Occupational fraud and insider threat is not new, and it is universal — threatening all types of businesses and industries. It can be difficult to detect, and its adverse impact on the enterprise is growing. The key to building an effective strategy is to understand your organization’s key vulnerabilities and risk to exposure in order to better plan for its inevitable occurrence. In this case study session, you’ll learn how one bank is combining a common sense approach with some unique strategies to prevent, detect and resolve insider threats, including:

• Ways that proactive monitoring, internal audit and tip hotlines can be an effective first step;
• Why you need to consider threats from both insiders and business partners when making enterprisewide assessments;
• Learn to know your assets and to establish a baseline for normal network behavior;

The latest technologies and systematic approaches, including using a log correlation engine or security information and event management (SIEM) system to log, monitor and audit employee actions.

Most leaders in fraud or security work in isolation rather than partnership with customers. With facts revealing consumers and business customers to be highly motivated to protect their own PII and financial assets, why do they commonly use weak passwords or ignore fraud alerts and updates? There is a mismatch between the pace of new technology or practices and customers’ ability to comprehend and adopt — creating unnecessary friction rather than cooperation. Aligning your organization’s fraud and security strategy with your customer’s journey can create a powerful partnership against common enemies, such as data thieves and fraudsters. Are you outpacing your customer’s ability to adopt these new services? This session will explore the role customer education and user behavior can play in stronger fraud prevention and detection.

Cyber-extortion has reached new proportions, with a wide variety of methods, such as distributed-denial-of-service attacks and ransomware variants, being used to extort individuals and organizations. Ransomware-DDoS hybrid attacks, like Cerber, have showcased how attackers have added DDoS capabilities to ransomware. And as events, such as the 2016 takedown of Brian Krebs’ website, prove, DDoS attacks continue grow, posing big concerns for all businesses and organizations. Additionally, business email compromise attacks are compromising small and medium-sized businesses at an increasing rate, with many of these attacks going unreported. While more of a socially engineered scheme, BEC attacks, like ransomware attacks and DDoS attacks, are waged to extort money. The biggest question now is: Who’s next? Attendees will walk away from this session with knowledge about the tools and strategies needed to elevate cyber-resilience, based on the experience and expertise of law enforcement and prosecutors.

Deception is the most successful strategy in military history. Just as armies used deceit to conquer continents, cyber-deception is being used by more and more organizations to exploit a hacker’s greatest weakness – being a human, after all, behind a keyboard. Deception techniques such as honeypots are not a new. But new techniques and capabilities are delivering new approaches to how cyberthreats are dealt with, proactively. During this session, we will deconstruct recent attacks from a hacker’s perspective and show how you can use deception technology to detect stealthy attacks, illuminate network blind spots and minimize breach detection time – highlighting the benefits of deception defenses. But what about when these techniques don’t work as planned? Can deception technology actually create more problems long-term? We will explore the positives and negatives of deception technology.