“It's only words”* - ambiguities and contradictions as seen through the looking glass of risk and security (* apologies to the BeeGees)
Risk and security are terms misused and intertwined by many within organisations, and yet the impact their use has on performance and understanding is significant. Join us as we explore these definitions and consider the implications for communication of issues with the board, the organisation, and external stakeholders.
Recorded on: Monday 22nd February 2021
The pain of phishing – are you looking for a new solution?
If phishing gives you sleepless nights, join this interactive webinar and discover open phishing. Underpinned by gamification principles, such as point scoring and levelling up, open phishing means employees follow a path they plot themselves to become an organisation’s human firewall. Attendees will receive a report collated from the discussion.
Recorded on: Tuesday 9th February 2021
Where awareness fits within a security programme
While security awareness programmes exist, they tend to get the minimum budget and support required to run at a perceived acceptable level. This presentation looks at metrics, programme structure and awareness goals while discussing how to take a bigger role in the security programme and why you deserve more for your efforts.
Recorded on: Tuesday 2nd February 2021
How to train your invisible employees (before they become dragons)
Covid has killed the network perimeter. Long live the true endpoint protection, detection and response capability – the human! But running updates and patches on people is tricky; we explore why, and what you can do to improve your human-centric patch management.
Recorded on: Tuesday 26th January 2021
Data Privacy Day also concerns security: What are a CISO's main privacy concerns for 2021?
Data Privacy Day is next week, and any day that celebrates data protection or data privacy is in itself a security day also. Join us for this informative and interactive session as we discuss our main privacy concerns, the top trends and predictions for 2021, and methodologies for compiling successful compliance programs in the post-Covid-19 digitalised world.
Recorded on: Monday 25th January 2021
Security awareness messaging: The fine lines between attention-grabbing and offence, and between humour and triviality
Too often we keep falling for the same tricks. Too often we see in the media or via awareness campaigns you shouldn’t click on this or you should look out for that. Is there a better way to convey this message that actually leaves a lasting impression on the recipient? We will investigate why awareness is playing it safe and why we seem to be doing our colleagues a disservice when trying to educate and inform.
Recorded on: Wednesday 6th January 2021
Using the MITRE ATT&CK framework to drive risk remediation programs and mitigate cyber attacks
This webinar explores the value and utility of the MITRE ATT&CK framework - a globally accessible knowledgebase of adversary tactics and techniques. Learn how to leverage the MITRE framework to assess your cyber maturity against security standards and define a prioritised roadmap for addressing critical gaps in your security, based on common, high-frequency tactics and techniques.
Recorded on: Friday 18th December 2020
The UK Business Cyber Centre: The cybersecurity guru for businesses, from SMEs to corporates
The UK Business Cyber Centre (BCC) provides millions of UK businesses normally outside the national cybersecurity envelope with access to cybersecurity advice, training, alerts and warnings, so as to meet the UK's demands for secure digital growth. Andrew takes us through this enterprising scheme, with the opportunity for you to engage in this exciting venture.
Recorded on: Monday 30th November 2020
Driving real behaviour change: How to build a security awareness program that works
When it comes to modern Cybersecurity – ultimately your users are your last line of defence. So you need to arm them with both knowledge and practice to mould dynamic, alert guardians of both your organisation and your data. The key to your success is engaging, entertaining - and crucially - topical security awareness training.
So where to start, or how to renew your program?
Recorded on: Monday 16th November 2020
Seven new education ideas to get your organisation cyber-savvy
Are your staff bored with security bulletins? Worried they’re not hitting the mark? We explore how Lloyds Banking Group uses a variety of fresh communication methods to influence security behaviour and culture positively. Learn how to inject interactivity with elegant in-house solutions without blowing the budget to enliven your corporate cyber education.
Recorded on: Friday 30th October 2020
The consideration of ethics in developing technology
As we develop new technology, we focus on the benefits without considering the consequences. Criminals access nation-state capability. Unscrupulous individuals use social media to spread extremist views or play havoc with our elections. The increase in data raises concerns around its exploitation. So can technology be developed with ethics in mind, and if so, how?
Recorded on: Monday 26th October 2020
Minimising risk from cyber threats: Focusing on reducing time to containment
With limited resources, an ever-growing skills gap and an escalating volume of security alerts, organisations are left vulnerable to what is perceived to be an unavoidable risk. How can they minimise risk from cyber threats without further increasing the workload? In this webinar, we will discuss how automation can help address these challenges faced by CISOs.
Recorded on: Monday 19th October 2020
You can stop stupid
Security professionals often complain that end users are stupid. But we should instead identify and adjust failings in our practices, as well as the processes and technologies that enable such behaviours. Ira is one of the world’s most influential security professionals. He writes and speaks on cybersecurity and the human aspects of security and technology.
