2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

•Download as PPTX, PDF•

1 like•94 views

Internetwork Engineering (IE)

Jason Smith's presentation on 2019 Cybersecurity Threats & Trends: The Chart Toppers and One-hit Wonders

Technology

<#>
Cyber Security
Threats and Trends
The Chart Toppers and 1-hit
Wonders
Jason Smith

<#>
Jason Smith
Lead Security & Compliance Consultant
Internetwork Engineering
• CISSP, CISA, CISM, CRISC, GIAC
• Security Researcher
• ISACA Instructor
Introduction

<#>
Baltimore by the Numbers
Initial Ransom Demand:
Remediation Costs:
Remediation and Lost Revenue:
Source: NY Times Aug 2019
$76,000.00
$5,300,000.00
$18,000,000.00
*estimated

<#>
Podunk County Elections Board
We believe that elections should be accurate and secure.
We are taking proactive steps to ensure the cyber security and integrity of
Podunk County Elections. To find out more, call: 555-555-5555

<#>
Open Season??
Source: Government Technology

<#>
RYUK Ransomware
First Appeared: Aug 2018
Russian Controlled* (Wizard
Spider - Grim Spider)
Derived from Hermes
Ransomware source code
Appears to be fairly targeted, based
on ransom demands, Enterprise
focused
Distributed through spam/phish,
possibly through Emotet
(internal)
Indicators of TrickBot (w/Emotet)
on compromised networks

<#>
The Curious Case of Emotet
2019 Cisco Threat Report – see last slide
US Cert
Pivoting from a Banking Trojan to a Sophisticated Delivery System

<#>
Most Common Phishing Attack Vectors
Phishing Still # 1

<#>
Simple Security Awareness
Don’t Do Dumb Stuff

<#>
Simple Security Awareness
Bad People Will Use Email to Trick YOU

<#>
• 10 % of all ransomware demands
are > $5K
• Datto
• City targeted Ransomware
demands: $50K - >$500K.
• CNBC
• Total reported 2018 Ransomware
revenue >$25m
• Business Insider
Hacker Motivation - Follow the Money

<#>
• Hundreds of
thousands of
participants
• Elaborate delivery
structure
• Built around the Dark
Web
Traditional Cyber Crime Enterprise Model

<#>
The Reputation Dilemma
Marriott International, Inc
<#>
The Reputation Dilemma
Marriott International, Inc

<#>
New Cyber Crime Enterprise Model
Improved Efficiencies
• Code Sharing
• Repurposed Malware
• Strategic Sphere Phishing
New Monetization Strategies
• Backend and Transport Support
• Manipulation and Speculation

<#>
Choose your battles wisely.
Avoid spending on knee jerk,
point solutions.
What to Do …
Focus on your risk.
Remember, hackers tend to
opportunistic first.
Back to the basics. Security hygiene, risk
assessments, user awareness training.
Get involved with other IT areas and departments.
What is the near term and long term IT strategy
and how can it be secured. Demonstrate value
(metrics, KPIs, show up!)!

<#>
”Just showing up is half the battle.”
Woody Allen

<#>
Start with a RISK Assessment!!
IT’s All About RISK!!!
Understand your network
Understand your data, and how it is
consumed!
Learn the Business!

<#>
Thank you!
Questions?
Jason Smith
IE Advisory Services – Cyber Security
@smith380
jsmith@ineteng.com

<#>
Emotet
Malware Research
CyberCrime
Links and Citations
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
https://www.cisco.com/c/dam/en/us/products/se/2019/2/Coll
ateral/cybersecurity-series-threat.pdf
https://www.academia.edu/39011806/RYUK_Ransomware_An
_Analysis_of_a_Dangerous_New_Malware
https://www.isaca.org/info/state-of-cybersecurity-
2019/index.html?cid=pr_1237247&appeal=pr

What's hot

Insights into cyber security and risk

When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.

Cybersecurity in Banking Sector

Quick Heal Technologies Ltd.

Cyber Security

rahulbhardwaj312501

eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...

Netpluz Asia Pte Ltd

View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/ The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed. Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.

