Earn up to 6.5 CPE credits by attending this virtual event
Email continues to be a top vector of attack, with phishing and business email compromise scams among the most serious of threats. Email was designed to be open and accessible, which unfortunately opens the door to campaigns designed to overload you with spam, steal your information, or socially engineer your employees. To counter these sophisticated schemes, email security has become a multi-layered discipline involving people, process and technology.
On June 14-15, SC Media will gather together practitioners and experts to share their insights on email security, to discuss topics such as:
- Results from CyberRisk Alliance’s Email Security & Phishing Research Survey
- The latest examples of email attack techniques and social engineering campaigns targeting your employees
- Tips for improving your phishing tests and simulations
- Special security awareness recommendations for high-level executives at risk of spear phishing and impersonation
- Best practices for email authentication techniques such as SPF, DMARC, DKIM and BIMI
- How both email attackers and defenders are leveraging AI technology
FEATURED SPEAKERS:
Agenda
Day 1 | June 14
10:45 AM ET
Program Opens
11:00 AM ET
Opening Keynote: Crafting customized and constructive (but not cruel) phishing simulation tests
Karen Riha: Head of Information Security Awareness & Training, New York Life Insurance Company + Founding Member & Board of Directors Past-President and Advisor, International Association of Security Awareness Professionals (IASAP)
Companies that expose employees to security awareness training often test the effectiveness of their lessons using anti-phishing simulations, designed to catch workers off-guard and trick them into clicking a link. But not every company faces the same exact email-based threat campaigns, and the lures and subject lines that scammers use change frequently based on current events. With that in mind, this session will demonstrate how to customize effective, timely and relevant phishing sims that mimic campaigns your employees are likely to encounter. The presentation will also cover examples of lures you can use – and controversial ones to avoid – as well as what corrective measures to implement when employees fail the test.
11:30 AM ET
Your guide to phishing mitigation
Roger Grimes: Data Driven- Defense Evangelist, KnowBe4
Spear phishing emails remain the most popular attack avenue for the bad guys, yet most companies still don’t have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don’t get caught in a phishing net! Learn how to avoid having your end users take the bait.
This webinar, hosted by Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will cover a number of techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks. We won’t just cover one angle. We’ll come at it from all angles!
Strategies include:
· Developing a comprehensive, defense-in-depth plan
· Technical controls all organizations should consider
· Gotchas to watch out for with cybersecurity insurance
· Benefits of implementing new-school security awareness training
· Best practices for creating and implementing security policies
12:00 PM ET
Shifting to employee-centric email threat defense
David Lorti: Director of Product Marketing, Fortinet
Hear from a cybersecurity experts on how to secure your workforce as they work from anywhere—in the office, at home, or anywhere in between. You’ll learn how to spot risk: phishing, spear phishing, ransomware, and social engineering and how secure organizations have bolstered against attacks.
12:30 PM ET
Break
12:45 PM ET
Ransomware, phishing and malicious files drive email security strategies
Matt Alderman: EVP Foresight, CyberRisk Alliance
Bill Brenner: VP Custom Content, CyberRisk Alliance
In this eSummit session, CRA’s Bill Brenner and Matt Alderman explore the key takeaways from a May 2022 CyberRisk Alliance Business Intelligence study, including the top concerns of security decision makers when it comes to email-based threats, the strategies they have adopted in response, and their spending plans for the next 24 months.
1:30 PM ET
Don’t fall for phishing!
Ganesh Umapathy Product Marketing Manager, Cisco/Duo
In this webinar you will learn:
● How attackers gain unauthorized access utilizing modern phishing tactics
● What organizations can do to increase resistance to phishing attacks
● Best practices Duo uses to secure a global remote workforce
Stolen credentials and unpatched software are common attack vectors used by cybercriminals in many types of attacks, including ransomware. Organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate these attacks. But security tools are used by real people, so they need to be supported with simple processes and great usability for maximum security efficacy.
2:00 PM ET
Plenty of phish: why we need a new approach to email security
Dan Fein: VP of Product and Mariana Pereira Director of Email Security Products, DarkTrace Holdings
As organizations continue to accelerate digital transformation in order to endure ongoing global disruption, there has never been more at stake for organizations – and cyber security has never been more crucial. While attacker techniques are advancing, over 90% of cyber-attacks still originate in the inbox, and with thousands of new domains created on a daily basis and impersonation and spoofing attacks becoming ever more sophisticated, organizations urgently need a new approach to email security.
Join Darktrace’s Directors of Email Security Products, Dan Fein and Mariana Pereira, as they provide expert insights into how cyber AI is the only tool that can keep pace with the rapidly evolving threat landscape facing organizations’ inboxes each and every day.
