A SecurityWeek Event

A VIRTUAL EVENT FOR 2022

An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by

https://www.cisoforum.com/wp-content/uploads/2021/08/Cisco-Secure-Logo.png

2021 Diamond Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Synack_Logo-300x76-1.jpeg
https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2021 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Okta_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Recorded_Future-Logo-wide.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Beyond_Identity-logo-320x144.png

2021 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Proofpoint-Logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Eclypsium_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/synopsys_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Corel_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Abnormal-Security.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Cymulate_Logo.jpg
https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

Silver Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/VirusTotal.png

2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

https://www.cisoforum.com/wp-content/uploads/2015/12/halfmoonbay.jpeg

HALF MOON BAY, CA

Ritz-Carlton

September 24-26, 2019

Address

1 Miramontes Point Rd, Half Moon Bay, CA 94019

Phone

+ 1 (650) 712-7000

Privileges Gone Wild: Study Shows Organizations Giving Users More Than They Need

03/26/2015 0

Despite recent data breach and cyberattack headlines, far too many organizations are still giving users more privileges than they need, according to a recent report from BeyondTrust.

Nearly half of the survey respondents—a solid 47 percent—said some of their users have access rights and privileges they don’t need for their current role, BeyondTrust found in the “Privilege Gone Wild 2” report, released Tuesday. The survey highlighted “gaping holes” in how organizations approach privilege management as many of them are not proactively controlling their users’ access rights.

Eighty-four percent believe the risk to their organizations from privileged users will increase over the next few years. Business information, such as corporate intellectual property, source code, design documents, trade secrets, and compliance-related data such as personal data and health records, are at risk, 42 percent of the respondents said. About 79 percent of respondents said employees were “somewhat likely” to “very likely” to access sensitive or confidential data because they were curious. Approximately 60 percent said employees would be able to circumvent existing restrictions and still get to the data.

Several recent data breaches, malware attacks, and other security incidents have been linked with users having excessive privilege rights. Attackers don’t have to phish administrators if they can get to other employees with the same administrator rights on sensitive systems. Many malware attacks take advantage of the fact that users have administrator rights over their computers, paving the way for malware to try to execute malicious commands on the local machine as an administrator.

“Recent, high-profile breaches involving the abuse of privileged credentials appear to be motivating organizations to take a deeper look as their privileged account management practices,” Scott Lang, director of privilege strategies, BeyondTrust, wrote on the company blog

Only 40 percent of the respondents said they have deployed some kind of privilege management enterprise-wide, and 30 percent said they did not have any controls in place. About 60 percent of surveyed organizations rely on Linux- and UNIX-based systems for business-critical, tier-1 applications, such as ERP, financial tools, and ecommerce systems, but more than 57 percent of participants said they have no tools or processes in place to prevent misuse, the survey found.

Discovering what privileges end users have in the first place is a good place to start. As would be a discovery exercise to identify all privileged accounts, Lang said.

Shortly after the data breach at Sony late last year, many critics derided the entertainment giant for storing passwords to various systems in spreadsheets. It isn’t the first company to list all the passwords in a file, and it won’t be the last. A little over a third of the respondents said passwords are shared across multiple users via spreadsheets, SharePoint, and Active Directory. Shared passwords remain a significant problem for organizations, as over half of the survey respondents said these types of credentials are managed individually and not as part of a vault or some other password management interface.

Organizations need to control, track, and audit who is accessing privileged accounts. “If a breach occurs, whether deliberate or inadvertent, you need the ability to identify what happened, when, and by which user’s credentials,” Lang said.

Organizations understand the risks of not bringing privileges and access rights under control. Cost was commonly cited as a barrier to adopting privilege access management platforms. The good news is that 30 percent of respondents expect to introduce new privilege access management tools in their organizations in 2015. Respondents rated password and server security as the two top priority areas.

“The good news is that progress is being made,” Lang said.

Lang recommended organizations assemble cross-functional teams to address privileged account management. The survey found that while security drove most privilege account management purchases, compliance and IT operations teams also played a part. Organizations also need to define controls to enforce policy. “Policies are only worth the paper they’re printed on unless they are backed up with controls and enforcement,” Lang said.

Privileges Gone Wild 2 looks at information from 728 IT decision makers including security managers, and network and systems engineers across a number of industries including financial services, manufacturing, and government, among others.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News