Insider attacks are on the rise – a cyber strategy focused on protecting the perimeter is futile.
Employees are now the perimeter and they’re always on the move; remote working opens organisations up to increased risks surrounding their data.
What does the Insider Threat look like?
The Modern Business Has No Perimeter - ZoneFoxZoneFox
Examining the challenges presented by the disappearance of the perimeter and how UEBA technology can defend a company’s most-prized possession - its data - to remain competitive, compliant and secure.
The Perimeter within Modern Business - does it exist?ZoneFox
Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can enterprises protect against the insider threat?
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
A framework developed by The Security Artist to reduce cybercrime to within your risk appetite.
This was developed specifically to address the shortcomings of other frameworks such as ISO 27001; COBIT 5; and even the NIST cybersecurity framework.
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerSaraPia5
In this session, we’ll go back over the 3 rules of 3, and take a deeper dive into having the Cybersecurity discussion with Telarus VP of Biz Dev-Cybersecurity, Dominique Singer. This will be an interactive learning session for our Partners, and no Suppliers! We will focus on straightforward talk for the basics of the conversation, how to get started and find Opportunities with your Customers, how to choose the right Suppliers, and most importantly – how to become a Thought Leader for Cybersecurity without being an expert!
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
Presented at the annual UK Security Expo in London, to help traditional Security Directors understand and feel confident about the practical ways in which their role should extend to cyber security issues. This presentation was followed by a simple cyber attack simulation (not shown here).
Presented by Barrie Millett and Kevin Duffey of Cyber Rescue.
The Modern Business Has No Perimeter - ZoneFoxZoneFox
Examining the challenges presented by the disappearance of the perimeter and how UEBA technology can defend a company’s most-prized possession - its data - to remain competitive, compliant and secure.
The Perimeter within Modern Business - does it exist?ZoneFox
Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can enterprises protect against the insider threat?
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
A framework developed by The Security Artist to reduce cybercrime to within your risk appetite.
This was developed specifically to address the shortcomings of other frameworks such as ISO 27001; COBIT 5; and even the NIST cybersecurity framework.
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerSaraPia5
In this session, we’ll go back over the 3 rules of 3, and take a deeper dive into having the Cybersecurity discussion with Telarus VP of Biz Dev-Cybersecurity, Dominique Singer. This will be an interactive learning session for our Partners, and no Suppliers! We will focus on straightforward talk for the basics of the conversation, how to get started and find Opportunities with your Customers, how to choose the right Suppliers, and most importantly – how to become a Thought Leader for Cybersecurity without being an expert!
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
Presented at the annual UK Security Expo in London, to help traditional Security Directors understand and feel confident about the practical ways in which their role should extend to cyber security issues. This presentation was followed by a simple cyber attack simulation (not shown here).
Presented by Barrie Millett and Kevin Duffey of Cyber Rescue.
Matthew Rosenquist's 2015 Cybersecurity Predictions presentation to the ISACA Sacramento chapter on Feb 12th outlines the forthcoming challenges the industry is likely to face and how we can be better prepared for it. Peering into the future of cybersecurity provides valuable insights for security professionals. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Cyber Resilience: A New Perspective on SecurityIna Luft
Developing advanced cyber security strategies for the creation of a layered cyber defence, Cyber Resilience: A New Perspective on Security shall explore the establishment of a comprehensive defence from contemporary cyber threats to critical national infrastructure
As well as the strategies and architectures necessary for the establishment of this protection, the master class will explore optimal protocol for organizations of all sizes to take the necessary steps to prepare for the worst-case scenarios. Specifically, the ability to recover quickly in the event of a cyber-attack on their network and deal with the fall out of such an attack.
