Cyber Escape: Discover how to raise cyber awareness through fun!
Situational awareness cyber training can bring risks to life, helping employees gain cybersecurity experience in a fun and safe environment. This talk shares an example of a mobile Cyber Escape Experience, where participants look for clues, solve puzzles, and decipher riddles to earn their escape, as well as the objectives of the initiative and the lessons learned.
Recorded on: Monday 26th July 2021
Hacking the golf course
Organisations often forget that physical and cyber security are linked. Jake is used to hacking up the golf course with his 8 iron, but join us to hear how he recently used his other hacking skills to pen-test a golf club. The results are mind-blowing and even comical!
Recorded on: Thursday 15th July 2021
What is the Metropolitan Police Cyber Choices Team?
The Metropolitan Police Cyber Choices programme is designed to reduce cybercrime by working with individuals who may be vulnerable to it. They promote legal and ethical cyber opportunities to divert people away from crime and encourage them to make informed decisions. Learn more about the important work this team does.
Recorded on: Tuesday 13th July 2021
SASIG IoT Academy Session 2: IoT; the threat it poses and how to secure it
With the prevalence of IoT devices, how do we take on the mammoth challenge of identifying and securing the devices on our networks? Join us to learn how bad actors can use IoT devices to gain access to your network, how to apply ringfencing principles to IoT devices, and how to identify shadow devices with AI techniques.
Recorded on: Friday 9th July 2021
What is threat hunting? Why you need it, and how to make it easy for your analysts
Cybersecurity often feels like a game of cat and mouse. Just as a solution gets close to preventing an attack, the adversaries change their techniques. With threats going undetected by traditional security tools and lurking in networks for months, threat hunting means no more waiting around for that dreaded alert.
Recorded on: Tuesday 6th July 2021
SASIG IoT Academy Session 1: What is modern IoT and where is it?
Maturing technologies mean just about everything can be cheaply connected to the internet, but with a lack of regulation and technology standards, has the security of IoT become a maturity nightmare? We discuss what modern IoT looks like, where it sits on our networks, and what needs to be done to secure it.
Recorded on: Friday 2nd July 2021
The ABCs of cyber risk prioritisation: Fixing what really matters
Identifying and prioritising the risks that pose the biggest threat to your organisation can lead to a more robust defence against attacks. Join us to explore what the process of cyber risk prioritisation should look like and why it matters. We’ll also reveal what you should be worried about, according to the latest threat intelligence.
Recorded on: Tuesday 29th June 2021
How the pandemic has changed the face of cybersecurity
Has the pandemic changed the way you work? Is that change permanent? We examine some of the challenges, surprises and long-term changes brought about by the Covid pandemic that have impacted our digital world, and what these changes mean for the future of cybersecurity.
Recorded on: Monday 28th June 2021
Level up your Microsoft Security: A deep dive into Office 365 and Teams
With the shift to remote work, Office 365 and Teams usage has exploded. But increased collaboration brings new security challenges – some of which you may not even know about. We discuss how to secure your Office 365 environments, both with Microsoft tools and with the added visibility of Varonis.
Recorded on: Thursday 24th June 2021
Lessons for security and resilience from the Covid pandemic
After 14+ months of living through pandemic, many of us have realised that although there are benefits to a central office, it is not a fundamental requirement. So what does the future of work look like for the security and resilience sector? Join us for a discussion on what strategies and attitudes have been affected by Covid, and what may change as a result.
Recorded on: Wednesday 23rd June 2021
Worried you will be breached? Stop fighting the symptoms and start treating the cause
Even when equipped with the best technology and people, attacks can often go undetected because security teams are too busy treating the symptoms of a breach instead of the root causes. Join us to learn why excessive network access is the true cause of many breaches, and how the least privilege principle can be scaled to protect any resource.
Recorded on: Tuesday 22nd June 2021
Are you in a defensible position? Will the ICO agree?
If you rely on a data retention policy to demonstrate compliance, you might want to join this webinar. You could face significant fines and reputational damage for non-compliance. We look at some of the challenges and considerations to any personal data privacy programme so you can defend yourself – both against breaches and to the ICO.
Recorded on: Monday 21st June 2021
Transform security change automation with context – Knowing your attack surface
Digital transformation and rapid business expansion means security teams are faced with significant challenges navigating constant changes, while still ensuring business resilience and minimising cybersecurity risk. Join us to learn about the critical capabilities you need to transform your security change automation.
Recorded on: Thursday 17th June 2021
Authors of their own misfortune: Accidental managers and the onset of crisis
The term crisis is often used incorrectly and invariably applied to high profile and catastrophic events. So is it a crisis when managers embed the vulnerability for failure within the very systems and processes they are meant to manage? This presentation explores what happens when management theory and practice hit the fan!
