Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series.
According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity thought-leaders. Designed for security and IT professionals, C-level managers and security experts, each session contains both theory and hands-on examples about strategic, tactical, and operational issues on a wide range of topics.
The classes are hosted by industry-recognized cybersecurity researcher and keynote speaker, Etay Maor, who is also Senior Director of Security Strategy at Cato. Four out of the planned annual 8-10 episodes are currently available online.
- Episode 1, entitled How (and Why) to Apply OSINT to Protect your Enterprise takes an in-depth look at our era of data proliferation and oversharing – people sharing too much information on social networks; PDF and Excel files with sensitive data out in the open; and devices exposing open ports and services.
- The public availability of all this information, which has grown with the increase of remote workforces since the start of COVID-19, makes Opensource Intelligence (OSINT) a real threat, as threat actors collect and identify data that can put businesses at risk.
- In addition to providing tips and tricks for a better understanding of OSINT, this master class discusses how to apply OSINT tools (including free tools) to protect users, processes, and technologies; and how Google Hacking, Shodan and Censys can be used to collect valuable data.
- As low-risk, high-reward ransomware attacks dominate the cyber threat landscape, the second episode Ransomware: Attackers, Defenders, and FBI's Perspective is very relevant. Exploring the history of ransomware attacks and the types of extortions used, it also offers important information on how to operate security frameworks such as MITRE ATT&CK. And there are some fascinating FBI insights from guest speaker, SSA Doug Domin of the Boston FBI Criminal Cybersquad, as well as tips from ransomware groups themselves on how to avoid attacks!
- We're probably all aware of the fact that deepfake technology is becoming more accessible, with attacks ranging from faking a video for ransom, to actual fraudulent transactions and national security incidents. In fact, the FBI recently released a warning that deepfake attacks against organizations are an imminent threat. Master class episode 3, entitled From Disinformation to Deepfake, provides an understanding of the different forms of information manipulation, such as voice synthesis, face swapping and puppet mastering.
- Guest presenter Raymond Lee, CEO of FakeNet.AI, provides some great examples and techniques on how to identify and mitigate deepfake threats, as he reviews different forms of information manipulation and levels of deepfake (from cheap fakes to full-on fusion), and types of attacks using deepfake technology.
- Finally, did you know that the White House recently released an executive order (EO) on improving US cybersecurity? Describing the various agencies and infrastructures deemed critical for nation security, the EO claims that "critical infrastructure" doesn't refer only to power plants, water facilities and military systems, but also to the many digital systems on which the nation relies.
- With cybersecurity incidents targeting critical infrastructures – from food manufacturers, to pipelines and government electronic healthcare systems – and supply chain attacks on the rise, the fourth episode, Supply Chain Attacks & Critical Infrastructure: CISA's Approach to Resiliency offers an opportunity to understand whether we're part of a critical system and what the government is doing to protect this.
- Ron Ford, Cyber Security Advisor at CISA/DHS (Cybersecurity and Infrastructure Security Agency/Department of Homeland Security), presents CISA's mission and cybersecurity advisor program. Together with Etay Maor, they discuss critical infrastructure and supply chain attacks; scoping cybersecurity assessments – from strategic to technical; and the DHS "Misconceptions vs. Reality" for securing infrastructures.
So, is your data safe? While I can't answer that for you, I can definitely recommend these master classes, which offer refreshing and enriching discussions on how to deal with real-world security topics, as well as important insights and practical tips from industry leaders and very cool guest speakers. I'm already looking forward to the next episode, in which I understand they are going to be hosting the CISO of Delta Airlines. Enjoy!