Whether you’re just starting out in Cybersecurity, looking for a job change or seeking professional development advice, this year’s Career Panel will be a valuable investment in your time. We’ve put together a panel of seasoned industry experts who we guarantee will represent an experienced cross-section of career paths. You will walk away with advice, […]
Read moreIt’s 2022 and we’re in an “all cloud all the time” environment – even traditional enterprises are heavily invested in hybrid cloud environments and Software as a Service. But what happens when it’s a sunny day (you know… with no clouds) and you need to figure out how to keep things running and how to […]
Read moreIn this Q&A ThreatConnect will cover the evolution of security operations and the increasing importance of threat intelligence operations to help enterprises become more proactive in defending their increasing attack surface.
Read moreMost Canadian organizations have a backup and recovery plan for disasters such as blackouts or flooding, but surprisingly few are prepared for an arguably greater – and more likely – threat to their livelihood: cyberattacks. While 90 percent of Canadian organizations reported falling victim to cyberattacks such as ransomware over the past year, according to […]
Read moreWe often hear the attackers are successful, the company has been breached and data has been stolen or held ransom. We hear when the defends beat the attackers! In this session hear from two leaders in Cyber Security talk real world examples of the defenders defeating the attackers. You will hear from Stephan Jou, CTO […]
Read moreEvery organization gets compromised – it’s how fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the […]
Read moreIn July 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. In this session we’ll detail the recent targeted phishing attack we saw at Cloudflare and more importantly, how we stopped it and steps you can take to protect […]
Read moreThe Cyberconflict between Russia and Ukraine has spurred numerous “Shields up” warnings from CISA, Certs, our own CCCC, and other agencies. What is the real risk for Canadian businesses? This talk presents the current state of affairs on the cyberwar and some of the tools that can be used to mitigate this new elevated risk.
Read moreIn a world of media chaos and disinformation, how do you differentiate truth from lies? How do you choose your sources of information? Never before have nation-states had a tool as far-reaching as the internet to tell stories, spread messages, and deceive friends and foes alike. Today, over 95% of Canadians and Americans are connected […]
Read moreRansomware has evolved from a relatively minor annoyance with negligible costs into a multi-billion-dollar international criminal economy. With the advent of nation-state sponsored support for these evolving campaigns, it’s important to understand the various mitigation options so you never have to rely upon the “honour amongst thieves” in order to recover your data. Based on […]
Read moreThe rise of ransomware and other tactics for cyber criminals over the past few years is an ever-growing problem that has quickly become an extremely lucrative criminal enterprise. Targeted organizations often believe that paying the ransom is the most cost-effective way to get their data back — and, unfortunately, this may also be the reality. […]
Read moreToday’s companies must enable their customers to engage with their apps or services at any time, from any device, in a secure and safe manner. While the importance of identity within an organization’s security posture has been clear for many years, the digital rush has accelerated timeframes by dissolving security perimeters with unprecedented swiftness. As […]
Read moreA key challenge for organizations is determining if the investment in detection and response tools are performing and meeting their objective. Security teams struggle with red team and security validation processes performed in a continuous and efficient manner. How can security teams remove assumptions and shift their organization’s security program to one centered around the […]
Read moreAttackers know that the majority of modern application code is composed of open source software. Today, Checkmarx researchers witness, in real-time, attackers planting packages with malicious code into open source software supply chains. As a result, as application developers perform builds, malicious code becomes part of the applications you are publishing. Making matters even worse, […]
Read moreFor over 20 years, Vulnerability Management has gone completely unchanged; sure, we have new ways to scan, detect, and report, but the ineffective process has stayed the same. What this means in today’s organizations is a flood of tickets, slow remediation, missed SLAs and constant conflict between IT and Security teams. Meanwhile, common vulnerabilities remain […]
Read moreIn recent years the number of vulnerabilities, threat actors, tools, tactics, and techniques has grown exponentially. Keeping track of what is important is a daunting task for an organization of any size. At Qualys, the research team is looking at the threat landscape around the clock to prioritize what is important for our customers. This […]
Read moreSecurity Operations Center (SOC) teams are being stress-tested today like never before. With increasing pressure to respond to a variety of signals demanding their attention, optimizing a security operations center has proven to be increasingly challenging. The SOC strategy you implement can not only help to prevent threats from causing harm, but it can also […]
Read moreIn 2021, the Canadian Center for Cyber Security released the top 10 mitigating actions that organizations should take to protect its Internet-connected networks and sensitive information from cyber security threats. Together, we will understand what these 10 actions are and validate what their impact could be on the protection of your most critical assets. This […]
Read moreIn the last few years cybercriminals have, upped their monetization demands, attacked critical infrastructure, utilized supply chain attacks, and continued to inflict untold damage on businesses and consumers. The woes don’t stop there, the conflict in Ukraine has seen attacks on power grid infrastructure and destructive data wipers, causing heightened potential cyber-attack alerts to be […]
