| Date and Time | Title | |
|---|---|---|
| Aug 23, 2023 11:00am - 11:47am (Eastern) | [Keynote] That Moment When You Realize There Is Nowhere Left to Hide We’ve connected everything, everywhere, all the time, so how DO we more efficiently interact with a digital realm that continually measures our pulse in the real world? Let’s talk about some attack vectors that I’ve spent the last few years researching and helping others work on. And then let’s talk about what we CAN do about things. You’ll never look at your lights the same way again. |  |
| Aug 23, 2023 12:00pm - 1:00pm (Eastern) | Building a Sustainable Cybersecurity Program Join us for a dynamic session on “Building a Sustainable Cybersecurity Program” where we explore the significance of sustainable cybersecurity and its benefits. Discover real-life examples and best practices from various industries, showcasing successful integration of sustainable cybersecurity practices. Gain insights into the challenges of implementation and strategies to overcome them. Explore the policies and regulations that promote sustainable cybersecurity and understand their impact. Walk away with a comprehensive summary and actionable steps to create a resilient cybersecurity program for long-term success. Don’t miss this opportunity to safeguard your organization’s critical assets in an ever-evolving digital landscape. | |
| Aug 23, 2023 12:00pm - 12:58pm (Eastern) | Managing Smart Buildings Service Provider Fragmentation Building control systems have been around since the late 1970s. These systems were digitally controlled and proprietary. The building staff could run the building, but the logic/programming required the system service provider’s knowledge to maintain. Over time, the building staff’s reliance on the service provider grew to the point that the service provider not only has unrestricted local access but also unrestricted remote access. And in most cases, the service provider provides and controls remote access. When you take this into account and multiply it by the number of building control systems per building, the number of service provider technicians that currently have access, and former employees that possibly have access, and then multiply this by the number of buildings owned, this number can be huge. Now take into consideration that most of the service providers are not bound to cybersecurity service provider agreements. These buildings are a high degree of risk exposure for building owners. Learning Objectives:
| |
| Aug 23, 2023 12:00pm - 12:47pm (Eastern) | Secure by Default: Evolving Security Expectations CISA recently released their paper on “Secure by Design, Secure by Default” software that has support from seven major governments. It is meant to make significant, achievable improvements in software security. We will discuss the Secure by Default concept, why it is important, and what customers and vendors can do about it today. | |
| Aug 23, 2023 1:00pm - 2:00pm (Eastern) | A Proactive Approach to OT Incident Response With a marked increase RaaS, APT, and nation-state sponsored attacks in the industrial cybersecurity sector over the last 18 months, it is more critical than ever for organizations to build effective incident response capabilities for their Operational Technology (OT) and Industrial Control Systems (ICS) environments. Often when the OT process is down, so is the revenue stream. The pressure to get back operational is high. Having a solid practiced plan, the right tools in place, and an effective decision-making process are critical to restoring production. | |
| Aug 23, 2023 1:00pm - 1:58pm (Eastern) | I Can See Clearly Now, the Threats Are Gone Zero Trust is considered by many to be a marketing buzzword, but what it really alludes to is having good, basic cybersecurity hygiene. It’s what any cybersecurity professional worth their salt has been doing, and does, daily. Ransomware, phishing, and BEC grab the headlines, but your run-of-the-mill cyberattacks can’t be ignored because of the shiny new thing garnering all the attention. The CISO is like a musical conductor that must pay attention to all the resources at his or her disposal—be it people, tools, technologies, systems, and more. How is the organization handling security awareness training? What about staffing shortages affecting the organization, or even the vendors with which CISOs and their teams work? Join this session to hear insights and takeaways on the state of the information security profession today, including tips for seeing clearly and staying ahead of threats. | |
| Aug 23, 2023 1:00pm - 2:00pm (Eastern) | Cybersecurity Jobs Data: What Jobs Are Steady, and Which Are Volatile? Are you interested in the state of cybersecurity jobs in our current economy? In this discussion, we will dive into the latest data on cybersecurity job trends in the U.S over the past 6 months. With an average of 190,000 cybersecurity jobs posted each month, this comprehensive data set will provide valuable insights into the ever-evolving world of cybersecurity. | |
