Name: Findings From the 2023 Identity Threat Report, Pt 2: Phishing & MFA Bypass
Start: 2023-10-19T17:00:00Z
End: 2023-10-19T17:00:59.000Z
Location: BrightTALK
Rating: 4.8

ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Embark on a foresight journey into the future of cybersecurity, highlighting key trends and innovations that are set to redefine the digital defense landscape in the year ahead. Discover how advancements in artificial intelligence will revolutionize the way security teams reduce cybersecurity risks and improve their abilities to defend against modern threats. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he shares his top five cybersecurity predictions for 2025.

Top Five Cybersecurity Predictions for 2025

Has your organization jumped on the passwordless authentication bandwagon yet? If not, it should. Passwordless authentication embraces possession factors, such as certificates and hardware tokens, and inherence factors, such as fingerprints and face scans, to replace legacy password and single sign-on (SSO) authentication methods. It also strengthens your organization’s security posture while improving the user experience for accessing company applications and data. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews modern passwordless authentication technologies and the benefits organizations have achieved by implementing them.

Passwordless Authentication: A New Reality or a Pipe Dream?

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: A ‘Crash Course’ For Security Newbies

Artificial intelligence (AI) has bolstered cybersecurity solutions across the board. Security teams have more ways to detect advanced threats than ever before, and organizations are much better equipped to measure and reduce their attack surfaces. However, AI also benefits cyber adversaries with improved phishing and spear phishing techniques and new methods for tricking unsuspecting victims using deepfake content spawned by generative AI. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he provides a comprehensive analysis of AI's dual role in both fortifying and challenging modern cyber defenses. Discover who's winning the AI arms race in cybersecurity.

Impact of AI on the Cybersecurity Industry: Who's Got the Upper Hand?

The accelerated shift to the cloud as well as new PCI DSS 4.0 requirements coming into effect by March 2025, present several challenges for financial institutions, ecommerce merchants, and others subject to its regulations. As IT teams have lost control of their digital environments due to an increased reliance on cloud computing and remote work, the process of solving challenges to meet compliance requirements has become more complex. As a result, it is more essential than ever for organizations to find a way to streamline compliance.
 
Join this conversation to learn about:
- What’s new and what’s driving PCI DSS 4.0
- Challenges of PCI compliance for today's digital world
- Strategies and tools for organizations to address PCI requirements in a scalable and programmable way

A Strategic Approach to Meeting the Newest PCI Requirements in a Cloud-Driven World

Explore the digital footprints of a malicious hacker and uncover their attack path, as we take you for a journey inside the mind of a threat analyst responding to a cybersecurity incident that brought a business to a complete halt. Discover the evidence left behind, uncover the attack path, and understand the techniques used by the attackers. This session will delve into a real-world incident response, showcasing the methods employed by attackers to compromise identities and credentials. 
 
Join ISC2 and Delinea as we guide you through the steps taken by cybercriminals during a damaging identity compromise attack, including: 
• Access Gaining and Patient Zero Identification: Learn how attackers initially infiltrated systems and identified the first compromised system. 
• Establishing Staging, Footholds and Persistence: Understand how attackers set up their presence within the network and maintained access over time. 
• Tools and Commands Used: Discover the specific tools and commands utilized by the attackers, including RDP Brute Force, Mimikatz and Responder. 
• Credential Harvesting and Misuse: See how attackers harvested credentials and used them to escalate privileges and move laterally within the network. 
• Active Directory (AD) Elevation: Learn how attackers achieved AD elevation to gain further access and control over the infrastructure.
 
Gain a comprehensive understanding of the tactics, techniques and procedures (TTPs) used by cyber criminals to compromise identities and credentials. This knowledge will empower you to better defend your organization against such cyberattacks.

Risks of Identity and Credential-Based Cyber Attacks: A Real-World Cybersecurity Incident Walkthrough

Compromising end user computing devices through spear phishing attacks is frequently cited as the initial step of advanced persistent threats, often leading to data breaches. Year after year, IT security professionals cite “low security awareness among employees” as a top inhibitor to IT security’s success in CyberEdge’s annual Cyberthreat Defense Report. So, why aren’t more security teams adequately addressing this challenge? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he details five ways to invest in your company’s human firewalls.