Read moreNo organization can ever be complacent and think that their cybersecurity strategies are impenetrable. Regardless of how thorough the precautions, establishing a perimeter and defending it is never enough. Cyberattacks are growing in number and sophistication, with adversaries becoming more experienced at bypassing even the most sophisticated measures. Waiting for a “You’ve Been Breached Notification” […]
Read moreAs part of a vendor security research team, a lot of time is spent reading up on documents released by various standards bodies. These standards are useful guides to securing the environment, but they often become the driving force behind “checkbox security.” This happens, in part, because these documents are looked down upon as boring […]
Read moreMicrosoft’s efforts to aid Ukraine’s response to Russia’s attacks are tied to our commitment to security, defence of democracy, and protecting people. Join us for this session to learn how our threat intelligence and security teams are working closely with the government of Ukraine and other partners to protect organizations and citizens. Protection against cyber-attacks […]
Read moreThe information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer […]
Read moreThe cloud is here and growing. Securing the cloud isn’t the same as securing on-premise deployments. According to recent Elastic research, 1-in-2 CISOs expect misconfigurations to be a leading cause of breaches, while an ESG research highlights that 89% of negative outcomes occur between detection and investigation. In this session James Spiteri, Product Marketing Director […]
Read moreIn the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately […]
Read moreAt the intersection between business and pleasure, mobile social applications access the most sensitive information about us and the world we live in. Hackers are focused on Mobile attacks now more than ever, as they represent the next frontier for security risk.
Read moreThe layers of security we’ve deployed over the last 30 years must be re-evaluated since many organizations have fallen victim to cyber-attacks. How will today’s cyber security solutions solve the many business problems? This discussion highlights the pros and cons of the past solutions vs the present.
Read moreThe discovery of the Log4Shell vulnerability was a wake-up call for many organizations. It was an opportunity not only for criminals, but also for hackers who look to help organizations uncover vulnerabilities before they can be exploited. Log4Shell forced many organizations to address how they use third-party and open-source software. Most organizations have recovered from […]
Read moreToday, all companies are susceptible to cyberattacks. Despite the presence of SOC teams monitoring for zero day threats, vulnerabilities, and unusual activities 24/7. So what can you do to help your team accelerate incident response? Join me to discuss how you can: Quickly assess your risk exposure to identify CIs in zero day vulnerabilities, such as […]
Read moreFeedback from Canadian organizations in the 2022 TELUS Canadian Ransomware Study highlighted the importance of having a comprehensive Vulnerability Management Program (VMP) in order to defend against ransomware. Today, approximately 50% of Canadian organizations have a formal VMP in place, but how can these organizations take their programs from good to great? Join Kim Schreader, […]
Read moreGlobal and technological uncertainty is being weaponized by adversaries. Digital Transformation, Global Supply Chain issues, Mandated Lockdowns, and State Sponsored attacks are creating windows of opportunities for adversaries to exploit. We will discuss evolving attack trends and how defenders can employ core security pillars to mount a rigorous defense. Rigid defenses are obsolete and easily […]
Read moreAt a time when work was still a place to go to, apart from a thing to get done, organizations could afford to protect their most sensitive data using firewalls, IDS and IPS systems, and VPNs. But today, when there are no corporate network boundaries, and data can be stored and accessed from anywhere, traditional […]
Read moreEven though cloud computing isn’t all that new anymore, learning how to use it effectively can be overwhelming. It’s unfortunately very easy to make mistakes. The vast majority of cloud security failures are configuration mistakes of some kind or another, so developing the discipline of correct configuration is the best thing companies can do to […]
Read moreWith each passing year, the number of cybersecurity events continues to increase despite record breaking spend on cybersecurity tools. So why do threats continue to be successful even if we are investing heavily in detecting them? The answer is simple, we are not always monitoring in the correct places. This session will discuss the 5 […]
Read moreThe blistering pace and expanding scope of cyberthreats and ransomware attacks is forcing cyber insurance companies to steeply increase their rates and premiums, and even drop coverage for high-risk organizations. Underwriting requirements to be approved for cyber insurance are becoming more stringent. In this upcoming session with Chris Hills, Chief Security Strategist at BeyondTrust hear […]
Read moreDiscover how vulnerabilities, misconfigurations, and lack of security awareness could lead to successfully social engineering. This talk will discuss: Vulnerabilities – If left unpatched lead to risks Misconfigurations – Exposing users or public endpoints without 2fa Session theft – Session stealing through phishing or post-exploitation (e.g. dumping chrome cookies) Social engineering – Repeatedly spamming users […]
Read moreXDR is often focused upon the endpoint, but what about the original entry point into the organization – email? Learn how Mimecast’s email security provides valuable threat sharing capabilities to connect your controls, improves your response during a breach and leverages one of the most extensible ecosystems to choose the XDR solution appropriate for your […]
Read moreIs your organization’s SOC struggling to keep up with the latest innovations? BlackBerry’s XDR is here to even the odds with automation and artificial intelligence that delivers a cohesive, holistic view of your technology landscape.
