infrastructure
The shift to remote working has thrown up a number of significant security challenges to organizations, one of which relates to the exchange of files. With employees increasingly needing to collaborate from different locations and share sensitive corporate data across digital channels, organizations are at much higher risk of being breached.
Simply having secure data policies are not alone sufficient, and encrypted file exchange solutions must combine strong security with efficiency, otherwise staff will simply find ways round these protocols. In this session, a panel of experts will highlight the importance of consolidation of tools in achieving great collaboration and security for the transfer of files, ensuring policies are adhered to.
In this session, we will discuss:
• Why remote employees will often sidestep secure data policies
• The security and collaboration challenges posed by using multiple vendor solutions and the importance of consolidation
• The importance of employee-friendly secure collaboration tools
Today, organizations face more distributed workforces than ever, spanning not just internal teams but also contractors and freelancers. Securing work between these different kinds of employees across numerous locations introduces security challenges. Teams must stay productive while grappling with security measures such as site whitelisting, performance issues with remote virtual desktop access, and requirements like VPN solutions to access company resources.
This webinar will explore the challenges facing these companies, including the need to balance security and productivity. How can organizations make work seamless and productive while locking down sensitive data and applications from intruders?
Talking points will include:
- The biggest challenges facing companies supporting long-term distributed working practices
- Ways to achieve both productivity and security in distributed work
- Security management techniques that can help mitigate those challenges
Protecting your company’s crown jewels is a cliché, but it’s a cliché that has become even more important in the wake of a pandemic that has forced the world to work remotely. Cyber-threats have increased and C-Suites have taken notice, but converting that awareness into budget investment, commitment and a fundamental change in their practices to minimise cyber threats is another matter.
A top down approach is essential to a successful cybersecurity strategy – starting by protecting the company’s most sensitive information and most important assets, often held by board members and the c-suite. But to do this, you need your board members to understand the new threat landscape in a working-from-home environment, the importance of managing risk, and how to improve your organisations cybersecurity posture.
In this webinar, you will:
- Learn how to navigate the increased level of threat your c-suite and board members face in the virtual WFH world
- Learn how to get the attention of your C-suite and foster a top-down approach
- Understand Cyber Risk Scorecards and how to use them
- Get advice on how to win buy-in and budget from the C-suite and Board
Amid a surge in new international data privacy laws and regulations, it is becoming increasingly challenging for organizations to stay compliant. It has therefore never been more important to develop secure infrastructure to enable compliance obligations to be fulfilled, particularly following the shift to remote working during the COVID-19 crisis.
The first step to achieving this aim is data classification, which provides a solid foundation to build towards onward compliance. In this webinar, a panel of experts will explain how integrating data classification with necessary data protection tools such as DLP, rights management, encryption and more, will elevate your cybersecurity strategy. There will also be advice and tips on the right steps to take on this journey.
This session will demonstrate:
- The increasingly challenging cybersecurity and data protection landscape
- How to develop a robust compliance and data loss architecture
- Why classification by design is the foundation of effective data protection and compliance
The adoption of zero trust services has accelerated as work locations become more fluid and flexible between office and home. That said, it’s now more critical than ever to ensure that users have fast, seamless and secure application access regardless of where they’re connecting.
In this webinar, a panel of security experts will discuss how zero trust security principles provide consistent user experiences when accessing private applications, regardless of the user’s or app’s location.
Join the conversation to learn:
- How zero trust is beneficial for in-office users along with remote users
- How to create a blueprint to ensure a consistent experience when users are accessing private applications
- How to provide fast, secure, local access to internal applications while simplifying the IT infrastructure
IT and security leaders are moving forward with the new realities of the hybrid workplace. Working from home, or remotely, is now just ‘work’. As employees begin to mobilize again, organizations need to maintain an agile and frictionless security model, which at the same time compliments an ever-growing migration of applications to the cloud.
Zero Trust has surfaced as a strategy that shifts the dependency on the user’s location and traditional VPN’s, to policy-based access to applications, wherever they reside.
In this webinar, a panel of expert speakers will discuss how Zero Trust security was propelled forward in 2020, and the vital role of secure access service edge (SASE) in implementing this approach going forward, as more organizations undergo digital transformations.
- Why move to a user-centric and location-agnostic Zero Trust security model
- How Zero Trust Network Access (ZTNA) can be the next step in your SASE adoption
- How an edge strategy supports organizations’ future digital growth
Third-party security and risk assessments have always been important, but rapid digitization and outsourcing during the COVID-19 pandemic has brought the topic to even greater prominence. High-profile attacks are occurring as a result of third-party vulnerabilities and it’s becoming an increasingly talked about topic at board level, particularly in light of the SolarWinds attacks.
A thorough understanding of the risks within a supply chain will be essential going forward, with external customers and senior leadership within an organization wanting to be satisfied that third party partners are meeting security and regulatory compliance rules.
The traditional approach of sending questionnaires to companies is costly, time-consuming and often ineffective, particularly in the current landscape. In this webinar, a panel of experts will discuss how security and regulatory teams can conduct efficient and accurate assessments of the security vulnerabilities in third parties, as well as ensure data protection rules are being met.
In this session, attendees will learn:
- How the COVID-19 crisis has made it easier for malicious actors to target supply chains, and the potential damage that can be caused by successful attacks
- The inadequacies of current approaches to vendor risk management and the growing availability of cutting-edge solutions
- How to benefit from a centralized risk assessment exchange that combines both enterprise and third-party vendors on the same platform
- How to guard against failures in third party risk management
Secure endpoint management is critical to modern business success. What’s more, the move to mass remote and hybrid working models as a result of the COVID-19 pandemic has pushed endpoint security even further up the importance agenda.
However, challenges persist for organizations in finding the correct balance between endpoint security and productivity, with one threatening to outweigh the other if sound strategy and due diligence are not in place to ensure users are able to operate both effectively and safely.
In this webinar, a panel of security experts will discuss the current enterprise endpoint security landscape, assess how to best balance usability with secure processes and outline the risks of failing to do so for modern organizations.
· A step-by-step guide to hardening your endpoint security strategy
· Why secure endpoint management is a combined business responsibility
· How to address the balance of end point usability and security in modern organizations