Name: Are you prepared for the next attack? The state of application security in 2024
Start: 2024-10-08T10:00:00Z
End: 2024-10-08T10:00:43.000Z
Location: BrightTALK
Rating: 0

A thought-provoking webinar programme developed from over three decades of collaborating with our Members across global business, government bodies, legislators and cyber security experts.

As we close out 2024, a year marked by unprecedented change and disruption across the world, the question arises: are we set to see more disruption in 2025?

With increasing potential for sophisticated AI cyber-attacks, escalating geopolitical unrest, and the tech industry under intense scrutiny from regulators, organisations must start rethinking their strategies. Security teams will need to stretch their resources further than ever before, prioritising cyber resilience and threat mitigation while maintaining operational stability and addressing staff concerns amidst economic uncertainty.

To prepare security leaders for the challenge ahead and help them align their cyber security strategies with business objectives, Chief Executive of the ISF Steve Durbin returns to the virtual stage to deliver our annual Emerging Threats webinar. Secure your place for early insight into the prominent information security threats to expect in 2025 and crucial guidance on how to prepare.

ISF Annual Threat Update: Emerging threats for 2025

Moving your infrastructure to the cloud is primarily a business decision, or a choice made by IT managers who have decided to rationalise (not necessarily simplify) their infrastructure by moving to the cloud.

Some have chosen to do so by moving all or part of their applications, depending on how business-critical they are, or quite simply to (possibly) reduce operating costs.

During this webinar, Bernard Montel – EMEA Technical Director and Security Strategist at Tenable will cover: 

• The cyber threat context 
• The main risks associated with cloud exposure 
• The evolution from vulnerability management to exposure management (including cloud exposure)


With over 20 years in the security industry, Bernard Montel is Technical Director at Tenable. His expertise includes cryptography, Identity & Access Management, and SOC domains. Bernard has published numerous articles and is regularly invited to speak about cybersecurity providing insight into current cybersecurity threats, cyber risk management, and cyber exposure.  

Before joining Tenable, Bernard held the position of EMEA Field CTO for RSA, where he played a leading role within its Threat Detection & Response department. He has significant experience advising both large and medium size organizations on cybersecurity best practices.  

Bernard holds a Master of Science in Network and Security and a Master 2 degree in Artificial Intelligence.

You moved your infrastructure to the Cloud - Do you know your Cloud Exposure?

AI is being adopted simultaneously into different digital platforms. In this new era of hyper-connectivity and digital transformation, once trusted traditional cyber security paradigms need a zero trust makeover.

Therefore in this era of commoditised AI, there needs to be a rethink of what it now means to be secure and how to deal with both the advantages of AI and the risks to cyber resilience. 

This session will address:
• Signs of the times - the new risks
• Key challenges for CISOs and cyber managers
• How to overcome key challenges
• How to contain a breach
• How to plan for business continuity



Michael has over 20 years’ experience in networking and cybersecurity. He is Director of Systems Engineering where he is responsible for overseeing the EMEA go-to-market systems engineering team.   Michael is an accomplished public speaker, regularly speaking at conferences and webinars. He holds a MSc in Network Systems Engineering and a BSc in physics in addition to several cyber industry certifications.

Good AI Gone Bad - A Zero Trust Story

Some consider that cyber attacks are one of the four most important global concerns that society faces, to include Climate Change, Weapons of Mass Destruction and Disease Pandemics. Whether sensational talk or fact, cyber attacks are both increasing in number and scale.

Join Steve Dobson, Operations Director at the ISF, as he kicks-off the ISF Cyber Security Showcase Week to discuss:
- What are cyber attacks?
- What are the reasons behind the growth of cyber attacks?
- Who is most at risk?
- What are the five key steps everyone can do to be better aware - and better protected - from attack?

Disclaimer: This is a pre-recorded webinar

Why Cyber Security is for Everyone

Earlier this year, the ISF introduced the latest edition of its Standard of Good Practice for information security (SOGP).

Organisations can leverage the SOGP to strengthen their policy frameworks and to assure stakeholders that they are aligned with industry-leading standards. 

Join ISF experts Nick Frost, Dan Rycroft and Jean-Michel Chapon as they guide you through:

• The key updates in the 2024 Standard of Good Practice and the rationale behind them

• A comprehensive approach to policy framework development covering stakeholder engagement, alignment with budget cycles, and other key steps

• A case study demonstrating how the ISF supported an organisation in successfully refreshing its policy framework to align with business objectives

Improving your policy framework with the ISF's Standard of Good Practice for Information Security

How do we move from separated teams, separated tooling, poor operational efficiencies, to a Cloud SOC that hums and keeps critical cloud infrastructure safe?  

Leveraging popular economist and thinker Nassim Taleb's ideas of Black Swan events and risk management, this session covers how current people, process and technology issues are leading to fragile cloud security operations for many organisations. In this session, we explore the opportunities and ways to rebuild more anti-fragile Cloud SOC.

