Session one – Strategic enterprise-wide risk management
- Increasing security awareness from the board down
- Reducing complexity in your security strategy
- Defending the global enterprise
- The value of engaging with risk positively
- Effective incidence response planning
- Investigating & resolving security events
- Adding threat analytics to your security response
Conference Chair’s Opening Address
2030 Cybersecurity Horizons
This opening presentation will attempt to provide a summary of how current and near-term events are shaping the future of technology adoption, the application of cybersecurity in a rapidly evolving global innovation market, against a backdrop of global and environmental uncertainties that are causing organisations to consider physical and political developments when applying cybersecurity strategies.
- The impact of cloud on threat innovation vs the security industry’s skills uplift progress >> are we moving fast enough in UK Plc?
- The march of automation, AI and ML – what the security industry can do get ahead of the global technical race
- The need for closer collaboration in a post Brexit world, increasing offensive cyber activity and geopolitical impacts on UK Plc cyber exposure
A Multi Perspective View on the Impact of Phishing on Enterprise...
This presentation will provide a multi perspective view on the impact of Phishing on enterprise. Phishing, in its various forms, remains amongst the most prevalent and effective forms of attack across almost every industry. We’ll outline how an organisation can leverage technology, business processes and culture to increase its ROI on security controls and reduce the risks associated with third parties and supply chain. This session will inform the Phishing demonstration that Scott Lester, Cyber Lab Manager at 6point6, will be hosting in the main plenary conference room at 12:15pm. The demo covers everything from the selection of the target(s) through to the execution of the attack and the dangers posed should it be successful.
The Return of Investment from the Cyber Attacker’s Perspective – What you should know
If we want to understand the trends and get prepared to face threats, then we need to think strategically and that involves seeing the equation from the attacker’s perspective.
Nowadays security threats are on the agenda of the board of almost every organization, in which they should be consistently evaluating threats and defining mitigation controls based on appropriate risk management methodologies taking into consideration the cost/benefit of those investments.
What about the attackers? Do they also have an ROI (return on investment) approach to their activity? What are the variables that they evaluate and mostly, what should businesses and the industry, in general, conclude about them? Are the latest trends that we have been observing in the threat arena, somehow related to this ROI analysis from the Attacker’s perspective? What should we expect and what are the next steps?
Measurable business benefits from effective enterprise risk management
Is risk management really a new concept or has it been going on for thousands of years? One can imagine a proto-risk manager burning a fire at night to keep wild animals away thereby reducing the risk of attack. How did we transition from proto-risk manager to the world of insurance risk, financial risk and what we now know as enterprise risk management? What does it all mean and how could we maximise the opportunities of embedding effective enterprise risk management to add value and help us maintain focus on achieving the organisational strategic objectives?
Using Metadata to Improve Network Security at Scale
Ollie will explain what is meant by Metadata and describe how Metadata can improve your security posture at scale. He’ll discuss how to:
• Secure communication links by observing broad Layer 7 metadata to prevent malicious commands
• Application Metadata Intelligence extracts metadata elements for use by ecosystem solutions such as SIEM and performance monitoring tools
• Enable tools to measure performance, troubleshoot issues, spot security events and improve effectiveness
Which Monsters to Fear in a World Full of Monsters
The CISO & CIO have a very difficult task in trying to balance scarce spending priorities. We all understand that the threat landscape is continually evolving and that adversaries are getting smarter and more persistent. So the question is; which threats do we focus on and where should we focus our scarce resources. This talk uses our own research to provide a high level view of the state of the threat. The talk also addresses defensive strategies to stop companies becoming the next hacking news headline.
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Changing Cyber Landscapes: The Battle of Algorithms
Offensive AI vs. Defensive AI: Battle of the Algorithms; Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. To protect against Offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive, Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AI
Rethinking Your Approach to Enterprise Risk Management: A WeWork Case Study
To reduce the impact of an unfolding crisis, companies need a clear, accurate and early line of sight into emerging risks. Leaders can then act with confidence and seize opportunities to preserve brand reputation while driving operational excellence. To ascertain how real-time information can help companies gain advanced warning of an event and use that information to their advantage, Dataminr analysed 100 crises affecting global organisations between 2018-2019. Manish Patel, Director of Corporate Risk will discuss the resulting data and discuss:
• How long companies have, on average, to act from initial indication of a crisis until its peak
• How crises impact sectors such as energy, finance, manufacturing, retail and transport
• How WeWork uses real-time information to detect emerging threats and protect its people, property and reputation
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two – Building Resilience and Responsiveness
- An Attacker’s Perspective: how and why they target your org
- Mapping and measuring your IoT risk
- AI as an enterprise enabler and disabler
- Best practice examples of managing third-party risk
- ROI of Data Protection Compliance Engineering
- Open cybersecurity ecosystem collaboration
Conference Chair’s Afternoon Address
NEUROLOGICAL INSIGHTS OF HUMAN TECHNOLOGY HABITS
For too long phishing simulation programmes have focused on the minutiae of ‘look out for poor spelling, hover over that link’ rather than addressing the fundamental reasons behind why someone clicks on a link.
By engaging partners and employees in an empathetic way and exploring neuroscientific insights into habits and behaviours, Pinsent Masons has introduced a new approach to their phishing simulation using positive reinforcement.
In this presentation we explore:
- Why awareness should focus on good security related behaviour
- Educating through empathy
- Why phishing emails trigger our happy (neuro) hormones
- The importance of building confidence
Securing Devices Case Study for a Top 10 Global Law Firm
This session will cover:
• Deployment of key Microsoft Solutions
• Implementation of conditional access
• Maximising compliance, minimising risk
• Taking the next step with mobile worker defence
Managing Data Risks: Lessons from Using International Open Data Sets
Many organisations use open data to inform their activities and to make business and policy decisions. While such data are convenient, freely available, the methodology and data quality checks used to collate the data are not immediately available to the End User.
Organisations using open data sets need to have internal risk management mechanisms embedded in their Data Governance practices in order to mitigate such risks.
Things Are Only Secure Until They Are Not. Distributed Ledgers Secure Things Again
Operators of Essential Services face invisible supply chain risks from connected Things while having to demonstrate compliance with cyber security regulations.
Strengthening threats, thinning airgaps and complex operational technology compound the challenge for CISOs to manage risk with fewer resources. Check-box compliance audits and spreadsheets won’t keep up with proving when who did what to a Thing and how it impacts cyber-risk in real-time.
Distributed ledgers bring the visibility, continuity, collaboration and automation that’s needed by all stakeholders in the connected device ecosystem to manage cyber security risk. The talk will outline how new technologies are needed to gain greater visibility of risks, collaboratively remediate and prove that security and compliance are possible.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Panel Discussion – Career Expectations in Security Risk Management and Cyber Security
To conclude the day, we will explore the extent to which career expectations in security risk management and cyber security match with the reality of the roles and what can be done to ensure that individuals positively opt for career progression rather than succumb to burn out.
We will also explore the extent to which those entering the profession, as well as verified veterans, feel equipped enough to deal with new and emerging threats, both in terms of risk mitigation and cyber defences.
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.