Key Insights Into Today's Risk Management Landscape

One of the most-heard complaints from security experts is that often they find their work repetitive ("The CFO's laptop has been compromised... again!"), which results in the desire of trying something "new", meaning "leave for another company." Another common complaint is that the work is very compartmentalized, and there are few occasions in which the various security specialists can enjoy working as a team. One activity that can help build a team while improving the security skills of the people involved is participating in Capture the Flag (CTF) hacking competitions. In 2003 at the University of California at Santa Barbara, one of the world's largest attack-defense CTF competitions began and has grown year-after-year, pushing the limits of the players and providing opportunities for better learning. In addition, hacking competitions are a great opportunity for recruiting new talent: CTF participants are highly skilled, well-motivated, and hard-working, which are great traits for a future employee.

In the era of globalization, as the international division of labor goes deeper, the industrial development shifts from “manufacturing economy to service economy” and “from hardware manufacturing to soft manufacturing.” The manufacturing industry aims to enhance its international competitiveness with the added value created by the service industry. As a major producer of global ICT products, Taiwan plays an important role in the security industry supply chain during the China-U.S. trade war. It is high time Taiwan develops “Internet of Things Security” and “Secure Internet of Things” with its complete semiconductor industry supply chain. To grasp this opportunity, Taiwanese manufacturers are striving to become not only product suppliers but also cyber security solution providers by taking advantage of the global cyber security research and development. By offering products with distinguishing cyber security functions to customers based on their needs, Taiwanese manufacturers are expecting to create higher added value.

Join our IR team for a play-by-play of a live attack simulation and investigation of a rogue insider threat using DatAlert’s new DFIR capabilities. During this training session, our security analysts will execute a new attack scenario in our lab. An insider was paid to exfiltrate sensitive organizational data. To remain uncovered, he takes control on a service account. Using the service account, he scans company filers for documents with indicating keywords. Copies matching documents to his PC.

Unfortunately, most businesses are making the fundamental mistake when it comes to authentication and are thinking inside-out, but by thinking outside-in, they would automatically put the Customer first. Until now, strong (and not so strong) authentication to services seems to have been driven by an inside-out way of thinking. The institutions think about what works best for them: what fits into their infrastructure; what is the cheapest yet compliant approach? For customers, this means that they must use what their service provider offers to them. Companies must also be aware of insider risks and by implementing a Zero Trust approach of ‘never trust, always verify’, they can better secure the access to their assets. In this KuppingerCole webinar, we will address the following.