Skip to main content

Webinars


Hacker Hours

Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, our free Hacker Hours aim to discuss banking issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Request Password


{Hacker Hour} Managing MSP and MSSP Relationships

Date: 12/18/2019
{Hacker Hour} Managing MSP and MSSP Relationships

Date: Wednesday, December 18
Time: 2:00 - 3:00 PM CST
Complimentary monthly webinar series. 

Earlier this year the Department of Homeland Security issued a warning about the growing number of cyber attacks targeted at managed service providers (MSP) and other IT services providers. Criminals target MSPs because they can get more bang for their buck. By breaching a single MSP system they can potentially gain access to all of the networks the MSP services. 

Join SBS as we discuss the benefits and risks associated with MSP and MSSP relationships.  We will highlight specific steps to take to understand and mitigate risk with your MSP relationships.  We will also walk through what to look for when selecting a new MSP.

Register

{Hacker Hour} Active Directory Tiering

{Hacker Hour} Active Directory Tiering

Servers and domain-administrator user accounts are some of our most critical assets to secure on your network. Through Active Directory (AD) tiering and the use of Privileged Access Workstations, organizations can create a network where access is allowed on an “as-needed” basis.

Join us and learn more about what AD tiering is, how separating critical and non-critical assets through Active Directory can protect information, and how, when coupled with other controls, it can help secure your network from a wide array of threats.

 

{Hacker Hour} Cybersecurity Awareness Round Table - Lessons from National Cybersecurity Awareness Month

{Hacker Hour} Cybersecurity Awareness Round Table - Lessons from National Cybersecurity Awareness Month

Cohost: Jon Waldman, Co-Founder and Executive Vice President, IS Consulting - SBS CyberSecurity
Description: We would like to invite you to join SBS in celebrating National Cybersecurity Awareness Month with a security awareness round table. We will have an open discussion focused on building a stronger security culture for your entire organization - from your Board of Directors and employees to your customers. 

Join us as we share new cybersecurity awareness ideas and techniques that organizations have implemented to support their security culture.  An updated "Unique  Ideas to Create a Culture of Cybersecurity" download documenting the 2019 ideas will be shared following the webinar.

Request Password | View Webinar

 

{Hacker Hour} Vendor Risk Assessment and Classification

{Hacker Hour} Vendor Risk Assessment and Classification

Vendor management is one of the most critical components of an effective Information Security Program.  It is also the most challenging for organizations to manage effectively. From the amount of time and energy it entails and knowing which questions to ask, there’s a lot to sift through.  Conducting a vendor risk assessment sets the foundation of a well-managed program, however, this step often gets skipped.

Join SBS as we dive into conducting vendor risk assessment and classification, and discuss how these activities drive the overall effectiveness of your third party vendor program.

{Hacker Hour} Examining BitPaymer and Other Attack Types

{Hacker Hour} Examining BitPaymer and Other Attack Types

Cohost: Buzz Hillestad, SVP Information Security Consultant - SBS CyberSecurity
Description: Cybercriminals are using ransomware attacks to shut down government entities, businesses, and financial institutions all over the world.  Variants of the BitPaymer ransomware attack have emerged as a real threat that are hitting close to a business near you. 

Join SBS as we examine BitPaymer and other attack types that your organization should be aware of.  We will dissect current attack events and what you can do to prevent, detect, or recover from an attack.

{Hacker Hour} Critical Responsibility of an Information Security Officer

{Hacker Hour} Critical Responsibility of an Information Security Officer

The past 5-10 years have brought such big changes to the roles and responsibilities of the information security officer (ISO) that many small to medium-sized organizations struggle to define the most critical responsibilities. Guidance tells us that management should designate at least one ISO to be responsible and accountable for implementing and monitoring the information security program. But what does that mean?
 
Join SBS as we discuss the most critical responsibilities of the Information Security Officer and share some insight on what small to medium size organizations can do to fulfill the ISO's most critical responsibilities.

{Hacker Hour} Establishing Quarterly Firewall Audits

{Hacker Hour} Establishing Quarterly Firewall Audits

Note: Webinars begin with a short Threat Update from the SBS Incident Response Center sharing what they are seeing in the world of incident response.