Recorded on: Monday 7th June 2021
Call for Information from the Home Office - Computer Misuse Act
The Government is developing a new cyber strategy for 2021 and wants your views on the Computer Misuse Act. It wants to identify gaps in the legislation and is keen to hear the perspective of cybersecurity professionals.
Recorded on: Wednesday 2nd June 2021
SASIG Academy Cyber Health Session 4 – How to assess cyber health and risks: Users and data
Our final session in this Academy series looks at assessing the cyber health and risks of your users and data – the ultimate target for attackers with the most value and most potential for damage. If you have missed any sessions in the series, you can watch them on our website on demand.
Recorded on: Friday 28th May 2021
SASIG Academy Cyber Health Session 3 – How to assess cyber health and risks: Networks
Our Academy series has so far looked at the cyber health and risks of your builds and services. This week, we look at the health and risks associated with the ‘networks’ layer. If you’ve missed either of the first sessions or want to refresh your memory on the Kill Chain pyramid, you can watch Sessions 1 and 2 on demand.
Recorded on: Friday 21st May 2021
Threat trends: 2021 so far
Join us for a critical look at the eventful start to 2021’s cyber threat landscape. We share observations and thoughts on what to expect for the rest of the year regarding cyber threats and the ever-changing landscape.
Recorded on: Thursday 20th May 2021
Seeing beyond the obvious: Why rigor AND due diligence are vital in vulnerability management
Traditional methods of scanning and patching are rigorous and leave gaps in vulnerability management. To yield complete results, these methods must include exposure analysis which pinpoints exposed vulnerabilities on important assets. Join us to learn how this method drives due diligence, improves SLAs and reduces operational inefficiencies.
Recorded on: Wednesday 19th May 2021
Building cyber community engagement through the CyberScotland Partnership
Join us for an outline of Scotland’s approach to creating the right conditions for a cyber resilient nation. Explore the partnership’s role in supporting delivery of the strategic framework for a cyber resilient Scotland and the success of CyberScotland Week, as well as some of its other current projects.
Recorded on: Monday 17th May 2021
Weaknesses in software supply chains: Cyber’s unspoken reality
Over the last few years, supply chains have become an increasingly lucrative target for hackers. And when the core software supply chain itself is compromised, the results are often catastrophic. Join us as we examine the weaknesses in software supply chains and discover what you can do to protect your organisation from malicious attacks.
Recorded on: Friday 14th May 2021
10 top free tips to improve your employee security
As more and more cases of employee fraud are covered in the press, hear about the latest top 10 free ways to improve employee security through the entire lifecycle. Learn about free advice, initiatives and events about employee screening and how to use these to improve your company’s defences.
Recorded on: Monday 10th May 2021
SASIG Academy Cyber Health Session 1 – How to assess cyber health and risks: Build
Hackers gain access to systems by exploiting vulnerabilities and escalating to achieving data theft or destruction. In this Academy series, we look at how to assess your cyber health and risks with the Kill Chain pyramid. This session focusses on the ‘build’ layer and includes scripts, demonstrations, and data analysis techniques.
Recorded on: Friday 7th May 2021
The strategic value in infosec: How to be more than a cost centre
Infosec is a vital part of any business, so how can security professionals show their Boards that they deliver clear strategic value and aren’t just a cost centre? We look at ways for infosec to position themselves as they should be seen – as core to the security, reputation and value of the business.
Recorded on: Thursday 6th May 2021
Public & Hybrid SaaS with absolute Zero Trust: A ‘Made in Germany’ perspective
Should you trust your cloud and ID providers? Must you? IDEE GmbH champions password-less zero-trust authentication and challenges this assumption, giving you back control of your authentication and authorisation processes. Find out how the German standards for privacy and security by design shape the architecture of tomorrow, today.
Recorded on: Tuesday 4th May 2021
Who do you trust? Explore the true realities of Zero Trust
Join Secrutiny to explore what Zero Trust really is from both an analyst and common view. This is NOT another theoretical discussion about Zero Trust and how important it is – it’s a look at common approaches, including practical steps you can take now. They will also share their views on the operational side of it all.
Recorded on: Thursday 29th April 2021
‘Fear is the key?’: Medical populism and communication of risk amid Covid-19
Much of the lack of trust in expertise can be linked to processes around populist politics and the processes of mis/disinformation within a range of ‘media’ outlets. Join us to explore the nature of expert judgement within this populist environment and consider the challenges generated in organisational security and managing uncertainty.
Recorded on: Monday 19th April 2021
Say goodbye to (h)Active Directory – it's hard to protect and easy to exploit
Active Directory (AD) holds the keys to your IT kingdom, yet it is hard to protect and easy to exploit. Join us for a live demonstration of three common Active Directory and Azure AD attacks. We’ll show you how these attacks work then give you actionable steps to find and fix dozens of the AD misconfigurations and vulnerabilities hackers love to exploit.