Recorded on: Thursday 15th October 2020
Live cyber attack: Maze ransomware attack simulation
Ransomware gangs like Maze dwell in networks, stealing data and leaving backdoors, before dropping ransom notes. Join us as we explain how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs), with takeaways to help you prepare for an attack. Dave will run a Maze attack simulation, showing how an IR team should respond.
Recorded on: Friday 9th October 2020
OpSec tales from the trenches: The ins, outs, wins and fails of online operational security
Operation Security (OpSec) is hard, it only takes one slip-up for the house of cards to tumble down. We examine its history, from its real-world military origins to its modern-day use by hackers and privacy-conscious netizens alike. Come for stories of modern-day OpSec mishaps, stay for the lessons into how hackers tread cautiously, to avoid getting caught.
Recorded on: Thursday 8th October 2020
Developing and sustaining an effective security culture
Security culture refers to the values everyone should approach security by, to mitigate against threats. Developing and sustaining an effective culture is an essential component of a security regime, to evolve a security-conscious workforce and promote desired security behaviours. These leading security culture change practitioners talk about their work.
Recorded on: Tuesday 6th October 2020
Reducing susceptibility to disinformation during Covid-19
David has been in the military for eight years. He joins us to discuss his work with the British Army's Information Operations Unit (77th Brigade) as a behavioural change planner. He successfully implemented behavioural change strategies against ISIS in 2019. He has recently advised Her Majesty's Government on countering misinformation during the Covid-19 crisis.
Recorded on: Friday 2nd October 2020
The state of the security team: Are executives the problem?
Cybersecurity professionals are reporting higher levels of stress than before. A recent LogRhythm survey investigated the reasons behind the increased pressure on security teams, solution capabilities, deployment strategies, technology gaps, and more. Join Andrew as we explore some of the key findings from this research and how to alleviate some of these issues.
Recorded on: Monday 28th September 2020
Dramatic security awareness: Cyber security awareness that might actually work!
Most security awareness training fails because it’s boring, condescending or wrong. Humans are drawn to engaging narratives and Peter offers an approach that calls on principles from sales, marketing, ethical hacking, education theory and creative writing. He shares examples of successful awareness training with heroes, villains, and plenty of drama.
Recorded on: Wednesday 23rd September 2020
Top ten biggest and boldest insider threats
Insider threats are a widespread problem, affecting all industries and geographies. Understanding the motives behind them is key to defending your organisation, so join us as Rob and Lee reveal the stories behind the biggest threats over the last year. You will learn what happened in each incident and practical security tips to mitigate your own insider risk.
Recorded on: Tuesday 22nd September 2020
Human cyber risk and security awareness: What’s ‘new’ and why is anything ‘normal’?
We talk about the ‘new normal’, but it’s just the old normal from a different location. Human cyber risk is an essential part of cybersecurity, but we’ve still yet to make a genuine impact. Things are changing though, and human cyber risk specialists are evolving. Oz explains what this means for security awareness and what we’re learning from the pandemic.
Recorded on: Wednesday 16th September 2020
To err is human, to keep doing it is idiotic. Why do we keep shooting ourselves in both feet?
There’s more shiny silver bullets than we can shake a stick at. Each one promises some variant of greater efficacy. So why, with all of this tech, are we still falling foul of attackers? Why is awareness and common sense the most overused terms in security but are never practiced. We explore some simple ways we can turn the tide of keeping our organisations secure in the online world.
Recorded on: Thursday 20th August 2020
'Tell me where it hurts': Where should you begin to address your professional pains?
There are many and increasingly complex challenges within organisations' information security. Companies must reassess their strategies in this Covid world, as cyber criminals become ever-resourceful in their methods. This session explores the remedies around changing your employees' behaviour and the organisation's culture and the approaches you should take.
Recorded on: Tuesday 11th August 2020
Beyond Phishing: A comprehensive view of user-based risk across your business
Nearly all cybersecurity attacks target individuals, but how do you identify which end-users are being targeted within your organisation and understand their level of resilience? We'll look at the risks from different activities, the type of attacks that companies face each year and how they can minimise risk through people risk assessments.
Recorded on: Tuesday 21st April 2020
Securing a remote workforce – how to get started
New security concerns have risen as businesses implement remote work policies, many of which either weren’t prioritised beforehand. We look at the best practices for securing a remote workforce and discuss log collection for remote systems, what activity you should expect to see, and the impacts resulting from the current rush to support remote work.
Recorded on: Thursday 16th April 2020
The importance of security awareness during the Covid-19 pandemic
Time and again during our SASIG webinars over the past couple of weeks both our presenters and audience members have referred to the importance of good security awareness and the need for a strong security culture. This is made even more urgent with the massive increase in phishing attacks and online scams that have bubbled up since this all started.