Enterprise Cyber Security

22 September 2020

Victoria Park Plaza, London




Session ONE – Strategic cybersecurity practices

  • Securing Digital Transformation and innovation
  • Communicating with senior managers and executives about security
  • Building a strong security culture
  • Creating frameworks that allow secure software development
  • New threats, and creative solutions to tackle them
  • Implementing cybersecurity architecture
  • Engaging the C-suite in cybersecurity and aligning security teams
  • Measuring and benchmarking your cybersecurity capabilities
The Conference Chair’s Opening Remarks
Opening Keynote – Breaking Down Functional Silos: Aligning CISO, CIO and CRO Teams

Ashraf Aboukass, Global Head of Security Architecture, Operations and Engineering

With cyber threats mounting in number and sophistication, enterprises can no longer protect against all risks equally. The threats posing the most danger to the business must be identified and counteracted first. In order for this to happen, the risk function must be deeply embedded in cybersecurity planning and operations. We consider a pragmatic approach that breaks down functional silos to:

  • Achieve full commitment and cooperation of the CISO, CIO, and CRO teams in the cybersecurity space
  • Implement an efficient strategy that needs no hiring but only strategic tuning and sharpening of the definition of the security roles and their liabilities.
  • Fix leaks and vulnerabilities in a collaborative manner
  • Efficiently act upon prioritised risks
  • And promptly respond in the event of a cybersecurity incident
Make the Business Case: Articulating Risk to the Board

Just a small percentage of boards report having a full level of engagement regarding cybersecurity and digital transformation, and more importantly, very few — 5 per cent or less — full-board meetings focus on cybersecurity. Join this session to elevate and frame cybersecurity discussions to be more akin to the way organisations consider other risks to create a real impact on decision-makers.

Current and Future of Cybersecurity Regulations

Fox Ahmed, Global Head of Cybersecurity and Technology Regulatory Affairs, BNP Paribas

Currently, Financial institutions that operate globally across multiple geographic regions are facing various challenges with multiple regulatory requirements with Cybersecurity and Data Privacy requirements.

  • How to balance cybersecurity and regulatory compliance
  • Scale regulatory assessments on cybersecurity (use once and share to many)
  • A change is coming to cybersecurity regulations


Cyber Incident Response: Evaluating Your Security Readiness

While more than 70 per cent of organisations lack a cybersecurity incident response plan, the tools and techniques of attackers are rapidly evolving. To keep pace with attackers, security teams must continuously assess, review, and revise their incident response programs to survive in the event of a security breach.

Are you prepared for a cyber incident?

Join this session to learn how to successfully design and orchestrate an incident response plan that fits your organisations’ needs and business goals. We discuss how to make the best decisions for stopping and remediating the attacks, leverage automation, increase visibility and eliminate repetitive, time-consuming tasks.

Future-Proofing your Security Architecture

Michael Meaney, Enterprise Security Architect, AXA

As we continue to create innovative infrastructures built on digital foundations, enterprises need to ensure that those top-notch systems are fortified with security architecture to match. We consider:

  • The threats that are on the horizon and upcoming technologies that will disrupt and bring further liabilities to the cybersecurity landscape
  • Understanding vulnerabilities and how they are exploited
  • Considering platform-level mitigations that make exploitation of vulnerabilities significantly harder
  • Understanding the critical importance of strategic alliances for cybersecurity
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
How to fix the cybersecurity skills shortage

A considerable percentage of universities offer cybersecurity programmes that are continually pumping new talent into the pipeline. And yet the cybersecurity talent shortage continues to grow. What’s more, surveys show that cybersecurity specialists are not prepared to work without extensive training.

We look at this complex multi-layered issue and consider:

  • Building a pool of talent at an early stage
  • Prioritising skills, knowledge and willingness to learn over degrees
  • Encouraging and improving cyber boot camps and incentivise universities and colleges to compete in cyber contests.
  • Intensifying immediate adoption of AI
  • Adopting more flexible recruitment methods
  • Partnering between universities, corporations and governments to create an integrated industry effort
Building a culture of Cyber awareness

As of today, phishing remains a highly popular method of gaining initial access. Surveys show that 50 per cent of companies that have suffered a significant attack is likely to be targeted again within a year. Enterprises can no longer accept being “good enough” as an excuse to avoid tackling and mitigating the risks of human error.

