Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021
It’s widely recognised that the human aspect of cybersecurity is critical but not well understood. The empirical evidence is limited. In a first-of-its-kind project, user security behaviours and attitudes have been examined with scientific rigor. Join us to discover and explore the key findings.
Recorded on: Friday 15th October 2021
Is psychological safety the missing link to successful security initiatives?
Have you ever considered how your organisation's ability to create and maintain a psychologically safe environment – where employees know they will not be punished or humiliated for speaking up – can impact your security initiatives? Discover how to take these principles forward and create successful initiatives.
Recorded on: Monday 11th October 2021
How to use actionable network modelling to improve your organisation’s security
The digital world is transforming at the speed of light. The adoption of new technologies, expansion into the cloud, and distributed workforces all leave attack surfaces undefended. Learn why scanning and patching are no longer adequate, how to collect the right data, and how to remediate with network context.
Recorded on: Friday 8th October 2021
When we can’t protect everyone all the time, who gets the Kevlar jacket?
With so many people and limited resources, it can be difficult to focus our attention and prioritise the right risks. We discuss the ways to identify users who are imminent targets and those who pose a high risk, and how to address the needs of different groups based on their profile – in a timely fashion.
Recorded on: Wednesday 6th October 2021
Why you should include suppliers in your security risk assessments
Supply chain attacks have increased in frequency and severity in recent years and even months, but what makes these attacks different from other cyber attacks? And what do they mean for our businesses? Learn how to manage your supply chain risks and the precautions corporations can take.
Recorded on: Friday 1st October 2021
Better cybersecurity log management: Data backups are sent offsite, why aren’t most security logs?
It takes an average of 256 days to identify and contain a breach. So why do we typically only retain 90 days of security log data? How can you find IoC in your environment many months ago? Discover how a cloud System of Record (SoR) gives you the advantage with extensive backwards cover and end-to-end timeline visibility.
Recorded on: Monday 27th September 2021
Spear phishing in 2021: Why organisations need new methods to combat new tricks
Phishing is a threat most security leaders are concerned about. Not only are attacks frequent, time-consuming to investigate, and expensive to recover from, but solutions such as SEGs and native tools aren’t enough. With 2m malicious emails managing to bypass ‘robust’ security controls over one year, we need new ways to defend against this evolving threat.
Recorded on: Friday 24th September 2021
The evolution and commoditisation of the cybercriminal ecosystem
We explore how cybercriminal communities have evolved to become more professional and commoditised over time and what this means for organisations today, including the amplified threat posed by cybercrime and ransomware operations. Watch to gain an understanding of not just how cybercrime has matured, but also what to do about it.
Recorded on: Wednesday 22nd September 2021
Supply chain attacks are the new high-water mark of attacks
Attackers will always choose the easiest path most likely to succeed. And which is a target more likely to open – the unknown email with an attachment, or an invoice from a known and trusted supplier? We analyse some of the most prominent recent supply chain attacks and share how to combat them.
Recorded on: Friday 17th September 2021
How to achieve continuous compliance across complex hybrid networks
Many organisations lack visibility and context across their hybrid networks, which impacts their ability to monitor and detect changes in overall compliance. Learn how automating the complex security check-and-balances and quickly identifying risks and changes to security policies can help you achieve and maintain continuous compliance across your network.
Recorded on: Wednesday 15th September 2021
Exclusive preview of the new National Cyber Resilience Group - the flagship UK policing project that needs you!
Ahead of the formal launch in October, SASIG is delighted to have an insight into a new policing project. Not-for-profit cyber resilience centres have successfully brought together police and private sector companies – now a national company will launch in October. Join us to discover the organisation’s plans.
Recorded on: Monday 6th September 2021
How to get your security programme proposals approved
Have you been passionate about a proposed solution, only to find that nobody understands how it could positively impact the business? This doesn't need to happen. Join us to learn how to leverage your research and project management skills to tell a compelling story, create a proposal that justifies investment, and generate buy-in.
