Is Your Data Safe? Check Out Some Cybersecurity Master Classes

Since cybersecurity is definitely an issue that’s here to stay,
I’ve just checked out the recently released first episodes of Cato
Networks Cybersecurity Master Class Series^[1].

According to Cato, the series aims to teach and demonstrate
cybersecurity tools and best practices; provide research and
real-world case studies on cybersecurity; and bring the voices and
opinions of top cybersecurity thought-leaders. Designed for
security and IT professionals, C-level managers and security
experts, each session contains both theory and hands-on examples
about strategic, tactical, and operational issues on a wide range
of topics.

The classes are hosted by industry-recognized cybersecurity
researcher and keynote speaker, Etay Maor, who is also Senior
Director of Security Strategy at Cato. Four out of the planned
annual 8-10 episodes are currently available online.

• Episode 1, entitled How (and Why) to Apply OSINT to Protect your
  Enterprise^[2] takes an in-depth look
  at our era of data proliferation and oversharing – people sharing
  too much information on social networks; PDF and Excel files with
  sensitive data out in the open; and devices exposing open ports and
  services.
• The public availability of all this information, which has
  grown with the increase of remote workforces since the start of
  COVID-19, makes Opensource Intelligence (OSINT) a real threat, as
  threat actors collect and identify data that can put businesses at
  risk.
• In addition to providing tips and tricks for a better
  understanding of OSINT, this master class discusses how to apply
  OSINT tools (including free tools) to protect users, processes, and
  technologies; and how Google Hacking, Shodan and Censys can be used
  to collect valuable data.
• As low-risk, high-reward ransomware attacks dominate the cyber
  threat landscape, the second episode Ransomware: Attackers, Defenders, and FBI’s
  Perspective^[3] is very relevant.
  Exploring the history of ransomware attacks and the types of
  extortions used, it also offers important information on how to
  operate security frameworks such as MITRE ATT&CK. And there are
  some fascinating FBI insights from guest speaker, SSA Doug Domin of
  the Boston FBI Criminal Cybersquad, as well as tips from ransomware
  groups themselves on how to avoid attacks!
• We’re probably all aware of the fact that deepfake technology
  is becoming more accessible, with attacks ranging from faking a
  video for ransom, to actual fraudulent transactions and national
  security incidents. In fact, the FBI recently released a warning
  that deepfake attacks against organizations are an imminent threat.
  Master class episode 3, entitled From Disinformation to Deepfake^[4], provides an
  understanding of the different forms of information manipulation,
  such as voice synthesis, face swapping and puppet mastering.
• Guest presenter Raymond Lee, CEO of FakeNet.AI^[5], provides some great
  examples and techniques on how to identify and mitigate deepfake
  threats, as he reviews different forms of information manipulation
  and levels of deepfake (from cheap fakes to full-on fusion), and
  types of attacks using deepfake technology.
• Finally, did you know that the White House recently released an
  executive order (EO) on improving US cybersecurity? Describing the
  various agencies and infrastructures deemed critical for nation
  security, the EO claims that “critical infrastructure” doesn’t
  refer only to power plants, water facilities and military systems,
  but also to the many digital systems on which the nation
  relies.
• With cybersecurity incidents targeting critical infrastructures
  – from food manufacturers, to pipelines and government electronic
  healthcare systems – and supply chain attacks on the rise, the
  fourth episode, Supply Chain Attacks & Critical
  Infrastructure: CISA’s Approach to Resiliency^[6]
  offers an opportunity to understand whether we’re part of a
  critical system and what the government is doing to protect
  this.
• Ron Ford, Cyber Security Advisor at CISA/DHS (Cybersecurity and
  Infrastructure Security Agency/Department of Homeland Security),
  presents CISA’s mission and cybersecurity advisor program. Together
  with Etay Maor, they discuss critical infrastructure and supply
  chain attacks; scoping cybersecurity assessments – from strategic
  to technical; and the DHS “Misconceptions vs. Reality” for securing
  infrastructures.

So, is your data safe? While I can’t answer
that for you, I can definitely recommend these master classes,
which offer refreshing and enriching discussions on how to deal
with real-world security topics, as well as important insights and
practical tips from industry leaders and very cool guest speakers.
I’m already looking forward to the next episode, in which I
understand they are going to be hosting the CISO of Delta Airlines.
Enjoy!