WHY YOU SHOULD ATTEND:
• Understand the contemporary threats to critical national infrastructure, the approaches of attackers and their intentions
• Master cyber security strategies and architectures for a thorough 1st line of defence
• from cyber threats, in doing so, build a more cyber resilient enterprise
• Prepare for the event in which your organisation’s cyber security is breached, effectively respond and recover by minimizing its impact and restore the functions of your people, processes and systems as soon as possible
EARLY BIRD DISCOUNT: Book by 29th January to save £100 – Book by 29th February to save £50
For more information and to register, please visit www.smi-online.co.uk/2016cyberresilience.asp or contact events@smi-online.co.uk.
A presentation I gave to the July 2015 NED Forum on Managing Insider Risk using the Critical Pathway to Insider Risk. I've removed a product specific slide for public release.
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
Security experts have a favorite saying: data is most vulnerable when it's in motion. Discovery, unfortunately, is a process of motion, where information and documents are shared between client, counsel, third-party service providers and opposing parties. Often, this data is exchanged on physical media (i.e. hard drives, DVDs) or through insecure methods like unencyrpted email. It's a risky, time-consuming and expensive process.
And with ShareSafe from Logikcull, it has been eliminated.
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Keeping up with the Revolution in IT SecurityDistil Networks
For many of today’s businesses, web applications are their lifeline. The growing complexity involved in keeping these applications fast, secure, and available can be seen as a byproduct of shifts in how these apps are developed, deployed, and attacked. This discussion will explore how high level trends in today’s web environments and the cyber attack landscape are shaping tomorrow’s application security solutions.
Key Takeaways:
- Trends in contemporary web applications that are forcing security evolution
- How today’s cyber attack landscape impacts cybersecurity
- What modern IT security solutions look like
- Distil Networks Overview
Developing and executing an Insider Threat Program that aligns with corporate values and data sources, brings about some unique challenges and concerns.
Join Insider Threat expert, Jim Henderson from the Insider Threat Management Group and Nick Cavalancia from Techvangelism as they discuss:
Identifying key stakeholders
Defining an insider threat
Defining your organization’s critical assets
and vision for the insider threat
program and much, much more!
This slide describe simple of IT security principle and the example of IT security solution from the IT governance, information security management system, IT Controls, and technical approach.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Symantec 2011 State of Security Survey Global FindingsSymantec
Symantec’s 2011 State of Security Survey explores the state of cybersecurity efforts in organizations of all sizes. For the second year in a row, IT said security is the leading business risk they face, ahead of traditional crime, natural disasters and terrorism. However, organizations are getting better at fighting the war against cybersecurity threats. While the majority of respondents suffered damages as a result of cyberattacks, more respondents reported a decline in the number and frequency of attacks compared to 2010.
Matthew Rosenquist's 2015 Cybersecurity Predictions presentation to the ISACA Sacramento chapter on Feb 12th outlines the forthcoming challenges the industry is likely to face and how we can be better prepared for it. Peering into the future of cybersecurity provides valuable insights for security professionals. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Cyber Resilience: A New Perspective on SecurityIna Luft
Developing advanced cyber security strategies for the creation of a layered cyber defence, Cyber Resilience: A New Perspective on Security shall explore the establishment of a comprehensive defence from contemporary cyber threats to critical national infrastructure
As well as the strategies and architectures necessary for the establishment of this protection, the master class will explore optimal protocol for organizations of all sizes to take the necessary steps to prepare for the worst-case scenarios. Specifically, the ability to recover quickly in the event of a cyber-attack on their network and deal with the fall out of such an attack.
WHY YOU SHOULD ATTEND:
• Understand the contemporary threats to critical national infrastructure, the approaches of attackers and their intentions
• Master cyber security strategies and architectures for a thorough 1st line of defence
• from cyber threats, in doing so, build a more cyber resilient enterprise
• Prepare for the event in which your organisation’s cyber security is breached, effectively respond and recover by minimizing its impact and restore the functions of your people, processes and systems as soon as possible
EARLY BIRD DISCOUNT: Book by 29th January to save £100 – Book by 29th February to save £50
For more information and to register, please visit www.smi-online.co.uk/2016cyberresilience.asp or contact events@smi-online.co.uk.
A presentation I gave to the July 2015 NED Forum on Managing Insider Risk using the Critical Pathway to Insider Risk. I've removed a product specific slide for public release.
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
Security experts have a favorite saying: data is most vulnerable when it's in motion. Discovery, unfortunately, is a process of motion, where information and documents are shared between client, counsel, third-party service providers and opposing parties. Often, this data is exchanged on physical media (i.e. hard drives, DVDs) or through insecure methods like unencyrpted email. It's a risky, time-consuming and expensive process.
And with ShareSafe from Logikcull, it has been eliminated.
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Keeping up with the Revolution in IT SecurityDistil Networks
For many of today’s businesses, web applications are their lifeline. The growing complexity involved in keeping these applications fast, secure, and available can be seen as a byproduct of shifts in how these apps are developed, deployed, and attacked. This discussion will explore how high level trends in today’s web environments and the cyber attack landscape are shaping tomorrow’s application security solutions.
Key Takeaways:
- Trends in contemporary web applications that are forcing security evolution
- How today’s cyber attack landscape impacts cybersecurity
- What modern IT security solutions look like
- Distil Networks Overview
Developing and executing an Insider Threat Program that aligns with corporate values and data sources, brings about some unique challenges and concerns.
Join Insider Threat expert, Jim Henderson from the Insider Threat Management Group and Nick Cavalancia from Techvangelism as they discuss:
Identifying key stakeholders
Defining an insider threat
Defining your organization’s critical assets
and vision for the insider threat
program and much, much more!
This slide describe simple of IT security principle and the example of IT security solution from the IT governance, information security management system, IT Controls, and technical approach.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Symantec 2011 State of Security Survey Global FindingsSymantec
Symantec’s 2011 State of Security Survey explores the state of cybersecurity efforts in organizations of all sizes. For the second year in a row, IT said security is the leading business risk they face, ahead of traditional crime, natural disasters and terrorism. However, organizations are getting better at fighting the war against cybersecurity threats. While the majority of respondents suffered damages as a result of cyberattacks, more respondents reported a decline in the number and frequency of attacks compared to 2010.
Trending it security threats in the public sectorCore Security
State and local information security leaders continue to be challenged with the “new norm,” to do more with less, while remaining on top of technology trends driving the marketplace. Traditional information security approaches often have limited impact and require more attention and resources.
Please join Grayson Walters, Information Security Officer of Virginia Department of Taxation, and Eric Cowperthwaite, Vice President of Advanced Security and Strategy at Core Security as they discuss some of the top IT security trends and developments in the public sector, more specifically, within state and local governments.
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesDavid Dourgarian
What cybersecurity measures do you have in place? If you’re not sure your safety measures are up to par with cybersecurity threats, then this is a session you won’t want to miss. Paula Sanchez, Talent Acquisition and Process Manager/Facility Security Officer for NSC Technologies, leads this session and delivers helpful tips and information about raising employee awareness, employing a risk assessment approach, updating password policies, phishing, protecting PII, and incident reporting.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
Conventional information security measures continue to fail our businesses in today’s rapidly changing world of cyber-risk. Adverse cyber-events manifest themselves as the usual suspects including data breaches, information theft, ransom- and malware, viruses, payment card fraud, DDOS attacks or physical loss – to name but a few.
Problem is, the tally of adverse events keeps mounting up. While headline adverse cyber incidents are now reported in the media with regularity, this represents the tip of the cyber-risk iceberg. Most known events are either unreported or hidden from public disclosure. Not helping, is the industry analysis suggesting that, on average, nearly half of all adverse cyber-risk events impacting organisations are self-inflicted and avoidable. No industry is untouched.
Delivered at the CIO Summit in Melbourne, Australia in November 2016, in this presentation, Rob offers valuable strategic insights into the problem and why it continues to be a problem.
