Past Events

With the impact of the pandemic and some stores closed or partially open, more businesses are looking to bring their “shop” online. How do we protect ourselves and our companies against cyber criminals? We all know that we shouldn't email our account information to someone claiming to be a Nigerian prince. We've heard the terms "spyware", "ransomware", "hacking", "phishing", etc. But, what do we need to know to avoid these things? How can non-technical people identify attacks and how should we respond? Join Zack Barton as he discusses the basics of cybersecurity and goes over some of the details that every computer user should understand to protect themselves and their businesses.

Register

Join a panel of experts as they discuss real-life scenarios of how small businesses can mitigate disasters, such as: hurricanes, flooding, cyber-attacks, frozen bank accounts, fires, loss of power, partner departures, and death. Leave with connections and practical knowledge to put financial, HR, and insurance plans in place. 

Event description

Roughly 88% of small business owners in the US stated that they were vulnerable to a cyber-attack for their small business.

Join us, learn & prepare:

• How to spot a cyber-attack
• Training resources for your employees
• Digital cleaning
• What to do if this does happen to you.

Be prepared and don't be part of the statistics!

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209) on Tuesday, September 12, 2023, from 9 a.m. to 1 p.m. EDT. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering. 

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.   

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key terms to be aware of in the prevention of ransomware attacks. 

Experience these benefits and more: 

• Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks. 

• Practice in a realistic environment: Learn how to apply specific tools to configure and backup active directory policies, reset KRBTGT account passwords and create application allowlisting policies. 

• Identify and mitigate vulnerabilities in real time: Students will identify malicious domains and mitigate them by establishing a sinkhole and by blocking the malicious domain.  

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions. 

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment. 

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.  

EVENT LOGISTICS 

• Date: Tuesday, September 12, 2023 

• Time: 9 a.m. to 1 p.m. EDT 

• Location: Online via WebEx 

• CPE Credit: Participants can earn 4 CPE credits for attending this course. 

• Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended. 

• Note: Audio is through WebEx; there is no external dial-in. 

• Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required. 

Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start. 

CISA is proud to offer the cybersecurity awareness webinar, Preventing Web & Email Server Attacks (IR105), on Wednesday, September 6, 2023, from 11 a.m. to noon EDT.  We are excited to share this information with stakeholders across the federal enterprise and nationally. 

The target audience for this webinar are non-technical and beginning incident responders.  

Web and email servers are the workhorses of the Internet— we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers.   

This webinar includes the following information and more: 

• Common attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.  

• Key Guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.  

• Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.  

• Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways. 

Event Logistics:  

• Date: Wednesday, September 6, 2023 

• Time: 11 a.m. - noon EDT 

• Location: Online via WebEx 

• CPE Credit: Participants can earn 1 CPE credit for attending this course. 

• Note: Audio is through WebEx; there is no external dial-in. Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube channel for playback in other languages, if required.  

If you require a reasonable accommodation to fully participate in this virtual event, please contact cyberinsights@cisa.dhs.gov at least five business days prior to the training with the type of support you need. 

We invite you to attend our upcoming C-SCRIP webinar on August 24 at 3pm EDT. In this one-hour webinar, the National Security Agency’s (NSA) Enduring Security Framework team will share their latest products. Following NSA’s presentation, the Cybersecurity, and Infrastructure Security Agency (CISA) will provide an overview of the Ransomware Vulnerability Warning Pilot. After each presentation, attendees will have the opportunity to ask questions.

Register Now

CISA is proud to offer the cybersecurity awareness webinar, Defending Internet Accessible Systems (IR104), on Thursday, August 24, 2023, from 11 a.m. to noon EDT.  We are excited to share this information with stakeholders across the federal enterprise and nationally.

This awareness webinar is designed for both technical and non-technical audiences.

Internet accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications such as Outlook to the explosive growth of the Internet of Things (IoT). Each of these systems, applications, and devices, however, can be targeted by threat actors and used to conduct malicious activity if left unsecured—worse, improperly configured and ill-maintained systems can leave vulnerabilities and sensitive information open to exploit.