Key Findings from the 2015 IBM Cyber Security Intelligence Index

IBM Security

Join CTO and Nonprofit Cybersecurity expert Matthew Eshleman as he walks through the third annual Community IT Nonprofit Cybersecurity Incident Report. This report looks at the different types of attacks that occur at small and mid-sized nonprofit organizations. Is your nonprofit prepared? Matt also shares advice on security improvements that provide protection against the most common attacks. Learn the role of leadership in placing a value on cybersecurity preparedness for your nonprofit and the long term planning that should accompany your immediate assessment of your security risk. Matt touches on vendor hacks from 2020 including Blackbaud and SolarWinds and discusses steps your nonprofit should take to understand your risk level. Learn about real cyberattacks on nonprofit organizations and how they responded to these attempted hacks. Matt gives you the tools you need to protect your organization and staff from cybercrimes. Many of these tips you can put in place quickly and train your staff on immediately. Download the full report or view here: https://communityit.com/2021-nonprofit-cybersecurity-incident-download/

2021 Nonprofit Cybersecurity Incident Report

Community IT Innovators

Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/

CSE 2016 Future of Cyber Security by Matthew Rosenquist

Matthew Rosenquist

This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s. Main points covered: • What are the top cyber threats facing enterprises in 2019? • What do the major cybersecurity vendors believe will happen in the next few years? • What is being done to prepare for daily cyber-attacks facing enterprises? • What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now? Presenters: Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow. Recorded Webinar: https://youtu.be/IHAAXQ30zBk

Top Cyber Threat Predictions for 2019

PECB

A Glimpse into the Cybercrime Underground In this session, Trusteer’s senior fraud prevention strategist, Etay Maor, will dive into the latest tools, techniques and threats developed and utilized by cybercriminals. The presentation will include a market overview of the latest offerings from the criminal underground, with a deep dive into some of the techniques discussed by cybercriminals, and review how they manifest as real attacks with real examples and case studies. A share of the presentation will also be dedicated to possible mitigation strategies and techniques. During this webinar you will learn about: - New malware attack and evasion techniques - The latest underground offerings on the “fraud as a service” market - The latest rumors and discussions around malware and malware authors from the underground - Real-time intelligence and adaptable counter measures

Cybercrime Threat Landscape: Cyber Criminals Never Sleep

IBM Security

2016 - Cyber Security for the Public Sector

Scott Geye

Cyber Security

ADGP, Public Grivences, Bangalore

Enterprise Cyber Security 2016

Supply Chain Coalition

ICION 2016 - Cyber Security Governance

Charles Lim

Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data. Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation. The webinar covers • Ethical Hacking • Penetration Testing • Differences and Similarities • Types & Stages of Penetration Testing • Cybersecurity • Impact of COVID-19 on Cybersecurity Presenters: Carl Carpenter Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications. In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc… Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell Andreas Christoforides Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank. In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework. Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO. YouTube video: https://youtu.be/cTrdBZFIFhM Website link: https://pecb.com/

Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?

PECB

Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...

Netpluz Asia Pte Ltd

Cyber security threats and its solutions

maryrowling

Top 12 Cybersecurity Predictions for 2017

IBM Security

IT security teams have a tough job. While organizations depend upon Internet access to conduct business, security teams are responsible for safeguarding these communications and transactions from those who wish to profit by stealing intellectual property, customer private data or even just encrypting your data and demanding a ransom for its safe recovery. There are a number of tools available to monitor log events, network flows, and packet captures, but most of these are performing after-the-fact analysis. That can make it easy for the bad guys to hide out on your network. IBM QRadar Network Insights (QNI) uses innovative network threat analytics to identify malicious content – including those hidden in data transmissions, SSL certificate violations, protocol obfuscation, file tags, and suspicious network flows – and then pieces together those indicators of attack to provide security teams with real-time alerts. These alerts help organizations detect attacks that are in progress, as well as determine what damage may have already been inflicted. View this on-demand webinar to learn how QRadar Network Insights can: Remove network blind spots and reduce complexities in log data to reveal previously hidden threats and malicious behaviors; Record application activities, capture file metadata and artifacts, and identify assets, applications and users participating in network communications; Reduce the impact of threats associated with malware, phishing emails, data exfiltration, and the lateral network movements of advanced attacks.

Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights

IBM Security

Cyber Risk Management in the New Digitalisation Age - eSentinel™

Netpluz Asia Pte Ltd

Must Know Cyber Security Stats of 2016

DWP Information Architects Inc.

What's hot (20)

Insights into cyber security and risk

Cybersecurity in Banking Sector

Cyber Security

eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...