He outlines some practical steps that will be helpful for CIOs and CISOs in reshaping their own organisation’s approach in building a more effective and resilient information security capability.
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats.
While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks.
- The sheer volume of information available
- The highly sensitive nature of the information
- Large amounts of unstructured data
In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn:
- How to define a roadmap that optimizes the impact of cyber security expenditure
- How to adopt a general risk management approach to identify Cyber security risks
- What are the most relevant technologies available today to protect your data
Drivers & Enablers of Insider Threats by Christina LekatiChristina Lekati
It is often an irony in organizational security: Although so much capital is invested in the protection of the organizational assets against external threats, some of the largest compromises have instead occurred as a result of insider threats, sometimes resulting in irrecoverable damage. This type of threat carries an especially high-risk factor for organizations in the sector of critical infrastructure and industries where intellectual property and the protection of sensitive information are essential for the healthy continuation of their operations.
Employees in security-focused environments learn to treat outsiders with suspicion and to maintain trust boundaries. However, it is often the case that once an “outsider” enters the payroll of an organization they given a “carte blanche” in terms of trust and disclosure of information. They are now treated as the “insiders” that they are; members of the same tribe, fighting and working towards the same goals and using their skills to benefit their organization…until at some point one of them decides to use them differently. Or, until one of them realizes that the exploitation of organizational weaknesses would be a low-risk and high-reward activity. This talk aims to shed some light on the threat of insider activity. It will discuss the motives that lead employees to insider activity, such as the unauthorized disclosure of sensitive information, process corruption, electronic sabotage, and/or the facilitation of third-party access to organizational assets. Research has repeatedly found a clear link between insider activity taking place and exploitable weaknesses in an organization’s security and management processes. Therefore, this talk will go on discussing the organizational factors enabling insider threat operations as well as countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.
Harnessing UEBA and Machine Learning technologies to protect enterprises from...ZoneFox
Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can we harness UEBA and machine learning technologies to protect against the insider threat?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
Similar to Perimeter Security: Why it's no longer enough, and where cybersecurity must adapt (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. Background
Jonny Tennyson
Head ofCustomer Success
• Spun out ofNapier University Edinburgh by current CEO&Founder DrJamie Graves in 2011
• Multiple awardsfor CyberInnovation, Best Product, Best StartUp
• Global customers – ZoneFox Headquarters in Edinburgh
• Startup toscale - 3 people to30+
• Growth driven byinnovation anddifferentiation
• Customers in Finance, Retail, Legal, Technology, Manufacturing
3. Who are we?
ZoneFox is an award winning market leader in User
Behaviour Analytics, providing critical insights around
data-flow that you need to secure against theInsiderThreat.
A few of our reference customers…
4. Cyber Security - traditional methods
Intrusion Detection
Perimeter Protection
Anti Virus
Firewalls
Application Whitelisting
Network Packet Inspection
Encryption
Next Generation Anti Virus
Log aggregation & SIEM
6. Why such a risk in business today?
People working from home “a threat to
Cyber Security” charities warned
Neil Sinclair, London Digital Security Centre
7. So what is Insider Threat
?
• People – asset and a liability
• Accidental, malicious, careless, collusion
• Causes - lack of training, lack of controls, lack of
visibility, easy to bypass controls
10. Sandra the Spy
• Financial Pressures
• Personal Matters that may lead
to blackmail
• Disgruntled – Show of defiance
11. Careless Caroline
• Ignorant of Security Policy
• Not been Trained
• Under Pressure
• Trying to get her job done
• Victim of Phishing/Social
Engineering
12. Did I just
accidentally send
that customer list
to someone?
I’ve just been
offered job with
our biggest
competitor
I’m really
annoyed that I
didn’t get that
promotion
The Insider Threat - Your top-
performing team…..
