CISO XC August 2021
2021 Thales Data Threat Report – Global edition
Todd Moore, Thales
During the pandemic there has been a lot of fear around the theft and hijacking of sensitive data. Ransomware has become one of the most prevalent threats in our day to day lives and is keeping all of us up at night. As a result, the White House and other government agencies, such as NIST, have provided security frameworks on how to protect agencies and businesses. Many organizations were unprepared for these security challenges. In fact, according to the Thales 2021 Data Threat Report, only 20% of IT professionals said their security infrastructure was very prepared for the effects of the pandemic. Even with the challenges over the past year, security professionals were already adapting to better secure and protect access to data in the cloud. According to the report, 82% of IT security professionals are concerned about the security risks of employees working remotely and nearly half reported an increase in cyberattacks over the past 12 months. This presentation will focus on the current security landscape, operational threats and sharing some best practices to help you sleep well at night.
It Takes A Village: An Ecosystem Approach to Insider Risk Management
John Schimelpfenig, Code42
In this session we'll cover some of the drivers behind the rise in Insider breaches, how Code42's Incydr helps to solve the problem, and how to leverage your existing security stack can help improve your organizations insider risk posture.
Using SASE and Zero Trust to Enable Continuous Adaptive Trust
Mike Anderson, Netskope
Some of today’s most common security challenges arise from moving from one data center to many centers of data, sensitive data stored across multiple cloud services, and users working from anywhere and on any device. Addressing these challenges requires enhanced visibility and context, and the most effective way for security leaders to adapt is by shifting to a Secure Access Service Edge (SASE) architecture while focusing on core Zero Trust principles to enable continuous adaptive trust. In this session, we will discuss: Why implicit trust is the root of most security problems, How Zero Trust principles make an excellent starting point for a new paradigm, Best practices for implementing SASE to achieve continuous adaptive trust.
How to stop Ransomware BEFORE it starts
Kevin Kennedy, Vectra
Modern ransomware is not like ransomware of the past. In fact, it’s not even ransomware until it’s too late to prevent significant business impact. The good news is that seeing ransomware before it starts IS both possible and your best line of defense. Please join me as I share how ransomware has changed, how to see it before it starts, and what I predict ransomware will exploit next.
Future Trends in Cybersecurity
Jordan Mauriello, Critical Start
Understanding the evolution of attacker motivations, and the impact to managing risk in enterprise environments. Over the last decade both attacks, and attacker motivations have evolved dramatically. From Hacktivism to Nation State Actors, from Identity Theft Rings to Ransomware-as-a-Service, the motivations, timing, determination and discipline of attackers has changed as the ability to monetize threats has also changed dramatically. I will discuss early cyber threats and impact, evolving nation state threats and defenses, and the current attackers, motivations and causes.
Updated risk landscape and the path to success from a CISO perspective
Sachin Shah, Armis
Discuss the rapidly evolving threat landscape associated with our interconnected business landscapes. From Manufacturing to Energy, critical infrastructure and operations are under attack. Interconnected IoT, IT, and OT/ICS devices are being exploited to disrupt and demand record breaking ransoms. We'll look at what we can learn from the recent newsworthy attacks and how today's technology and approaches can help us prepare and respond effectively.
Risk Versus Compliance: How to Level Up Your Security Strategy to the Board
Levi Gundhert, Recorded Future
In many organizations today, intelligence and security are out of sync. Teams and objectives are siloed, analysis lacks relevance, and the response is slow and reactionary — resulting in lost time and wasted resources. To drive down risk while achieving meaningful operational outcomes, intelligence must be embedded into the core of every security workflow, function, and decision. This requires a unified approach for collecting, analyzing, and automating data and insights.
Exposing Ransomware-As-a-Service and Where It’s Going Next
Jamison Utter, Ordr
Ransomware attacks have been proliferating over the past five years, becoming an easy source of revenue for cybercriminals and putting businesses at risk. How did we get here? What can security teams do differently to detect and respond to attacks more effectively? In this session, Ordr Evangelist Jamison Utter shares research on why ransomware exists and why it is booming as a business. He shares how he built his own ransomware campaign from Darkweb building blocks and how simple it was. Jamison will conclude with perspective on why so many modern security tools are failing to help in the ransomware fight and what companies should be doing to elevate their detection and response.