The CyberWire Daily Briefing 02.02.16
The 2015 breaches of Bundestag systems in Berlin are looking more like a Russian operation. An anonymous source within the German security services tells journalists the attacks were "clearly attributable to a Russian military intelligence service." Some observers in Germany think the deep game is destabilization of the European Union, with a playbook taken from hybrid operations against Ukraine.
SentinelOne continues to warn against BlackEnergy3, which at least accompanied, if it didn't actually accomplish, the recent hacks of Ukraine's grid.
BlackEnergy is currently spreading through malicious Microsoft Office files. Another familiar kit, Kasidet, a.k.a. Neutrino, enjoys an unwelcome resurgence, transmitted by compromised Office macros.
The US Congress begins investigating whether the now-patched encryption issues in Juniper products have their source in an NSA-developed algorithm. The US Government is a big Juniper customer, and the gear it bought and uses apparently suffered the same weaknesses as anything sold to other customers.
DDoS attacks may have become the single most common cyber assault on financial services enterprises. Not only banks are affected: the Elder Scrolls online game reported a DDoS episode yesterday.
TalkTalk thinks the breach it sustained in October cost it up to £60 million and more than 100 thousand customers.
In industry news, FireEye acquires Invotas. Bell Aerospace enters the cyber security market with its purchase of Wavefront. Quick Heal prepares for next week's IPO, and Alert Logic gets ready for a 2017 IPO. Norse is still down-and-out.
And a study shows that cyber crime doesn't pay (all that well).
Notes.
Today's issue includes events affecting Australia, Colombia, European Union, Germany, Iran, Iraq, Ireland, Kosovo, Malaysia, Russia, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Was Russia behind 2015's cyber attack on the German parliament? (Deutsche Welle) Russian secret services are said to have been responsible for a cyber attack on the German parliament last year. There are a whole series of indications that Kremlin strategists have their sights set on Germany
National Power Grids Increasingly Targeted in Cyber Attacks (Voice of America) Ukraine's electric power grid is once again under cyberattack, just one month after a similar incident successfully brought down portions of the system and left millions in the dark
Macro Malware Resurgence Highlighted By Kasidet Outbreak (Dark Reading) Also known as Neutrino, this piece of malware is another case of Office macro malaise
Government software may have let in foreign spies (The Hill) The government may have used compromised software for up to three years, exposing national security secrets to foreign spies, according to lawmakers and security experts
The Elder Scrolls Online European megaservers under DDOS attack (VG 24/7) If you're having problems connecting to The Elder Scrolls Online, you're not the only one
DDoS is most common cyber attack on financial institutions (ComputerWeekly) Attack on HSBC is typical for the financial sector, but no business should consider itself unlikely to be targeted in this way, say security experts
The Twelve Days of Crisis — A Retrospective on Linode's Holiday DDoS Attacks (Linode) Over the twelve days between December 25th and January 5th, Linode saw more than a hundred denial-of-service attacks against every major part of our infrastructure, some severely disrupting service for hundreds of thousands of Linode customers
Cyber extortion is a growing, but largely hidden threat (ComputerWeekly) Security industry warns of increasing cyber extortion attacks as Lincolnshire County Council is hit by a ransomware demand
Is your HP enterprise printer hosting malware for hackers? (Help Net Security) "If you're concerned about security, put your printers are behind a firewall and, if it's a Hewlett-Packard, make sure port 9100 isn't open," says security researcher Chris Vickery
Using IPv6 with Linux? You've likely been visited by Shodan and other scanners (Ars Technica) Shodan caught using time-keeping servers to quietly harvest IP addresses
SLOTH Downgrades TLS 1.2 Encrypted Channels (TrendLabs Security Intelligence Blog) Early last month a new vulnerability was found in how TLS 1.2 was implemented
UK activists dumps 2.5 GB of data stolen from US police union (Help Net Security) Last Thursday, UK-based researcher and activist Thomas White has made available for download 2.5 GB of data stolen in a recent hack of the computer systems of the Fraternal Order of Police (FOP), the biggest police union in the United States