Five Smart Ways to Invest in Your Human Firewalls

Want to know which IT security technologies are hot and which ones are not? Join Steve Piper, Founder & CEO of CyberEdge (and a proud CISSP), as he reviews key purchase insights from the 2024 Cyberthreat Defense Report. Specifically, Steve will examine which security technologies are most widely deployed and most planned for acquisition in 2024 so you can benchmark your company’s current and planned investments against your peers. Steve will review purchase intent across five key security technology categories, including:

- Network security
- Endpoint security
- Application and data security
- Security management and operations
- Emerging security technologies

The ‘Hottest’ IT Security Technologies in 2024

Google and Yahoo announced a new set of requirements for email delivery last October, resulting in a rapid increase of DMARC (Domain-based Message Authentication, Reporting and Conformance) authentication adoption. However, meeting DMARC requirements is just the beginning. Impersonation risk remains — in the form of spoofed emails, brand abuse and threats from fake or compromised suppliers. Hijacked business communications often lead to significant financial losses and reputation damage. So how can your organization further mitigate impersonation risk even after you achieve DMARC compliance?  

Join Proofpoint and ISC2 on July 18, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific as we discuss: 
-Common impersonation tactics and real-world attack examples  
-Challenges and benefits of enforcing email authentication  
-Risks posed by impersonated suppliers  
-How AI is affecting threats like business email compromise (BEC) 
-Critical controls that help reduce impersonation risk

Beyond DMARC: Best Practices for Impersonation  Protection

Denial of service (DoS) attacks more than doubled in 2023 compared with previous years. Attack size, frequency, and sophistication, have all increased which suggests that DDoS is far from being a solved problem.  

Gobal geopolitical tensions rose dramatically during 2023 and, by no coincidence, so too did the quantity and ferocity of DDoS attacks. After a small but steady decline in denial-of-service attacks during 2022 and prior, 2023 saw an explosion of incidents many of which can be directly linked to political events and growing hacktivism. While many DDoS attacks are short lived inconveniences, many organizations and countries face persistent bombardment and increasingly sophisticated attacks. It begs the question: do organizations accurately evaluate the risk posed by DDoS attacks? 

Join F5 and ISC2 July 11, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific as we discuss the findings from F5 Labs' annual DDoS report. Join this threat research driven webinar to ...  

-Understand how and why DDoS attacks have grown, and the tools and techniques used by threat actors 

-Explore the differences between regions and industries to understand how and why some are more targeted that others 

-Learn about effective mitigation strategies and the questions you should be asking of your DDoS protection solution

Escalating Threats: Unveiling the Rise of DDoS Attacks in a Tense Global Climate

Join us for this live webinar where we’ll tell you all about newly enhanced ISC2 Online Self-Paced Certified in Governance, Risk and Compliance (CGRC) Training with AI-driven adaptive learning. Find out how this dynamic experience pinpoints areas that require focus and guides you through every stage of your personalized exam prep. You’ll study smarter, not harder and go into the CGRC exam with confidence. 

You’ll learn: 

- Why it makes training more efficient busy professionals  
- What makes it a more efficient route to exam readiness 
- How artificial intelligence tailors learning to your needs
- And much more

Wednesday July 10 at 1pm ET

Save your spot now!

New AI-Driven Adaptive Learning for Certified in Governance, Risk and Compliance

Digital transformation is not just about adopting new technologies but also about re-evaluating traditional security strategies for your modern business. As organizations pivot towards cloud-based environments and remote and hybrid work models, the traditional security perimeter has dissolved, necessitating a shift to Secure Service Edge (SSE) models.  

Join HPE and ISC2 for this session to learn: 
-How digital transformation has led organizations towards security transformation 
-Why security transformation is best achieved with a Security Service Edge (SSE) approach. 
-How SSE works for the modern business 
-How you can get started today

Why Digital Transformation Requires Security Transformation with SSE

Colonial Pipeline, CNA Financial, JBS Foods, Garmin, and Travelex. All victimized by high-profile ransomware attacks. All paid ransoms. Did these companies do the right thing by paying ransoms to accelerate data and system recovery? Or are they merely funding the ransomware industry and prompting even more attacks? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s 2024 Cyberthreat Defense Report. In this webinar, Steve will:

- Examine disturbing ransomware trends, by country and by industry
- Evaluate key factors that go into deciding whether to pay ransoms
- Outline ways to be prepared for a successful ransomware attack
- Review technologies to help give security teams the upper hand

Ransomware Deep Dive: To Pay or Not to Pay?

Join us for a deep dive into Certified in Governance, Risk and Compliance (CGRC), the governance, risk and compliance credential from ISC2, creator of the CISSP. 

The CGRC is an information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. 

CGRC, a vendor-neutral cybersecurity credential, recognizes your knowledge, skills and abilities to authorize and maintain information systems within the RMF. It proves you know how to formalize processes to assess risk and establish security documentation. 

CGRC is particularly well-suited for IT, information security and cybersecurity practitioners who manage risk in information systems. It is also recommended for any practitioner involved in authorizing and maintaining information systems.

In this 60-minute live virtual session, you’ll learn:
- If CGRC is right for you
- How Official ISC2 Training flexes with your learning style
- What to expect on exam day
- How to become endorsed and maintain your certification
- Plus, more!