Key Findings from the 2015 IBM Cyber Security Intelligence Index

2021 Nonprofit Cybersecurity Incident Report

CSE 2016 Future of Cyber Security by Matthew Rosenquist

Top Cyber Threat Predictions for 2019

Cybercrime Threat Landscape: Cyber Criminals Never Sleep

2016 - Cyber Security for the Public Sector

Cyber Security

Enterprise Cyber Security 2016

ICION 2016 - Cyber Security Governance

Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?

Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...

Cyber security threats and its solutions

Top 12 Cybersecurity Predictions for 2017

Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights

Cyber Risk Management in the New Digitalisation Age - eSentinel™

Must Know Cyber Security Stats of 2016

Similar to 2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

Data Wars - How Barclays manage the threat from cyber attacks

White Clarke Group

State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic

Bojan Simic

State of bitcoin security

Mediabistro

Original air date: Aug. 29, 2017 Rebroadcast and recording info at http://www.mhmcpa.com Cybercriminals don’t discriminate when it comes to valuable data. Not-for-profit organizations are just as vulnerable to technology-related risks as for-profit organizations. Robust cybersecurity and information technology controls can help not-for-profits keep sensitive information secure, and as data breaches become more common, information technology controls are increasingly vital to your operations. In our webinar, we'll discuss some of the most common technology risks for not-for-profits and what management can do to mitigate those risks.

Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...

MHM (Mayer Hoffman McCann P.C.)

Lessons Learned from the Field: CyberSecurity that Works - Jason Smith Ses...

Internetwork Engineering (IE)

We began to see renewed innovation in the threat actor space in mid to late 2018. This trend has continued to surface in 2019. Threat actors (black hat hackers) have increasingly leveraged prior attacks, data collection and mining, and likely AI to create a new type of highly targeted, very sophisticated cyber attacks. Explore this new threat technique, prevention and detection strategies, and some of the most effective strategies to balance compliance and customer requirements with practical cyber security.

2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...

Internetwork Engineering (IE)

Vodqa why cybersecurity

Dileep Bellamkonda

Cybersecurity & the Board of Directors

Abdul-Hakeem Ajijola

Cybersecurity Metrics: Reporting to BoD

Pranav Shah

In this session, we’ll go back over the 3 rules of 3, and take a deeper dive into having the Cybersecurity discussion with Telarus VP of Biz Dev-Cybersecurity, Dominique Singer. This will be an interactive learning session for our Partners, and no Suppliers! We will focus on straightforward talk for the basics of the conversation, how to get started and find Opportunities with your Customers, how to choose the right Suppliers, and most importantly – how to become a Thought Leader for Cybersecurity without being an expert!

Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer

SaraPia5

NormShield Crypto Currency Report 2018

NormShield

Cybercrime: A threat to Financial industry

Ammar WK

cybersecurity - You Are Being Targeted Business executive with high-level management and hands-on analytical skill sets and over 27 years of professional experience in technical solutions and service offering development and implementation, organizational strategies for efficiency, cost controls, and bottom-line profitability, multi-million dollar enterprise-wide client engagements, compliance with schedule, budget, and quality requirements, hiring and leadership of high-performance IT employees. Keyven Lewis, CMIT SOLUTIONS- Cybersecurity - You Are Being Targeted. An overview to help SMB owners understand the dynamics (exp. the who, the why, and the how) of cybersecurity as it relates to their business.

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

Randall Chase

Largest financial cyber heists...

Jorge Sebastiao

Phishing attack seminar presentation

AniketPandit18

phishingattackseminarpresentation-211230055252.pdf

chauhan323234

The CPAs Guide to Buying Cyber Insurance

Joseph Brunsman

CPA firm Cyber Insurance Specifics

Joseph Brunsman

Many organizations’ security functions determine what threats they care about based on what threats are known to be affecting their sector, or comparably simple criteria. In reality, this approach is poorly suited to dealing with the significant security issues of today. Malicious actors scope their victims based on multiple factors, and understanding these factors is essential to managing risk. (Source: RSA Conference USA 2017)

Your Sector Doesn’t Matter: Achieving Effective Threat Prioritization

Priyanka Aash

Current Trends in Cyber Crime 2015

Cybernetic Global Intelligence

Similar to 2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders (20)

Data Wars - How Barclays manage the threat from cyber attacks

State of Bitcoin Security - Inside Bitcoins April 2014 - Bojan Simic

State of bitcoin security

Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...

Lessons Learned from the Field: CyberSecurity that Works - Jason Smith Ses...

