Webinars

Hacker Hour: Critical Responsibilities of an ISO
Date: Wednesday, January 26, 2022
Time: 2:00 - 3:00 PM
Register: https://register.gotowebinar.com/register/7353262606575912716

Description:

The past 5-10 years have brought such big changes to the roles and responsibilities of the information security officer (ISO) that many organizations struggle to define the most critical responsibilities. Guidance tells us that management should designate at least one ISO to be responsible and accountable for implementing and monitoring the information security program. But what does that mean?
 
Join SBS as we discuss the most critical responsibilities of the information security officer and share some insight on what organizations can do to fulfill the ISO's most critical responsibilities.
 

---

 

Meet the Host

Nick Podhradsky, Senior Vice President at SBS CyberSecurity

Nick is on a mission to help organizations understand basic cybersecurity principles and incorporate a stronger culture of security. Since 2016 Nick has hosted the monthly "Hacker Hour" webinar series, which aims to help attendees understand basic cybersecurity principles. Nick has been selected as a guest lecturer at the Dakota State University GenCyber camp and frequently speaks at local Chamber of Commerce groups and other user groups. Nick has 10 years of experience in the banking industry and holds a master’s degree in Educational Technology from Dakota State University. He is a Certified Banking Security Manager and Certified Banking Incident Handler.

Contact Nick at nick@sbscyber.com or 605-770-3926.

In today's digital environment the amount of public data at our fingertips is essentially limitless. Open Source Intelligence (OSINT) is data produced from publicly available information that is collected analyzed and disseminated into usable information about an entity. This session will provide an introduction to OSINT, how data is used, and how it might relate to cybersecurity investigations and posture.

Join SBS as we invite Cynthia Hetherington to stop by and discuss OSINT and cyber investigations. With over two decades of expertise, Hetherington Group is a leader in due diligence, corporate intelligence, and cyber investigations. Cynthia will be sharing her expertise in this increasingly data-intensive, cyber focused-world.

Request Password | View Webinar

 

---

More About Cynthia Hetherington

Ms. Hetherington is the author of three books on conducting cyber investigations and annually trains over 7,200 investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices. She shares her expertise through the publication of an industry newsletter, an online blog, and by hosting the annual OSMOSIS Conference.

Ms. Hetherington leads national and international investigations in corporate due diligence and fraud, personal asset recovery, and background checks. With a specialization in the financial, pharmaceutical, and telecommunications industries, her cyber investigations have recovered millions of dollars in high-profile corruption cases—assisting on the investigations of the top two Ponzi cases in United States history.

Ms. Hetherington shares her experiences as a keynote speaker and contributor at women-focused technology events across the U.S. She is an active member in the Women in Security Forum, the Women’s President Organization, and collaborates with The National Center for Women and Information Technology on drawing young girls into the field.

Hacker Hour: What to Know About Cyber Insurance

Description: Among many other things, 2021 has brought a 93% increase in ransomware attacks. In fact, according to Check Point Research's Cyber Attack Trends: 2021 Mid-Year Report, more than 1,200 organizations worldwide fall victim to a ransomware attack each week, and all enterprises are at risk.

With cyber attacks continuing to grow in terms of volume and scale, many organizations are looking into cyber insurance for protection. The problem is that the cyber insurance market is confusing, premiums are skyrocketing, and coverages vary drastically between providers. On top of that, providers are being pressured to implement strict security requirements and risk assessments before issuing coverage.

Join SBS and a guest panel of cyber insurance experts to get the answers to common questions about what is happening in the cyber insurance market. We will cover what organizations can expect from providers, what homework should be done before choosing a provider, the most important things to look for in your coverage options, and more.

 

Request Password | View Webinar

 

---

 

Meet the Host

Nick Podhradsky, Senior Vice President at SBS CyberSecurity

Nick is on a mission to help organizations understand basic cybersecurity principles and incorporate a stronger culture of security. Since 2016 Nick has hosted the monthly "Hacker Hour" webinar series, which aims to help attendees understand basic cybersecurity principles. Nick has been selected as a guest lecturer at the Dakota State University GenCyber camp and frequently speaks at local Chamber of Commerce groups and other user groups. Nick has 10 years of experience in the banking industry and holds a master’s degree in Educational Technology from Dakota State University. He is a Certified Banking Security Manager and Certified Banking Incident Handler.

Contact Nick at nick@sbscyber.com or 605-770-3926.

Hacker Hour: Make the Most of Cybersecurity Awareness Month

Description: Cybersecurity Awareness Month is back this October for its 18th year to educate the Nation about cybersecurity and how everyone can be safer online. The nationwide initiative provides a great opportunity each year to evaluate the cybersecurity culture of your company and how you can share your knowledge and resources with your customers and community.

Join SBS as we discuss the resources you can utilize to bring attention to cybersecurity awareness, in turn reducing cyber risk for your organization, your customers, and your business partners.

Tite: Hacker Hour: Firewall Review Best Practices

Description: Firewall technology has been a trusted component of network security for decades, but that doesn't make it a "set it and forget it" asset. Quite the opposite, actually. New threats, new technology, and new services or processes can affect the effectiveness of your firewall. As the first and main line of defense between your trusted internal network and untrusted external networks, periodic reviews of your firewall rules and configurations is an important security best practice.

Join SBS as we review the components of a thorough firewall review as well as how to enhance your next review.

Providing cybersecurity education to customers is not only a requirement in the banking industry, it is a very necessary component to reduce cybersecurity risk exposure and losses due to fraud. Promoting a strong cybersecurity culture internally and externally can be seen as a market advantage to customers, especially in today's technology landscape. Conversely, failing to provide cybersecurity training and education to customers can increase the impact and probability of an incident.

