Name: Optimising Third-Party Risk
Start: 2022-06-23T12:00:00Z
End: 2022-06-23T12:00:57.000Z
Location: BrightTALK
Rating: 4

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

Artificial Intelligence (AI) has come roaring to the forefront of today’s technology landscape. It has revolutionised industries and will modernise careers, bringing numerous benefits and advancements to our daily lives. However, it is crucial to recognise that AI also introduces unseen impacts that must be understood and addressed for your employees and your organisation as a whole. Join James McQuiggan, Security Awareness Advocate at KnowBe4, in this thought-provoking presentation where he’ll discuss the unforeseen threats of AI and how to protect your network.

During this presentation, you will:

•        Gain insights into the risks associated with AI and their implications for critical domains
•        Understand the dangers of prompt injection attacks and their impact on data integrity
•        Discover ways to combat the spread of conspiracy theories and misinformation generated by AI
•        Learn how training your users to recognise malicious technology is the best, last line of defense

James McQuiggan is a Security Awareness Advocate for KnowBe4. Prior to joining KnowBe4, McQuiggan worked for Siemens for eighteen years where he was responsible for various roles, including his most recent as Product & Solution Security Officer for Siemens Gamesa Renewable Energy. In this role, he consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. In addition to his work at Siemens, McQuiggan is also a part-time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division.

The Dark Side of AI

Artificial intelligence is changing the way we work, and supply chain management is no different. 

With all new technologies it is easy to get carried away with implementation before considering the full consequences. In this session Francesca, ISF Analyst and Supplier Security Product Owner, will be discussing the potential benefits and drawbacks of implementing AI into our third-party relationships.

The Influence of AI in Supply Chains

90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations. 

With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this presentation we will give an over view of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.

MEET THE SPEAKER

Tzachi is the head of supply chain security at Checkmarx, and was the co-founder and CEO at Dustico, a software supply chain security startup that was acquired by Checkmarx in 2020. Prior to Dustico, Tzachi built custom solution for automating malware analysis, SOC automation, securing micro services, and designing network sensors at Palo Alto Networks.

Everything You Need to Know About Software Supply Chain Security

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.


MEET THE SPEAKER

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

AI Insights: Opportunities and Challenges

This discussion explores the profound impact of Artificial Intelligence (AI) on information security and data protection, highlighting the dual-edged nature of AI as both a tool for enhancing security measures and a potential threat due to its ability to be used by an attacker.

We’ll delve into:
• The evolving landscape of data privacy, examining how AI's capabilities in data processing and analysis pose new challenges for data protection
• An analysis of recent guidance and legislation aimed at ensuring the safe and ethical use of AI
• A detailed review of international and national regulatory frameworks that address AI's unique risks

Dave Barnett has worked in the cloud security space for over ten years. Previously he was a Director of strategy at another leading organisation where he co-authored PAS555 (the first nationally certified cyber security standard) and collaborated with academia on a number of important research papers. In Dave’s current role he leads the business strategy team for Cloudflare’s EMEA SASE, Zero Trust and email security portfolio.

AI Frontiers in Cybersecurity: Navigating Opportunities and Threats

The cybersecurity landscape is always evolving, and in 2023 Cofense saw the volume of malicious email threats reaching end user inboxes increase by over 300% compared to 2022. 

With the volume and variety of threat campaigns continuing to develop exponentially, join Josh Bartolomie, VP of Global Threat Service, to take a look at some of the latest tactics being adopted in business email compromise (BEC). We’ll explore the overarching trends in BEC, and ways to counter this worrying trend from both a technical and people centric approach. 

Key takeaways will include: 
• How attackers are bypassing traditional email security
• Why finance themed emails are still the most popular tactic
• The costs and impact of BEC attacks for organizations
• Ways to identify your most targeted people
• Risks and concerns with BEC attacks leveraging AI
• Top tips and practical advice that you can implement quickly!

With over 25 years of information technology and cybersecurity experience, Josh has designed, built, and managed security operations centers, incident response teams, and security architecture and compliance groups for large, global organisations such as Exelis, L3Harris, and Cognizant. Throughout his career, Josh has maintained a passion for continuous innovation with a focus on designing solutions that address real world gaps and provide immediate value to cybersecurity defenders and organisations around the world.