This session will cover:

  • Understanding why building a cyber-aware culture increases the profitability or viability of the company
  • Unveiling the challenges: lack of understanding/buy-in, and disparate business units, cultures and regions
  • Considering how cyber aware your staff is: identifying phishing emails, acting against ransomware, creating passwords or understanding the sensitive data.
  • Presenting the solutions: leadership support, building trust not punishment fear, setting achievable goals, continuous training and more
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – The threat landscape – actors, environmental and human factors, cybercrime solutions and future risks

The Conference Chair Opens the Afternoon Session
Why certain developers create more secure code than others

Some developers and some development teams appear to write more secure code than others. Many factors are involved in the efficacy and security of the coding, but there is an underpinning cause embed in the coding process: the human factor. We discuss the burdens and challenges of development teams to:

  • Understand the human factor – the individual, the team, the environmental circumstances
  • Find the missing link – unfruitful communication between dev and sec teams
  • Acknowledge one of the root causes – people’s insecurities and the reactions in kind

And we look at:

  • The importance of co-locating dev and sec teams
  • How to create “no blame environments” that foster better communications
  • How to be a leader that encourages interactions, looks for solutions and avoids hunting down the culprits
µarch Attacks and Countermeasures

With Meltdown and Spectre affecting multiple processors and helping attackers unveiling the secrets of devices running iOS, Windows, Linux or macOS, microarchitectural attacks are a reality that enterprise needs to tackle.

Join this session to:

  • Understand the magnitude of these threats
  • Grasp the fundamental differences between Meltdown and Spectre
  • Evaluate if microarchitectural Attacks are possible on flawless hardware
  • Learn how to deter µarch attacks – a threat hard to mitigate
  • Explore the use of unsupervised deep learning to predict microarchitectural attacks
  • Evaluate other less known µarch attacks
Monitoring the Dark Web

Early detection of cyber threats and trends is critical to forecast and create prevention models against the biggest threats to your organisation. In the current cybersecurity landscape, it is imperative to implement a real-time monitoring solution that works across languages and other barriers.

In this presentation, we explore the impact of the Dark Web in cybersecurity, state-of-the-art tools to scrutinise the probable threats and the power of making the obtained information accessible to a broader range of actors.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The future of Malware {and Ransomware}

Most malware infections curiously start via a simple malicious document or a simple phishing. Some work under the radar, compromising the system deeply and bypassing protections. Some can make monitoring tools useless and open the way to advanced threats. Enterprises must be aware of the risks to mitigate and protect themselves against major future malware threats.

What kind of techniques are used by these threats? And what protections do we have at our disposal? Join us to learn the answer to these questions and understand the malware that is on the horizon.

AI vs AI: the future cybersecurity attacks

Human resources constrain the cybersecurity market, creating vast opportunities for artificial intelligence to thrive. AI has the power to transform cybersecurity techniques, making them more wide-reaching and productive, from combating spam to detecting malware.

For attackers, there is a multitude of incentives to use AI when attempting an attack, and at the rate that AI is developing, it won’t be long before we see the first AI-powered cyberattacks.

We explore:

  • Understanding the threats that AI pose to cybersecurity
  • Uncover the mechanisms that AI malware systems can utilise
  • Learn how can we protect against AI-powered cyberattacks (e.g. Impersonation of trusted users, faster attacks, blending in the background)
  • Empowering collaborations between the industry and academia to predict malicious applications of AI
Tackling the upsurge of OCGs and their evolving cybercrime tactics

Our closing session explores the OCGs cyber-related landscape. We consider:

  • The biggest cybercrime threats facing the UK
  • The increasing cooperation between cybercriminals to create crossover malware
  • The increased sophistication in the tools used by OCGs
  • Collaborations to help a joined-up UK response to critical cyber incidents
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.