| Aug 23, 2023 2:00pm - 3:00pm (Eastern) | Identity Management and the Pain of Privilege We have an identity crisis. According to the Verizon Data Breach Investigation Report, over 90% of successful Windows breaches occur due to users having privileged access. And yet, according to Microsoft, this is a decades old problem that has still not yet been solved. One of the most effective solutions to this challenge lies in following best practice for identity management, including removing Local Admin rights from all end users. However, this can be challenging as it may result in end-users becoming frustrated when they need to request updates. In this educational and thought-provoking session, CyberFOX Vice President Wes Spencer will outline the problem and the path to success around identity management. | |
| Aug 23, 2023 2:00pm - 2:52pm (Eastern) | Social Engineering: Training the Human Firewall Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business. | |
| Aug 23, 2023 2:00pm - 2:49pm (Eastern) | Mitigating Data Privacy and Cybersecurity Risk Throughout the Supply Chain Attendees will walk away with a practical understanding of how to involve key stakeholders at various points in the compliance program development process and the importance of third-party risk management concerning the overall data security and compliance culture within an organization. Businesses are increasingly built on a complex spiderweb of third-party providers that access a business’s systems, data, and other critical operations. This includes all manufacturing companies that rely on third parties—such as service providers, SAAS vendors, or contractors—to manage data and sensitive operations. Organizations typically have limited control over third parties, limited transparency into their security practices, and limited availability or resources to track third-party security upgrades. As owners and managers of portions of critical infrastructure, it is important for these companies to evaluate the current threat landscape and shift perspective on cyber threats from “if” to “when” as they examine preparedness, protocols, and employee education throughout upstream, midstream, and downstream operations. Mitigating data privacy, cybersecurity, and technology risk throughout the supply chain should be a priority for organizations, and our presentation will touch on key considerations for third-party management, including due diligence, contractual terms, and ongoing compliance. | |
| Aug 23, 2023 3:00pm - 3:51pm (Eastern) | Why Third-Party Cyber Risk Should Be Manufacturing's Top Priority Third-party cyber risk is a pressing concern for manufacturers. 70% have experienced breaches stemming from overprivileged vendor access, making them ripe targets for ransomware. This session will explore the brand, operational, and legal dangers of poor vendor management. It will provide best practices for securing third parties, including thorough vetting, access controls, and monitoring of privileged sessions. With third-party reliance increasing, manufacturers must make securing vendor access a top priority to minimize cyber risk. | |
| Aug 23, 2023 3:00pm - 3:57pm (Eastern) | Tackling the Unique, Cybersecurity Challenges of the OT World An overview of the Cybersecurity vulnerabilities commonly seen within OT or Industrial Control System networks, as well as the techniques that can be used to mitigate risk. The vulnerability focused topics include the common infiltration/disruption methods (attack vectors) and the common targets within OT environments (attack surfaces). Remediation topics include discussions on RMF processes, cyber threat modeling, and secure network design from an OT perspective. This presentation prioritizes explaining the common attack vectors and surfaces that WSP USA sees in industry, as well as the typical recommendations to harder OT networks against intrusion. | |
| Aug 23, 2023 3:00pm - 3:57pm (Eastern) | Building Cyber Resilience for Automated Factory-Floor Environments Keeping the production line running is the number one driver of profitability in manufacturing. Any interruption can lead to unfulfilled orders, angry customers, and supply chain disruptions. Every minute of downtime—especially of the computers that control operational technology (OT)—is money pouring onto the floor. Cybercriminals love to target manufacturers with ransomware, knowing the stakes are high and the victims are likely to pay quickly. So building a defense against ransomware is essential, but not sufficient by itself. Building cyber resilience into factory floor operations requires a broader view of the risks to OT: not just cyberattacks, but also hardware failures, software bugs, human errors, even natural disasters. Yes, you need to fend off ransomware attacks, but you also need to recover quickly and reliably when an OT outage occurs for any reason. Join Acronis for this session which explores potential sources of factory floor downtime with a focus on OT control computers, examines both defense and recovery strategies for these failures, and digs into case studies of manufacturers that have successfully built true cyber resilience into their OT environments. | |
| Aug 23, 2023 4:00pm - 5:00pm (Eastern) | Cyber-Enabled Fraud and Business Email Compromise in 2023 | |
| Aug 23, 2023 4:00pm - 4:55pm (Eastern) | A Whole Lotta BS (Behavioral Science) About Cybersecurity Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see. | |
| Aug 23, 2023 4:00pm - 4:47pm (Eastern) | Cyber Intelligence Briefing: Manufacturing | |
 | |||
Agenda
|
|