South American Hacktivist Leaks Data from Colombian Government Websites (Softpedia) The hacker known as Hanom1960 has breached, stole, and leaked information from Colombia's Ministry of Information Technologies and Communications and Ministry of National Education
Cyber attack cost TalkTalk up to £60m and 101k customers (Fast FT) TalkTalk says the cyber attack it suffered in October has lopped £15m off trading revenue as well as forcing it to book exceptional costs of £40m–£45m, and losing it up to 101,000 customers
TalkTalk's cyber-security lesson (SC Magazine) The TalkTalk breach was not an isolated incident says Clayton Locke who advises companies on the need to monitor user-behaviour for inconsistencies
Cyber attack victim firm Loyaltybuild in Clare has €18m loss (Irish Examiner) Loyaltybuild — the Co Clare firm that was victim to a "very sophisticated cyber attack" plunged into the red in 2014 to record pre-tax losses of €18m. Loyaltybuild Ltd posted a profit of €1m in 2013
Self-Driving Car Technology Poses High Hacking Risk: Study (Gadgets 360°) While major auto companies are working on introducing the futuristic self-driving technology in cars soon, this threatens to open new security problems for them as hackers have sensed an opportunity here, a researcher has predicted
Sensitive information obtained in 88% of visual hacking trails: Study (Networks Asia) In nearly nine out of ten instances, security experts were able to visually hack corporate information, according to research published by Ponemon Institute. Titled "The 3M Visual Hacking Experiment," the study was conducted on behalf of the Visual Privacy Advisory Council and 3M Company
Bulletin (SB16-032) Vulnerability Summary for the Week of January 25, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
You need these critical Android updates — but will you get them? (Naked Security) Google's latest Nexus Security Bulletin is out
Tails 2.0 fixes many security issues (Help Net Security) Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity
Toys Patched Against Flaws That Put Children's Data, Safety At Risk (Threatpost) As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations' ability to receive and triage bug reports
Coping with new Windows 10 patch security issues (TechTarget) Microsoft's new approach to mandatory Windows 10 patching raises new security issues for businesses. Expert Paul DeGroot explains what the problems are and how to deal with them
Goodbye and good riddance: Oracle finally ditches Java browser plug-in (Naked Security) After two decades of awful memories and zero-day vulnerabilities, Oracle is killing off the notoriously insecure Java browser plug-in. When Oracle releases version 9 of the Java Development Kit (currently anticipated for 23 March 2017), it'll be deprecated and gone
Cyber Trends
Cybercrime Doesn't Pay As Much As You'd Think (Dark Reading) Legit cybersecurity professionals typically make more than the average cybercriminal, a new survey says
Many Law Firms Lack Adequate HIPAA-Related Cybersecurity Standards: Survey (Legaltech News) Only 13 percent of the law firms questioned had relevant security measures in place to protect clients' personal health information under HIPAA
Hospitals coming under increasing hack attacks (Health Data Management) Phishing created big news in healthcare last year — the really bad kind
Are Retailers Improving Cybersecurity? (Bank Info Security) R-CISC Director says cross-industry collaboration, info sharing make a difference
Australian companies 'open to cyber crime' (The Age) Australian companies could risk becoming "low-hanging fruit" for cyber criminals due to a lack of education and an unwillingness to properly deal with threats
Marketplace
Data breaches, a board's biggest fear just got worse (Financial Review) Data breaches are becoming as lucrative as the global drug trade. Massive data breaches are almost a daily occurrence
Norse Founder Doesn't Know Whether His Cybersecurity Business Is Still Alive (Forbes) The Norse gods have left their underlings in a state of chaos. That is, the gods of Californian security intelligence firm Norse Corp
Some notes on the Norse collapse (Errata Security) Recently, cybersec company "Norse Security" imploded. Their leaders and most the employees were fired, and their website is no longer available. I thought I'd write up some notes on this
Liar, Liar, KPMG Capital's Investment Into Norse Corp. On Fire (Forbes) Brian Krebs, previously a Reporter for The Washington Post where he wrote blog posts for the popular 'Security Fix blog' plus hundreds of stories for the print and online versions of the newspaper, authored an investigative report over this past weekend titled "Sources: Security Firm Norse Corp. Imploding"
Norse Corp: Deconstructing threat intelligence on Iran (CSO) Memo circulated to government officials contains no actual intelligence, redefines the word attack
