Choose-Your-Own-Device: BYOD Without Security, Governance and Compliance Risks

The growing threat landscape for operational technology (OT) networks, exemplified by a number of recent ransomware attacks, has prompted critical infrastructure organizations to better prepare themselves for impactful cyber incidents. To do this, stakeholders responsible for critical infrastructure and services are maturing their security operations centers (SOCs) and increasing their use of cyber threat intelligence (CTI). Many now consider adversarial Tactics, Techniques and Procedures (TTPs) to be their most valuable CTI tool.

Increasingly, enterprises are discovering that the best way to test and defend their organization is to view their IT environment from the perspective of an attacker. But how do you predict an attacker's motives and simulate their methods, and how do you know that you aren’t overlooking key vulnerabilities? In this Dark Reading webinar, experts discuss methods for testing your security’s mettle by thinking like your adversary.

Data is among an organization’s most valuable assets. Its management and protection should be viewed as a mission-critical stewardship rather than mere compliance. Larger and more costly cybersecurity incidents coincide with annually increasing regulatory and liability pressures. Looming U.S. privacy legislation on the horizon coupled with the General Data Protection Regulation’s impacts (Google recently received a $57 million fine), intensifies pressure on organizations to understand their legal compliance obligations and to safeguard private information.

When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover? Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Shape's Senior Director of Product Management, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.