"Developing and Testing an Effective Incident Response Program" will be presented on May 16, 2017 from 11:00-11:45 a.m. PDT. Andy Jordan, senior security associate, will offer guidance on how to build an incident response plan that can identify and repair compromises as quickly as possible -- and how to test and practice that plan to be ready for the real thing.
"If your organization doesn't have a plan for handling a major data breach, you're already in trouble," said Jordan. "To swiftly and effectively respond to a cyber compromise, you must develop a program that is customized around your business and its critical information."
Jordan's presentation is part of a two-day Interop ITX summit program, in which the Dark Reading editorial team and some of the industry's top cybersecurity experts offer a crash course in what IT and security professionals need to know about data security and the dangers organizations face.
"Defeating Social Engineering, BECs and Phishing" will be presented on May 17, 2017 from 2:10-3:10 p.m. PDT. Alex DeFreese, senior security analyst, and Rob Ragan, managing security associate, will discuss the latest social engineering tactics that attackers are using to scam companies out of millions of dollars and how companies can protect their organizations.
Since over 90% of cyber attacks start the same way – with a phishing message – the presentation will focus on email phishing techniques and mounting a strong defense. This includes specific strategies for reducing the attack surface and for limiting the options of attackers.
"Attackers slip all manner of malware into your organization just by convincing users, even admin-level users in the IT department, to click on a link," said Ragan. "Social engineers carrying out business email compromise attacks (BECs) are even more clever, forgoing malware and malicious links altogether, and scamming companies out of many million of dollars simply by asking for it the right way."
DeFreese and Ragan will also discuss how to set up an effective incident response plan with best practices for detection, containment and eradication. Employees are on the front lines of phishing and BEC attacks, so it is critical to educate, empower and incentivize them as part of an incident response detection program.
"Social engineering is, at the very least, how attackers get their foot in the door, and at worst, how they get away with your crown jewels," added DeFreese. "While attackers will always be coming up with new twists on the oldest tricks in the book, with a good defense, you can stay one step ahead and protect your organization against them."
Bishop Fox is an independent cybersecurity firm that protects businesses from today's increasing security threats. Headquartered in the Phoenix area since its start in 2005, the firm provides assessment and penetration testing and enterprise security consulting services to the world's leading organizations. For more information, visit www.bishopfox.com.