2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...

Vodqa why cybersecurity

Cybersecurity & the Board of Directors

Cybersecurity Metrics: Reporting to BoD

Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer

NormShield Crypto Currency Report 2018

Cybercrime: A threat to Financial industry

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

Largest financial cyber heists...

Phishing attack seminar presentation

phishingattackseminarpresentation-211230055252.pdf

The CPAs Guide to Buying Cyber Insurance

CPA firm Cyber Insurance Specifics

Your Sector Doesn’t Matter: Achieving Effective Threat Prioritization

Current Trends in Cyber Crime 2015

Recently uploaded

Speed Wins: From Kafka to APIs in Minutes

confluent

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Knowledge engineering: from people to machines and back

Elena Simperl

Welcome to UiPath Test Automation using UiPath Test Suite series part 2. In this session, we will cover API test automation along with a web automation demo. Topics covered: Test Automation introduction API Example of API automation Web automation demonstration Speaker Pathrudu Chintakayala, Associate Technical Architect @Yash and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 2

DianaGray10

You’ve heard good data matters in Machine Learning, but does it matter for Generative AI applications? Corporate data often differs significantly from the general Internet data used to train most foundation models. Join me for a demo on building an open source RAG (Retrieval Augmented Generation) stack using Milvus vector database for Retrieval, LangChain, Llama 3 with Ollama, Ragas RAG Eval, and optional Zilliz cloud, OpenAI.

Introduction to Open Source RAG and RAG Evaluation

Zilliz

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

IESVE for Early Stage Design and Planning

IES VE

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Discover the essentials of performance testing in the IT sector with our concise guide. Learn about various testing types such as load, stress, endurance, spike, scalability, and volume testing. Understand key performance metrics like response time, throughput, CPU and memory utilization, and error rate. Explore top tools like Apache JMeter, LoadRunner, Gatling, Neoload, and BlazeMeter. Gain insights into best practices for defining objectives, creating realistic scenarios, automating tests, and optimizing performance to ensure user satisfaction, reliability, scalability, and cost efficiency. Ideal for developers, QA engineers, and IT professionals. Visit Expeed Software for more information. https://expeed.com/

In-Depth Performance Testing Guide for IT Professionals

Expeed Software

We're living the AI revolution and Salesforce is adapting and bring new value to their customers. Einstein products are evolving rapidly and navigating their limitations, language support, and use cases can be challenging. Let's make review of what Einstein product are available currently, what are the capabilities and what can be used for in CEE region and how Rossie.ai can help to learn Salesforce speak Czech. We will explore the Einstein roadmap and I will make a short live demo (based on your vote) of some Einstein feature.

AI revolution and Salesforce, Jiří Karpíšek

CzechDreamin

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Unlock the mysteries of successful Salesforce interviews in this insightful session hosted by Hugo Rosario (Salesforce Customer), a seasoned hiring manager that leads the Salesforce Department of multinational company with over 100 interviews under their belt. Step into the manager's chair and gain exclusive behind-the-scenes insights into what makes a Salesforce consultant stand out during the interview process. From deciphering the unspoken cues to mastering key strategies, we'll explore the intricacies of the interview process and provide practical tips for consultants looking to not only pass interviews but also thrive in their roles. Whether you're a seasoned professional or just starting your Salesforce journey, this session is your backstage pass to the secrets that hiring managers wish you knew.

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

CzechDreamin

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

CzechDreamin

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Recently uploaded (20)

Speed Wins: From Kafka to APIs in Minutes

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Knowledge engineering: from people to machines and back

UiPath Test Automation using UiPath Test Suite series, part 2

Introduction to Open Source RAG and RAG Evaluation

Connector Corner: Automate dynamic content and events by pushing a button

IESVE for Early Stage Design and Planning

How world-class product teams are winning in the AI era by CEO and Founder, P...