Quarterly firewall audits have been a baseline requirement for compliance since 2015 when the FFIEC Cybersecurity Assessment Tool (CAT) was released. Unfortunately, the FFIEC Information Security Booklet leaves much to the imagination on how, what, and where to conduct these firewall audits.  This lack of guidance has caused anxiety and confusion for some financial institutions.

Join SBS as we discuss what your organization can do to meet the baseline requirement and explore how other organizations are managing quarterly firewall audits - both internally and with their managed service providers (MSP).

{Hacker Hour} Open the Tackle Box and Go Phishing

{Hacker Hour} Open the Tackle Box and Go Phishing

Many organizations are implementing valuable internal phishing programs in order to ensure their employees can spot and report phishing emails.  At some point, organizations struggle with how to continue to challenge their employees and keep the phishing emails fresh.

Join SBS as we discuss tips and tricks to keep your internal phishing program fresh and continually push the maturity level of your security awareness program.

{Hacker Hour} Answering Common Questions About Vulnerability Assessments

{Hacker Hour} Answering Common Questions About Vulnerability Assessments

Cybercriminals and software companies are in a race to the finish line - finding a vulnerability - with very different ideas of what winning the race means. Software companies are looking to cross the finish line first by identifying a vulnerability and releasing a patch to protect against an exploit. While the criminal is looking to "win" by exploiting any unpatched systems. As a result, we are seeing more organizations of all shapes and sizes looking to implement a more robust scanning program to identify any unpatched vulnerabilities and protect the integrity of their network.
 
Join SBS as we discuss the answers to your common vulnerability assessment questions and offer guidance on what you can do with your program.

{Special Request Hacker Hour} Understanding SOC2 Reviews Part 2

{Special Request Hacker Hour} Understanding SOC2 Reviews Part 2

You asked for it.  You got it!  Join us as we host a second session on SOC 2 reporting.  We will take a deeper dive into the challenges of completing a SOC 2 review.

{Hacker Hour} Develop a Better Understanding of SOC 2 Reporting

{Hacker Hour} Develop a Better Understanding of SOC 2 Reporting

Join us as we discuss the struggles that organizations have when dealing with SOC 2 reporting. We will review what a SOC 2 report entails, why they are important, tips on going through the review process, and how to read and document responses. Registrants will also receive a SOC 2 questionnaire.

{Hacker Hour} Business Email Compromise Investigations

{Hacker Hour} Business Email Compromise Investigations

Business email compromise (BEC) is a scam where an attacker sends an email that appears to be from an executive in an attempt to trick recipients into clicking a malicious link, sharing sensitive information, or even sending money directly to the attacker. The FBI recently warned that this type of attack has cost U.S. businesses more than $1.6 billion in losses over the past six years. In 2018 we saw BEC become one of the leading attack types, mainly because of how difficult it is to detect.

Join SBS as we discuss common BEC attacks, tips to tell your customers, and simple steps in an initial  BEC investigation.

{Hacker Hour} Key Components of Your Annual GLBA Report

{Hacker Hour} Key Components of Your Annual GLBA Report

The “Gramm-Leach Bliley Act” (GLBA), also known as the Financial Services Modernization Act of 1999, mandates that financial institutions protect the confidentiality and security customer personally identifiable financial information.  Communicating to the Board of Directors what was truly accomplished during the past year in an annual state-of-information-security report allows them to understand and approve how the organization is complying with GLBA. Creating a repeatable, specific GLBA report template will improve the efficiency of the reporting process and relieve some of the stress of aggregating all the data needed for a comprehensive report. 
 

Join SBS as we outline a comprehensive and repeatable template that can be used to build your own annual GLBA report. We will walk through the essential report components and troubleshoot common issues.

{Special Report Hacker Hour} FSSCC Releases New Cybersecurity Framework

{Special Report Hacker Hour} FSSCC Releases New Cybersecurity Framework

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

  • How is it different than the Cybersecurity Assessment Tool?
  • Will it be used by US regulators?
  • Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

{Hacker Hour} Taking Cybersecurity From the Basement to the Boardroom

{Hacker Hour} Taking Cybersecurity From the Basement to the Boardroom

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

  • Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
  • Information that should be provided to the Board on a consistent basis. 
  • Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.