My account has
been compromised
13. Relevance to the Enterprise
Job titles that didn’t really exist 3 years ago;
• Head of Insider Threat Deloitte
• Insider Threat Consultant EY
• Insider Cyber Risk Assessor Barclays
• Insider Threat Analyst BAE Systems
• Director of Insider Threat GE
• Head of Investigation & Insider Threat Worldpay
• VP of Insider Threat Citizens Bank
• Insider Risk Manager Lloyds BG
• Head of Data – Insider Risk HSBC
Source - LinkedIn, Sept 2018
14. Telecom giant accuses employee
of data theft - May 2016
“Company insiders are behind 1 in
every 4 data breaches” The Register,
April 2018
15. Analyze. Detect. Protect.
Conclusion
• People / Employees are the perimeter
• Partners are the perimeter
• Supply chain is the perimeter
• Is there really a perimeter?
Good morning, and thank you in advance for your attention over the next 15 minutes.
We are ZoneFox, and today I’ve been asked to talk about the perimeter within the modern business, and whether it actually exists.
Some Background first - ZoneFox was started out of Napier University in Edinburgh in 2011 and we shipped our first product to customers in 2013. We’ve won multiple awards since.
Our growth curve has been incredible during that time and we consider ourselves now to be exiting the start up phase and truly entering the scale up phase.Our Initial investment has gone into R&D and now we are using that investment to Market and Sell ZoneFox on a Global basis. We’ve had a strong emphasis on the UK market to start, but we have some fantastic clients in the US and we’ll be using that to grow other markets in 2019.
ZoneFox is an award winning market leader in User Behaviour Analytics, providing critical insights around data-flow that you need to secure against the insider threat.
Below we have a number of publicly available reference clients that we work with. There are many verticals here, as you can see but these are companies with a familiar and very common challenge. Namely; Protection of their IP, their Brand Value and Reputation, Compliance, and more.
Lots of recognisable names here - Rockstar North, who use our solution to protect the Grand Theft Auto game series, Pinsent Masons - a very well-known UK based international law firm. And some very well known Retail clients; such as Pret a Manger, and the Central England Co-operative group.
On to the topic itself. This is what IT Security has looked like for the last 20-25 years. It’s the traditional Castle and Moat model. We have some very valid and necessary technologies here - [Name a few,] Simply put - exterior security, wrapped around everything you want to keep safe, with a secured entry in and out.
It’s not an ineffective approach by any means, we’ve been doing this for so long for a reason; but today we let so many people inside this perimeter; family, friends - external partners and suppliers. Our focus on keeping the bad people out over the last two decades or more has taken us away from looking - and I mean really looking - at the threats that already exist inside the castle, and who has keys to the drawbridge.
It’s no longer about blocking everything - it’s about getting an understanding of what’s going on inside your business.
It’s time to do something different.
This is an old slide but very pertinent, I think this sums up the secure perimeter approach quite well!
You can build up your layered security - adding more and more layers until you have a layered wedding cake of a perimeter - but you’re still going to miss the key threats already within.
So why is this such a risk in business today?
Home working is becoming more and more common for a proportion of the week, in fact recently some of the largest financial institutions have downsized their real estate footprint to take account of this. The Head of Estates & Property at a large Bank recently told us that “if every employee turned up to the office one morning, we would have a huge problem” and I’ve spoken to employees at two other similarly sized organisations who say the same thing, and have enforced work-from-home days for their employees.
The leader of the TUC stated only last week that, with the introduction of AI technologies that our jobs are easier to do, and that a 4 day working week is a reality in the UK very soon. Now I know; that’s an exciting prospect but that’s not my point - I’m just as excited as you are. But it highlights a very real and growing risk and this is one that is already prevalent across many organisations.
Its true to say that people are our biggest asset. We are told this all the time. But, people make mistakes and people don’t always act as we expect them to, hence they are also one of our biggest weaknesses.
We see this all the time and there are a few common themes of Insider Threat that can be identified.
Let’s take a look at these now. First up…
There comes a time in almost everyone’s career where they decide that a change is necessary.
If they can’t change positions within their organization, they often leave for pastures new.