Recorded on: Thursday 15th April 2021
‘TAKEN’ - if you missed this at Big SASIG, here is another chance to see it live
"I might not have the budget, but what I do have are a particular set of services. Services that make me a nightmare for criminals who try to attack my network." Do you dream of having this conversation with the cybercriminals that attack your network? Join us to find out how to cut off attacks before they begin, without launching into Hollywood-style monologues.
Recorded on: Tuesday 6th April 2021
Why you need to discover your unstructured data in 2021
Do you really know what unstructured data your organisation has, or where it is stored? Not knowing is a problem if you are involved in information security as it represents massive risk and untapped value. Join us to find out why leading organisations are discovering their data and how 'knowing your data' will supercharge your own data initiatives.
Recorded on: Thursday 1st April 2021
EDR/NDR/XDR/WTFDR - Confused?
So were we. Come join us and learn the difference. With every vendor having a ‘Detection & Response’ story, we hope to explain the differences, remove the fog, and identify the gaps and therefore the blind spots. Is EDR/NDR really a quick fix alternative to fully functioning SIEM/SOC deployment?
Recorded on: Wednesday 31st March 2021
Securing those hard-to-reach areas – First choice, second opinion
Towards the end of 2020, it took an average of almost nine days for antivirus engines to recognise hashes in threats received via email. A technical second opinion can help secure your entry points. Join us to learn about some of the key use cases for Kaspersky Scan Engine and what attack vectors it can help prevent.
Recorded on: Tuesday 30th March 2021
Bringing military deception back into cyber defence: the UK’s National Cyber Deception Lab
The cyber threat landscape is the modern battlefield. Levels of incursion, unacceptable in any other forms of warfare, are the norm in cybersecurity. This session explores how deception provides the means to actively engage and fight the enemy in our networks and effectively defend the key terrain of our networks and data.
Recorded on: Wednesday 17th March 2021
How to augment your O365 security against the modern-day problem of cloud-originated ransomware attacks
Ransomware is an old threat and a modern problem. It can put victims out of business, force hospitals to turn away patients, and bring entire governments to a standstill. Cloud-originated ransomware attacks have become a proven money maker for cybercriminals, so join us to find out how you can better protect your company’s cloud environment.
Recorded on: Thursday 11th March 2021
Forming the UK Cyber Security Council
An introduction to the UK Cyber Security Council, which launches in April. This session will provide details on the reasons and drivers behind the Council’s formation, how the Council will operate, what the collaboration between the Council and NCSC will look like and what the expected impact on the profession will be.
Recorded on: Wednesday 10th March 2021
Security control assurance 101: Does it do what it says on the tin?
Security controls are powerful tools, but they can be complex and difficult to configure and manage. Despite best efforts, it’s easy to miss weaknesses that a threat actor can use to their advantage. Join us to discover what type of assurance programme you need to test existing controls and adapt configurations to eliminate blind spots.
Recorded on: Wednesday 3rd March 2021
The three Cs of avoiding the security heebie-jeebies
Attackers are becoming more adaptable and capable, and their ingenuity coupled with the increased threats makes a CISO’s role more complicated. Security incidents are now inevitable where complex environments and inventive attacks collide. Join us to learn why traditional approaches are no longer effective and the importance of automation in response.
Recorded on: Monday 1st March 2021
Dodgy data migration dangers: Four major risks and how to avoid them
Migrating data is risky. Particularly when it’s unstructured, unknown and full of sensitive information no-one knows about. Sensitive data becomes dangerous, both in transition and in the cloud, as someone can find it, whether the cloud is hybrid, public or private. There are other risks too. So join us to find out more about them and how to avoid them.
Recorded on: Thursday 4th February 2021
Why legacy data is the biggest barrier to data migration success (and what to do about it)
2020 was the year that saw mass migration to the cloud driven by organisations’ sudden need for digital transformation to cope with the coronavirus pandemic. But migrations can encounter problems if you don’t understand what’s in your data. Join us as we look at legacy data and why you need to clean it up before you try to migrate.
Recorded on: Wednesday 13th January 2021
The history of cryptography and the modern enigma of digital certificates
With 1.3 billion live and searchable websites, are you sure your internet presence is working for you? Who exactly is responsible for ensuring your internet-facing security is robust, controlled and properly managed so that your organisation is neither targeted nor infiltrated? With 30,000 websites attacked daily, can you afford to make assumptions?
Recorded on: Tuesday 15th December 2020
How to use information security to drive competitive advantage
The security function is a key strategic tool in driving competitive advantage for businesses. When infosec is responsible for finding and securing the data on the inside of the estate, they can mitigate the hidden risk, and unlock its value too. We explore how businesses can leverage infosec to commercialise their data and strengthen their competitive edge.
