Join Alethea Duhon, Associate Director for Analysis at the National Risk Management Center at CISA Aas she discusses CISA’s Cyber Security Priorities for the Next 5 Years & Areas for Partnership.
Our digital environments and workforces are more dynamic than ever. To navigate the risks and challenges that digital innovation brings, organizations must rethink their approach to security. Static, legacy approaches have become redundant against sophisticated, fast-moving threats, and attackers that continue to evolve their techniques. Organizations are increasingly turning to new technologies like AI to achieve much-needed adaptability and resilience; protecting workforces and data from attack by detecting, investigating and responding to cyber-threats in real time — wherever they strike.
From skill shortages to work from home, the current Ransomware epidemic, malicious cloud tools, and everything in between, there’s no denying the rapid rate at which our industry is changing and vulnerabilities are increasing. During this interactive presentation, we discuss current global cyberattack trends and explore one overarching theme – the exploitation of us all.
Join Verizon’s Chief Security Evangelist, Dave Grady and Philippe Langlois, a co-author of Verizon’s legendary annual Data Breach Investigations Report (DBIR), for a look at the recent painstaking mapping of these two leading security frameworks. Langlois will explain how this effort can help security professionals improve how they communicate about cybersecurity incidents with technical and executive stakeholders alike.
The SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won’t be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, including revising existing mental models and incident response processes, to build resilience in the fight against advanced threats.
Over the past few years, the number of organizations that have adopted cloud-based systems has grown exponentially, largely due to the COVID-19 pandemic. In turn, cloud security has become a critical issue for IT security executives and their teams. McAffee reported an increase of 630% in attacks by external actors targeting cloud services between January and April of 2020. This uptick in cloud security breaches is projected to persist even after the pandemic as many companies continue to utilize the cloud and leverage its benefits.
While migrating to the cloud offers numerous advantages, it also poses certain threats and challenges. In a recent report by Oracle & KPMG, over 90% of IT Professionals felt their organization had a cloud security readiness gap. A significant concern for many who are adapting to a cloud-based workforce is misconfigurations and gaps in cloud security programs. Additionally, cloud-based infrastructure requires adopting new security policies and processes. Many companies believe their existing security teams lack the necessary skillsets and knowledge that the cloud environment requires, especially as organizations turn to multi-cloud, hybrid cloud, and distributed cloud models.
This panel will highlight the areas where cloud systems can leave enterprises vulnerable, ways to minimize common misconfiguration errors, and other best practices to mitigate threats when migrating to the cloud. Our lineup of Industry Experts will provide their expertise on developing a robust cloud security strategy that addresses these issues and insight on how to stay secure in the future of cloud security.
With the Passwordless Decade well underway, more and more organizations are asking the question: Why is now the right time to move beyond passwords?
George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs.
How did we get here, and will mainstream adoption of passwordless security have an impact? We will explore how the rise of virtual desktop infrastructure and a remote workforce has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.
In this session, you’ll learn:
• Why this is the Passwordless Decade
• Why credential reuse at all-time highs • How authentication has evolved
• How businesses are solving the authentication problem by decoupling authentication from identity providers
It is important to recognize that, overall, the industry has an effectiveness problem. The escalation in threat activity and the talents shortage in the industry has created a situation where, despite lots of products and cybersecurity spend, we aren’t getting better protection. To put a finer point on it, there are over 3,000 vendors selling products in the industry. The total spend last year was $120B+ and even with all of that there we almost 4,000 breaches — a 96% increase over the previous year. The key takeaway from these breaches is that they are NOT product failures. They are operational failures. To prevent these kinds of breaches from happening again in the future, we believe, the industry needs to adopt a new approach – an operational approach – to cybersecurity.
Whether a start-up or an enterprise, you are probably working with multiple vendors, using their software and reliant on their systems. Yet while these external vendors provide invaluable services, they also introduce significant risk to your company’s information security.
How do you know if your vendors are meeting required contractual, security and privacy obligations?
If you don’t have processes in place to assess the risks these third parties pose, then your answer is most likely you don’t. And this is critical: You need to know the risks of working with third parties and that you can trust them — because if they go down, your business may, too.
