Held Wednesday, April 15, 2020
Recording available.
Contact sbsinstitute@sbscyber.com for the recording.

CyberRiskNOW Virtual CyberSecurity Conference Summary:

This virtual conference is designed to provide interactive training on evolving cybersecurity threats and what your bank should do to build a strong Information Security Program that helps protect against these threats. We will identify components of a comprehensive Information Security Program that enables successful IT Examinations and minimizes your risk against real-world threats. This seminar will walk you through various FFIEC, FDIC, and OCC resources, as well as other industry best practices.  We will also review some timely hot topics, including Pandemic Preparedness, Managed Service Providers, and creating a Culture of Security at your institution. 

Not only will this virtual conference include live video from our presenters, but we’re also including a Virtual Lobby utilizing Discord to allow attendees to interact with one another and with event moderators, as well as share information, best practices, and tools you’re using at your organization. An invitation to join our CyberRiskNOW Discord server will be sent to all attendees prior to the conference.

CyberRiskNOW will also be recorded for later viewing in case you’re not able to attend live all-day or on the date.

Agenda (full descriptions below):
Central Time
8:30 AM - Event Lobby Opens
8:50 AM - Welcome & Housekeeping
9:00 AM - Modern Cybercrime Trends
10:00 AM - 10 Minute Break
10:10 AM - Pandemic Planning, Business Continuity, and Remote Working
11:10 AM - 10 Minute Break
11:20 AM - Managing Your Managed Service Provider – 12 Questions to ask your MSP
12:00 PM - 45 Minute Lunch Break
12:45 PM - Information Security Program Components
2:10 PM - 10 Minute Break
2:20 PM - Cybersecurity Culture and Training Programs
3:00 PM - 10 Minute Break
3:10 PM - SBS Panel Discussion + Q&A
3:30 PM - Event Concludes
4:00 PM - Event Lobby Closes

Download Flyer

Speakers:

Jon Waldman CISA, CRISC	Chad Knutson CISSP, CISA, CRISC	Cody Delzer CISA
Executive Vice President, IS Consulting and Co-founder SBS CyberSecurity President SBS Institute	Chief Operating Officer Chief Information Security Officer Co-founder SBS CyberSecurity	Vice President, Information Security Consultant/Regional Director SBS CyberSecurity
Read Bio	Read Bio	Read Bio

Contact sbsinstitute@sbscyber.com for the recording.

Modern Cybercrime Trends:

Many organizations make the mistake of thinking that most cyberattacks are targeted attacks against large businesses or high-value targets. In today's environment, nothing could be further from the truth.

Today's hacker doesn't look like the mental image of a hacker that most people imagine. It's not some 15-year old kid in his (or her) mom's basement, drinking a liter of soda, eating a bowl of Cheetos, wearing a hoodie, and hacking the planet. Today's hacker is a professional (in nearly every sense) that gets paid (well) to do a job (just like you). Today's hacker isn't sitting around in his or her hacker cubicle somewhere in the world using the command prompt to repeatedly ping IP addresses manually. Modern hackers have numerous programs that automatically search the internet for devices that are "alive" - i.e. have an IP address and are willing to communicate with other devices on the internet.

In this session, we will discuss the following:

• How Today's Modern Cyberattacks are Automated

• Hacking is Easier Than Ever Before

• You Have Value to an Attacker

• Top 5 Ways to Mitigate Your Risk – The Basics

Pandemic Planning, Business Continuity, and Remote Working:

The spring of 2020 saw the world deal with its first pandemic since 2009's H1N1 swine flu, and financial institutions are dusting off their Pandemic Preparedness Plans and making plans to operate with reduced onsite staff and additional remote working capabilities. Pandemic Preparedness, which falls under the umbrella of Business Continuity Management, was all but removed from the updated FFIEC Business Continuity Management booklet in November of 2019, but we've quickly remembered that doesn't mean that the threat of a global pandemic isn't real. 

This seminar will cover the current state of the COVID-19 - the novel coronavirus - and what financial institutions need to do from a Pandemic Preparedness and Business Continuity Perspective. Additionally, we'll discuss:

• FFIEC guidance on Pandemic Preparedness

• Short-term employee staffing issues

• Long-term employee staffing issues

• Securing your remote working capabilities

• Communications - with employees, customers, regulators, and media

• Supplies and Personal Protective Equipment (PPE)

• and more

Managing Your Managed Service Provider – 12 Questions to ask your MSP:

Many institutions utilize a Managed Service Provider these days to manage IT infrastructure, often providing more expertise while saving some cost. But when it comes to protecting your data, the term "cybersecurity" can mean different things to different organizations. The goals of Information Technology (convenience and availability) far different than the goals of Information Security (protection and loss prevention).

How can you make sure your Managed Service Provider is truly benefitting you and helping you protect your institution and your customers' data?

This presentation will cover the following areas/topics:

• Information Technology vs. Information Security

• Types of Managed Services Providers

• Traditional Vendor Management of MSPs

• Modern Vendor Management of MSPs

• Characteristics of a good MSP partnership

• Questions to ask before you hire an MSP

Information Security Programs Components:

All banks are required to have a written, comprehensive Information Security Program that starts with a risk assessment. This section will overview the primary components of an Information Security Program to ensure your organization has a solid foundation on which to build its information security governance. With a risk-based Information Security Program, there are three major elements: Risk Assessment, Documentation, and Audit. We will explore these three areas, as well as how the risk assessment process drives the creation of documented policies, procedures, and plans that the institution can then implement. We will also discuss how the audit process then provides verification that those controls are both implemented and adequate.

Cybersecurity Culture and Training Programs:

The human element of information security is an increasing target for cybercriminals and generally considered the weakest area in information security. Security awareness and training on proper protocols is an essential element of good security and regulatory compliance, but moving from reactive training to proactive training is the hard part.

We will discuss many methods of constructing an adequate security awareness and training program for both employees of your bank and customers of your online products and services, including  awareness to cybersecurity issues, training on what is expected, and clear accountability for employees and management responsible for protecting customer information. These elements can help establish a lasting culture that includes a passion for protecting customer information and a desire to be successful against cybercrime.

SBS Panel Discussion + Q&A

Your SBS presenters will all come back together to provide some closing remarks, address any additional discussion throughout the seminar, and answer whatever questions you might have from today's session. We'll be collecting and answering questions throughout the day, but feel free to submit any additional questions during the final break that weren't answered already.

Get Recording: https://attendee.gotowebinar.com/