In-Depth Performance Testing Guide for IT Professionals

AI revolution and Salesforce, Jiří Karpíšek

When stars align: studies in data quality, knowledge graphs, and machine lear...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

UiPath Test Automation using UiPath Test Suite series, part 3

Optimizing NoSQL Performance Through Observability

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

Essentials of Automations: Optimizing FME Workflows with Parameters

Assuring Contact Center Experiences for Your Customers With ThousandEyes

2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

1. <#> Cyber Security Threats and Trends The Chart Toppers and 1-hit Wonders Jason Smith

2. <#> Jason Smith Lead Security & Compliance Consultant Internetwork Engineering • CISSP, CISA, CISM, CRISC, GIAC • Security Researcher • ISACA Instructor Introduction

3. <#> In The News <#> In The News

4. <#> More Recently in the News

5. <#> Baltimore by the Numbers Initial Ransom Demand: Remediation Costs: Remediation and Lost Revenue: Source: NY Times Aug 2019 $76,000.00 $5,300,000.00 $18,000,000.00 *estimated

6. <#> The Elections Challenge

7. <#> Podunk County Elections Board We believe that elections should be accurate and secure. We are taking proactive steps to ensure the cyber security and integrity of Podunk County Elections. To find out more, call: 555-555-5555

8. <#> Open Season?? Source: Government Technology

9. <#> Return of the Supply Side Attack

10. <#> RYUK Ransomware First Appeared: Aug 2018 Russian Controlled* (Wizard Spider - Grim Spider) Derived from Hermes Ransomware source code Appears to be fairly targeted, based on ransom demands, Enterprise focused Distributed through spam/phish, possibly through Emotet (internal) Indicators of TrickBot (w/Emotet) on compromised networks

11. <#> The Curious Case of Emotet 2019 Cisco Threat Report – see last slide US Cert Pivoting from a Banking Trojan to a Sophisticated Delivery System

12. <#> Most Common Phishing Attack Vectors Phishing Still # 1

13. <#> Too Complicated!!

14. <#> Simple Security Awareness Don’t Do Dumb Stuff

15. <#> Simple Security Awareness Bad People Will Use Email to Trick YOU

16. <#> • 10 % of all ransomware demands are > $5K • Datto • City targeted Ransomware demands: $50K - >$500K. • CNBC • Total reported 2018 Ransomware revenue >$25m • Business Insider Hacker Motivation - Follow the Money

17. <#> • Hundreds of thousands of participants • Elaborate delivery structure • Built around the Dark Web Traditional Cyber Crime Enterprise Model

18. <#> The Reputation Dilemma Marriott International, Inc <#> The Reputation Dilemma Marriott International, Inc

19. <#> Breach vs. No Breach

20. <#> New Cyber Crime Enterprise Model Improved Efficiencies • Code Sharing • Repurposed Malware • Strategic Sphere Phishing New Monetization Strategies • Backend and Transport Support • Manipulation and Speculation

21. <#> Under-Reporting

22. <#> Choose your battles wisely. Avoid spending on knee jerk, point solutions. What to Do … Focus on your risk. Remember, hackers tend to opportunistic first. Back to the basics. Security hygiene, risk assessments, user awareness training. Get involved with other IT areas and departments. What is the near term and long term IT strategy and how can it be secured. Demonstrate value (metrics, KPIs, show up!)!

23. <#> ”Just showing up is half the battle.” Woody Allen

24. <#> Start with a RISK Assessment!! IT’s All About RISK!!! Understand your network Understand your data, and how it is consumed! Learn the Business!

25. <#> Thank you! Questions? Jason Smith IE Advisory Services – Cyber Security @smith380 jsmith@ineteng.com

26. <#> Emotet Malware Research CyberCrime Links and Citations https://blog.talosintelligence.com/2019/01/return-of-emotet.html https://www.cisco.com/c/dam/en/us/products/se/2019/2/Coll ateral/cybersecurity-series-threat.pdf https://www.academia.edu/39011806/RYUK_Ransomware_An _Analysis_of_a_Dangerous_New_Malware https://www.isaca.org/info/state-of-cybersecurity- 2019/index.html?cid=pr_1237247&appeal=pr

Editor's Notes

Seems opportunistic – but Facebook is interesting ….
It is imperative that IT and IT Security be fully involved with the Business! IT and by extension IT Security should be establishing the business requirements for which IT fulfills.
Security controls, including EDR solutions, should be commiserate to the relative risk to the organization. If you have a large amount of risk associated with the endpoints, then you should consider an EDR solution. If your data, including user generated data, is housed on servers or cloud infrastructure and the endpoint is little more than an input device, why waste the money? A good Security Risk Assessment performed by experienced and trained assessors, such as the Strategic Consulting group at Internetwork Engineering, can save you money. Ask us about the ROI on a Security Risk Assessment.

2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

Similar to 2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders (20)

Recently uploaded

Recently uploaded (20)

2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders

Editor's Notes