This webinar includes the following information and more:

• Common attacks and vulnerabilities: Understand common vulnerabilities of internet accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
• CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
• Case studies: Examine the methods and impacts of real-life cyber-attacks, and how the targets responded and recovered.
• Knowledge check: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.

Event Logistics:

• Date: Thursday, August 24, 2023
• Time: 11 a.m. to noon EDT
• Location: Online via WebEx
• CPE Credit: Participants can earn 1 CPE credit for attending this course.
• Note: Audio is through WebEx; there is no external dial-in. Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

If you require a reasonable accommodation to fully participate in this virtual event, please contact cyberinsights@cisa.dhs.gov at least five business days prior to the training with the type of support you need.

CISA is proud to offer the cybersecurity awareness webinar, Defend Against Ransomware Attacks (IR109), on Tuesday, August 22, 2023, from 11 a.m. to noon EDT.  We are excited to share this information with stakeholders across the federal enterprise and nationally.

This webinar is intended for a non-technical audience and beginning incident responders.

Ransomware attacks hit a new target every 14 seconds—shutting down digital operations, stealing information and exploiting businesses, essential services, and individuals alike. This one-hour webinar provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to mitigate and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

• Common attack methods: Learn the definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time. The webinar will discuss common signs of a ransomware attack and how to respond if an attack is suspected.
• Key Guidance for organizations: CISA provides guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack.
• Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.
• Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

Event Logistics:

• Date: Tuesday, August 22, 2023
• Time: 11 a.m. - noon EDT
• Location: Online via WebEx
• CPE Credit: Participants can earn 1 CPE credit for attending this course.
• Note: Audio is through WebEx; there is no external dial-in. Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube channel for playback in other languages, if required.

If you require a reasonable accommodation to fully participate in this virtual event, please contact cyberinsights@cisa.dhs.gov at least five business days prior to the training with the type of support you need.

The Public Safety and Homeland Security Bureau will host a workshop on Border Gateway Protocol (BGP) security which is central to the Internet’s global routing system.  This workshop will highlight the critical importance of addressing risks associated with BGP in light of the risk of consumer harm posed by unsecured Internet routing and explore effective security practices to mitigate these vulnerabilities.

Join cybersecurity expert Tim Dubman in a non-technical discussion of cybersecurity business risks. Best practices will be explored including how relying on cyber insurance can fail.

Topics will include:

• Introduction to Cybersecurity Risks: Discuss the current state of cyber threats and their impact on businesses.
• The Human Factor in Cybersecurity: Explore the role of employees in creating and preventing cybersecurity risks.
• Best Practices for Cybersecurity: Cover key steps organizations can take to minimize their risk of a cyber-attack.
• The Limitations of Cyber Insurance: Examine the limitations of relying solely on cyber insurance as a solution to cybersecurity risk.
• Real-World Cybersecurity Incidents: Discuss real-world examples of successful and unsuccessful cyber-attacks to illustrate the importance of proper cybersecurity measures.
• Building a Cybersecurity Culture: Discuss the importance of building a cybersecurity culture within an organization and provide tips for doing so.
• Q&A Session: Attendees will be able to ask questions and engage in a discussion with cybersecurity expert Tim Dubman.

Presenter's Bio: Tim Dubman is a seasoned cybersecurity expert with over 30 years of focused experience. He is the founder of Dubman Group and CISO Sidekick, where he serves as a virtual Chief Information Security Officer (vCISO) and cybersecurity awareness trainer. With a background as a CISO in corporate environments, he has successfully protected both small and large organizations worldwide. His unique perspective, having worked as a "hacker-for-hire" in the past, allows him to understand the tactics of bad actors and better defend organizations. Tim is passionate about sharing his knowledge and helping organizations strengthen their defenses against cyber-attacks, while also reducing the stress faced by cybersecurity professionals. As a Carnegie Mellon-trained expert, he is highly qualified to lead the charge in keeping your organization secure.