Annual

now browsing by tag

 
 

#cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report

Source: National Cyber Security – Produced By Gregory Evans

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!

LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.

The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.

Download the free report now to see the current state of password security, access, and authentication around the world – and learn what you can do today to better secure your company.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Source link

The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.

View full post on National Cyber Security

4th Annual Cyber Security for Defense

General Cybersecurity Conference

 June 25 – 27, 2018 | Washington DC, United States

Cybersecurity Conference Description 

Our Cyber Security for Defense series has proved to present the hottest and most critical topics within the Cyber Defense sector. Our three successful iterations have brought in a combined total of 600 attendees & speakers.

We recently learned from DISA, CIA, U.S. Army Cyber Protection Brigade, FBI, ODNI, Marine Corps, and Joint Staff J-6 (to name a few!) about how our defense and intelligence sector is combatting cyber real-world threats & attacks, and how we can better collaborate amongst the private sector.

As more Defense commands demand cyber security solutions to protect our country, the conversation must be expanded. That’s where the 4th Cyber Security for Defense comes in, covering priorities from our nation’s top military agencies on defending the United States from cyber attacks. Be sure to check back in for updates regarding next year’s conference.

advertisement:

The post 4th Annual Cyber Security for Defense appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

17th Annual Workshop on the Economics of Information Security (WEIS)

General Cybersecurity Conference

 June 18 – 19, 2018 | Innsbruck, Austria

Cybersecurity Conference Description 

Information security and privacy continue to grow in importance, as threats proliferate, privacy erodes, and attackers find new sources of value. Yet the security of information systems and the privacy offered by them depends on more than just technology. Each requires an understanding of the incentives and trade-offs inherent to the behavior of people and organizations. As society’s dependence on information technology has deepened, policy-makers have taken notice. Now more than ever, careful research is needed to characterize accurately threats and countermeasures, in both the public and private sectors.

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. The 2018 workshop will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions.

advertisement:

The post 17th Annual Workshop on the Economics of Information Security (WEIS) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

13th Annual Conference of the Midwest Association for Information Systems (MWAIS)

General Cybersecurity Conference

 May 24 – 25, 2018 | St. Louis, Missouri, United States

Cybersecurity Conference Description

MWAIS 2018 will provide an intimate environment to facilitate the sharing of ideas, and close interaction among participants. About 100 participants are expected from throughout the Midwest US, the neighboring states and Canadian provinces, and beyond.

Read More….

advertisement:

The post 13th Annual Conference of the Midwest Association for Information Systems (MWAIS) appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Third Annual Cyber Investing Summit

Source: National Cyber Security News

General Cybersecurity Conference

 May 15, 2018 | New York City, New York, United States

Cybersecurity Conference Description 

Explore the investment opportunities and trends in the rapidly growing cybersecurity industry. The Summit differs from traditional product centered conferences by focusing on the financial side of the sector.

Network with key influencers in the cybersecurity and financial industries. Attendees include venture capitalists, private equity managers, CISOs, publicly traded companies, privately held firms, startups, financial analysts, institutional and retail investors, and government experts.

Momentum Cyber Chairman and Former FireEye & McAfee CEO Dave DeWalt will deliver the keynote address.

Leading cybersecurity investors, experts, and analysts will discuss sector investment strategies, market growth forecasts, funding for startups, merger and acquisition activity, equity valuations, and industry partnership opportunities.

The Annual Cybersecurity 500 list of the most innovative cybersecurity companies will also be revealed at the Cyber Investing Summit.

Read More….

advertisement:

View full post on National Cyber Security Ventures

IDC’s Annual Security Conference 2018

Source: National Cyber Security News

General Cybersecurity Conference

 March 14 – 15, 2018 | London, United Kingdom

Cybersecurity Conference Description 

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. More than 1000 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For more than 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world’s leading technology media, research, and events company.

Read More….

advertisement:

View full post on National Cyber Security Ventures

3rd Annual Rail Cyber Security Summit

Source: National Cyber Security News

General Cybersecurity Conference

 March 13 – 14, 2018 | London, United Kingdom

Cybersecurity Conference Description 

This is an opportunity for the sector to come together and dive deeper into key challenges, this event will be hosting a unique opportunity for stakeholders to formulate solutions and vision for the industry moving forward.