This Time it's Personal: The latest trends in business email compromise

Email security risk remains high. From credential harvesting and compromise in the supply chain to data loss and exfiltration, almost every organization has had email security incidents in their Microsoft 365 environments. Egress polled 500 cybersecurity leaders and found that the majority have concerns about the traditional technology they use to protect their organization over email.

Join Jack Chapman, VP of Threat Intelligence at Egress, as he discusses findings from the 2024 Email Risk Report for insight into the threats that organizations face, including:

• How both inbound and outbound threats continue to evade traditional approaches to email security.
• Why traditional technology cannot protect against data loss and exfiltration.
• Threats that secure email gateways (SEGs) fail to detect and why 87% of leaders are considering replacing their SEG or already have.

Email Security in 2024: The Urgent Need to Adapt Your Approach

We all have a role to play in the advancement of women in cyber.

ISF's Esther Schagen-van Luit, Principal of Services; Hui Shan, Senior Analyst; Shreya Tiwari, Zero Trust Product Lead; and Francesca Williamson, Analyst, share their reasons behind their commitment to the field. 

Listen as they reflect on:
Their individual career trajectories 
The role models who have shaped their paths and the invaluable resources that have aided them along the way
The various perspectives on thoughts on technology developments such as AI within the industry.

Why Women Stay in Cyber

In an era where the vast majority of financial services companies embrace public cloud, a pressing issue has surfaced: how do you manage a growing and diverse set of cloud services? 

Join security leader -  Ryan Kazanciyan, CISO at Wiz, as he and Vlad Nikolov, Security Architect at Intuit, spotlight the critical need for enhanced visibility across cloud, data, and AI domains.

In this webinar , Ryan and Vlad will:

- explore practical strategies for maintaining compliance across diverse regions
- delve into the resilience benefits of adopting a unified approach to fortify against threats. 

This webinar is not just about identifying problems—it's a hands-on playbook for actionable solutions.

The Cloud Security Playbook for Financial Services

This presentation delves into the alarming role of artificial intelligence (AI) in supercharging the spread of mis- and disinformation. We'll discuss the importance of this topic by showing how AI has the potential to amplify the reach and impact of false narratives like never before. 

Through automated content generation, AI-driven social media algorithms, and the manipulation of audio-visual media with deepfakes, deceptive information can be disseminated at an unprecedented scale. This phenomenon poses significant risks, including the erosion of trust in reliable sources, the manipulation of public opinion, and influencing the credibility of entire organizations.

In this talk, we'll dive into:
- the destructive power of mis- and disinformation.
- ways AI is being used by bad actors to influence the masses.
- how to protect against false AI-generated content.

Our Speaker:
Jelle Wieringa has over 20 years of experience in business development, sales, management and marketing. In his current role as Security Awareness Advocate for EMEA at KnowBe4, he helps organisations of all sizes understand why more emphasis is needed on the human factor, and how to manage the ongoing problem of social engineering. His goal is to help organisations and users increase their resilience by making smarter security decisions. Previously, Jelle was responsible for building an AI-driven platform for security operations at a leading managed security provider.

The superpower of AI: Unleashing mis- and disinformation at a horrific scale

With the rise of large language models (LLMs), there's been an explosion of innovation in AI being applied to nearly every domain, from generating beautiful art, to summarizing huge bodies of text, automating sales outreach and customer service, performing scientific research, and more.  

Clint Gibler, Head of Security Research, Semgrap and guest speaker from Wiz, has spent hundreds of hours following how AI is being applied to cybersecurity.

In this webinar, Clint distills the best articles, papers, and talks across cloud security, web security, AppSec, offensive security and more into one talk so you can rapidly understand the lay of the land.  

You'll leave this webinar with a solid understanding of:
- The current landscape
- Open problems
- Where things are headed

Disclaimer: This is a pre-recorded webinar

AI & Cybersecurity: The current state of the art and where we're headed

With 2023 coming to an end and 2024 on the horizon, we find ourselves confronted by a landscape characterised by economic downturn, social disillusionment and escalating regional tensions.

Amidst these turbulent macro-economic, geopolitical, and social fronts - trust will crumble as organisations learn that regulators can introduce new risks, technology does not always achieve desired outcomes, and data itself is more susceptible than ever to manipulation.

