Part 2: Rekt Casino Hack - Weak Security Program, Unprotected Systems, and Poor Detection & Response
The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.
The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.
If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge.
In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protection, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to a security program built to protect data, systems, networks. We will dive into topics such as:
-Building a strong security program
-How best to protect networks, systems, and data
-Leading Modern Security Initiatives
-Detecting and Responding to Attacks
Видео Part 2: Rekt Casino Hack - Weak Security Program, Unprotected Systems, and Poor Detection & Response канала SANS Institute
The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.
If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge.
In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protection, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to a security program built to protect data, systems, networks. We will dive into topics such as:
-Building a strong security program
-How best to protect networks, systems, and data
-Leading Modern Security Initiatives
-Detecting and Responding to Attacks
Видео Part 2: Rekt Casino Hack - Weak Security Program, Unprotected Systems, and Poor Detection & Response канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
SOLARWINDS – A SANS Lightning Summit
Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
Part 1: Rekt Casino Hack - Business Security Strategy, Policies, and Leadership Gone Wrong
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
Network Security 101: Full Workshop
William Ackman: Everything You Need to Know About Finance and Investing in Under an Hour | Big Think
Metrics for Managing Human Risk
The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018
SANS Webcast - YARA - Effectively using and generating rules
Part 1: Rekt Casino Hack - Vulnerability Management Gone Wrong
Threat Hunting via Sysmon - SANS Blue Team Summit
Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
The Five Most Dangerous New Attack Techniques and How to Counter Them
Next-Level App Hacking: Threat Modeling for Better Attacks
Galaxy Digital Presentation with Mike Novogratz
Move Along; Nothing to See Here… Or Is There?
Hacking Your Brain: Using Proven Psychology Techniques to Set and Smash Goals
Weaponizing the Deep Web | SANS OSINT Summit 2020
Cybersecurity Careers: Where Do You Fit?
SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack