Jason Clinton, CISO at Anthropic

Steve Cobb, CISO at SecurityScorecard

• Doug Levin, Director of K12 Security Information eXchange (K12 SIX)

• Lisa Helme, Assistant Director of Student Pathways Division/State E-Rate Coordinator of Vermont Agency of Education

• Andy Lombardo, Director of Technology for Maryville City Schools

Sri Gourisetti, Senior Cybersecurity Advisor for Office of the CISO at Google

• Edna Conway, Founder of EMC Advisors and former Chief Security & Risk Officer at Microsoft Azure

• Ashley Rose, Founder of Living Security

• Mark Orsi, CEO of Global Resilience Federation

Yahya Jarraya, Co-founder of Astran

Join the Business Resilience Council for the second annual Virtual Summit on Resilience & Security. The online, multi-sector event will feature speakers discussing topics relevant to all-hazards threats, including:

• Emerging security threats

• Global supply chain risk

• Risks to business infrastructure from nation-state actors

• Third-party management and resilience

• Tackling a major service outage without operational down time

Join us for this complimentary half-day event! Registration and the Call for Presentations are now live.

Organizations interested in sponsoring should contact Jason Beard at jbeard@grf.org

Join the GRF Business Resilience Council (BRC) for a briefing from Dr. Phil Klotzbach, Senior Research Scientist in the Department of Atmospheric Science at Colorado State University (CSU). Dr. Klotzbach will help participants prepare for the June 1 start of Atlantic hurricane season by presenting CSU’s latest 2025 forecast.  

Additionally, Leslie Chapman-Henderson, President & CEO at Federal Alliance for Safe Homes will speak to us about the impacts of natural disasters and introduce the “Strong Homes Scale” risk assessment tool, as well as how to use it to increase employee security and resilience.

Please come prepared with questions on the 2025 Atlantic hurricane season and the “Strong Homes Scale.”

Major breaches and cyber incidents are increasingly originating from third parties. In fact, a recent report indicated 30% of breaches are now due vendors and suppliers. As this attack vector grows, it’s clear that traditional Third-Party Risk Management (TPRM) has become insufficient to meet security and operational needs.

To address the issue, Global Resilience Federation (GRF), SAFE and the FAIR Institute have partnered to offer each member a 100% automated, AI-powered TPRM platform for risk assessments of up to 10 vendors. GRF is also updating its Operational Resilience Framework (ORF) to stress collective resilience and third-party risk.

These tools are free to all GRF members. Join the webinar to see how you can strengthen your resilience.

Join the GRF Business Resilience Council (BRC) for a briefing from Exiger on the burgeoning trade war between China and the United States, and how it could impact business operations and security.

Additionally, Suzanne Widup of Verizon will brief on the just released Data Breach Investigations Report (DBIR). The report includes findings from more than 12,000 breaches in many sectors, across 139 countries. Of note, ransomware saw a rise of 37% and was present in 44% of all breaches. Third party involvement in breaches doubled from 15% to 30%. Suzanne will unpack the startling trends from data collected over the last year.

Finally, BRC Director Chris Denning and Director of Operational Resilience Brian Katula will offer give an overview of the BRC and outline opportunities to get involved, including upcoming activities like the June 4th Virtual Summit, the June 11th communications disruption exercise, and a working group to develop an exercise on AI security and trust.

Join the GRF Business Resilience Council (BRC) and the Google Threat Intelligence team for a briefing on risks to businesses in the current geopolitical environment. 

The complimentary webinar will also feature a presentation from Matt Calligan of ArmorText. Matt will brief us on Salt Typhoon, navigating the contradicting recommendations coming from federal agencies in the wake of the attacks, managing risk and impacts to businesses, and implementing best practices for maintaining business-critical communication in the face of a compromised network. 

Join the GRF Business Resilience Council (BRC) and HackNotice for a webinar on cybersecurity risks to companies from supply chain ransomware attacks, data breaches and account takeovers. Also presented will be year-over-year trends in data breaches and ransomware attacks by industry and company size, diving into some of the attributing factors. Additionally, HackNotice will cover the use of Dark Web data to reduce risk and predict data breaches within a company’s supply chain.

