From sophisticated new forms of malware to the nation-state and the advanced persistent threat (APT), cybersecurity incidents have evolved at a rapid pace and are disrupting organizations and damaging reputations. But are organizations' incident response programs, personnel and tools evolving to keep up with the new threat landscape?
According to the 2013 Incident Response Survey results, only 20% of organizations rate their incident response programs as "very effective." Their biggest gaps: Being able to detect and contain malware, which can also be the precursor to advanced persistent threats.
Aimed at determining how organizations are prepared to respond to today's new breed of cyber-attacks, the survey also finds many respondents experienced malicious code in the past year, had lost or stolen devices, or were victims of spear phishing, resulting in system downtime, lost or compromised data or financial loss. Only 26 percent of respondents rate their current anti-malware tools as "very effective."
In this session, thought-leaders from FireEye and ISMG will present and analyze responses to key questions, including:
Trends in fraud management have evolved as more business has moved online, where the applicant can easily hide under a stolen or made-up identity. Now it's time to move beyond chasing after the fact to preventing fraud before it happens.
Equifax has extensive experience working in the financial sector and with major government agencies to help identify fraudulent applicants before they get in the front door. Working across verticals means that lessons from each are combined to create a complete view of fraud behavior and best practices for combating it.
In this session, Ryan Fox, Principal in Equifax Identity and Fraud Solutions consulting group, will review implementations across federal agencies built from analytic models that serve to successfully prevent fraud in the financial, e-retail and telecommunications space. These sophisticated analytics assess the likelihood of fraud through extensive matching within proprietary data sources, and assessment of network activity associated with that identity.
He'll be joined by Rich Huffman, Senior Product Manager for Fraud, discussing best practices in fraud mitigation that result in a tiered process. Among the core elements to be discussed:
DDoS was thought to be a threat from the past until it was reactivated and re-energized by the hacktivist group known as the Izz ad-Din al-Qassam Cyber Fighters.
Since the fall of 2012, the attackers have used DDoS to disrupt the online functions of nearly 50 U.S. financial institutions, causing website outages that alarmed customers and caused two federal regulatory agencies to issue fraud alerts to member institutions.
Following the two initial waves of attacks, in the fall and winter of 2012, the hacktivists took time off to regroup. Each time they came back stronger.
But the third wave, which commenced in March 2013, shows no sign of abating. Not only have the attacks morphed, targeting different vulnerabilities, but the attackers' botnet has strengthened. In April, the FBI warned that attack scripts have been modified in an attempt to increase the effectiveness with which the scripts evade detection. The actors are changing their attack methodology, the FBI says, to circumvent mitigation efforts of the financial institutions.
Concurrently, electrical utilities, gaming sites and European banking institutions all have experienced different forms of DDoS.
How can organizations from across industry defend themselves against attacks that some of the world's largest banks cannot prevent?
That is the key question that will be answered in this panel discussion from three unique perspectives:
Mobility has brought privacy to the forefront. Increasingly, organizations are providing new services and conducting new business on mobile devices. And regulators such as the Federal Trade Commission have offered new guidelines specific to ensuring privacy protections for the users of mobile devices.
This enhanced focus on privacy forces security leaders to answer fundamental questions:
These are privacy questions that increasingly play a role in organizations' breach prevention and response strategies. And to be effective, security leaders better know the answers - from a privacy officer's unique perspective.
At McAfee, Chief Privacy Officer Michelle Dennedy understands the necessity of taking proactive steps to protect privacy and to work with security to minimize the risk and impact of a data breach.