Plus! Get answers to your CGRC questions during the Q&A section.

Register now and begin your CGRC certification journey today!

Certified in Governance, Risk and Compliance (CGRC) Info Session

Discover the integrated approach to network security and efficiency in our upcoming webinar, where we unravel the synergy between Security Service Edge (SSE), Software-Defined Wide Area Network (SD-WAN), and Secure Access Service Edge (SASE). This session will illuminate how the convergence of these technologies creates a robust, scalable, and agile framework for businesses navigating the complexities of digital transformation. 
 
Join HPE and ISC2 as we discuss practical insights on leveraging SSE and SD-WAN as foundational blocks to transition towards a comprehensive SASE model, ensuring end-to-end security and optimal network performance.  This webinar will provide actionable strategies to enhance your business’s security posture and network management in the cloud era.

Securing the Edge: Using SSE to Empower Zero Trust Access

CyberEdge’s annual Cyberthreat Defense Report (CDR) has become a staple for assessing organizations’ security postures, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure. It incorporates dozens of insights from 1,200 security professionals from 17 countries and 19 industries. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s tenth-annual 2024 CDR, including:

- The percentage of organizations victimized by cyber attacks 
- The percentage of organizations victimized by ransomware attacks
- How AI helps both cybersecurity teams and cyber adversaries
- Factors that improve overall job satisfaction among security professionals
- The health of IT security budgets
- The hottest security technologies planned for acquisition

Key Insights From the 2024 Cyberthreat Defense Report

As attack surfaces continue to expand, managing cyber risk is becoming too complex: Security teams are slowed down by too much data, too many siloed tools, and too much manual effort to enforce protections across people and applications. 
  
Discover unified risk posture – a simpler approach to mitigate risk more effectively with automated and dynamic controls. Exchanging risk indicators between the two platforms can help businesses adapt with agility to evolving dangers across their environments. 
  
Join Cloudflare, CrowdStrike and ISC2 on May 16, 2024 at 1:00 pm Eastern/10:00 a.m. Pacific as we discuss strategies and practical guidance on how to manage risk across more of your expanding attack surface.

Unify How You Manage Risk

Join us for a deep dive into Systems Security Certified Practitioner (SSCP), the security operations and network security credential from ISC2, creator of the CISSP. 

As organizations continue to pursue digital transformation initiatives, the threat
landscape is always expanding. Yet cybersecurity leadership talent is scarce. That’s
where SSCP from ISC2 comes in — to help fill the gap. Once certified, the opportunities
for certified professionals are near limitless.

The SSCP is ideal for IT administrators, managers, directors and network security
professionals responsible for the hands-on operational security of their organization’s
critical assets. It shows you have the advanced technical skills and knowledge to
implement, monitor and administer IT infrastructure using security best practices,
policies and procedures.

In this 60-minute live virtual session, you’ll learn:
- If SSCP is right for you
- How Official ISC2 Training flexes with your learning style
- What to expect on exam day
- How to become endorsed and maintain your certification
- Plus, more!

Plus! Get answers to your SSCP questions during the Q&A section.

Register now and begin your SSCP certification journey today!

Systems Security Certified Practitioner (SSCP) Info Session

Living In an SEC Material World

This Changes Everything: Ransomware in the Age of Artificial Intelligence

Ransomware in the Wild: Lessons Learned

What’s Changing in Ransomware for Asia Pacific: Who, What and How?

Busy Bees- The Transformation of Malicious Loader BumbleBee

I Have Trust Issues & So Does My CISO

Top-Rated Sponsored Webinars from Second Half of 2023

Changes in how we build, run and secure information systems have also changed how we look at authentication and access control. The emerging concept of identity is transforming the ways that humans and non-human actors alike make use of data and compute power. At the same time, organizations’ focus on identity also means that it has become a focus for attackers. To assess the ways that old and new attacks are targeting digital identities, F5 Labs is presenting findings from our 2023 Identity Threat Report: The Unpatchables. 

In a follow-up to the September session on credential stuffing, this talk will focus on phishing and multi-factor authentication bypass techniques. As phishing has grown over the last several years, its tools and tactics have transformed. We will identify which organizations are most targeted and explore recent developments that make it harder to spot and trickier to mitigate, using a combination of Dark Web intelligence and quantitative methods. 

This talk on October 19, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific will cover recent developments in attacker approaches to circumvent multi-factor authentication, what these developments mean for defenders, and which forms of MFA are able to resist the new approaches.

Findings From the 2023 Identity Threat Report, Pt 2: Phishing & MFA Bypass

ISC2

CISSP

Information Security

Cyber Security

identity threat

Phishing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Findings From the 2023 Identity Threat Report, Pt 2: Phishing & MFA Bypass

Presented by

About this talk

More from this channel