In the second half of the webinar, BRC analysts will present findings from the multi-sector ACH Payments Systems Disruption Exercise held at the end of 2024. The AAR for the exercise will be published to participants following the briefing.

Join the Business Resilience Council for a briefing by Travis Moran, Senior Reliability & Security Advisor at SERC Reliability Corporation. Travis will cover what businesses can and cannot legally do to mitigate threats from drones & Unmanned Aircraft Systems (UAS).

Following the recent UAS/drone incidents in and around New Jersey, as well as those interfering with the fire response in California, Travis will cover how UAS can be used as threat platforms to threaten businesses, personnel, and critical infrastructure. Additionally, he will speak on the tools and resources available to help businesses improve awareness and mitigate risks associated with UAS, with a focus on how to operate within current legal restrictions. The discussion will provide insight into how organizations can collaborate with government to create a more secure environment for businesses and critical infrastructure.

Travis Moran has extensive experience in federal law enforcement and as an advisor to critical infrastructure operators on their physical security. He has become a leading expert on threats posed by UAS and has emerged as a thought leader on how public safety and commercial operators can manage such incidents.

Manufacturing has been struggling with security and tech debt while also being the fastest adopters of cloud computing and use of AI. Come hear from authors of a new guide by MFG-ISAC and Accenture as they speak to this transition and how it can be a road map for other industries.

Join the Business Resilience Council (BRC) for key findings from a recent white paper that aligns the Operational Resilience Framework (ORF) and compliance with the EU’s Digital Operational Resilience Act (DORA), going into effect January 17, 2025.

The white paper covers how the ORF can help establish a comprehensive resilience strategy that strengthens an organization and its critical vendors. This integrated ORF/DORA approach will also help organizations navigate future regulatory requirements beyond January 2025.

Participants in the BRC’s operational resilience tabletop exercise on December 11 may also wish to attend this meeting in preparation for that event.

Join the Business Resilience Council and analysts from RANE Network for presentations on violent activism and extremism surrounding the U.S. presidential election and the transfer of power. Additionally, analysts will cover hacktivism and malicious cyber activity by state actors and their proxies around the election and other current geopolitical events.

Speakers:

• Sam Lichtenstein, Director of Analysis at RANE

• Ali Plucinski, Cyber Analyst at RANE

• Chris Denning, BRC Program Director and CSO at GRF

• Brian Katula, Director of Operational Resilience at GRF

Join us to learn more about how to secure your OT environment. Attendance is free, as are the associated training, tools and resources.

Dragos OT-CERT and MFG-ISAC have teamed up to provide free training and resources for your organization.

Join the Business Resilience Council  and MITRE’s Center for Threat-Informed Defense as we apply MITRE ATT&CK® techniques to operational technology (OT) environments. We will share:

• A collection of unique adversary behaviors from MITRE ATT&CK® for Enterprise and ATT&CK for ICS

• A reference architecture and practical examples to assess vulnerabilities, helping you to design secure IT/OT hybrid systems.

• Methodologies and tabletop exercises for testing OT defenses.

• Attendees will gain practical insights into using ATT&CK to make informed decisions when defending hybrid IT/OT infrastructures against cyber threats.

Join us to learn more about how to secure your OT environment. Attendance is free, as are the associated training, tools and resources.

Dragos OT-CERT and MFG-ISAC have teamed up to provide free training and resources for your organization.

The BRC will host a briefing on turmoil in the Middle East, as well as the potential for extremism and terrorism in the United States. The briefing will be followed by a tutorial on the Operational Resilience Framework (ORF), to prepare participants for the upcoming complimentary multi-sector ORF tabletop exercise on September 12, 2024.

Join the GRF Business Resilience Council on July 31 for a presentation by Google on their Cloud Threat Horizons report. Google's Crystal Lister will cover major categories from the report including:

• Cryptomining as Consequence

• Countering Ransomware Attacks and Data Theft

• Shining Lights with Logs

• APT Actors in the Cloud

Small and medium-sized suppliers make up the backbone of the manufacturing supply chain. While they are an indispensable part of that supply chain, and the manufacturing ecosystem as a whole, they often suffer from a lack cybersecurity, especially as it pertains to their operational network environments. This can lead to significant operational and business risk to the larger upstream manufacturers.

Dragos Operational Technology Cyber Emergency Readiness Team (OT-CERT) and the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) have teamed up to provide free training and resources for these small and medium-sized suppliers. Join the webinar to learn more about how your organization can connect your suppliers to the security help they need. Attendance is free, as are the training and resources the partnership offers.

Dan Devroye Managing Director, Head of Control, Strategy & Innovation for Global Security at JPMorgan

Chase Brian Geffert former Global CISO, current Principal - Cybersecurity Services at KPMG

David LaFalce Managing Director - Strategy, Planning & Transformation at Wells Fargo

Trey Maust Chairman at Lewis & Clark Bancorp

Cybersecurity and operational resilience leaders from banking and professional services discussed risk, security, and resilience and how understanding of business and customer needs reduces the potential for cascading impacts. 

Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security

Rodger Baker Executive Director, Stratfor Center for Applied Geopolitics at RANE

Understanding the shifting geopolitical landscape is critical to identify risk (and opportunity) for internationally engaged enterprises. A multipolar world is a more fractured world, one where regulations, political and economic alignment, and security dynamics can change rapidly. Rodger Baker discussed ways to identify geopolitically-driven risk, implications for international business, and ways to anticipate and adapt to an increasingly volatile international arena.

Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security

Phil Venables VP at Google and Chief Information Security Officer at Google Cloud

Phil Venables discussed the shift from security to resilience, the recommendations on cyber-physical resilience from the President’s Council of Advisors on Science and Technology (PCAST), and organizational responsibilities to help fortify resilience of critical infrastructure and services. Download session slides

Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security

Chris Denning Chief Security Officer at Global Resilience Federation

Brian Katula Technical Project Manager at Global Resilience Federation

Mark Orsi CEO at Global Resilience Federation

This spring GRF held two table top exercises to assess organizations’ resilience after a simulated wiperware incident. In addition to IT operations and risk, exercise components included media management, law enforcement and regulatory engagement, and an examination of operational prioritizations. With hundreds of participating organizations, the event helped inform on the state of incident management and operational resilience today. Join the GRF Business Resilience Council team for an examination of exercise findings and learn the takeaways that surprised GRF analysts.

Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security

Kirstjen Nielsen former U.S. Secretary of Homeland Security

Bill Nelson Chairman at Global Resilience Federation

GRF Chairman Bill Nelson hosted a fireside chat with former U.S. Secretary of Homeland Security Kirstjen Nielsen. The discussion included the evolution of threats in recent years, the current geopolitical climate, and how government and the private sector are working together and what more could be done.

Watch the full 2024 Business Resilience Council Virtual Summit at https://www.grfbrc.org/brc-summit-on-resilience-security

Join GRF’s Business Resilience Council for our 1st Annual Summit on Resilience & Security. The online, multi-sector event will feature speakers discussing topics relevant to all-hazards threats.

Join GRF and Zero Networks' Nicholas DiCola for a presentation on network segmentation.

The need for network segmentation has been punctuated by evolving regulatory and compliance requirements, and new zero trust guidance from the NSA and CISA. While network segmentation has historically been reserved for large and/or mature organizations due to complex and costly implementations, there are practical steps organizations of all sizes and maturity levels can take to secure their networks.

Join us for an actionable segmentation strategy session with real world examples of how organizations have effectively defended against ransomware and lateral movement, while satisfying compliance requirements.

This complimentary webinar is TLP: CLEAR

Join the GRF Business Resilience Council (BRC) for an overview of the BRC, a discussion and call to action for upcoming activities and focus, and a presentation on the latest security, resilience and geopolitical threats.

This event is TLP: CLEAR

In addition to the above, we invite you to register for a free Payments Disruption Exercise examining the operational resilience of organizations when faced with a wiperware attack that disrupts payments processors.