Recorded on: Monday 14th December 2020
A global reset: Cybersecurity predictions 2021
2020 has shaped up in a way that nobody could have expected, making it even more critical we prepare ourselves. Threat intelligence expert Dr Jamie Collier shares upcoming cyber trends and challenges. During the webinar, he will touch on remote working, threat actors, intelligence-led security validation, cloud security, nation-state activity and ransomware.
Recorded on: Tuesday 17th November 2020
Forestall the fireworks in your data: How to place a value on risk
There are hidden fireworks in every data estate waiting to go ‘bang’ unless they are found and remediated. Many IT professionals are worried that their organisation will be the next data breach. Yet you can’t elevate risk as a board-level business driver if it doesn’t have a value. Join us on Guy Fawkes Day as we explain how you can define value on your risk.
Recorded on: Thursday 5th November 2020
Cybercrime pays: The rise of ransomware, geopolitics and what it means for you
Ransomware is on the rise - there’s no doubt about that, but who is behind the attacks? And what is their motivation? Join Jared to find out as he takes us on a tour of the major nation-state players in cybercrime and unpicks their motivations and methods, as well as providing mitigations to keep your infrastructure safe - because ransomware isn’t going away.
Recorded on: Tuesday 3rd November 2020
How the environmental impact affects your bottom line: Things you should consider when choosing your system software
System software - such as anti-malware - may not be the obvious starting point for companies when scrutinising its potential harm to the environment, as well as the impact upon its costs. However, many independent AV testing organisations cite it as a critical consideration. We explore why that is the case and bring system software impacts into your focus.
Recorded on: Monday 2nd November 2020
The CISO conundrum - legacy environments – it is all about the business risk
Few organisations are immune to the effects of legacy systems, which are often business-critical in their environments. We all know how hard dealing with the standard estate is; let alone legacy, but you cannot just do nothing. We explore how to track and reassess our legacy environments to determine the process needed to make them secure.
Recorded on: Wednesday 14th October 2020
The establishment of the UK’s Cybersecurity Council
The session covers a history of the Cyber Security Alliance and the UK Cyber Security Council Formation Project. The Council goes live in April 2021 and will provide focus and coherence to the profession, including career and qualification pathways and a route to chartered status for individuals. The session will include a Q&A with Alliance and project members.
Recorded on: Tuesday 13th October 2020
The skeletons in your unstructured data
Every business faces the same problem: Not knowing what data they’ve got or where it’s stored. There are lumps and bumps under the carpet all over the place, but what do they contain? Are there skeletons that may unexpectedly come to light? We’ll share what’s in a typical organisation’s data estate and how to reduce the risk of finding any nasty surprises.
Recorded on: Thursday 1st October 2020
Cloud Threats from the Frontlines
Organisations have been moving to the cloud at an increasing pace. However, many are failing to protect their environments against attack effectively. This has resulted in a significant rise in cloud-related breaches by threat actors. We explore lessons learned from and share best practices for organisations protecting their cloud environments from compromise.
Recorded on: Wednesday 30th September 2020
Solving business email compromise and email account compromise
The rapid rise in email fraud has cost organisations globally billions of dollars, and company boards are noticing. The most recent FBI statistic cites over $26. 2billion in losses and over 166k incidents worldwide due to 'business email compromise'. But this problem impacts far more than just your email. We learn how you can protect you and your organisation.
Recorded on: Thursday 17th September 2020
Breaches, fines and the dangers of dark data: How to avoid becoming the next negative news story
Every month there's news of another data breach, but what are these headline-grabbing fines really for? What can we learn to avoid being next? Gareth shares Exonar's latest research into GDPR penalties, examining how these breaches happened and what could have been done to prevent them. Exonar also invites SASIG members to assist with these findings.
Recorded on: Tuesday 15th September 2020
Cyber Resilience for Dummies
There is no single solution offering protection from attack, but Cyber Resilience can provide a multi-layered approach encompassing people, processes and technology. Peter talks about eliminating the gap between IT and the business to present a united front against threats.
Recorded on: Friday 28th August 2020
The hitchhiker's guide to offensive defence: An effective way to manage digital risks
In the new cybersecurity approach of ‘Offense in Depth’, what exactly are the predictors of Exposure, Warning, and Attack indicators, as we wade through threat intelligence? We explore the value of identifying various data points in cyberspace and leveraging them to pivot from one attack attribute to another, to reduce our chances of becoming a target.
Recorded on: Wednesday 26th August 2020
Incident response: Hunting and detecting the latest threats
While IT teams are rushing to ensure users can work remotely, it’s business as usual for attackers. Varonis are currently seeing the highest number of VPN and Office 365 incidents ever. So join us in this session to discover what attacks are widespread right now and how you can successfully detect and respond to the latest incidents.