To prepare security leaders for the challenge ahead, Chief Executive of the ISF Steve Durbin returns to the virtual stage to deliver our annual Emerging Threats webinar. Secure your place for early insight into the prominent information security threats to expect in 2024 and crucial guidance on how to fortify against them.

ISF Annual Threat Update: Emerging threats for 2024

With more than 20% of all interactive intrusions associated with the exploitation of public-facing applications, the security of your organization’s data and publicly facing assets is more critical than ever. 
 
During this session Will Barlow, Senior Manager, Professional Services at CrowdStrike will share five tips to reduce the risk of exposure in an increasingly connected digital landscape.

How Well Do You Know Your Attack Surface?

As the regulatory landscape continues to evolve, organizations are aligning with industry standards and frameworks to support their operational, compliance and audit requirements.

Whilst security leaders are aware of the considerable advantages this strategic adoption brings, budget constraints, shifting priorities and a shortage of cyber security expertise are leaving security teams grappling with organizational and technical roadblocks.

Join us for the opportunity to engage with ISF experts and discover how the ISF Standard of Good Practice (SOGP) is supporting leading global organizations in managing compliance across multiple standards and jurisdictions.

In this session, we explored how to:

- integrate up-to-date best practice into business processes, risk management and information security programmes 
   and policies
- minimise effort and investment when looking to comply with international industry standards and frameworks
- build a strong foundation for resilience based on ISF security controls frameworks.

A Unified Approach to Compliance

Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security incidents.

ISF materials, including the SOGP, have been developed to support the risk assessment process of identifying business impacts, assessing key threats and vulnerabilities, in addition to treating information risks. These materials complement organisational approaches to information risk assessment and, when used in conjunction with ISF Risk methodologies such as IRAM2 or QIRA, enables an organisation to keep information risk within acceptable limits.

Join Benoit Heynderickx, Principal Analyst and Hui Shan, Senior Analyst, at the ISF, for our final webinar in the ISF Cyber Security Showcase Week, where they consider all these different materials, and present how they can be combined and used to effectively manage risk.

Manage Risk the ISF Way

Successfully withstanding, and recovering from, a major cyber incident depends on strong leadership, planning and preparation. During a cyber crisis, you face a second enemy - time!
 
In this session Mark Chaplin, ISF Principal, will share top tips and insights from the many Cyber Simulation Exercises he and his team have run for leading global organisations.
 
You will learn about best practices in cyber resilience and hear about the success factors and also pitfalls that challenge organisations at all levels, from technical and operational to executive and board level.

Lessons from the frontline: What we learn from Cyber Simulation Exercises

From relentless adversaries to resilient businesses

Join Peter Watts, Cyber Security Specialist, to learn how to examine the relentlessness of today’s adversaries and the persistence required to stay a step ahead of them. Based on frontline observations from CrowdStrike’s threat intelligence team, Peter will share highlights, notable themes, trends and events across the cyber threat landscape.

Over 200 adversaries are attacking companies across the globe - and they’re moving faster than ever before.

Threat Landscape 2023

Have information security leaders changed business stakeholders' perception of security in recent years, or is security still merely seen as cost, friction and burden?

Security leaders and their teams remain committed to helping business stakeholders understand the value of balancing security, risk and innovation to achieve business goals and maintain competitive advantage. However, many are frustrated at the challenges faced when nurturing relationships with business stakeholders.

In this presentation, we will explore some of the reasons for the slow progress and suggest steps that could be taken to accelerate a more positive change in how security is perceived - unlocking its true value and potential.

Unlocking the Business Value of Security

Communicating and collecting information from third-party partners and vendors is an everyday burden for third-party risk teams, but often there are internal communication gaps that can persist and hinder program potential.

It’s just as important to have clear internal communication and visibility to effectively evaluate how third-parties impact risk exposure, and how to appropriately address that risk methodology shared between IT and third-party risk teams can help alleviate manual roadblocks in sharing data, informing, appropriately remediating risk, and leveraging automating to streamline execution.

Key takeaways:
· Enhance the visibility of your third-party risk program and reduce manual data management
· Prioritise engagements with your most critical vendors based on IT risk indicators
· Report and reinforce third-party risk in context of a broader information security program.

Optimising Third-Party Risk

Vendor Resiliency

Risk Assessment

Risk Management

Data Management

Cyber Security

Information Security

Information Risk

IT Automation

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Optimising Third-Party Risk

Presented by

About this talk

More from this channel