Read More….

advertisement:

View full post on National Cyber Security Ventures

16th annual e-Crime & Cybersecurity Congress

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

 March 6 – 8, 2018 | London, United Kingdom

Cybersecurity Conference Description

The 16th e-Crime and Cybersecurity Congress will reflect this new and challenging world.

Can the industry deliver? Can you deliver? What happens if you can’t?

Read More….

The post 16th annual e-Crime & Cybersecurity Congress appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

2nd Annual FINSEC 2018

Cybersecurity Finance Event

 March 5 – 6, 2018 | Dubai, United Arab Emirates

Cybersecurity Conference Description

Digital transformation in the BFSI industry has not only led to the rapid growth of fintech but is also disrupting the traditional banking system as we know it. While technology offers several opportunities and advantages, it also represents its fair share of security concerns and threats. Emerging channels, such as mobile banking, digital banking platforms, Internet of Things (IoT) etc., are being exploited by cyber criminals. Over the past few years, the BFSI industry in the Middle East has become one of the prime targets for highly sophisticated and targeted attacks.

Digitisation is expected to increase the annual cost of cybercrime to US$ 6 trillion by 2021. In light of the recent ransomware attacks, global spending on security products and services is projected to exceed US$ 1 trillion over the next five years. Although banks are increasing their spending to protect customers and data, security is no longer a one-size-fits-all solution. Security professionals must be equipped with adequate intelligence to stay ahead of ever-evolving technology and changing user behavior.

The second edition of Finsec–The Banking Security Summit will bring together leading decision makers and solution providers to share case studies and address key challenges. Information security professionals will have the opportunity to discover the latest technologies, developments and strategies to protect their organisations against cybercrime. The summit will guide organisations on how to make comprehensive security decisions that will define their bank’s future.

View full post on National Cyber Security Ventures

How #Facebook’s Annual #Hacktober Campaign Promotes #Cybersecurity to #Employees

Source: National Cyber Security – Produced By Gregory Evans

While the word “cybersecurity” may evoke thoughts of highly sophisticated attacks that require fancy computing equipment and skilled hackers, the reality is that most attacks — especially in a corporate environment — involve simpler strategies that depend upon one thing: exploiting human behavior.

Most companies are hard at work building technology to better protect themselves and their users or customers. But technology can only get us so far. People are the most important factor in any company’s cybersecurity strategy, and investing in security engagement goes a long way in helping companies reduce the probability of a breach.

Facebook runs security engagement programs year-round, but the most important tool in our arsenal is Hacktober, an annual, monthlong tradition each October designed to build and maintain a security-conscious culture. It’s our version of National Cyber Security Awareness Month, a campaign to get people involved in cyber security and play their part in making the internet safer and more secure for everyone.

Hacktober has a number of different elements, from phishing tests and marketing campaigns to contests, workshops, and expert talks. Participation is not mandatory, but we find that about one-third of employees participate in at least one activity over the course of the month. Everything is designed to remind our employees how to protect themselves, our company, and the millions of people who use Facebook every day.

Security awareness can be engaging rather than scary — or worse, boring. If we create an interactive and fun environment around security, people will learn important security lessons and retain them throughout the year.

At Facebook, we take a “hacker” approach to security awareness because that ethos is a core part of our culture, which means it resonates with our employees. One of the best examples of this is our Capture the Flag (CTF) competitions.

CTFs are computer-based competitions that allow people to practice securing machines and defending against mock cyber security attacks. We know many of our employees enjoy solving complex problems in a competitive environment, and CTFs give us a way to create that type of fun, competitive atmosphere around security education. This year we deployed two versions: a jeopardy-style CTF where challenges could be solved by doing research and an attack-defense CTF that relied on real-world attacks and exploits. The CTFs were hosted on our open-sourced platform, and the challenges were designed by a cross-functional team of security engineers each with a specialized skill set (mobile application security, Windows security, and so on) to ensure a well-rounded CTF experience.

