The Big Decryption of Online Gaming Cybersecurity!

Many people are unaware that online gaming face significant cybersecurity challenges, which can be even more difficult than banking and businesses. They are constantly exposed to high cybersecurity risks anytime and anywhere. In case of being hacked, the loss caused is incalculable.

This session will share how to effectively manage and monitor cybersecurity environments in the online gaming industry, covering areas such as offices, customer service, development environments, and service machines. It will show how the industry responds to constantly evolving cybersecurity attacks around the clock. Finally, it will provide guidance on how to apply the experiences to create a resilient cybersecurity environment for general business operations.

Have you ever listened to various Threat Intelligence presentations but still couldn't find the best fit for your business? 

Have you ever been curious about the values and benefits that Threat Intelligence can provide for your organization? 

Have you ever struggled with planning your cybersecurity budget and future cybersecurity strategy?

Let us reveal the mystery of Threat Intelligence through this topic!

IT 面臨資料防外洩、遠距工作新常態、勒索軟體竊資等諸多挑戰，還要對應新版 ISO 27001:2022 與資安法規的監理要求。

以資料保護為核心的完整解決方案，建立工作環境的三道城牆

• 檔案寫出管制：在檔案寫出時，依照內容過濾結果，放行與標註備份檔案
• 應用程式存取權限：啟用應用程式對應措施 (如：螢幕浮水印)；防止未經授權應用程式存取檔案
• 檔案加密：自動加密電腦內指定檔案類型，保護重要資料

What are the most recent fraud use cases in digital banking space and how they have evolved with latest technology, which expose banks to a next level of risks. "The massive growth in digital fraud is exposing weaknesses in banks’ defenses. While banks are investing heavily to provide the real-time digital services that their customers want, they are failing to allocate sufficient resources to keep their services secure. Without adequate anti-fraud systems, many banks struggle to detect dubious transactions before they are completed.The challenge is particularly acute for smaller banks, where resources are more constrained. Two-factor “strong authentication” of the customer’s identity has proved an effective way to reduce digital banking fraud, but it is neither user-friendly nor cheap. Alternative approaches to detecting and preventing digital banking fraud can be both more effective and cover a wider range of circumstances. Artificial intelligence has been an ongoing marketing buzz word and applied in many technological space." We would like to share tips on how can banks break down the mystique and elusiveness of AI to make it practical and explainable in the use of banking fraud detection.

Post-Endemic has brought about massive changes in the way we work driving a work-from-home or virtual workplace. The notion of hardening your premise and detection in no longer sufficient because you need to cater for a SAAS-based workflow for a decentralised workforce. The volume of web-based threats increases exponentially where existing ULR Filtering and Detection technologies are no longer sufficient in the face of Highly Evasive Adaptive Threats. How do you keep pace within this changing era and transform your security posture yet still stay within your compliance policies?

VPN is one of the main ways for many companies to connect to their internal servers, and the impact of the pandemic has made the demand and usage of VPN even more significant. However, there are reports showing that VPN vulnerabilities have become targets for ransomware attacks, and even used by hackers as a stepping stone to enter the corporate network for larger-scale attacks. This session will provide solutions to meet the remote collaboration needs of companies, while ensuring security and improving efficiency.

Zero Trust is a cybersecurity model that shifts how organizations approach security from reliance solely on perimeter defenses to a proactive strategy that allows only known good activity across ecosystems and data pipelines. It allows organizations to better align their cybersecurity strategy across the data center, clouds and at the edge. Dell aims to serve as a catalyst for customers to achieve Zero Trust outcomes by making the design and integration of this architecture easier.

With the emergence of new technologies such as cloud computing and the Internet of Things (IoT), the term "zero trust" is gaining more attention. Modern cybersecurity threats and network attacks are becoming increasingly complex and covert, and traditional security models are no longer able to cope with these new challenges. Zero trust has become a prominent cybersecurity concept that can combine various security technologies and control measures to achieve comprehensive network security monitoring and threat response.

However, zero trust is not a new concept, as experts proposed the idea as early as 2010. Before implementing zero trust, it is necessary to understand the current network environment and resources and assess the strength and weaknesses of existing defense measures to determine whether zero trust is needed. Therefore, what is needed is not just zero trust, but also a way to implement it. The ISA/IEC 62443 international standard provides a comprehensive set of methods for implementing zero trust.

With tightening economic conditions, IT requires flexibility in how network infrastructure is acquired, deployed, and operated to enable network teams to deliver business outcomes rather than just manage devices.

• Aruba's SD-Branch solution allows customers to unify the management of SD-WAN, wired, and wireless networks and enforce security polices to build secure and easy branch network connectivity at scale.
• The Aruba CX 10000 Series Switch combines best-of-breed Aruba data center L2/3 switching with the industry’s only, fully programmable DPU (Pensando Elba) that delivers stateful software-defined services inline, at scale, with wire-rate performance and orders of magnitude scale and performance improvements over traditional data center L2/3 switches at a fraction of their TCO.

Credential stuffing attacks frequently occupy the news pages both in Taiwan and around the world, damaging the goodwill of companies in all kinds of industry and even causing property losses. It is sometimes combined with phishing and man-in-the-middle attacks, making it a top concern for security personnel and one of the most difficult forms of cyberattack to counter.

HiTRUST will take you on a journey from the perspective of hackers to help you re-understand one of the most significant security threats facing websites and their users. In this speech, we will cover what credential stuffing is, how it works, and the methods that can be used to prevent it. We will also share a real-life case study of a company that successfully protected its users from a credential stuffing attack.

Sustaining operations’ factor includes talent, capital, and know-how. Another very important element is data. The main source of risk to data is external threats to the Web. In recent years, data exchanges between applications have become more frequent, and these data exchange and interfacing require API, so we should also pay attention to API security. Imperva provides excellent Web and API security solutions to build a solid line of defense for enterprises to protect applications and data, and help enterprises maintain operations continued.

The modernization of industrial networks through internet connectivity has improved productivity, but the benefits of digital transformation have also brought about an increase in potential attack surfaces. The constant occurrence of industrial control security incidents has greatly reduced the effectiveness of physical isolation. However, due to the limitations of the OT environment, it is difficult to construct layered blocking or defense measures like those used in IT, which also reflects the difficulty of OT systems in resisting network attacks. In this session, we will take the perspective of an industrial network security company and build a complete industrial security ecosystem from a visualization standpoint. In addition to OT assets, it will also cover IT and IoT devices, and even building management systems (BMS), which are the focus of CPS (Cyber Physical System) security discussions in recent years.

This agenda will share insights on how to design and implement automated processes (DevOps) while incorporating security considerations (Security in DevOps), including experiences in introducing security development automation processes and how to overcome challenges.

Unless your AD is secure, nothing is. No modern corporation can operate without IT, and AD (Active Directory) is the central nerve linking all IT systems in a company. Unfortunately, AD was born toward the end of the last century (1996), an innocent time with no malware, ransomware and cyber attacks. The initial design and fundamental architecture of AD did not anticipate the types of cybersecurity threats that corporations must face today. Moreover, coupled with years of overlapping patch/version updates and organizational growth and expansion, AD has become the primary target to hackers globally when they attack corporations. Semperis has the greatest collection of Microsoft AD-related MVPs (Most Valuable Professional) in the industry. We will share relevant cases and Best Practices over AD security health check, threat detection, incidence response/remediation, as well as backup & recovery.