Recorded on: Wednesday 1st September 2021
What is the impact of the changing face of EDR?
EDR has changed significantly over the course of the last 10 years, developing from simplistic anti-virus to complex end-point productions. It can now enable a much more effective preventative posture for a business that may be under attack. Learn why EDR is important and how to get the best out of its deployment.
Recorded on: Thursday 29th July 2021
4 steps to navigating insider risk
With the massive shift to remote working in 2020, organisations have been racing to rethink their security programs to manage the risk from within as well as guard from external attacks. This webinar explores the unique risk of insider threats and show you the 4 steps you can take to protect your organisation.
Recorded on: Tuesday 27th July 2021
Cyber Escape: Discover how to raise cyber awareness through fun!
Situational awareness cyber training can bring risks to life, helping employees gain cybersecurity experience in a fun and safe environment. This talk shares an example of a mobile Cyber Escape Experience, where participants look for clues, solve puzzles, and decipher riddles to earn their escape, as well as the objectives of the initiative and the lessons learned.
Recorded on: Monday 26th July 2021
Hacking the golf course
Organisations often forget that physical and cyber security are linked. Jake is used to hacking up the golf course with his 8 iron, but join us to hear how he recently used his other hacking skills to pen-test a golf club. The results are mind-blowing and even comical!
Recorded on: Thursday 15th July 2021
What is the Metropolitan Police Cyber Choices Team?
The Metropolitan Police Cyber Choices programme is designed to reduce cybercrime by working with individuals who may be vulnerable to it. They promote legal and ethical cyber opportunities to divert people away from crime and encourage them to make informed decisions. Learn more about the important work this team does.
Recorded on: Tuesday 13th July 2021
SASIG IoT Academy Session 2: IoT; the threat it poses and how to secure it
With the prevalence of IoT devices, how do we take on the mammoth challenge of identifying and securing the devices on our networks? Join us to learn how bad actors can use IoT devices to gain access to your network, how to apply ringfencing principles to IoT devices, and how to identify shadow devices with AI techniques.
Recorded on: Friday 9th July 2021
What is threat hunting? Why you need it, and how to make it easy for your analysts
Cybersecurity often feels like a game of cat and mouse. Just as a solution gets close to preventing an attack, the adversaries change their techniques. With threats going undetected by traditional security tools and lurking in networks for months, threat hunting means no more waiting around for that dreaded alert.
Recorded on: Tuesday 6th July 2021
SASIG IoT Academy Session 1: What is modern IoT and where is it?
Maturing technologies mean just about everything can be cheaply connected to the internet, but with a lack of regulation and technology standards, has the security of IoT become a maturity nightmare? We discuss what modern IoT looks like, where it sits on our networks, and what needs to be done to secure it.
Recorded on: Friday 2nd July 2021
The ABCs of cyber risk prioritisation: Fixing what really matters
Identifying and prioritising the risks that pose the biggest threat to your organisation can lead to a more robust defence against attacks. Join us to explore what the process of cyber risk prioritisation should look like and why it matters. We’ll also reveal what you should be worried about, according to the latest threat intelligence.
Recorded on: Tuesday 29th June 2021
How the pandemic has changed the face of cybersecurity
Has the pandemic changed the way you work? Is that change permanent? We examine some of the challenges, surprises and long-term changes brought about by the Covid pandemic that have impacted our digital world, and what these changes mean for the future of cybersecurity.
Recorded on: Monday 28th June 2021
Level up your Microsoft Security: A deep dive into Office 365 and Teams
With the shift to remote work, Office 365 and Teams usage has exploded. But increased collaboration brings new security challenges – some of which you may not even know about. We discuss how to secure your Office 365 environments, both with Microsoft tools and with the added visibility of Varonis.
Recorded on: Thursday 24th June 2021
Lessons for security and resilience from the Covid pandemic
After 14+ months of living through pandemic, many of us have realised that although there are benefits to a central office, it is not a fundamental requirement. So what does the future of work look like for the security and resilience sector? Join us for a discussion on what strategies and attitudes have been affected by Covid, and what may change as a result.