In the spirit of keeping things fun and engaging, we also offered a series of lighter events that reflected our hacker culture, like hands-on lock picking classes. And to generate buzz around all of our activities and keep our employees engaged, we offered Hacktober-branded “swag” — T-shirts, hats, stickers, and magnets —designed in the “Hack-o-lantern” branding we’ve established over the last seven years.

All employees should feel comfortable talking about security. Everyone should be able to raise concerns without hesitation, even if their role in keeping our company safe may not be so obvious.

We believe all employees must participate in keeping Facebook a safe, secure place on internet. Over the course of Hacktober, we run a series of “hacks” such as phishing emails and rogue authentication pushes that help us assess the response of our employees to these simulated attacks. We also hold informal fireside chats with speakers like Condoleezza Rice, the former U.S. secretary of state and renowned expert on geopolitical risk. Her joint talk with Facebook CSO Alex Stamos gave people an opportunity to hear about the evolution of nation state–sponsored cyberattacks.

To mitigate the risk of human error, companies need to broaden their definition of security. Hacktober isn’t just about “cyber” security. It’s also about the physical security and safety of our employees. We partner with our physical security colleagues to provide training classes for employees, such as a travel safety course geared toward female employees, and use Facebook to share training videos on the threat of tailgating.

Employees should know the people who work on our security teams. And they should understand their role in protecting people on Facebook.

Facebook has grown over the years, which means the process of identifying and communicating with members of the security team can be challenging. We tried to simplify this by creating a security help form on our intranet as well as offering tours of our Global Security Operations Center. We also promote our security work through a massive marketing campaign: We built a dedicated microsite for people to visit and learn about different activities, and promoted it with Hacktober posters, resource cards, and coffee sleeves. We also created an internal Hacktober Facebook group where employees could post questions, provide feedback, collaborate on CTF challenges, or just post their thoughts on current security topics or concerns.

Hacktober is also a great learning opportunity for the security team. The microsite served as a data source for us to find out what people are most interested in, but we’re constantly tracking metrics that help us improve our programs — and we try to apply some of the lessons in real time. For example, we suspended this year’s phishing campaign in the middle of the month when our data showed a significant drop in people clicking on phishing links and an increase in the number of people reporting the phishing scams to the security team. In essence, we had achieved our goal of changing employee behavior and decided it would be better to allocate resources elsewhere.

Campaigns like Hacktober can be one of the most effective ways to assess social engineering risk and understand what types of human behavior your company or organization is most vulnerable to. Is it phishing? Weak passwords? Physical security? And what tools or tactics can your team deploy to address these threats?

We designed Hacktober to fit the culture and security needs of Facebook, but other companies can apply many of these principles as well. Just remember that any successful campaign must have support from senior leadership, align with the company culture, and take some of the fear out of the security conversation. Security education isn’t about shaming people for poor habits. It’s about rewarding positive behavior and fostering a security-conscious culture among your most critical resource: people.

Here’s how your company can create its own Hacktober:

  • Prioritize organization and branding. Facebook decorates its walls with posters with a distinctive “Hack-o-lantern” design and uses internal groups to share posts about Hacktober. Creating a unique identity for your awareness effort helps people identify it and find ways to get involved.
  • Partner with third-party organizations. The National Cyber Security Alliance is a great partner for security awareness work and offers ideas and content.
  • Recognize and reward engagement. Hacktober memorabilia like T-shirts and stickers are wildly popular at Facebook. Facebook employees who report suspicious activity or uncover one of our hacks are rewarded with one of these coveted prizes, which help drive awareness and incentivize others to get involved.
  • Run real-world security tests. Simple tests can go a long way toward reminding people to remain vigilant. We recommend things people would encounter in an average work day: sending spear-phishing emails (malicious emails that appear to come from a trusted source) or dropping USB drives around the office with fake malware, which teaches employees to think twice before plugging an unknown device into their computer.
  • Bring people together. Offer educational sessions with your security team, host interactive workshops, and run competitions and contests. You can even use the Facebook open-source CTF platform to run your own CTFs.
  • Keep it fun. Security doesn’t have to be scary. Facebook has invited families to its HQ for a safety-themed movie and pumpkin-carving night. These and other hands-on activities help educate people in a fun, casual environment.

The post How #Facebook’s Annual #Hacktober Campaign Promotes #Cybersecurity to #Employees appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures