After the Data Breach: Stolen Credentials

Security Boulevard

When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover? Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Shape's Senior Director of Product Management, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Watch Now


A social engineering attack exploits human error to gain access to private and sensitive information.


3 Flaws with the Defense-in-Depth Security Model and How to Improve It


Reports of network intrusions have spiked in recent years resulting in millions in financial loses, theft of intellectual property, and exposure of customer information. The groups responsible for these attacks are organized and can persist in your organization’s systems and endpoints without detection for 6 months on average – sometimes years. The approach many organizations take to prevent these attacks is to simply layer on increasing numbers of defensive solutions – clearly a better approach is needed.
Watch Now

Building Blocks for Your 2019 IT Security Program


Is one of your New Year's resolutions to reduce your cyber risk in 2019? If so, do you know where to start? Join us for this special session webcast, in which we'll discuss the building blocks that make for an effective security and compliance program for organizations of any size.
Watch Now

Everyone Loves Donuts, Especially Hackers


Donuts are just one of many ruses X-Force Red has up its sleeve. Tune into X-Force Red’s webinar on January 29 at 11am ET, to hear more real hacker stories. Find out how X-Force Red hackers have broken into companies worldwide, which tricks have worked and not worked, tools they have used, and what your company should do.
Watch Now

Managing the Insider Threat—Why Visibility Is Critical


Only with full visibility into employee or third-party activity across a company network can even the earliest indicators of an insider threat be detected. By monitoring both user and file activity, security and compliance professionals can be alerted to risky, out-of-policy activities and any unexplained changes in user behavior in real-time; successfully stopping and investigating any activity before it becomes a full-blown breach. Research from The Ponemon Institute shows that Financial Services organizations face the highest penalty costs of any other industry ($12.05 million annually) when they experience an insider-led incident, though they are closely followed by the Energy & Utilities and Retail sector. This cost alone is a very concrete reason to address what otherwise might seem to be an invisible problem.
Watch Now