The public sector is under constant threat from cyber criminals who use advanced tactics such as phishing, ransomware, imposter emails and other methods to exploit employee vulnerabilities. Human error is typically the starting point of most attacks, and cyber criminals have become adept at using social engineering techniques to target individuals with highly persuasive, personalized messages. That means it’s more important than ever to...

Cyberattacks are evolving, and your defenses need to, too. Join SEC401 author Bryan Simon, GSE, for this webcast unveiling the game-changing 2024 update to SEC401 Security Essentials: Network, Endpoint, and Cloud. Get hands-on with next-generation labs: 20 brand-new exercises based on real-world security breaches Master essentials skills to combat cloud server compromise, data leakage, phishing attacks, and rushed development See the scenarios...

Ransomware thrives in chaos, particularly in unmonitored security gaps that often exist between front-end and back-end cyber defenses. Unfortunately, higher education institutions are susceptible to these cybersecurity vulnerabilities, leaving them scrambling for different tools and solutions to protect themselves and the data of their students, staff and faculty. Cybercriminals show no sign of relenting – in the past year alone, several...

When critical infrastructure is hit by a disruptive cyberattack, national security officials need to know about it as soon as possible. That’s the guiding principle behind new rules coming soon from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). In March 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law. Enactment of CIRCIA means CISA will require covered entities d...

What a difference a year can make! Looking back on 2023, we saw some stunning trends and incidents in the realm of cybersecurity that got us all talking. In this webcast (with an associated white paper), SANS Senior Instructor Dave Shackleford will examine: The most significant cybersecurity incidents in 2023, and lessons learned from them What’s happening in the realm of machine learning and AI, both good and bad New security technology...

Securing applications is a complex and cumbersome issue many organizations have yet to solve. Current processes to test and secure applications are manual, ad-hoc, and often disconnected from development cycles. Furthermore, testing tools or results are siloed, and may not focus on overall risk or lack enterprise context. This leads to unnecessary friction, which can impact development processes or leave a security gap in the organization. In...

Executive Order 14028 (Improving the Nation’s Cybersecurity) established new requirements to secure the federal government’s software supply chain. The requirements involved systematic reviews, process improvements, and security standards for both software suppliers and developers, in addition to customers who acquire software for the federal government. The software supply chain is only truly secure when all entities throughout t...

SecureWorld events and programming foster Growth, Access, and Excellence among cybersecurity professionals. SecureWorld is… the stepping stone to grow in your abilities and career path SecureWorld is… access to the knowledge and solutions you need, in the place you live SecureWorld is… a unique experience with excellence in both speakers and content For more than 23 years, SecureWorld has been tackling global cybersecurity...

The Dragos OT Cybersecurity Year in Review is a mainstay for ICS asset owners and defenders to stay abreast of cyber threats, vulnerabilities, and frontline observations from the previous year. Covering the key OT cybersecurity events that shaped the threat landscape for industrial sectors, how the ICS community is performing, areas of improvement for safe and reliable operations. Join Dragos CEO and SANS Senior Instructor Robert M. Lee for a...

As physical and cyber attacks on critical infrastructure and industrial control systems (ICS) have become increasingly brazen, ICS defenses must go beyond just preventative security. ICS defenses must be ICS-specific, teams need to be proactive and have ICS cyber specific knowledge and skills. This is because traditional IT security controls applied to ICS are ineffective, cause disruptions and safety interferences. ICS cyber defense is doable...