Cybersecurity Gap Blocks Pentagon From a Lockheed F-35 Database (Bloomberg Business) The Pentagon hasn't had updated information on maintenance of the F-35 jet since May because a Lockheed Martin Corp. database doesn't meet new government cybersecurity requirements, according to the Defense Department's testing office
FireEye buys Invotas International to improve security automation and orchestration (Computer Technology Review) FireEye has bought privately held Invotas International, a vendor of security automation and orchestration technology to deliver security orchestration capabilities as part of the California-based company's global threat management platform
FireEye acquires Invotas for faster incident response (CSO) Invotas' platform consolidates information from many security products
Ball Aerospace Buys Software Development Firm Wavefront for Cyber, Diversification Push; Rob Strain Comments (GovConWire) Ball Aerospace and Technologies has bought engineering and analytical services provider Wavefront Technologies for an undisclosed sum as part of its portfolio diversification efforts
Quick Heal IPO to open next week (Business Standard) Company has fixed price band of Rs 311-321 per share
Fast-growing tech CEO: 2016 is an IPO prep year (Houston Business Journal) One of Houston's largest and fastest-growing technology companies, Alert Logic Inc., grows so consistently that you can almost set your watch to it
Join the Cyber Security Business Development Mission to Japan, South Korea and Taiwan (Export.gov) The United States Department of Commerce, International Trade Administration (ITA), is organizing an Executive-led Cyber-security Business Development Mission to Japan, South Korea and Taiwan
The Cybersecurity Talent You Seek May Be In-House (Dark Reading) IT staff in many cases are already performing security-related work — with proper training, they could be converted to the security team
Products, Services, and Solutions
ThreatTrack Releases Its Next-Generation Malware Analysis Sandbox (ThreatTrack Security) ThreatAnalyzer 6.0 enables enterprises and government agencies to discover and respond to advanced malware evading their signature-based defenses
Anti-DDoS Solution From NSFOCUS Helps Australian Service Provider Micron21 Mitigate Massive Denial of Service Attack (BusinessWire) Large-scale DDoS assault consumed 23 Terabytes of inbound data in only two hours; outage would have cost up to $1.3 Million
IEEE Anti-Malware Support Service Goes Live (Dark Reading) Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection
Technologies, Techniques, and Standards
NIST Invites Tech Vendors for Wireless Medical Device Cyberscurity Demo (ExecutiveBiz) The National Institute of Standards and Technology is looking for industry partners to help create and demonstrate a standards-based reference technology design for the protection of wireless medical infusion pumps against cyber threats
How to protect security product investments (CSO) Simply buying additional expensive security products and configuring them no more completely or precisely than you did the last slew of protection tools you purchased is a road map to recurring breaches
Defending the smart grid: What security measures to implement (Help Net Security) Smart grids are a fundamental component of the European critical infrastructure. They are rooted on communication networks that have become essential elements allowing the leveraging of the "smart" features of power grids
The new economics of data protection in a world of ransomware (Graham Cluley) Recently, a new strain of ransomware named 7ev3n was seen in the wild that is more nefarious and, frankly, more stupid than previous versions of this now popular criminal enterprise
What a CISO Breakfast Confirmed About Mobile Security Threats and Strategies (IBM Security Intelligence) As mobile grows, so do security threats. I recently had the opportunity to attend a breakfast with several chief information security officers (CISOs) and hear them talk about their mobile security concerns and strategies. It quickly became apparent that everyone had their own unique company cultures and primary concerns they were trying to address
The fight for a third-best smartphone OS has been lost. By everyone. (Ars Technica) Op-Ed: Without a truly viable third option, it's Android, iOS, or bust
Design and Innovation
Adblocker blockers move to a whole new level (Naked Security) Hold onto your hats! This article is about adblocking, always a windswept topic when we discuss it on Naked Security. Adblockers do pretty much what they say
Why Bitcoin Will Thrive First in the Developing World (Wired) Explaining the appeal of bitcoin to the average American isn't easy
Academia