Assessing risk, however, can be incredibly complex. Traditional risk management approaches that rely on manual processes, spreadsheets and even survey methods don’t scale well and are not automated enough. And they certainly can’t support a third-party vendor network once it reaches a certain size: spreadsheets and email folders become overwhelming, ad hoc processes and reporting cycles create confusion, and manual reviews lead to missed issues and trends. In fact, the more successful an organization is – and the more third-party vendors they work with – the more automation and continuous monitoring are required.
At Reciprocity, we work with companies of all sizes to help streamline and improve third-party risk management. Join Reciprocity CISO Scott McCormick and VP Rob Ellis as they walk you through:
Examples of vulnerabilities and common attack techniques
Steps to mature your third-party risk management program
How to implement automation and make our program more proactive (or continuous)
A case study detailing how ZenGRC helped Conversica drastically improve its compliance and risk posture resulting in 60 saved days and $80K in hard savings
Insider Threat has become increasingly problematic to businesses as the frequency and cost of these threats have risen over the last several years. In a global study conducted by Ponemon Institute in September of 2019, there was a 31% increase in overall cost of Insider Threat and a 47% increase in the total number of Insider Incidents from 2018.
Today, Insider Threat poses an even greater risk to businesses in the wake of the COVID-19 pandemic. Forrester Research, Inc. reported that in 2020, a quarter of all security breaches were caused by an insider and estimates that in 2021, Insider Threats will account for 33% of security breaches.
This panel will discuss the various factors that contribute to this increase in Insider breaches, how remote work has impacted the malicious & non-malicious Insider Threats facing businesses, and the implications this has on enterprises today. Our lineup of Industry Experts will offer their insight & provide best-practices on how businesses and their IT Security Teams should address these risks and adapt in order to defend against Insider Threats.
Ransomware is more dangerous than ever before. Why? It’s partly because successful attacks don’t just affect the victim anymore. Take any of the recent cyber attacks seen on the news, for example. What if you could stay safer from ransomware, however it may attempt to get into your network? Join this event to learn how to stop ransomware infections with a first line and last line of defense approach from the cloud edge to the endpoint. Learn how this layered defense approach can help provide ultimate visibility with ultimate responsiveness against ransomware.
You may be confident in your own email security infrastructure, but the truth is that your security is only as good as the security of those you work with. Attackers know this and they have pivoted their strategy to focus on exploiting the trusted relationships between organizations, vendors, and partners to launch supply chain attacks including payment and invoice fraud.
Join us to see how Abnormal Security stops these attacks — one that nearly cost them $1.6 million. We’ll dive into how you can recognize vendor email compromise, why it bypasses traditional email security systems, and how Abnormal Security uses behavioral AI stops these attacks.
Zero Trust is a concept and goal for keeping your organization malware and ransomware free. Join Sean Brehm from CrowdPoint as he applies Military Science to Data Science and the Blockchain to build an effective Cyber Defense In Depth.
In 2020, there was an unprecedented growth in ransomware attacks and this trend shows no signs of slowing down. Rather, these attacks are evolving and becoming more harmful as cyber criminals become more organized and effective. It is predicted that in 2021, businesses will fall victim to a ransomware attack every 11 seconds with an estimated cost of over $20 billion – 57 times more than in 2015, making ransomware the fastest growing type of cybercrime.
As a result, companies are transitioning from the traditional “trust but verify” method and implementing a Zero Trust model, requiring all users to be authenticated and continually authorized in order to be granted access and maintain access to company data and applications. By leveraging various technologies & techniques such as multifactor authentication, IAM, least privilege access, and microsegmentation, the Zero Trust model reduces the risk of a ransomware attack and minimizes the potential damage from a breach.
This panel will highlight where enterprises are most vulnerable to becoming a victim of ransomware and how utilizing a Zero Trust model minimizes this risk. Industry experts will discuss best practices to avoid a ransomware attack including adapting the Zero Trust model, what to do if your company is being held for ransom, ways to mitigate the damage caused by an attack, and how to recover afterwards.
Prior to defending an organization against a determined attacker, their techniques must be understood. This presentation provides an adversarial viewpoint to inform network defense leaders how the attackers see their organizations and are able to be successful with their objectives, even when well defended. The presenter will draw upon over 17 years of personal experience as a Red Team operator and leader to illustrate how your organizations are viewed, through the eyes of an adversary.