2:30 PM ET
Closing Keynote: Next-gen phishing: The latest twists and turns in the evolution of malicious emails
Peter Cassidy: Co-founder and Secretary General, Anti-Phishing Working Group
Email security is a game of one-upmanship. Security professionals impose new defenses, only for scammers and social engineers to devise inventive new ways (or resurrect old tried-and-true ways) to circumvent them. This session will detail some of the latest tactics that phishing operations are cleverly using to fool recipients and bypass email gateways – including the use and abuse of QR codes, vishing elements, deepfakes, RTF injection techniques, cloud-based services and collaboration tools and more.
DAY 2 | June 15
10:45 AM ET
Program opens
11:00 AM ET
Mastering the 5 pillars of email authentication: SPF, DKIM, DMARC, ARC & BIMI
Alex Brotman: Program Committee Vice-Chair & Data and Identity Protection Committee Co-Chair, M3AAWG
To cut down on fraud, organizations can help email recipients verify the legitimacy of the sender through the adoption of five core email authentication specifications or standards: SPF, DKIM, DMARC, ARC and the new kid on the block, BIMI. This session will define the important role that these techniques play in email security and brand protection, and then identify common mistakes and best practices associated with each one.
11:30 AM ET
Security blind spots in the era of cloud communication & collaboration: are you protected?
Michael Aminov: co-Founder & Chief Architect, Perception Point
The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed.
In this session we’ll discuss:
Cyber attack trends in the collaboration channel ecosystem
The (yet) unsolved challenges of email security – the main channel of targeted attacks
The rising threat of cloud collaboration and the growing risk of content-borne attacks
…And we will walk three use cases, their challenges and their deployments.
12:00 PM ET
What’s your business communications security posture? email remains vulnerable because security solutions are focused on the wrong things
Chris Lehman: Chief Executive Officer (CEO), Safeguard Cyber
Do you understand your organization’s business communications security posture? Phishing and BEC attacks remain the top vectors despite advances in security awareness training and email security controls. These persistent threats remain because legacy email security is focused on the wrong things. Today, 45% of business communications now occur outside of email, in other channels like Teams, Slack, and even in personal apps like LinkedIn. Organizations need deep and unified visibility across their business communications ecosystem. Is the employee receiving the phishing email being groomed on LinkedIn? Current controls are reactive and can’t analyze the dynamic nature of human language, so they miss constantly evolving phishing lures and new levels of sophistication.
In this session, our CEO Chris Lehman will:
• Breakdown recent cross-channel social engineering attacks
• The role of Natural Language Understanding technology in creating more proactive defense controls
• Why the SOC needs insight into the context and intent of communications
• Why cross-channel event correlation is critical to improving MTTD/MTTR
12:30 PM ET
Break
12:45 PM ET
Thought leadership panel: Is email security becoming a battle between good vs. evil AI?
Matthew Canham: CEO, Beyond Layer 7, LLC
Dr. Sagar Samtani: Assistant Professor and Grant Thornton Scholar, Indiana University – Kelley School of Business
Call it the two faces of AI. On one hand, network defenses are increasingly relying on email security solutions that use machine learning and artificial intelligence to identify signs of phishing communications and thwart malicious campaigns. At the same time, scammers are also getting better at leveraging AI to more efficiently and effectively craft phishing messages. Some may even use AI-powered deepfakes technology to add more credibility to their scams. This session will reveal how both network defenders and attackers are leveraging machine learning and AI in the context of phishing, BEC scams and email security. The question is: Who will come out on top?
1:30 PM ET
Transform your cybersecurity approach with CYBERology™ – reduce phishing failures by up to 95%
Dr. James Norrie, Founder and CEO of cyberconIQ, Professor of Strategy, Cybersecurity & Law at York College of Pennsylvania
Based on ground-breaking research, this presentation reframes fear and despair of on-going cyberattacks into hope that we can prevail when we understand how to harness the power of knowledge and teamwork. Dr. James Norrie introduces CYBERology™ – the intersection of cybersecurity and psychology, whereby most organizations focus on technology and risk-controlled process designs as their primary risk mitigation tools, he demonstrates how refocussing management’s attention on the HUMAN element can help reduce phishing failures by up to 95%!
2:00 PM ET
Closing Keynote: Shielding CEOs from whaling & spoofing: Advice from a prankster who targeted VIPs
James Linton: Social Engineer & Founder, The Whole
Who better to advise companies on how to protect their CEOs and other top executives from phishing and impersonation scams than James Linton – the security researcher and social engineering expert who famously conned several financial industry bigwigs and White House officials in a series of email pranks? (And then later went on to scam cybercriminals into giving away their secrets.) In this session, James will reveal techniques that adversaries use to manipulate executives and the employees who answer to them. He’ll also cite examples of scams he personally observed, and share advice on how executives can make themselves less susceptible to these schemes.