Join Chris Hosking, Cloud Security Evangelist at SentinelOne, to learn: 

• Key causes of fragile cloud SOC 
• Technology opportunities to build cloud security resiliency

How to build an anti-fragile Cloud SOC

Planning for the next iteration of cyber threats is a difficult task, the ISF have over 15 years’ experience of predicting the next big thing for security teams to worry about. Threat Horizon can be part of your future proofing your security protections, hear from Paul Holland, Head of Research at the ISF, who will explain more about Threat Horizon and how our predictions have a habit of coming true.

Based on ISF research, this webinar will provide insight into the ISF Threat Horizon report and how it can be used for future proofing your cyber security plans:

• Learn about the ISF Threat Horizon report
• See how our threat predictions are made
• Discover how accurate our past and present predictions have been
• Understand how Threat Horizon can help future cyber security planning

Through the Looking Glass: ISF's predictions on past, present and future threats

Cyber security awareness programmes have been running for decades, but are they effective? The human element is still the single most common factor in causing security incidents. Security awareness programmes haven’t changed that or reduced our susceptibility to an acceptable level. It’s time to do more than just raise awareness: we need to change the conversation and talk about behaviour and culture instead.

Based on ISF research, this webinar will provide hints and tips on how organisations can move beyond raising awareness, to embedding security behaviours. It will outline how to:

•understand and address the psychological vulnerabilities we all have, and which attackers exploit
•create a programme for behavioural change across all levels of the organisation
•develop a human-centred security culture
•positively influence security behaviour.

Let’s Stop Talking About Security Awareness and Focus on Culture Instead

As the deadline to meet the NIS 2 directive fast approaches, organisations are realising that satisfying this legislation will be an ongoing activity. 

Resulting from workshops, events and assessments, ISF has identified 7 common challenges of NIS 2. 

Join our in house EU regulatory expert Luka Ivezic, as he outlines these challenges and how organisations can successfully achieve compliance.

NIS 2 Directive: addressing seven common challenges

We’ve identified three challenges posed by today’s uncertain world with the aim of equipping you – security and business leaders and their teams – with insight into why they matter, and how you can keep you and your organization’s future safe within strained budgets and resources.

This event will be part of our Cyber Awareness Month webinar program. Attend this session to:
- Gain perspective on the critical challenges facing organizations worldwide
- Equip yourself with the knowledge required to mitigate these challenges with increasingly limited resources
- Ask yourself the right questions to see where you stand on your cyber journey

Protecting My Business on a Limited Budget

The cloud has changed everything. Software supply chains, applications, and cloud environments are not only growing more complex, the attack surface has also expanded, with attackers now targeting the entire software supply chain—from source code management and CI/CD systems to developer identities.
The days of treating code, pipelines, and cloud in isolation are over. Security must now be integrated across every stage of development. Comprehensive cloud security is no longer about shifting left. It’s about starting left–and going all the way to the right.

Join Ziad Ghalleb, Product Marketing Manager at Wiz, to learn: 

•why application security can no longer be separated from cloud security.
•how a code-to-cloud approach empowers your developers to move at the speed of the cloud without compromising security

Building with Confidence: Security from Code to Cloud

Hear directly from Alex Jordan, Head of Tools and Methodologies, and Francesca Williamson, ISF Analyst, about the recently updated ISF Tools Suite that is aligned to the 2024 version of the ISF Standard of Good Practice (SOGP).  The ISF Tools Suite offers a holistic approach to security that is centred around industry-leading good practice, and assists security teams with risk management (IRAM2), control assessments (Benchmark), and managing supply chain risk (Supplier Security). 

This webinar will include:
• An introduction to each of the ISF Tools
• An overview of the new topics covered, including Artificial Intelligence and Stakeholder Engagement
• An outline of the standards and frameworks the SOGP is aligned to, including ISO/IEC 27001:2022 and the NIST Cyber Security Framework v2.0.

ISF Tools: A holistic approach to security

Murky and cryptic details of cloud breaches and threats fill all cybersecurity news. Sorting through the limited information provided can often lead to even more confusion around the source and solution to these threats. To build an effective cloud defence strategy, it is important to understand the nature of how you will be attacked. 

In this webinar, Chris Hosking, SentinelOne will provide an in-depth look at the changing cloud threat landscape.

Key takeaways: 

• The main causes of cloud breaches
• Real-world examples of Cloud TTPs and attacks
• Critical defences required to match the evolving cloud threat landscape

Evolution of Cloud Security Breaches: Building Cloud Defence

AI is creating unique opportunities but also raises risks of compromise and irrecoverable data loss. This session looks into advances that generative AI and other forms of machine learning provide to threat actors elevating their existing malicious activities to the new level and opening new attack vector potential. The session will also explore AI driven zero trust architecture and cybersecurity best practices that enable organisations to gain productivity benefits from AI tools while staying secure in the face of emerging threats.