UCOP Ordered Spyware Installed on UC Data Networks (Remaking the University) The San Francisco Chronicle has coverage of an issue that has been circulating on faculty email networks at UC Berkeley for a few days
Legislation, Policy, and Regulation
Missed chance for Safe Harbor 2.0 means we'll likely see stricter EU data privacy rules (FierceCIO) The deadline to reach a deal on data transfer rules between the U.S. and EU came and passed Sunday evening without a new agreement in place
Opinion: The undoing of Germany's privacy dogma (Christian Science Monitor Passcode) In the wake of European terror attacks and the ongoing refugee crisis, many Germans are backing away from staunch opposition to their country's close cooperation with US spy agencies. Now, Germans are willing to accept a more reasonable balance between security and privacy
ODNI Names Cyber Threat Intell Center Leadership Team Members (ExecutiveGov) Tonya Ugoretz, a senior intelligence analyst at FBI, has been named director of the cyber threat intelligence integration center within the Office of the Director of National Intelligence
Litigation, Investigation, and Law Enforcement
First Hacker Arrested for CyberTerror Charges Arrives In American Court (Dark Reading) Kosovo citizen faces a maximum sentence of 35 years in prison for hacking and providing material support to ISIS
Laws that could jail journalists for reporting on spying 'may breach constitution' (Guardian) Australia's national security monitor says legislation should be amended to protect journalists — but he proposes no such safeguards for intelligence officers
Despite progress, DOD systems still vulnerable to hacking (FCW) Despite some key improvements from the previous fiscal year, Defense Department missions and systems remain vulnerable to hacking, according to an annual report from the Pentagon's weapons tester
Homeland Security secretary: Cybersecurity tool Einstein is good and getting better (Federal Times) Homeland Security Secretary Jeh Johnson has said cybersecurity is a top priority for the department — right alongside counterterrorism. So, after news outlets reported on a recent critical review from the Government Accountability Office, Johnson released a statement defending the department's premiere cybersecurity tool: Einstein
If You Go Near the Super Bowl, You Will Be Surveilled Hard (Wired) Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV
White House refuses security clearance for Ashkan Soltani (Engadget) The security researcher and journalist would have been advising US CTO Megan Smith
White House sets dangerous precedent for future government workers, after refusing clearance for security expert Ashkan Soltani (ZDNet) Soltani was denied "necessary" security clearance likely because of his journalistic work with the Snowden documents, which won him a Pulitzer prize in 2014
Clinton's emails drown out cyber debate (The Hill) The intense scrutiny of Hillary Clinton's private email server is crowding cybersecurity of the 2016 election discussion
Official: Withheld Clinton emails contain 'operational' intel, put lives at risk (Fox News) Highly classified Hillary Clinton emails that the intelligence community and State Department recently deemed too damaging to national security to release contain "operational intelligence" — and their presence on the unsecure, personal email system jeopardized "sources, methods and lives," a U.S. government official who has reviewed the documents told Fox News
Clinton didn't know how to access email by computer, says State official (The Hill) Hillary Clinton did not know how to use a computer to read and send emails when she entered office as the nation's top diplomat in 2009
Anti-swatting US Congresswoman targeted in swatting attack (Ars Technica) Computer-generated voice called in threat to author of Internet Swatting Hoax Act
Corrupt Silk Road Investigator Re-Arrested for Allegedly Trying to Flee the US (Wired) Just when the Silk Road's saga of dirty money and double-dealing seemed to be winding down, one of the federal agents who investigated the site has added an audacious footnote: What looks like a brazen attempt to flee the United States after he was convicted and sentenced to prison for corruption in his handling of the case
Boy arrested over TalkTalk hacking settles case against Twitter (Irish Times) 15-year-old's privacy action resolved on confidential terms, with no admission of liability
Alleged ISIS Fanboy Justin Nojan Sullivan Charged With Killing Neighbor (Daily Beast) Authorities said in December that a suspect in the 2014 murder of an elderly North Carolina man was in custody. On Monday, they confirmed that suspect was Justin Nojan Sullivan
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016