Everyone wants to be able to provide value in their next role, but they may do it in different ways. In the case of Quittin’ Quentin, he decided to take customer data with him to provide great value to his new employer. When it comes to dealing with employee exits, be mindful of those who have access to:
Dave was a bright employee who was promoted quite quickly. He thought he was helping the company by bringing to light a vulnerability in the company’s software, but since there was no real-world exploit, the management team decided to accept the risk for now and push forward. Dave’s advice was not heeded, although he thought he was really on to something. He tried several times to sway public opinion, and in the end his anger pushed him over the edge, causing him to resort to destroying a software release to prove a point.
A point to note - some of the reasons that employees become disgruntled - and remember, these issues are from the employee’s perspective so can be difficult to spot:
Forced into being a bad actor.
Sandra the Spy’s situation is not unique. Many employees are in positions where they don’t make enough money. This isn’t necessarily an opinion, but a result of life choices.
Sometimes parents need to care for their kids, but don’t feel that they make enough money to do so. Sometimes a couple would like to get married or put a down payment on a house, but money is perpetually tight.
On occasion, a competing entity with few morals may take advantage, presenting an offer that the potential spy can’t (or feels they can’t) refuse, turning them to their side. Corporate spies don’t always have to be turned, mind you, they may also be planted in your organization early on by a competitor or a nation state to await further instruction. Fortunately, corporate espionage is not an ubiquitous threat to all organizations in all lines of business, but it’s always a possibility if your business revolves around intellectual property.
A project manager, working 100MPH, under huge pressure, trying to please everyone.
[Important point to note here] Caroline is definitely not a malicious actor. There is no motivation to steal, destroy, or otherwise harm her organization’s data.
Unfortunately, Careless Caroline is an all too common character in today’s organization. Whether it’s leaving a workstation unlocked, leaving passwords on sticky notes, allowing strangers to tailgate when she swipes into the office, or clicking on malicious links without first understanding who sent the link or why, Careless Carolines everywhere are letting the bad guys in regularly. Even if they don’t mean to.
Few technical controls can actually help stem this tide; if you want to help Careless Caroline be more careful in her day-to-day dealings, education – and monitoring - is key.
So…here’s your team. Your team is the best team in the world.
They’re all trustworthy and you have no need to doubt any of them.
Until they come to leave you to join your biggest competitor. Still feel so confident about their trustworthiness?
What projects have then been working on?
What data did they have access to?
Do you think that they could have stolen anything over the past few months?
How do you know?
We recently worked with a Formula 1 team who was concerned that key designs were at risk of theft from within. Now, Formula 1 is a sport where this is rife, as it’s such a technically driven, expensive, competitive sport. Needless to say, they were right to be concerned.
After working with them for a short period of time, we discovered that an employee who was preparing to leave, had managed to gain access to their design files on the team’s car. And guess what they did next?
They transferred the lot onto removable media. We find this same story replicated across just about every customer we work with – it’s time to rethink the perimeter.
Some recent analysis conducted last week, have a look at the names of the companies on the right hand side and these ‘new genre’ job titles. This is a growing job area and its fair to say very few of these titles didn’t exist a few years ago?
A bit like a ‘GDPR manager’ – there you go, had to get GDPR into the presentation at some point
Here we have further emphasis by recent publications and news articles that the old perimeter protection methodologies are dated.
Tesla particularly damaging and again, extremely public.
An “Oil and Gas customer” of ZoneFox’s - recently found 3D CAD designs going to Russia - they have no customers or partners in Russia. Industrial sabotage, caught in the act.
If there is a perimeter – it’s people, employees. It’s partners. It’s our supply chain. BA was only the other week, they discovered where their perimeter really is, it was the same as Ticketmaster’s - and they’re potentially facing a £500M class-action suit as a result.
These are not small names. So, is there really a perimeter? Thank you so much for listening, I hope this has provoked a thought or two and I look forward to speaking to you throughout today.