Cyber Security in the AI Era

Over the last 2 years, 98% of organisations globally have had a 3rd party in their ecosystem that has experienced a breach. This coupled with increasingly stringent regulatory mandates such as DORA, NIS2, Cyber Resilience Act and SEC Materiality have made making cyber supply chain risk actionable a must. 

In this webinar, you will have the opportunity to learn what approaches your peers at Shell and Petronas have taken to build a more secure and resilient supply chain.

Using real-world insights, this session will explore best practices for supply chain risk management, including: 

● How to prioritise cyber risk in the supply chain and eliminate alert noise
● How organisations are getting ahead of requirements related to NIS2, DORA, Cyber Resilience Act and SEC Materiality
● How to leverage AI to automate workflows and free up resources
● How far downstream in the supply chain to address risk and the type of solutions leaders in Supply Chain Assurance look for to give them an edge

Our Speakers: 
 
Oleg Stryzhak serves as Shell’s Digital Supply Chain Risk Manager and is instrumental in safeguarding an ever-growing ecosystem of third-party digital services that play a vital role in the energy transition. Since 2017, Oleg has led a global team of risk managers that continually monitor the security posture of third-party service organisations. Learn more about Oleg at olegstryzhak.com

Muhittin Hasancioglu has 35 years of professional Information Technology, Cyber Risk and Security Leadership experience within PETRONAS, Royal Dutch Shell and Goodyear, with a proven track record of delivering significant business outcomes in challenging environments. 

During his time as CISO for PETRONAS and Royal Dutch Shell, Muhittin delivered a multi-year strategic cyber security program that encompassed IT and OT domains to enhance the cyber resilience and protect both groups against cyber threats and risks.

CISO Panel: Best Practices and Emerging Trends in Supply Chain Risk Management

As recent studies have confirmed, adversaries are using artificial intelligence (AI) to improve their tactics to launch targeted cyber attacks on organisations. 

The first half of this session will analyse how adversaries are using AI in their attack methods and what has changed from before, in their operations. The second segment of the session will delve into how security teams can leverage AI to counterattack threat actors and use AI to build and improve their defences.

During this session you will:

- Gain insights into how threat actors use AI to launch cyber attacks
- Determine what needs to be changed and laying the foundation for AI use within organisations to defend themselves
- Demystifying the "How to use AI “ for Security Teams so that they can derive better outcomes


Mani Keerthi Nagothu is a cybersecurity professional with global work experience. Her focus areas include Cybersecurity Strategy, Incident response, and Risk management. She is a Public Speaker at various Cybersecurity Conferences, Webinars, and Podcasts. She is passionate about teaching Cybersecurity; two of her courses, Insider Threat Risk Management and Designing Cybersecurity Controls, are published on LinkedIn Learning.

AI vs AI - How Adversaries and Security Teams use AI

Building on the ISF’s previous research, Lee will assess how artificial intelligence has evolved in recent years and discuss his upcoming AI Insights series of papers. With offensive and defensive AI already on the agenda, he will outline other areas of potential research for Members to consider, including governance, data privacy, ethics, and the need for transparency.


Meet the Speaker:

Lee Munson is a Principal Research Analyst at the Information Security Forum (ISF). Lee has over fifteen years’ experience in and around the information security industry. Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently working on a new Insights series of papers focusing on AI. Prior to joining the ISF, he set up and ran a security awareness program for one of the world’s largest media groups before moving into threat intelligence, focusing on crimeware and nation state threat actors.

Disclaimer: This is a pre-recorded webinar

AI Insights: Opportunities and Challenges

ISF Cyber Awareness Showcase Week - Oct 2024

Web applications are central to modern life. For governments, they are an important channel to communicate information to the public and provide essential services. For businesses, they serve as a source of revenue, efficiency, and customer insights.

Take a close look at the most important trends shaping the web application and API threat landscape today, including vulnerability exploitation, DDoS attacks, bot traffic, and third-party supply chain risk.


Join Sheril Nagoormeera, Principal Solutions Architect for a discussion on the latest application and API security threat research sourced from Cloudflare’s global network, including:

• Shifts in blocked web application and API traffic
• The growth and increased complexity of DDoS attacks
• The weaponization of vulnerabilities at breakneck speed
• The growing risk of shadow APIs
• Risks associated with third-party components such as scripts, outbound connections, and cookies

Are you prepared for the next attack? The state of application security in 2024

Cyber Security

Government

CISO

Vulnerability Management

Shadow IT

API Management

DDoS

Supplier Risk

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Are you prepared for the next attack? The state of application security in 2024

Presented by

About this talk

More from this channel