Webinars

{Webinar} Own, Secure, and Protect Your ISP

The theme for this year's National Cybersecurity Awareness Month is Own IT.  Secure IT. Protect IT.  Join SBS as we discuss how a comprehensive and repeatable Information Security Program (ISP) is a map of exactly how your organization owns, secures, and protects your confidential customer information, computer systems, networks, and applications.

{TTS Webinar} Patch Your People - Education for Employees, Boards, and Customers

Recording available. During our session, we will explore traditional ways education has been deployed and look to improve those processes with more advanced and effective methods of patching our people. We will also look at best practices for addressing similar issues with business customers and highlight common educational practices.

{TTS Webinar} Cybercrime and the Dark Web

Recording available. We will explore the different aspects of the internet, including the surface web, deep web, and dark web, as well as the types of cybercrime affecting financial intuitions and how to counter these risks.

{GSB Webinar} Vendor Management Process Improvements

Recording Available. The FFIEC Cybersecurity Assessment guidance has introduced a new term for our risk management practice: External Dependency Management. We will explore this new term in our guidance and better understand the requirements provided.

{TTS Webinar} FFIEC Cyber Compliance Update

Date: 10/8/19
Recording available. This session will provide you with a solid understanding of the FFIEC's updated regulatory guidance for financial institutions to help you ensure all aspects of cybersecurity compliance are being addressed. 

{GSB Webinar} Cybercrime Trends and Hot Topics in Banking

Date: 9/20/19
Recording available. Daily, we hear news about a new data breach, a dangerous strain of malware, innovative hacking schemes, and targeted efforts of organized crime groups. In fact, cybersecurity news has become so pervasive that it’s not even shocking news to most people anymore. This session will provide detailed information on how to prevent the latest information security threats or ways to mitigate the latest vulnerabilities.

{TTS Webinar} Incident Response and Forensics

Date: 9/18/19
Recording available. Once we identify a threat, we need clear steps to contain, eradicate, and recover. In this session we will explore possible threats that we should be prepared for and how to build a program to protect against them.

{TTS Webinar} FFIEC CAT vs InTREx

Date: 9/4/19
Recording available. In this session we will review both processes; best practices using each, comparison of their differences, and how to leverage them together.

{TTS Webinar} SSAE18, SOC1, SOC2, What do I need?

Date: 8/21/19
Recording available. We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution.

{TTS Webinar} ATM Jackpotting and Unlimited Operations

Date: 7/15/19
Recording available. In this session, we will explain the differences between ATM Jackpotting and ATM Unlimited Operation. We will also explore some of the guidance around ATMs, the latest ATM crime trends, new security controls to mitigate risk, and how you can integrate your ATMs into your Information Security Program.

{Webinar} Regulatory Pressure on Third Party Management

{Webinar} Regulatory Pressure on Third Party Management
FFIEC Cybersecurity Assessments Tool encourages financial institutions to expand questioning around third party risk management practices and suggests more rigorous oversight. This webinar will explore best practices for Vendor Management, Third Party Risk Management, and Customer Risk Management.

Demos

{Demo} Automate Your IT Risk Assessment

{Demo} Automate Your IT Risk Assessment
Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and easily create your company's detailed IT risk assessment. Develop your inherent risk, residual risk, and future risk scores that help make sound business decisions.

{Demo} Automate Your Vendor Management Program

{Demo} Automate Your Vendor Management Program
Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and how it centralizes and manages all of your vendor relationships. We will walk through the risk assessment and selection process, and discuss how TRAC can instantly improves your ability to manage vendors.

{Demo} KnowBe4: New School Security Awareness

{Demo} KnowBe4: New School Security Awareness
Demos are held on Wednesday of each week. You can pick a date that works for you upon registering. Join this webinar to view a demo of the software and learn how SBS can partner with you to create a stronger security awareness program.