Recorded on: Wednesday 23rd June 2021
Worried you will be breached? Stop fighting the symptoms and start treating the cause
Even when equipped with the best technology and people, attacks can often go undetected because security teams are too busy treating the symptoms of a breach instead of the root causes. Join us to learn why excessive network access is the true cause of many breaches, and how the least privilege principle can be scaled to protect any resource.
Recorded on: Tuesday 22nd June 2021
Are you in a defensible position? Will the ICO agree?
If you rely on a data retention policy to demonstrate compliance, you might want to join this webinar. You could face significant fines and reputational damage for non-compliance. We look at some of the challenges and considerations to any personal data privacy programme so you can defend yourself – both against breaches and to the ICO.
Recorded on: Monday 21st June 2021
Transform security change automation with context – Knowing your attack surface
Digital transformation and rapid business expansion means security teams are faced with significant challenges navigating constant changes, while still ensuring business resilience and minimising cybersecurity risk. Join us to learn about the critical capabilities you need to transform your security change automation.
Recorded on: Thursday 17th June 2021
Authors of their own misfortune: Accidental managers and the onset of crisis
The term crisis is often used incorrectly and invariably applied to high profile and catastrophic events. So is it a crisis when managers embed the vulnerability for failure within the very systems and processes they are meant to manage? This presentation explores what happens when management theory and practice hit the fan!
Recorded on: Monday 7th June 2021
Call for Information from the Home Office - Computer Misuse Act
The Government is developing a new cyber strategy for 2021 and wants your views on the Computer Misuse Act. It wants to identify gaps in the legislation and is keen to hear the perspective of cybersecurity professionals.
Recorded on: Wednesday 2nd June 2021
SASIG Academy Cyber Health Session 4 – How to assess cyber health and risks: Users and data
Our final session in this Academy series looks at assessing the cyber health and risks of your users and data – the ultimate target for attackers with the most value and most potential for damage. If you have missed any sessions in the series, you can watch them on our website on demand.
Recorded on: Friday 28th May 2021
SASIG Academy Cyber Health Session 3 – How to assess cyber health and risks: Networks
Our Academy series has so far looked at the cyber health and risks of your builds and services. This week, we look at the health and risks associated with the ‘networks’ layer. If you’ve missed either of the first sessions or want to refresh your memory on the Kill Chain pyramid, you can watch Sessions 1 and 2 on demand.
Recorded on: Friday 21st May 2021
Threat trends: 2021 so far
Join us for a critical look at the eventful start to 2021’s cyber threat landscape. We share observations and thoughts on what to expect for the rest of the year regarding cyber threats and the ever-changing landscape.
Recorded on: Thursday 20th May 2021
Seeing beyond the obvious: Why rigor AND due diligence are vital in vulnerability management
Traditional methods of scanning and patching are rigorous and leave gaps in vulnerability management. To yield complete results, these methods must include exposure analysis which pinpoints exposed vulnerabilities on important assets. Join us to learn how this method drives due diligence, improves SLAs and reduces operational inefficiencies.
Recorded on: Wednesday 19th May 2021
Building cyber community engagement through the CyberScotland Partnership
Join us for an outline of Scotland’s approach to creating the right conditions for a cyber resilient nation. Explore the partnership’s role in supporting delivery of the strategic framework for a cyber resilient Scotland and the success of CyberScotland Week, as well as some of its other current projects.
Recorded on: Monday 17th May 2021
Weaknesses in software supply chains: Cyber’s unspoken reality
Over the last few years, supply chains have become an increasingly lucrative target for hackers. And when the core software supply chain itself is compromised, the results are often catastrophic. Join us as we examine the weaknesses in software supply chains and discover what you can do to protect your organisation from malicious attacks.