Join SBS as we discuss how organizations like yours provide customer cybersecurity education. We will also share ideas on how to enhance your current customer training program.

Tabletop testing is a critical component of a business continuity management program. The exercise is intended to simulate how your organization would react in an emergency situation. Tabletop testing should be completed annually to test the effectiveness of your business continuity plan. After all, how will you know how effective your plan is until you put it to use - preferably in a testing environment versus a real emergency! Tabletop testing allows organizations to gain insight into their current plan's strengths and weaknesses and proactively address any issues. 

Join SBS as we discuss the benefits of consistent tabletop testing and effective testing strategies. We will also share a step-by-step meeting structure you can take back to streamline your next tabletop test.

The term vCISO (virtual chief information security officer) is a relatively new term being used in the cyber world, but the outsourcing solution itself is rather mature. The vCISO solution has been touted as an innovative way to help close the cybersecurity talent gap for organizations, but it's important to know that not all vCISO programs are created equal.

Join SBS as we discuss why the vCISO is on the rise and discover the pros and cons of considering this model for your organization in the future.

Most organizations rely on vendors that frequently develop and issue patches to correct bugs, improve performance, or enhance the security of their software. While organizations are looking to identify and protect against any identified vulnerabilities, cyber criminals are racing to exploit them before any patches are launched. 

According to the Ponemon Institute, 57% of cyber attack victims say an available patch could have prevented their breach. Even further, 34% of respondents were already aware of the vulnerability before they were attacked.  

Join SBS as we discuss the importance of patch management, what is holding organizations back from timely patching, and what you can do to help your organization improve its patch management program.

Join SBS as we walk through the process of conducting an internal penetration test and discuss some common findings and recommendations that can come from conducting such an activity.

The ability to respond quickly and effectively to a cyber incident can determine the overall financial and reputational impact on your organization. An Incident Response Playbook is designed to provide a step-by-step walk-through for the most probable and impactful cyber threats and ensure certain steps of the Incident Response Plan are followed appropriately.

 Join SBS as we walk through the seven steps to creating an Incident Response Playbook tailored to your organization.

Recent cyberattacks have proven that the ability to assess cyber incident response readiness is becoming a core competency for all businesses. A well-executed assessment structure with a repeatable program not only allows organizations to identify and properly respond to different attacks but also dramatically increases the speed at which the business can react. The quicker a business can react, the lower the impact that event has.

Join SBS as we discuss what steps you can take today to start assessing your incident response readiness and strengthen your organization's ability to respond.

Request Password | View Webinar

To test the effectiveness of network security controls, many organizations turn to penetration testing. The scope of testing typically depends on the maturity and goals of the organization. Many organizations rely on simple penetration testing, however, more and more are considering red team and even purple team testing.

Join us as we define the differences in red team and purple team testing and discuss which might be best for your organization.

 

Many organizations are implementing valuable internal phishing programs in order to ensure their employees can spot and report phishing emails.  At some point, organizations struggle with how to continue to challenge their employees and keep the phishing emails fresh.

Join SBS as we discuss tips and tricks to keep your internal phishing program fresh and continually push the maturity level of your security awareness program.

The “Gramm-Leach Bliley Act” (GLBA), also known as the Financial Services Modernization Act of 1999, mandates that financial institutions protect the confidentiality and security customer personally identifiable financial information.  Communicating to the Board of Directors what was truly accomplished during the past year in an annual state-of-information-security report allows them to understand and approve how the organization is complying with GLBA. Creating a repeatable, specific GLBA report template will improve the efficiency of the reporting process and relieve some of the stress of aggregating all the data needed for a comprehensive report. 
 

Join SBS as we outline a comprehensive and repeatable template that can be used to build your own annual GLBA report. We will walk through the essential report components and troubleshoot common issues.

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

• How is it different than the Cybersecurity Assessment Tool?
• Will it be used by US regulators?
• Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

• Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
• Information that should be provided to the Board on a consistent basis. 
• Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.

Join other Michigan bankers and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join other Mississippi bankers and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join other Louisiana bankers and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join us for this fast-moving, highly informative webinar that helps you weigh the risk of what could happen to your bank and what action to take or dollars to spend to protect against cybercrime. We will help you discover the best options available to educate and protect against being the next victim held hostage by today’s clever and sleazy cybercriminals.  

Join IBC and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join NCBA and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

The SolarWinds incident highlights significant future risks. Undoubtedly the doors are now open for attacks of a similar nature. But where do you start? How do you incorporate the lessons learned from this attack? Which processes need to be reviewed? Which vendor relationships need to be scrutinized? With your questions in mind, we designed a 90-minute webinar in which we will guide you through a step-by-step action plan. Jumpstart the review and redesign of your Information Security Program and join us on January 7 at 1:00 PM CST!

As details continue to unfold regarding the supply chain attack of SolarWinds, SBS experts want to help you make sense of the issue, assist your efforts to protect your networks. and understand how it affects your vendor relationships.

Join MBA and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join IBA and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Join us for this brief webinar to learn more about the SBS Institute and how you can help your institution prepare for cybercrime.

Join Iowa Bankers Association and SBS to see the new look of TRAC and discuss how it can simplify the risk assessment process for your bank.

Recording available. How can you allow employees to work from home and be secure at the same time? This session will cover five security tips for working remotely.

Before you know it, the calendar will turn to 2020.  There's still time to get your cybersecurity training in this year or put it on the books for 2020.

Our upcoming webinar is a quick, no obligation way to learn more about our Certified Banking Security Manager course and the many benefits of certification to you and your institution. See why so many banking professionals rely on SBS Institute for their security training and education.