Why are there so many hacking intrusions? Why are there so many card breaches? Also, can it actually get much worse? The banks blame the retailers, the retailers blame the banks, and consumers blame everyone. We try to learn from our mistakes, but the perspective we hear the least about comes from the cybercriminals themselves — many of whom are growing increasingly organized, networked, financed and politically connected. This talk will examine the answers to those “Why” questions from the perspective of profit-seeking online crooks.
Corporate and Family Resiliency: Proactive Solutions for a Changing World
All of us have a basic right to privacy; that right is increasingly important as technology evolves. Absolute privacy is difficult to achieve; resiliency is achievable but requires proactive planning.
Key Takeaway: Physical and cyber resiliency are achieved through proactive planning, policies, and procedures, training and manpower, and technology.
Cyber Insurance: Coverages, Regulatory Developments and Claims/Litigation Trends
Marsh’s cyber expert, Jeffrey Batt, will be presenting on the topic of cyber risk; discussing what it is, how to deal with it, and Marsh’s position on the trends of the industry. In this presentation, you will learn to define cyber risk, as well as different mitigation and transfer options, and understand the differences in coverages currently offered. This presentation will review patterns in the purchasing of cyber insurance and shed light on the application process from the client’s perspective.
Key takeaways: Define and identify key cyber risks. Strategies for managing cyber risk. Risk transfer options. Insurance markets and coverages. Insurance industry trends. Procuring cyber coverage.
Cybersecurity for the Rest of Us
This session focuses on security awareness and education of best practices for anyone wanting to learn more about how to better protect themselves and their organization. The session is taught in an easy to understand, yet meaningful way and covers real-world scenarios, live demonstrations of helpful tools and provides a roadmap to strengthen the overall security of our personal information, as well as our organization’s data.
Key Takeaways: How to get started with strengthening your security and best practice tools available to help. A roadmap for achieving best practices.
Cybersecurity Threats Including the Dark Web
It is imperative today that all professionals understand cybersecurity practices not only to protect their own organization but also to protect client data. Both large and small organizations are targets for hackers, insiders and other nefarious attackers, which is why it is imperative for executives to have a basic knowledge of cybersecurity practices.
You’ve heard about the ‘Dark Web’ on TV and probably read about its secrecy. This session will explain everything from what onions have to do with the Dark Web to actually accessing it and showing some of the items hidden within the Dark Web. This class is one of a kind.
Key takeaways: Upon completion, each participant will have a basic understanding of cybersecurity, his/her role, what onions have to do with the Dark Web and its importance. We will explore the Dark Web to see what information can be accessed, as well as how it can protect their organization.
Data Breaches Today & The Unintentional Insider Threat
While many data breaches are caused by outsiders or disgruntled employees, the unintentional insider remains the largest threat to an organization. Employees are the backbone of an organization and serve as its greatest asset; however, they can be its vulnerability when working with proprietary and private information. Millennials bring an interesting dynamic to the organization, as they are technologically savvy, but tend to be more open with information.
This presentation reviews statistical data about breaches and provides insight into preventing and mitigating these breaches. The speakers will present overviews of the largest data breaches over the last three years focusing on unintentional insiders’ roles in breaches. The various types of costs related to breaches will be discussed, including methods for calculating potential costs of data breaches in the future. Survey data will be presented on significant security blocks to achieve effective breach prevention. The role of millennials in the labor force will be underscored in an explanation of current threats to data security.
Key Takeaways: Understanding of breach threats posed by unintentional insiders. Understanding of categories of costs associated with breaches. Appreciation of common obstacles to optimizing data security. Appreciation of the importance of risk analysis in preventing future breaches.
How Identity Theft Disrupts the Security versus Convenience Mindset
Eva Velasquez, CEO, Identity Theft Resource Center
This session will explore the emotional, physical and behavioral impacts of identity theft on its victims. Together, we will discuss possible opportunities to leverage the post-incident behavioral and perception changes in order to create a positive effect in our national conversation about this issue, as well as the security versus convenience debate.
Key takeaways: The protection, verification and authentication of identifying information/data is a shared responsibility. Consumers/victims must demand more robust authentication and verification of their identity rather than frictionless convenience in order to get industry to respond. Consumer advocates play a key role in empowering consumers/victims to mobilize and use their collective voice to create a change in our national perception of the importance of security and identity.
Targeting ID Thieves, A Case Study
Hotel Breach: A case study of the investigation by the United States Secret Service into a mass theft of hotel customer data by the Aryan Brotherhood.
This session will explore the complete failure of the hotel to follow basic standards in the protecting and securing of personally identifiable information (PII) as well as the difficulty of victim notification. The session will present new investigative techniques used to successfully prosecute the members of the criminal organization who orchestrated the scheme.
Key Takeaways: PII has to be viewed as an asset by the organization. Law enforcement/private organizations should understand who or what groups are going to attempt to obtain the entity’s PII. Innovative steps are needed for the successful investigation and prosecution of identity theft cases. Research can assist in identifying trends and patterns of the mode, means and method of identity theft cases and breaches of PII.
The Greatest Gift – Making Attacks Expensive
How many times have you heard the phrase “Defenders have to get security right every time, an attacker only has to get it right once”? In this presentation, we will explore the phases of a cyber-attack, identifying the stages where defenders can make it more expensive for the attacker than the defender to continue attacking. By changing our perceptions and understanding of the inevitable attack, defenders can develop capabilities to gain an upper hand against the attackers. This presentation will demonstrate actionable processes to shift the power to the defense and make attacking expensive and difficult for attackers.