Recorded on: Friday 14th May 2021
10 top free tips to improve your employee security
As more and more cases of employee fraud are covered in the press, hear about the latest top 10 free ways to improve employee security through the entire lifecycle. Learn about free advice, initiatives and events about employee screening and how to use these to improve your company’s defences.
Recorded on: Monday 10th May 2021
SASIG Academy Cyber Health Session 1 – How to assess cyber health and risks: Build
Hackers gain access to systems by exploiting vulnerabilities and escalating to achieving data theft or destruction. In this Academy series, we look at how to assess your cyber health and risks with the Kill Chain pyramid. This session focusses on the ‘build’ layer and includes scripts, demonstrations, and data analysis techniques.
Recorded on: Friday 7th May 2021
The strategic value in infosec: How to be more than a cost centre
Infosec is a vital part of any business, so how can security professionals show their Boards that they deliver clear strategic value and aren’t just a cost centre? We look at ways for infosec to position themselves as they should be seen – as core to the security, reputation and value of the business.
Recorded on: Thursday 6th May 2021
Public & Hybrid SaaS with absolute Zero Trust: A ‘Made in Germany’ perspective
Should you trust your cloud and ID providers? Must you? IDEE GmbH champions password-less zero-trust authentication and challenges this assumption, giving you back control of your authentication and authorisation processes. Find out how the German standards for privacy and security by design shape the architecture of tomorrow, today.
Recorded on: Tuesday 4th May 2021
Who do you trust? Explore the true realities of Zero Trust
Join Secrutiny to explore what Zero Trust really is from both an analyst and common view. This is NOT another theoretical discussion about Zero Trust and how important it is – it’s a look at common approaches, including practical steps you can take now. They will also share their views on the operational side of it all.
Recorded on: Thursday 29th April 2021
‘Fear is the key?’: Medical populism and communication of risk amid Covid-19
Much of the lack of trust in expertise can be linked to processes around populist politics and the processes of mis/disinformation within a range of ‘media’ outlets. Join us to explore the nature of expert judgement within this populist environment and consider the challenges generated in organisational security and managing uncertainty.
Recorded on: Monday 19th April 2021
Say goodbye to (h)Active Directory – it's hard to protect and easy to exploit
Active Directory (AD) holds the keys to your IT kingdom, yet it is hard to protect and easy to exploit. Join us for a live demonstration of three common Active Directory and Azure AD attacks. We’ll show you how these attacks work then give you actionable steps to find and fix dozens of the AD misconfigurations and vulnerabilities hackers love to exploit.
Recorded on: Thursday 15th April 2021
‘TAKEN’ - if you missed this at Big SASIG, here is another chance to see it live
"I might not have the budget, but what I do have are a particular set of services. Services that make me a nightmare for criminals who try to attack my network." Do you dream of having this conversation with the cybercriminals that attack your network? Join us to find out how to cut off attacks before they begin, without launching into Hollywood-style monologues.
Recorded on: Tuesday 6th April 2021
Why you need to discover your unstructured data in 2021
Do you really know what unstructured data your organisation has, or where it is stored? Not knowing is a problem if you are involved in information security as it represents massive risk and untapped value. Join us to find out why leading organisations are discovering their data and how 'knowing your data' will supercharge your own data initiatives.
Recorded on: Thursday 1st April 2021
EDR/NDR/XDR/WTFDR - Confused?
So were we. Come join us and learn the difference. With every vendor having a ‘Detection & Response’ story, we hope to explain the differences, remove the fog, and identify the gaps and therefore the blind spots. Is EDR/NDR really a quick fix alternative to fully functioning SIEM/SOC deployment?
Recorded on: Wednesday 31st March 2021
Securing those hard-to-reach areas – First choice, second opinion
Towards the end of 2020, it took an average of almost nine days for antivirus engines to recognise hashes in threats received via email. A technical second opinion can help secure your entry points. Join us to learn about some of the key use cases for Kaspersky Scan Engine and what attack vectors it can help prevent.