Read moreDid you know that Linux has a full-featured keystore ready to be used by any application or service it runs? Applications can securely store and share credentials, secrets and cryptographic keys, sign and encrypt data, negotiate a common encryption key – all this by never touching a single byte of the underlying cryptographic material. This […]
Read moreThey’ve let us do this 10 times now. It’s either SecTor’s longest running joke or the single most successful panel in the history of Canadian Security Conferences – it’s the “Littlest Hobo” of Security! As in years past, you’ll be treated to time with a distinguished panel of guest speakers (who are rarely told beforehand […]
Read moreMalign influence is one of the greatest challenges the world faces today. State-sponsored threat actors, criminals, and political actors alike are weaponizing information in online spaces to thwart elections, incite social division, disrupt supply chains, and manipulate markets. Due to the inherent overlaps in modern day digital influence campaigns and cyber intrusion campaigns, information security […]
Read moreIn October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later […]
Read moreHave you ever wondered what the ROI is on a security control? Or whether you should spend time fixing 2 highs or 47 mediums? FAIR STRIDE is a method for creating application threat models that can answer these questions by feeding the output from STRIDE into a quantitative risk model like FAIR rather than a […]
Read moreEXERCISE, EXERCISE, EXERCISE Despite efforts by organizations of all sizes to maintain a tight security posture, cyber intrusions still occur. Ensuring that your business effectively responds to cyber incidents is essential to maintaining a resilient cyber defense for todays and tomorrow’s threats. To combat these threats, organizations need to invest in the development and sustainment […]
Read moreIn October of 2020 Vastaamo, a chain of psychotherapy clinics with over 30.000 patients, was forced to admit that their patient database had been stolen. The database contained the therapist’s notes and personally identifying information for tens of thousands of Finnish citizens. The criminal, only known as RANSOM_MAN, was trying to exert pressure on the […]
Read moreThe COVID-19 pandemic helped the cyber insurance industry make record-breaking revenue growth in 2020. But it also saw record profit loss. This decline led insurance companies to alter their client coverage requirements, placing stricter cybersecurity conditions for eligibility. This session will dive into what organizations need to do in order to meet these requirements. The […]
Read moreVirtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host. In this talk we’ll answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?” Before we jump into the vulnerabilities, we’ll […]
Read moreSince the proliferation of data science applications in cyber security, there has been a complimentary division in the approaches to threat detection: Traditional and Machine Learning (ML). The traditional approach remains the predominate method in cyber security and is primarily based on identifying indicators-of-compromise via known signatures. On the other hand, ML applications are focused […]
Read moreThe traditional approach to quality assurance (QA) was disrupted when the Agile movement caused most development teams to start taking at least partial ownership of the quality of their products. The cloud-native and DevOps movements similarly disrupted traditional IT Ops. These were not mere shifts to the left, they all involved fundamental changes to mindset, […]
Read moreIn recent years, with the wake of numerous attacks, there has been a push to understand the risks posed by smart devices. While helping revolutionize the way the world operates, the innovation and convenience has often overshadowed – and sometimes completely – their security implications. This talk discusses the evolution of the ‘traditional’ device profiles […]
Read more